Unify SSH key mount path format across all dataplane services

Previously, the SSH key mount path differed between global services
(DeployOnAllNodeSets=true) and non-global services:

- Global services: /runner/env/ssh_key/ssh_key_<nodesetname>
- Non-global services: /runner/env/ssh_key

The non-global services path happened to work because ansible-runner
has a built-in mechanism that looks for an SSH key at /runner/env/ssh_key
and automatically loads it into ssh-agent. However, this relied on
ansible-runner's implicit behavior rather than the explicit
ansible_ssh_private_key_file variable set in the inventory.

The inventory always sets ansible_ssh_private_key_file to
/runner/env/ssh_key/ssh_key_<nodesetname> regardless of service type
(see inventory.go line 178). This inconsistency meant non-global
services were mounting the SSH key at a different path than what
Ansible expected from the inventory variable, relying on ansible-runner's
fallback behavior. However, there were errors in ansible logs as
there were no files in  /runner/env/ssh_key/ssh_key_<nodesetname>
which was confusing to users.

This change unifies the SSH key mount path to always use the format:
  /runner/env/ssh_key/ssh_key_<nodesetname>

This ensures:
1. The mount path matches the ansible_ssh_private_key_file variable
   set in the inventory for all service types
2. Explicit and consistent SSH key configuration rather than relying
   on ansible-runner's implicit ssh-agent loading
3. Simplified code by removing the conditional branching
4. Consistent behavior between global and non-global services

For global services, multiple SSH keys are mounted (one per nodeset)
in the ssh_key folder. For non-global services, only the matching
nodeset's key is mounted, but at the same path format.

Assisted-by: Claude-4.5-opus
Signed-off-by: rabi <[email protected]>

Author: rabi

internal/dataplane/util/ansible_execution.go

@@ -316,19 +316,14 @@ func SetAeeSSHMounts(
 
 	for _, sshKeyNodeName := range sshKeys {
 		sshKeySecret := sshKeySecrets[sshKeyNodeName]
-		if service.Spec.DeployOnAllNodeSets {
-			sshKeyName = fmt.Sprintf("ssh-key-%s", sshKeyNodeName)
-			sshKeyMountSubPath = fmt.Sprintf("ssh_key_%s", sshKeyNodeName)
-			sshKeyMountPath = fmt.Sprintf("/runner/env/ssh_key/%s", sshKeyMountSubPath)
-		} else {
-			if sshKeyNodeName != nodeSet.GetName() {
-				continue
-			}
-			sshKeyName = "ssh-key"
-			sshKeyMountSubPath = "ssh_key"
-			sshKeyMountPath = "/runner/env/ssh_key"
+		if !service.Spec.DeployOnAllNodeSets && sshKeyNodeName != nodeSet.GetName() {
+			continue
 		}
 
+		sshKeyName = fmt.Sprintf("ssh-key-%s", sshKeyNodeName)
+		sshKeyMountSubPath = fmt.Sprintf("ssh_key_%s", sshKeyNodeName)
+		sshKeyMountPath = fmt.Sprintf("/runner/env/ssh_key/%s", sshKeyMountSubPath)
+
 		CreateVolume(ansibleEEMounts, sshKeyName, sshKeyMountSubPath, sshKeySecret, "ssh-privatekey")
 		CreateVolumeMount(ansibleEEMounts, sshKeyName, sshKeyMountPath, sshKeyMountSubPath)
 	}

test/functional/dataplane/openstackdataplanenodeset_controller_test.go

@@ -1387,11 +1387,11 @@ var _ = Describe("Dataplane NodeSet Test", func() {
 				ansibleEE := GetAnsibleee(ansibleeeName)
 				g.Expect(ansibleEE.Spec.Template.Spec.Volumes).To(HaveLen(3))
 				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[0].Name).To(Equal("bootstrap-combined-ca-bundle"))
-				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[1].Name).To(Equal("ssh-key"))
+				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[1].Name).To(Equal("ssh-key-edpm-compute-nodeset"))
 				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[2].Name).To(Equal("inventory"))
 				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[0].VolumeSource.Secret.SecretName).To(Equal("combined-ca-bundle"))
 				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[1].VolumeSource.Secret.SecretName).To(Equal("dataplane-ansible-ssh-private-key-secret"))
-				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[1].VolumeSource.Secret.Items[0].Path).To(Equal("ssh_key"))
+				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[1].VolumeSource.Secret.Items[0].Path).To(Equal("ssh_key_edpm-compute-nodeset"))
 				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[1].VolumeSource.Secret.Items[0].Key).To(Equal("ssh-privatekey"))
 
 			}, th.Timeout, th.Interval).Should(Succeed())
@@ -1455,12 +1455,12 @@ var _ = Describe("Dataplane NodeSet Test", func() {
 				g.Expect(ansibleEE.Spec.Template.Spec.Volumes).To(HaveLen(4))
 				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[0].Name).To(Equal("edpm-ansible"))
 				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[1].Name).To(Equal("bootstrap-combined-ca-bundle"))
-				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[2].Name).To(Equal("ssh-key"))
+				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[2].Name).To(Equal("ssh-key-edpm-compute-nodeset"))
 				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[3].Name).To(Equal("inventory"))
 				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[0].VolumeSource.PersistentVolumeClaim.ClaimName).To(Equal("edpm-ansible"))
 				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[1].VolumeSource.Secret.SecretName).To(Equal("combined-ca-bundle"))
 				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[2].VolumeSource.Secret.SecretName).To(Equal("dataplane-ansible-ssh-private-key-secret"))
-				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[2].VolumeSource.Secret.Items[0].Path).To(Equal("ssh_key"))
+				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[2].VolumeSource.Secret.Items[0].Path).To(Equal("ssh_key_edpm-compute-nodeset"))
 				g.Expect(ansibleEE.Spec.Template.Spec.Volumes[2].VolumeSource.Secret.Items[0].Key).To(Equal("ssh-privatekey"))
 
 			}, th.Timeout, th.Interval).Should(Succeed())