Browse Source

Update Octavia keypair when public key changed

A change in the desired public key was not being reflected in the
Overcloud on stack update/upgrade. TripleO should replace the keypair
even when the desired public key changed, i.e. its fingerprint does not
match the one (possibly) already existing in the overcloud. We should
compare fingerprints and replace (delete and create, no keypair update
option) when they mismatch.

Closes-Bug: #1861031

Change-Id: I953c35c9ec24844598108bc173e84868393a98aa
changes/21/704421/4
Carlos Goncalves 1 year ago
committed by Kevin Carter
parent
commit
bcc3efd650
1 changed files with 12 additions and 4 deletions
  1. +12
    -4
      tripleo_ansible/roles/octavia_undercloud/tasks/main.yml

+ 12
- 4
tripleo_ansible/roles/octavia_undercloud/tasks/main.yml View File

@ -65,10 +65,18 @@
when:
- amp_ssh_key_path is not defined or ((amp_ssh_key_path | length) < 1)
- name: upload pub key to overcloud
shell: |-
openstack keypair show {{ amp_ssh_key_name }} || \
openstack keypair create --public-key {{ amp_ssh_key_path_final }} {{ amp_ssh_key_name }}
- name: get the desired public key fingerprint
shell: |
set -o pipefail
ssh-keygen -E md5 -lf {{ amp_ssh_key_path_final }} | awk '{ print $2 }' | cut -c 5-
register: ssh_keygen_results
- name: Create keypair
os_keypair:
state: present
name: "{{ amp_ssh_key_name }}"
public_key_file: "{{ amp_ssh_key_path_final }}"
register: keypair_fingerprint
environment:
OS_USERNAME: "{{ auth_username }}"
OS_PASSWORD: "{{ auth_password }}"


Loading…
Cancel
Save