octavia: Add support for disabling amphora provider

Commit readded after upstream sync with
octavia_auto_configure added to
'Copying over Octavia SSH' key task
as per commit 326e15d
'Do not write octavia_amp_ssh_key if auto_config disabled'

Change-Id: I1010ee42aaf1c650d9e3b5332ebf828646a6badf

Author: mnasiadka

ansible/roles/octavia/tasks/config.yml

@@ -82,71 +82,69 @@
   notify:
     - "Restart {{ item.key }} container"
 
-- name: Copying over Octavia SSH key
-  copy:
-    content: "{{ octavia_amp_ssh_key.private_key }}"
-    dest: "{{ node_config_directory }}/octavia-worker/{{ octavia_amp_ssh_key_name }}"
-    owner: "{{ config_owner_user }}"
-    group: "{{ config_owner_group }}"
-    mode: "0400"
-  become: True
-  when:
-    - inventory_hostname in groups[octavia_services['octavia-worker']['group']]
-    - octavia_auto_configure | bool
+- block:
 
-- name: Copying certificate files for octavia-worker
-  vars:
-    service: "{{ octavia_services['octavia-worker'] }}"
-  copy:
-    src: "{{ node_custom_config }}/octavia/{{ item }}"
-    dest: "{{ node_config_directory }}/octavia-worker/{{ item }}"
-    mode: "0660"
-  become: true
-  when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
-  with_items:
-    - client.cert-and-key.pem
-    - client_ca.cert.pem
-    - server_ca.cert.pem
-    - server_ca.key.pem
-  notify:
-    - Restart octavia-worker container
+    - name: Copying over Octavia SSH key
+      copy:
+        content: "{{ octavia_amp_ssh_key.private_key }}"
+        dest: "{{ node_config_directory }}/octavia-worker/{{ octavia_amp_ssh_key_name }}"
+        owner: "{{ config_owner_user }}"
+        group: "{{ config_owner_group }}"
+        mode: "0400"
+      become: True
+      when: 
+       - inventory_hostname in groups[octavia_services['octavia-worker']['group']]
+       - octavia_auto_configure | bool
 
-- name: Copying certificate files for octavia-housekeeping
-  vars:
-    service: "{{ octavia_services['octavia-housekeeping'] }}"
-  copy:
-    src: "{{ node_custom_config }}/octavia/{{ item }}"
-    dest: "{{ node_config_directory }}/octavia-housekeeping/{{ item }}"
-    mode: "0660"
-  become: true
-  when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
-  with_items:
-    - client.cert-and-key.pem
-    - client_ca.cert.pem
-    - server_ca.cert.pem
-    - server_ca.key.pem
-  notify:
-    - Restart octavia-housekeeping container
+    - name: Copying certificate files for octavia-worker
+      vars:
+        service: "{{ octavia_services['octavia-worker'] }}"
+      copy:
+        src: "{{ node_custom_config }}/octavia/{{ item }}"
+        dest: "{{ node_config_directory }}/octavia-worker/{{ item }}"
+        mode: "0660"
+      become: true
+      when:
+        - inventory_hostname in groups[service.group]
+        - service.enabled | bool
+      with_items: "{{ octavia_amphora_keys }}"
+      notify:
+        - Restart octavia-worker container
+
+    - name: Copying certificate files for octavia-housekeeping
+      vars:
+        service: "{{ octavia_services['octavia-housekeeping'] }}"
+      copy:
+        src: "{{ node_custom_config }}/octavia/{{ item }}"
+        dest: "{{ node_config_directory }}/octavia-housekeeping/{{ item }}"
+        mode: "0660"
+      become: true
+      when:
+        - inventory_hostname in groups[service.group]
+        - service.enabled | bool
+      with_items: "{{ octavia_amphora_keys }}"
+      notify:
+        - Restart octavia-housekeeping container
+
+    - name: Copying certificate files for octavia-health-manager
+      vars:
+        service: "{{ octavia_services['octavia-health-manager'] }}"
+      copy:
+        src: "{{ node_custom_config }}/octavia/{{ item }}"
+        dest: "{{ node_config_directory }}/octavia-health-manager/{{ item }}"
+        mode: "0660"
+      become: true
+      when:
+        - inventory_hostname in groups[service.group]
+        - service.enabled | bool
+      with_items: "{{ octavia_amphora_keys }}"
+      notify:
+        - Restart octavia-health-manager container
 
