Add OctaviaAmphoraSshKeyDir for ssh key creation for Octavia

The Octavia playbook now creates a ssh key unless the user explicitly sets the OctaviaAmphoraSshKeyFile parameter. The playbook creates it in the OctaviaAmphoraSshKeyDir directory (default: /etc/octavia/ssh). Related-bug: #1907112 Change-Id: I4f31ddc3392e70cff1187ba8b9511af12df4b063
2021-03-30 11:26:40 +02:00 · 2021-03-30 11:26:40 +02:00 · f0010f606f
parent 0b874947a1
commit f0010f606f
2 changed files with 5 additions and 17 deletions
--- a/ci/environments/scenario010-standalone.yaml
+++ b/ci/environments/scenario010-standalone.yaml
@ -23,7 +23,6 @@ resource_registry:
 parameter_defaults:
  StandaloneExtraConfig:
    octavia::controller::connection_retry_interval: 10
-  OctaviaAmphoraSshKeyFile: /home/zuul/.ssh/id_rsa.pub
  OctaviaAmphoraImageFilename: /home/zuul/amphora.qcow2
  OctaviaCaKeyPassphrase: 'upstreamci'
  OctaviaManageNovaFlavor: true
--- a/deployment/octavia/octavia-deployment-config.j2.yaml
+++ b/deployment/octavia/octavia-deployment-config.j2.yaml
@ -1,8 +1,4 @@
 heat_template_version: wallaby
-{%- set octavia_standalone=[] -%}
-{%- for role in roles if 'standalone' in role.tags -%}
-  {% if octavia_standalone.append('1') %}{% endif %}
-{%- endfor %}

 description: >
  Configuration of Octavia as-a-service resources in the overcloud.
@ -79,14 +75,16 @@ parameters:
    description: SSH key name.
  OctaviaAmphoraSshKeyFile:
    type: string
-{% if not octavia_standalone %}
    default: ''
-{% endif %}
    description: Public key file path. User will be able to SSH into amphorae
      with the provided key. User may, in most cases, also elevate to root
      from user 'centos' (CentOS), 'ubuntu' (Ubuntu) or 'cloud-user' (RHEL)
      (depends on how amphora image was created). Logging in to amphorae
      provides a convenient way to e.g. debug load balancing services.
+  OctaviaAmphoraSshKeyDir:
+    type: string
+    default: '/etc/octavia/ssh'
+    description: Octavia generated SSH key directory.
  NovaEnableRbdBackend:
    default: false
    description: Whether to enable the Rbd backend for Nova ephemeral storage.
@ -201,13 +199,6 @@ conditions:
      - raw
    - get_param: NovaEnableRbdBackend

-resources:
-{% if not octavia_standalone %}
-  default_key_pair:
-    type: OS::Nova::KeyPair
-    external_id: default
-{% endif %}
-
 outputs:
  role_data:
    description: Role data for the Octavia configuration service
@ -231,9 +222,7 @@ outputs:
                  amp_hw_arch: { get_param: OctaviaAmphoraImageArchitecture }
                  amp_ssh_key_name: { get_param: OctaviaAmphoraSshKeyName }
                  amp_ssh_key_path: { get_param: OctaviaAmphoraSshKeyFile }
-                {% if not octavia_standalone %}
-                  amp_ssh_key_data: { get_attr: [default_key_pair, public_key] }
-                {% endif %}
+                  amp_ssh_key_dir: { get_param: OctaviaAmphoraSshKeyDir }
                  amp_to_raw: {if: [octavia_raw_image_check, true, false]}
                  auth_username: { get_param: OctaviaUserName }
                  auth_password: { get_param: OctaviaPassword }