Create keypair for SSH access to Octavia amphorae

Create keypair from a given public key file under the project name for Octavia ('service' by default). If a public key file is not provided, the public key of the undercloud stack user will be used. Depends-On: https://review.openstack.org/#/c/560879/ Change-Id: I3b2e283f6fa081b07cc12a244c14701e431d884e
2018-04-11 20:06:53 +01:00 · 2018-04-11 20:06:53 +01:00 · bd710fd838
parent 59b299cf23
commit bd710fd838
5 changed files with 37 additions and 0 deletions
--- a/playbooks/octavia-files.yaml
+++ b/playbooks/octavia-files.yaml
@ -2,6 +2,12 @@
 - hosts: undercloud[0]
  remote_user: stack
  gather_facts: False
+  vars:
+    amp_ssh_key_name: "{{ amp_ssh_key_name }}"
+    amp_ssh_key_path: "{{ amp_ssh_key_path }}"
+    auth_username: "{{ auth_username }}"
+    auth_pasword: "{{ auth_password }}"
+    auth_project_name: "{{ auth_project_name }}"
  environment:
    OS_USERNAME: "{{ os_username }}"
    OS_USER_DOMAIN_NAME: "Default"
--- a/playbooks/roles/common/defaults/main.yml
+++ b/playbooks/roles/common/defaults/main.yml
@ -2,6 +2,10 @@
 amp_image_name: "octavia-amphora"
 amp_image_filename: "/usr/share/openstack-octavia-amphora-images/amphora-x64-haproxy.qcow2"
 amp_image_tag: "amphora-image"
+amp_ssh_key_name: "octavia-ssh-key"
+amp_ssh_key_path: "/home/stack/.ssh/id_rsa.pub"
+auth_username: "octavia"
+auth_project_name: "service"
 lb_mgmt_net_name: "lb-mgmt-net"
 lb_mgmt_subnet_name: "lb-mgmt-subnet"
 lb_mgmt_subnet_cidr: "192.168.199.0/24"
--- a/playbooks/roles/octavia-undercloud/tasks/main.yml
+++ b/playbooks/roles/octavia-undercloud/tasks/main.yml
@ -13,3 +13,17 @@
    register: image_result
    changed_when: "image_result.stdout != ''"
    when: amp_image_file_result.stat.exists == True
+
+  - name: check if pub key file exists
+    stat: path="{{ amp_ssh_key_path }}"
+    register: ssh_pub_key_file_result
+
+  - name: upload pub key to overcloud
+    shell: |
+      openstack keypair show {{ amp_ssh_key_name }} || \
+        openstack keypair create --public-key {{ amp_ssh_key_path }} {{ amp_ssh_key_name }}
+    environment:
+      OS_USERNAME: {{ auth_username }}
+      OS_PASSWORD: {{ auth_password }}
+      OS_PROJECT_NAME: {{ auth_project_name }}
+    when: ssh_pub_key_file_result.stat.exists == True
--- a/releasenotes/notes/octavia-amphora-ssh-5dee3678d7b66476.yaml
+++ b/releasenotes/notes/octavia-amphora-ssh-5dee3678d7b66476.yaml
@ -0,0 +1,3 @@
+---
+features:
+  - Create keypair for SSH access to Octavia amphorae.
--- a/workbooks/octavia_post.yaml
+++ b/workbooks/octavia_post.yaml
@ -11,6 +11,11 @@ workflows:
      - amp_image_name
      - amp_image_filename
      - amp_image_tag
+      - amp_ssh_key_name
+      - amp_ssh_key_path
+      - auth_username
+      - auth_password
+      - auth_project_name
      - lb_mgmt_net_name
      - lb_mgmt_subnet_name
      - lb_sec_group_name
@ -94,6 +99,11 @@ workflows:
            amp_image_name: <% $.amp_image_name %>
            amp_image_filename: <% $.amp_image_filename %>
            amp_image_tag: <% $.amp_image_tag %>
+            amp_ssh_key_name: <% $.amp_ssh_key_name %>
+            amp_ssh_key_path: <% $.amp_ssh_key_path %>
+            auth_username: <% $.auth_username %>
+            auth_password: <% $.auth_password %>
+            auth_project_name: <% $.auth_project_name %>
        on-success: config_octavia

      config_octavia: