From d9fbac47dc49d1c8a152a20caaa4282332b8e30f Mon Sep 17 00:00:00 2001
From: Tom Weininger <tweining@redhat.com>
Date: Wed, 4 Dec 2024 13:48:07 +0100
Subject: [PATCH] Adoption of public SSH key for Amphorae

OSPNET-1078
---
 ...roc_adopting-the-loadbalancer-service.adoc |  9 +++++++++
 .../roles/dataplane_adoption/tasks/main.yaml  |  6 +++++-
 .../dataplane_adoption/tasks/octavia_ssh.yaml | 20 +++++++++++++++++++
 3 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 tests/roles/dataplane_adoption/tasks/octavia_ssh.yaml

diff --git a/docs_user/modules/proc_adopting-the-loadbalancer-service.adoc b/docs_user/modules/proc_adopting-the-loadbalancer-service.adoc
index 0513286af..bf6513372 100644
--- a/docs_user/modules/proc_adopting-the-loadbalancer-service.adoc
+++ b/docs_user/modules/proc_adopting-the-loadbalancer-service.adoc
@@ -34,6 +34,15 @@ dual CA configuration.
 include::../../tests/roles/dataplane_adoption/tasks/octavia_certs.yaml[lines="7..83",indent=0]
 ----
 
+. (Optional) Public SSH key of Amphorae
++
+These commands will copy the existing public SSH key that can be used for connecting to the amphorae and install it in Openshift in order to get reused in the new environment.
++
+[source,bash]
+----
+include::../../tests/roles/dataplane_adoption/tasks/octavia_ssh.yaml[lines="7..20",indent=0]
+----
+
 . Add the octavia interfaces to each NodeNetworkConfigurationPolicy.
 +
 The following command adds the network interface that is being
diff --git a/tests/roles/dataplane_adoption/tasks/main.yaml b/tests/roles/dataplane_adoption/tasks/main.yaml
index 7b995ed25..f4ee61f9a 100644
--- a/tests/roles/dataplane_adoption/tasks/main.yaml
+++ b/tests/roles/dataplane_adoption/tasks/main.yaml
@@ -458,12 +458,16 @@
   ansible.builtin.include_tasks:
     file: neutron_verify.yaml
 
-
 - name: Adopt Octavia Certificates Wallaby->Antelope FFU
   when: octavia_adoption|bool
   ansible.builtin.include_tasks:
     file: octavia_certs.yaml
 
+- name: Adopt Octavia Amphora public SSH key Wallaby->Antelope FFU
+  when: octavia_adoption|bool
+  ansible.builtin.include_tasks:
+    file: octavia_ssh.yaml
+
 - name: Adopted Cinder post-checks
   ansible.builtin.include_tasks:
     file: cinder_verify.yaml
diff --git a/tests/roles/dataplane_adoption/tasks/octavia_ssh.yaml b/tests/roles/dataplane_adoption/tasks/octavia_ssh.yaml
new file mode 100644
index 000000000..4bbe535bf
--- /dev/null
+++ b/tests/roles/dataplane_adoption/tasks/octavia_ssh.yaml
@@ -0,0 +1,20 @@
+- name: Migrate old Octavia public SSH key for amphorae
+  ansible.builtin.shell: |
+    {{ shell_header }}
+    {{ oc_header }}
+    CONTROLLER1_SCP="{{ controller1_ssh  | regex_replace('^ssh', 'scp')}}"
+
+    ${CONTROLLER1_SCP}:/etc/octavia/ssh/octavia_id_rsa.pub $HOME/octavia_sshkey.pub
+
+    # Install new data in k8s
+    oc apply -f - <<EOF
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: sshPubkey
+      namespace: openstack
+    data:
+      key: $(cat $HOME/octavia_sshkey.pub)
+    EOF
+
+    rm -f $HOME/octavia_sshkey.pub