-- name: Copying certificate files for octavia-health-manager
+  when: "'amphora' in octavia_provider_drivers"
   vars:
-    service: "{{ octavia_services['octavia-health-manager'] }}"
-  copy:
-    src: "{{ node_custom_config }}/octavia/{{ item }}"
-    dest: "{{ node_config_directory }}/octavia-health-manager/{{ item }}"
-    mode: "0660"
-  become: true
-  when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
-  with_items:
-    - client.cert-and-key.pem
-    - client_ca.cert.pem
-    - server_ca.cert.pem
-    - server_ca.key.pem
-  notify:
-    - Restart octavia-health-manager container
+    octavia_amphora_keys:
+      - client.cert-and-key.pem
+      - client_ca.cert.pem
+      - server_ca.cert.pem
+      - server_ca.key.pem

ansible/roles/octavia/tasks/precheck.yml

@@ -41,6 +41,7 @@
       Octavia's certificate configuration has been changed since Train. The new
       configuration requires 4 PEM files. Please check certificate configuration
       guide at https://docs.openstack.org/octavia/latest/admin/guides/certificates.html
+  when: "'amphora' in octavia_provider_drivers"
 
 - name: Checking certificate files exist for octavia
   stat:
@@ -49,7 +50,9 @@
   run_once: True
   register: result
   failed_when: not result.stat.exists
-  when: inventory_hostname in groups['octavia-worker']
+  when:
+    - inventory_hostname in groups['octavia-worker']
+    - "'amphora' in octavia_provider_drivers"
   with_items:
     - client.cert-and-key.pem
     - client_ca.cert.pem

ansible/roles/octavia/templates/octavia-health-manager.json.j2

@@ -6,7 +6,7 @@
             "dest": "/etc/octavia/octavia.conf",
             "owner": "octavia",
             "perm": "0600"
-        },
+        }{% if 'amphora' in octavia_provider_drivers %},
         {
             "source": "{{ container_config_directory }}/client.cert-and-key.pem",
             "dest": "/etc/octavia/certs/client.cert-and-key.pem",
@@ -30,6 +30,6 @@
             "dest": "/etc/octavia/certs/server_ca.key.pem",
             "owner": "octavia",
             "perm": "0600"
-        }
+        }{% endif %}
     ]
 }

ansible/roles/octavia/templates/octavia-housekeeping.json.j2

@@ -6,7 +6,7 @@
             "dest": "/etc/octavia/octavia.conf",
             "owner": "octavia",
             "perm": "0600"
-        },
+        }{% if 'amphora' in octavia_provider_drivers %},
         {
             "source": "{{ container_config_directory }}/client.cert-and-key.pem",
             "dest": "/etc/octavia/certs/client.cert-and-key.pem",
@@ -30,6 +30,6 @@
             "dest": "/etc/octavia/certs/server_ca.key.pem",
             "owner": "octavia",
             "perm": "0600"
-        }
+        }{% endif %}
     ]
 }

ansible/roles/octavia/templates/octavia-worker.json.j2

@@ -6,7 +6,7 @@
             "dest": "/etc/octavia/octavia.conf",
             "owner": "octavia",
             "perm": "0600"
-        },
+        }{% if 'amphora' in octavia_provider_drivers %},
         {
             "source": "{{ container_config_directory }}/client.cert-and-key.pem",
             "dest": "/etc/octavia/certs/client.cert-and-key.pem",
@@ -30,6 +30,6 @@
             "dest": "/etc/octavia/certs/server_ca.key.pem",
             "owner": "octavia",
             "perm": "0600"
-        }
+        }{% endif %}
     ]
 }