Add creation of Octavia private key to the manager state Relates to PROD-12506 Change-Id: I30c15157747f14736c8be39e6b97b3ed3abbb9d8

commit: 8345de05936c3e0e50fb5a7d6a1441b519bc85c0 [log] [tgz]
author: Elena Ezhova <eezhova@mirantis.com> Wed Aug 02 17:46:52 2017 +0400
committer: Elena Ezhova <eezhova@mirantis.com> Thu Aug 03 16:57:33 2017 +0400
tree: 43ea3b016eab0e8870782fd5bf09609943501b6b
parent: 9e97de7987d47b9debed309425a146098a6c1b20 [diff]
diff --git a/README.rst b/README.rst
index 9c19a3f..0a9f5a1 100644
--- a/README.rst
+++ b/README.rst

@@ -102,6 +102,37 @@
           heartbeat_key: 'insecure'
         house_keeping:
           spare_amphora_pool_size: 0
+        ssh:
+          private_key: |
+            -----BEGIN RSA PRIVATE KEY-----
+            MIIEpAIBAAKCAQEAtjnPDJsQToHBtoqIo15mdSYpfi8z6DFMi8Gbo0KCN33OUn5u
+            OctbdtjUfeuhvI6px1SCnvyWi09Ft8eWwq+KwLCGKbUxLvqKltuJ7K3LIrGXkt+m
+            qZN4O9XKeVKfZH+mQWkkxRWgX2r8RKNV3GkdNtd74VjhP+R6XSKJQ1Z8b7eHM10v
+            6IjTY/jPczjK+eyCeEj4qbSnV8eKlqLhhquuSQRmUO2DRSjLVdpdf2BB4/BdWFsD
+            YOmX7mb8kpEr9vQ+c1JKMXDwD6ehzyU8kE+1kVm5zOeEy4HdYIMpvUfN49P1anRV
+            2ISQ1ZE+r22IAMKl0tekrGH0e/1NP1DF5rINMwIDAQABAoIBAQCkP/cgpaRNHyg8
+            ISKIHs67SWqdEm73G3ijgB+JSKmW2w7dzJgN//6xYUAnP/zIuM7PnJ0gMQyBBTMS
+            NBTv5spqZLKJZYivj6Tb1Ya8jupKm0jEWlMfBo2ZYVrfgFmrfGOfEebSvmuPlh9M
+            vuzlftmWVSSUOkjODmM9D6QpzgrbpktBuA/WpX+6esMTwJpOcQ5xZWEnHXnVzuTc
+            SncodVweE4gz6F1qorbqIJz8UAUQ5T0OZTdHzIS1IbamACHWaxQfixAO2s4+BoUK
+            ANGGZWkfneCxx7lthvY8DiKn7M5cSRnqFyDToGqaLezdkMNlGC7v3U11FF5blSEW
+            fL1o/HwBAoGBAOavhTr8eqezTchqZvarorFIq7HFWk/l0vguIotu6/wlh1V/KdF+
+            aLLHgPgJ5j+RrCMvTBoKqMeeHfVGrS2udEy8L1mK6b3meG+tMxU05OA55abmhYn7
+            7vF0q8XJmYIHIXmuCgF90R8Piscb0eaMlmHW9unKTKo8EOs5j+D8+AMJAoGBAMo4
+            8WW+D3XiD7fsymsfXalf7VpAt/H834QTbNZJweUWhg11eLutyahyyfjjHV200nNZ
+            cnU09DWKpBbLg7d1pyT69CNLXpNnxuWCt8oiUjhWCUpNqVm2nDJbUdlRFTzYb2fS
+            ZC4r0oQaPD5kMLSipjcwzMWe0PniySxNvKXKInFbAoGBAKxW2qD7uKKKuQSOQUft
+            aAksMmEIAHWKTDdvOA2VG6XvX5DHBLXmy08s7rPfqW06ZjCPCDq4Velzvgvc9koX
+            d/lP6cvqlL9za+x6p5wjPQ4rEt/CfmdcmOE4eY+1EgLrUt314LHGjjG3ScWAiirE
+            QyDrGOIGaYoQf89L3KqIMr0JAoGARYAklw8nSSCUvmXHe+Gf0yKA9M/haG28dCwo
+            780RsqZ3FBEXmYk1EYvCFqQX56jJ25MWX2n/tJcdpifz8Q2ikHcfiTHSI187YI34
+            lKQPFgWb08m1NnwoWrY//yx63BqWz1vjymqNQ5GwutC8XJi5/6Xp+tGGiRuEgJGH
+            EIPUKpkCgYAjBIVMkpNiLCREZ6b+qjrPV96ed3iTUt7TqP7yGlFI/OkORFS38xqC
+            hBP6Fk8iNWuOWQD+ohM/vMMnvIhk5jwlcwn+kF0ra04gi5KBFWSh/ddWMJxUtPC1
+            2htvlEc6zQAR6QfqXHmwhg1hP81JcpqpicQzCMhkzLoR1DC6stXdLg==
+            -----END RSA PRIVATE KEY-----
+          user: octavia
+          group: octavia
 
