cloudstack: cs_instance: fix ssh key always marked as changed (#20541)

The same ssh key may be registered with different names. Before we only looked at the names and marked as changed when names differ. However internally cloudstack seems to ignore the change, if the fingerprints are identical. As a result we also have to compare the fingerprints and only mark the keys as changed if the fingerprints differ.
2026-04-16 13:51:09 +00:00 · 2017-01-24 07:49:54 +01:00
parent 836e0b59d2
commit 5475f3ee64
1 changed files with 27 additions and 7 deletions
--- a/lib/ansible/modules/cloud/cloudstack/cs_instance.py
+++ b/lib/ansible/modules/cloud/cloudstack/cs_instance.py
@@ -558,6 +558,27 @@ class AnsibleCloudStackInstance(AnsibleCloudStack):
        return res


+    def ssh_key_has_changed(self):
+        ssh_key_name = self.module.params.get('ssh_key')
+        if ssh_key_name is None:
+            return False
+
+        instance_ssh_key_name = self.instance.get('keypair')
+        if instance_ssh_key_name is None:
+            return True
+
+        if ssh_key_name == instance_ssh_key_name:
+            return False
+
+        res = self.cs.listSSHKeyPairs(name=instance_ssh_key_name)
+        instance_ssh_key = res['sshkeypair'][0]
+        res = self.cs.listSSHKeyPairs(name=ssh_key_name)
+        param_ssh_key = res['sshkeypair'][0]
+        if param_ssh_key['fingerprint'] != instance_ssh_key['fingerprint']:
+            return True
+        return False
+
+
    def security_groups_has_changed(self):
        security_groups = self.module.params.get('security_groups')
        if security_groups is None:
@@ -724,13 +745,7 @@ class AnsibleCloudStackInstance(AnsibleCloudStack):
            args_instance_update['displayname'] = self.module.params.get('display_name')
        instance_changed = self.has_changed(args_instance_update, instance)

-        # SSH key data
-        args_ssh_key = {}
-        args_ssh_key['id'] = instance['id']
-        args_ssh_key['projectid'] = self.get_project(key='id')
-        if self.module.params.get('ssh_key'):
-            args_ssh_key['keypair'] = self.module.params.get('ssh_key')
-        ssh_key_changed = self.has_changed(args_ssh_key, instance)
+        ssh_key_changed = self.ssh_key_has_changed()

        security_groups_changed = self.security_groups_has_changed()

@@ -773,6 +788,11 @@ class AnsibleCloudStackInstance(AnsibleCloudStack):

                    # Reset SSH key
                    if ssh_key_changed:
+                        # SSH key data
+                        args_ssh_key = {}
+                        args_ssh_key['id'] = instance['id']
+                        args_ssh_key['projectid'] = self.get_project(key='id')
+                        args_ssh_key['keypair'] = self.module.params.get('ssh_key')
                        instance = self.cs.resetSSHKeyForVirtualMachine(**args_ssh_key)
                        if 'errortext' in instance:
                            self.module.fail_json(msg="Failed: '%s'" % instance['errortext'])