From 001e0577bef19917511b361c86c70c3aec1be6ad Mon Sep 17 00:00:00 2001
From: Tom Weininger <tweining@redhat.com>
Date: Wed, 4 Dec 2024 13:48:07 +0100
Subject: [PATCH] Adoption of public SSH key for Amphorae

OSPNET-1078
---
 ...roc_adopting-the-loadbalancer-service.adoc |  9 +++++++++
 .../roles/dataplane_adoption/tasks/main.yaml  |  6 +++++-
 .../dataplane_adoption/tasks/octavia_ssh.yaml | 20 +++++++++++++++++++
 3 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 tests/roles/dataplane_adoption/tasks/octavia_ssh.yaml

diff --git a/docs_user/modules/proc_adopting-the-loadbalancer-service.adoc b/docs_user/modules/proc_adopting-the-loadbalancer-service.adoc
index 0513286af..0c24cfa0c 100644
--- a/docs_user/modules/proc_adopting-the-loadbalancer-service.adoc
+++ b/docs_user/modules/proc_adopting-the-loadbalancer-service.adoc
@@ -34,6 +34,15 @@ dual CA configuration.
 include::../../tests/roles/dataplane_adoption/tasks/octavia_certs.yaml[lines="7..83",indent=0]
 ----
 
+. (Optional) Public SSH key of Amphorae
++
+These commands will copy the existing public SSH key that can be used for connecting to the amphorae and installs it in Openshift.
++
+[source,bash]
+----
+include::../../tests/roles/dataplane_adoption/tasks/octavia_ssh.yaml[lines="7..20",indent=0]
+----
+
 . Add the octavia interfaces to each NodeNetworkConfigurationPolicy.
 +
 The following command adds the network interface that is being
diff --git a/tests/roles/dataplane_adoption/tasks/main.yaml b/tests/roles/dataplane_adoption/tasks/main.yaml
index 7b995ed25..f4ee61f9a 100644
--- a/tests/roles/dataplane_adoption/tasks/main.yaml
+++ b/tests/roles/dataplane_adoption/tasks/main.yaml
@@ -458,12 +458,16 @@
   ansible.builtin.include_tasks:
     file: neutron_verify.yaml
 
-
 - name: Adopt Octavia Certificates Wallaby->Antelope FFU
   when: octavia_adoption|bool
   ansible.builtin.include_tasks:
     file: octavia_certs.yaml
 
+- name: Adopt Octavia Amphora public SSH key Wallaby->Antelope FFU
+  when: octavia_adoption|bool
+  ansible.builtin.include_tasks:
+    file: octavia_ssh.yaml
+
 - name: Adopted Cinder post-checks
   ansible.builtin.include_tasks:
     file: cinder_verify.yaml
diff --git a/tests/roles/dataplane_adoption/tasks/octavia_ssh.yaml b/tests/roles/dataplane_adoption/tasks/octavia_ssh.yaml
new file mode 100644
index 000000000..4bbe535bf
--- /dev/null
+++ b/tests/roles/dataplane_adoption/tasks/octavia_ssh.yaml
@@ -0,0 +1,20 @@
+- name: Migrate old Octavia public SSH key for amphorae
+  ansible.builtin.shell: |
+    {{ shell_header }}
+    {{ oc_header }}
+    CONTROLLER1_SCP="{{ controller1_ssh  | regex_replace('^ssh', 'scp')}}"
+
+    ${CONTROLLER1_SCP}:/etc/octavia/ssh/octavia_id_rsa.pub $HOME/octavia_sshkey.pub
+
+    # Install new data in k8s
+    oc apply -f - <<EOF
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: sshPubkey
+      namespace: openstack
+    data:
+      key: $(cat $HOME/octavia_sshkey.pub)
+    EOF
+
+    rm -f $HOME/octavia_sshkey.pub