 
 

diff --git a/octavia/manager.sls b/octavia/manager.sls
index cdda6fc..a99d77d 100644
--- a/octavia/manager.sls
+++ b/octavia/manager.sls

@@ -1,6 +1,7 @@
 {%- from "octavia/map.jinja" import manager with context %}
 
 {%- if manager.enabled %}
+{%- set ssh_dir = salt['file.dirname'](manager.ssh.private_key_file) %}
 {%- set image_mine_data = salt['mine.get']('glance:client', 'glanceng.get_image_owner_id', 'pillar').values() %}
 {%- set network_mine_data = salt['mine.get']('neutron:client', 'list_octavia_networks', 'pillar').values() %}
 {%- set secgroup_mine_data = salt['mine.get']('neutron:client', 'list_octavia_mgmt_security_groups', 'pillar').values() %}
@@ -37,6 +38,24 @@
   - require:
     - pkg: octavia_manager_packages
 
+octavia_ssh_dir:
+  file.directory:
+    - name: {{ ssh_dir }}
+    - user: {{ manager.ssh.user }}
+    - group: {{ manager.ssh.group }}
+    - makedirs: true
+
+octavia_ssh_private_key:
+  file.managed:
+    - name: {{ manager.ssh.private_key_file }}
+    - contents_pillar: octavia:manager:ssh:private_key
+    - user: {{ manager.ssh.user }}
+    - group: {{ manager.ssh.group }}
+    - mode: 600
+    - require:
+      - file: octavia_ssh_dir
+
+
 {%- if not grains.get('noservices', False) %}
 {%- if image_mine_data and network_mine_data and secgroup_mine_data and port_mine_data %}
 

diff --git a/octavia/map.jinja b/octavia/map.jinja
index 6052c47..494c18d 100644
--- a/octavia/map.jinja
+++ b/octavia/map.jinja

@@ -24,6 +24,9 @@
         'pkgs': ['octavia-common', 'octavia-worker', 'octavia-housekeeping',
                  'octavia-health-manager', 'iptables-persistent'],
         'services': ['octavia-worker', 'octavia-housekeeping', 'octavia-health-manager'],
+        'ssh': {
+          'private_key_file': '/etc/octavia/.ssh/octavia_ssh_key',
+        },
         'notification': False,
         'cors': {},
         'audit': {
@@ -34,6 +37,9 @@
         'pkgs': ['octavia-common', 'octavia-worker', 'octavia-housekeeping',
                  'octavia-health-manager', 'iptables-persistent'],
         'services': ['octavia-worker', 'octavia-housekeeping', 'octavia-health-manager'],
+        'ssh': {
+          'private_key_file': '/etc/octavia/.ssh/octavia_ssh_key',
+        },
         'notification': False,
         'cors': {},
         'audit': {

diff --git a/tests/pillar/manager_single.sls b/tests/pillar/manager_single.sls
index 2087332..716acb8 100644
--- a/tests/pillar/manager_single.sls
+++ b/tests/pillar/manager_single.sls

