Update Octavia keypair when public key changed

A change in the desired public key was not being reflected in the
Overcloud on stack update/upgrade. TripleO should replace the keypair
even when the desired public key changed, i.e. its fingerprint does not
match the one (possibly) already existing in the overcloud. We should
compare fingerprints and replace (delete and create, no keypair update
option) when they mismatch.

Closes-Bug: #1861031

Change-Id: I953c35c9ec24844598108bc173e84868393a98aa

tripleo_ansible/roles/octavia_undercloud/tasks/main.yml

@@ -65,10 +65,18 @@
   when:
     - amp_ssh_key_path is not defined or ((amp_ssh_key_path | length) < 1)
 
-- name: upload pub key to overcloud
-  shell: |-
-    openstack keypair show {{ amp_ssh_key_name }} || \
-      openstack keypair create --public-key {{ amp_ssh_key_path_final }} {{ amp_ssh_key_name }}
+- name: get the desired public key fingerprint
+  shell: |
+    set -o pipefail
+    ssh-keygen -E md5 -lf {{ amp_ssh_key_path_final }} | awk '{ print $2 }' | cut -c 5-
+  register: ssh_keygen_results
+
+- name: Create keypair
+  os_keypair:
+    state: present
+    name: "{{ amp_ssh_key_name }}"
+    public_key_file: "{{ amp_ssh_key_path_final }}"
+  register: keypair_fingerprint
   environment:
     OS_USERNAME: "{{ auth_username }}"
     OS_PASSWORD: "{{ auth_password }}"