mirror of
https://opendev.org/openstack/ansible-collections-openstack.git
synced 2026-03-29 23:13:04 +00:00
b87ae7dcce
With Ansible OpenStack collection 2.0.0 we break backward compatibility to older releases, mainly due to breaking changes coming with openstacksdk >=0.99.0. For example, results will change for most Ansible modules in this collection. We take this opportunity to drop the symbolic links with prefix os_ in plugins/modules and the plugin routing in meta/runtime.yml. This means users have to call modules of the Ansible OpenStack collection using their FQCN (Fully Qualified Collection Name) such as openstack.cloud.server. Short module names such as os_server will now raise an Ansible error. This also decreases the likelihood of incompatible Ansible code going undetected. Symbolic links were introduced to keep our collection backward compatible to user code which was written for old(er) Ansible releases which did not have support for collections and where OpenStack modules where named with a prefix os_ such as os_server which is nowadays known and stored as openstack.cloud.server. In Ansible aka ansible-base 2.10, a internal routing table lib/ansible/config/ansible_builtin_runtime.yml [1] was introduced which Ansible uses to resolve deprecated module names missing the FQCN (Fully Qualified Collection Name). Additionally, collections can define their own plugin routing table in meta/runtime.yml [2] which we did. In ansible-base 2.10 and ansible-core 2.11 or later, if a user uses a short module name and the collections keyword is not used, Ansible will first look in the internal routing table, get an FQCN, and then looks in the collection for that FQCN. If there is another routing entry for that new name in that collection's meta/runtime.yml, Ansible will continue with that redirect. If it does not find another redirect, Ansible will look for the plugin itself, so it will not find a redirect in the collection before looking at its internal redirects. Except if the user uses a FQCN, then it looks directly in that collection. Ansible 2.9 and 2.8 do not have any notion of these redirects with a plugin routing table, backward compatibility with deprecated os_* module names is solely achieved with symbolic links. Ansible releases older than 2.11 are EOL [3], so usage of os_* symlinks should reduce soon. [1] https://github.com/ansible/ansible/blob/devel/lib/ansible/config/ansible_builtin_runtime.yml [2] https://github.com/openstack/ansible-collections-openstack/blob/master/meta/runtime.yml [3] https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html Change-Id: I28cc05c95419b72552899c926721eb87fb6f0868
156 lines
4.4 KiB
Python
156 lines
4.4 KiB
Python
#!/usr/bin/python
|
|
|
|
# Copyright (c) 2014 Hewlett-Packard Development Company, L.P.
|
|
# Copyright (c) 2013, Benno Joy <benno@ansible.com>
|
|
# Copyright (c) 2013, John Dewey <john@dewey.ws>
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
DOCUMENTATION = '''
|
|
---
|
|
module: keypair
|
|
short_description: Add/Delete a keypair from OpenStack
|
|
author: OpenStack Ansible SIG
|
|
description:
|
|
- Add or Remove key pair from OpenStack
|
|
options:
|
|
name:
|
|
description:
|
|
- Name that has to be given to the key pair
|
|
required: true
|
|
type: str
|
|
public_key:
|
|
description:
|
|
- The public key that would be uploaded to nova and injected into VMs
|
|
upon creation.
|
|
type: str
|
|
public_key_file:
|
|
description:
|
|
- Path to local file containing ssh public key. Mutually exclusive
|
|
with public_key.
|
|
type: str
|
|
state:
|
|
description:
|
|
- Should the resource be present or absent. If state is replace and
|
|
the key exists but has different content, delete it and recreate it
|
|
with the new content.
|
|
choices: [present, absent, replace]
|
|
default: present
|
|
type: str
|
|
requirements:
|
|
- "python >= 3.6"
|
|
- "openstacksdk"
|
|
|
|
extends_documentation_fragment:
|
|
- openstack.cloud.openstack
|
|
'''
|
|
|
|
EXAMPLES = '''
|
|
# Creates a key pair with the running users public key
|
|
- openstack.cloud.keypair:
|
|
cloud: mordred
|
|
state: present
|
|
name: ansible_key
|
|
public_key_file: /home/me/.ssh/id_rsa.pub
|
|
|
|
# Creates a new key pair and the private key returned after the run.
|
|
- openstack.cloud.keypair:
|
|
cloud: rax-dfw
|
|
state: present
|
|
name: ansible_key
|
|
'''
|
|
|
|
RETURN = '''
|
|
id:
|
|
description: Unique UUID.
|
|
returned: success
|
|
type: str
|
|
name:
|
|
description: Name given to the keypair.
|
|
returned: success
|
|
type: str
|
|
public_key:
|
|
description: The public key value for the keypair.
|
|
returned: success
|
|
type: str
|
|
private_key:
|
|
description: The private key value for the keypair.
|
|
returned: Only when a keypair is generated for the user (e.g., when creating one
|
|
and a public key is not specified).
|
|
type: str
|
|
'''
|
|
|
|
from ansible_collections.openstack.cloud.plugins.module_utils.openstack import (
|
|
OpenStackModule)
|
|
|
|
|
|
class KeyPairModule(OpenStackModule):
|
|
|
|
argument_spec = dict(
|
|
name=dict(required=True),
|
|
public_key=dict(default=None),
|
|
public_key_file=dict(default=None),
|
|
state=dict(default='present',
|
|
choices=['absent', 'present', 'replace']),
|
|
)
|
|
|
|
module_kwargs = dict(
|
|
mutually_exclusive=[['public_key', 'public_key_file']])
|
|
|
|
def _system_state_change(self, keypair):
|
|
state = self.params['state']
|
|
if state == 'present' and not keypair:
|
|
return True
|
|
if state == 'absent' and keypair:
|
|
return True
|
|
return False
|
|
|
|
def run(self):
|
|
|
|
state = self.params['state']
|
|
name = self.params['name']
|
|
public_key = self.params['public_key']
|
|
|
|
if self.params['public_key_file']:
|
|
with open(self.params['public_key_file']) as public_key_fh:
|
|
public_key = public_key_fh.read().rstrip()
|
|
|
|
keypair = self.conn.get_keypair(name)
|
|
|
|
if self.ansible.check_mode:
|
|
self.exit_json(changed=self._system_state_change(keypair))
|
|
|
|
if state in ('present', 'replace'):
|
|
if keypair and keypair['name'] == name:
|
|
if public_key and (public_key != keypair['public_key']):
|
|
if state == 'present':
|
|
self.fail_json(
|
|
msg="Key name %s present but key hash not the same"
|
|
" as offered. Delete key first." % name
|
|
)
|
|
else:
|
|
self.conn.delete_keypair(name)
|
|
keypair = self.conn.create_keypair(name, public_key)
|
|
changed = True
|
|
else:
|
|
changed = False
|
|
else:
|
|
keypair = self.conn.create_keypair(name, public_key)
|
|
changed = True
|
|
|
|
self.exit_json(changed=changed, key=keypair, id=keypair['id'])
|
|
|
|
elif state == 'absent':
|
|
if keypair:
|
|
self.conn.delete_keypair(name)
|
|
self.exit_json(changed=True)
|
|
self.exit_json(changed=False)
|
|
|
|
|
|
def main():
|
|
module = KeyPairModule()
|
|
module()
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|