Merge "Check pub key file perms and default to pub key data" into stable/queens

playbooks/octavia-files.yaml

@@ -5,6 +5,7 @@
   vars:
     amp_ssh_key_name: "{{ amp_ssh_key_name }}"
     amp_ssh_key_path: "{{ amp_ssh_key_path }}"
+    amp_ssh_key_data: "{{ amp_ssh_key_data }}"
     auth_username: "{{ auth_username }}"
     auth_pasword: "{{ auth_password }}"
     auth_project_name: "{{ auth_project_name }}"

playbooks/roles/common/defaults/main.yml

@@ -3,7 +3,7 @@ amp_image_name: ""
 amp_image_filename: ""
 amp_image_tag: "amphora-image"
 amp_ssh_key_name: "octavia-ssh-key"
-amp_ssh_key_path: "/home/stack/.ssh/id_rsa.pub"
+amp_ssh_key_path: ""
 auth_username: "octavia"
 auth_project_name: "service"
 lb_mgmt_net_name: "lb-mgmt-net"

playbooks/roles/octavia-undercloud/tasks/main.yml

@@ -29,16 +29,39 @@
   - include_tasks: image_mgmt.yml
     when: image_file_result.stat.exists
 
-  - name: check if pub key file exists
-    stat: path="{{ amp_ssh_key_path }}"
-    register: ssh_pub_key_file_result
+  - name: use ssh pub key file if provided and is readable
+    block:
+      - name: check if pub key file exists
+        stat: path="{{ amp_ssh_key_path }}"
+        register: key_file_result
+        ignore_errors: true
+
+      - name: fail if ssh pub key file does not exist or is not readable
+        fail: msg="{{ amp_ssh_key_path }} does not exist or is not readable by user {{ ansible_user }}"
+        when: key_file_result|failed or key_file_result.stat.exists == False or key_file_result.stat.readable == False
+
+      - set_fact:
+          amp_ssh_key_path_final: "{{ amp_ssh_key_path }}"
+    when: amp_ssh_key_path is defined and amp_ssh_key_path != ""
+
+  - name: defaulting to public key from undercloud default keypair
+    block:
+      - name: create temp pub key file
+        tempfile: state=file
+        register: ssh_key_tmp_file
+
+      - name: copy ssh public key content to temp file
+        copy: content="{{ amp_ssh_key_data }}" dest="{{ ssh_key_tmp_file.path }}"
+
+      - set_fact:
+          amp_ssh_key_path_final: "{{ ssh_key_tmp_file.path }}"
+    when: amp_ssh_key_path is not defined or amp_ssh_key_path == ""
 
   - name: upload pub key to overcloud
     shell: |
       openstack keypair show {{ amp_ssh_key_name }} || \
-        openstack keypair create --public-key {{ amp_ssh_key_path }} {{ amp_ssh_key_name }}
+        openstack keypair create --public-key {{ amp_ssh_key_path_final }} {{ amp_ssh_key_name }}
     environment:
-      OS_USERNAME: {{ auth_username }}
-      OS_PASSWORD: {{ auth_password }}
-      OS_PROJECT_NAME: {{ auth_project_name }}
-    when: ssh_pub_key_file_result.stat.exists == True
+      OS_USERNAME: "{{ auth_username }}"
+      OS_PASSWORD: "{{ auth_password }}"
+      OS_PROJECT_NAME: "{{ auth_project_name }}"

releasenotes/notes/fix-octavia-pub-key-d195fbf1976a8d36.yaml

@@ -0,0 +1,3 @@
+---
+fixes:
+  - Check pub key file permissions and default to pub key data for Octavia.

releasenotes/notes/fix-syntax-error-in-octavia-undercloud-role-c02b0c5b0f1ece34.yaml

@@ -0,0 +1,3 @@
+---
+fixes:
+  - Fix syntax error in octavia-undercloud role.

workbooks/octavia_post.yaml

@@ -13,6 +13,7 @@ workflows:
       - amp_image_tag
       - amp_ssh_key_name
       - amp_ssh_key_path
+      - amp_ssh_key_data
       - auth_username
       - auth_password
       - auth_project_name
@@ -101,6 +102,7 @@ workflows:
             amp_image_tag: <% $.amp_image_tag %>
             amp_ssh_key_name: <% $.amp_ssh_key_name %>
             amp_ssh_key_path: <% $.amp_ssh_key_path %>
+            amp_ssh_key_data: <% $.amp_ssh_key_data %>
             auth_username: <% $.auth_username %>
             auth_password: <% $.auth_password %>
             auth_project_name: <% $.auth_project_name %>