@@ -42,3 +42,34 @@
       heartbeat_key: 'insecure'
     house_keeping:
       spare_amphora_pool_size: 0
+    ssh:
+      private_key: |
+        -----BEGIN RSA PRIVATE KEY-----
+        MIIEpAIBAAKCAQEAtjnPDJsQToHBtoqIo15mdSYpfi8z6DFMi8Gbo0KCN33OUn5u
+        OctbdtjUfeuhvI6px1SCnvyWi09Ft8eWwq+KwLCGKbUxLvqKltuJ7K3LIrGXkt+m
+        qZN4O9XKeVKfZH+mQWkkxRWgX2r8RKNV3GkdNtd74VjhP+R6XSKJQ1Z8b7eHM10v
+        6IjTY/jPczjK+eyCeEj4qbSnV8eKlqLhhquuSQRmUO2DRSjLVdpdf2BB4/BdWFsD
+        YOmX7mb8kpEr9vQ+c1JKMXDwD6ehzyU8kE+1kVm5zOeEy4HdYIMpvUfN49P1anRV
+        2ISQ1ZE+r22IAMKl0tekrGH0e/1NP1DF5rINMwIDAQABAoIBAQCkP/cgpaRNHyg8
+        ISKIHs67SWqdEm73G3ijgB+JSKmW2w7dzJgN//6xYUAnP/zIuM7PnJ0gMQyBBTMS
+        NBTv5spqZLKJZYivj6Tb1Ya8jupKm0jEWlMfBo2ZYVrfgFmrfGOfEebSvmuPlh9M
+        vuzlftmWVSSUOkjODmM9D6QpzgrbpktBuA/WpX+6esMTwJpOcQ5xZWEnHXnVzuTc
+        SncodVweE4gz6F1qorbqIJz8UAUQ5T0OZTdHzIS1IbamACHWaxQfixAO2s4+BoUK
+        ANGGZWkfneCxx7lthvY8DiKn7M5cSRnqFyDToGqaLezdkMNlGC7v3U11FF5blSEW
+        fL1o/HwBAoGBAOavhTr8eqezTchqZvarorFIq7HFWk/l0vguIotu6/wlh1V/KdF+
+        aLLHgPgJ5j+RrCMvTBoKqMeeHfVGrS2udEy8L1mK6b3meG+tMxU05OA55abmhYn7
+        7vF0q8XJmYIHIXmuCgF90R8Piscb0eaMlmHW9unKTKo8EOs5j+D8+AMJAoGBAMo4
+        8WW+D3XiD7fsymsfXalf7VpAt/H834QTbNZJweUWhg11eLutyahyyfjjHV200nNZ
+        cnU09DWKpBbLg7d1pyT69CNLXpNnxuWCt8oiUjhWCUpNqVm2nDJbUdlRFTzYb2fS
+        ZC4r0oQaPD5kMLSipjcwzMWe0PniySxNvKXKInFbAoGBAKxW2qD7uKKKuQSOQUft
+        aAksMmEIAHWKTDdvOA2VG6XvX5DHBLXmy08s7rPfqW06ZjCPCDq4Velzvgvc9koX
+        d/lP6cvqlL9za+x6p5wjPQ4rEt/CfmdcmOE4eY+1EgLrUt314LHGjjG3ScWAiirE
+        QyDrGOIGaYoQf89L3KqIMr0JAoGARYAklw8nSSCUvmXHe+Gf0yKA9M/haG28dCwo
+        780RsqZ3FBEXmYk1EYvCFqQX56jJ25MWX2n/tJcdpifz8Q2ikHcfiTHSI187YI34
+        lKQPFgWb08m1NnwoWrY//yx63BqWz1vjymqNQ5GwutC8XJi5/6Xp+tGGiRuEgJGH
+        EIPUKpkCgYAjBIVMkpNiLCREZ6b+qjrPV96ed3iTUt7TqP7yGlFI/OkORFS38xqC
+        hBP6Fk8iNWuOWQD+ohM/vMMnvIhk5jwlcwn+kF0ra04gi5KBFWSh/ddWMJxUtPC1
+        2htvlEc6zQAR6QfqXHmwhg1hP81JcpqpicQzCMhkzLoR1DC6stXdLg==
+        -----END RSA PRIVATE KEY-----
+      user: octavia
+      group: octavia
commit	8345de05936c3e0e50fb5a7d6a1441b519bc85c0	[log] [tgz]
author	Elena Ezhova <eezhova@mirantis.com>	Wed Aug 02 17:46:52 2017 +0400
committer	Elena Ezhova <eezhova@mirantis.com>	Thu Aug 03 16:57:33 2017 +0400
tree	43ea3b016eab0e8870782fd5bf09609943501b6b
parent	9e97de7987d47b9debed309425a146098a6c1b20 [diff]