From a2a8b4467d0e08364f7250a80ef46b2e1494e22b Mon Sep 17 00:00:00 2001
From: Federico Ressi <fressi@redhat.com>
Date: Wed, 18 Nov 2020 14:37:59 +0100
Subject: [PATCH] Ensure local SSH key can login localhost

Change-Id: I03f7b9ec68c55f4819698775524ce4df6875d511
---
 Vagrantfile                      |  2 +-
 devstack/README.rst              |  6 ++--
 devstack/plugin.sh               | 51 +++++++++++++++++++++++++-------
 devstack/settings                |  3 ++
 playbooks/vagrant/ovs/local.conf |  3 +-
 5 files changed, 49 insertions(+), 16 deletions(-)

diff --git a/Vagrantfile b/Vagrantfile
index a402637..940a82a 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -39,7 +39,7 @@ TOX_ENVLIST = ENV.fetch('TOX_ENVLIST', '')
 TOX_EXTRA_ARGS = ENV.fetch('TOX_EXTRA_ARGS', '--notest')
 
 # Allow to switch configuration
-DEVSTACK_CONF_NAME = ENV.fetch('DEVSTACK_CONF_NAME', 'ovn')
+DEVSTACK_CONF_NAME = ENV.fetch('DEVSTACK_CONF_NAME', 'ovs')
 
 DEVSTACK_LOCAL_CONF_FILE = ENV.fetch(
   'DEVSTACK_LOCAL_CONF_FILE',
diff --git a/devstack/README.rst b/devstack/README.rst
index fb9efaa..5df80d7 100644
--- a/devstack/README.rst
+++ b/devstack/README.rst
@@ -19,8 +19,8 @@ repository.  See contrib/vagrant to create a vagrant VM.
 
 3. Tobiko require Heat to be enabled, so heat should be also enabled::
 
-   [[local|localrc]]
-   enable_plugin heat https://opendev.org/openstack/heat
-
+     > cat local.conf
+     [[local|localrc]]
+     enable_plugin heat https://opendev.org/openstack/heat
 
 3. Run ``stack.sh``
diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index e2678ec..915595a 100644
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -36,6 +36,7 @@ function configure_tobiko {
     configure_tobiko_keystone "${tobiko_conf_file}"
     configure_tobiko_nova "${tobiko_conf_file}"
     configure_tobiko_neutron "${tobiko_conf_file}"
+    configure_tobiko_ssh "${tobiko_conf_file}"
 
     echo_summary "Apply changes to actual ${TOBIKO_CONF_FILE} file."
     sudo mkdir -p $(dirname "${TOBIKO_CONF_FILE}")
@@ -151,17 +152,8 @@ function configure_tobiko_nova {
 
     (
         cd $(dirname "${tobiko_conf_file}")
-        local key_file=${TOBIKO_NOVA_KEY_FILE}
-        if [ "${key_file}" != "" ]; then
-            iniset "${tobiko_conf_file}" nova key_file "${key_file}"
-        else
-            # Use the default keyfile name
-            key_file=~/.ssh/id_rsa
-        fi
-        if ! [ -r "${key_file}" ]; then
-            mkdir -p $(dirname "${key_file}")
-            ssh-keygen -f "${key_file}" -N ""
-        fi
+        configure_key_file "${tobiko_conf_file}" nova key_file \
+            "${TOBIKO_NOVA_KEY_FILE}"
     )
 }
 
@@ -179,6 +171,43 @@ function configure_tobiko_neutron {
 }
 
 
+function configure_tobiko_ssh {
+    echo_summary "Write [ssh] section to ${TOBIKO_CONF_FILE}"
+    local tobiko_conf_file=$1
+
+    (
+        cd $(dirname "${tobiko_conf_file}")
+        configure_key_file "${tobiko_conf_file}" ssh key_file \
+            "${TOBIKO_SSH_KEY_FILE}"
+    )
+}
+
+function configure_key_file {
+    local tobiko_conf_file=$1
+
+    ensure_key_file "${key_file}"
+    iniset_nonempty "$@"
+}
+
+
+function ensure_key_file {
+    local key_file=${1:-~/.ssh/id_rsa}
+    # Ensure key file exists
+    if ! [ -r "${key_file}" ]; then
+        mkdir -p $(dirname "${key_file}")
+        ssh-keygen -f "${key_file}" -N ""
+    fi
+
+    # Ensure Tobiko can SSH localhost using key file
+    local pub_key
+    pub_key=$(cat "${key_file}.pub")
+    if ! grep "${pub_key}" ~/.ssh/authorized_keys; then
+        cat "${key_file}.pub" >> ~/.ssh/authorized_keys
+    fi
+    chmod 600 "${key_file}" "${key_file}.pub" ~/.ssh/authorized_keys
+}
+
+
 function iniset_nonempty {
     # Calls iniset only when option value is not an empty string
     if [ -n "$4" ]; then
diff --git a/devstack/settings b/devstack/settings
index 88c3748..c066400 100644
--- a/devstack/settings
+++ b/devstack/settings
@@ -41,3 +41,6 @@ TOBIKO_NOVA_KEY_FILE=${TOBIKO_NOVA_KEY_FILE:-}
 TOBIKO_NEUTRON_FLOATING_NETWORK=${TOBIKO_NEUTRON_FLOATING_NETWORK:-${PUBLIC_NETWORK_NAME}}
 TOBIKO_NEUTRON_IPV4_DNS_NAMESERVERS=${TOBIKO_NEUTRON_IPV4_DNS_NAMESERVERS:-}
 TOBIKO_NEUTRON_IPV6_DNS_NAMESERVERS=${TOBIKO_NEUTRON_IPV6_DNS_NAMESERVERS:-}
+
+# --- SSH settings ---
+TOBIKO_SSH_KEY_FILE=${TOBIKO_SSH_KEY_FILE:-}
diff --git a/playbooks/vagrant/ovs/local.conf b/playbooks/vagrant/ovs/local.conf
index 0fe87cc..82e2a3e 100644
--- a/playbooks/vagrant/ovs/local.conf
+++ b/playbooks/vagrant/ovs/local.conf
@@ -7,7 +7,6 @@ SERVICE_PASSWORD=$ADMIN_PASSWORD
 LOGFILE=/opt/stack/devstack/stack.log
 LOG_COLOR=False
 
-
 # Disable unrequired services -------------------------------------------------
 
 disable_service horizon
@@ -30,3 +29,5 @@ enable_plugin heat https://opendev.org/openstack/heat.git
 # Configure Tobiko ------------------------------------------------------------
 
 enable_plugin devstack-plugin-tobiko https://opendev.org/x/devstack-plugin-tobiko.git
+
+TOBIKO_NEUTRON_IPV4_DNS_NAMESERVERS=1.1.1.1,8.8.8.8