Push octavia nova/glance files into HOME (#1387)

bjoernt · web-flow · commit 7e1d0a5334cc · 2026-01-23T09:41:38.000-06:00
/tmp is often restricted for certain file operations and generally
globally readaable, installing SSH key and other artifacts should not
be installed there.
The new override octavia_tmp_dir defaults to `$HOME/octavia`
diff --git a/ansible/roles/octavia_preconf/defaults/main.yml b/ansible/roles/octavia_preconf/defaults/main.yml
@@ -39,6 +39,7 @@ amphora_image_url: "https://tarballs.opendev.org/openstack/octavia/test-images/t
 # these are the defaults for certs
 octavia_create_certs: true
 octavia_certs_dir: "{{ lookup('env', 'HOME') }}/octavia_certs"
+octavia_tmp_dir: "{{ lookup('env', 'HOME') }}/octavia"
 octavia_cert_key_bits: 4096
 octavia_key_type: "RSA"
 octavia_key_passwd: 'not-secure-passphrase'
diff --git a/ansible/roles/octavia_preconf/tasks/octavia_amphora_keypair_image_flavor.yml b/ansible/roles/octavia_preconf/tasks/octavia_amphora_keypair_image_flavor.yml
@@ -4,17 +4,23 @@
 # optional; amphora image uploaded is suitable for
 # test environments; the flavor specs are currently set
 # to 2 vcpus, 1024 MB ram and 5 GB of disk
+- name: Create the base directory for octavia key/image
+  file:
+    path: "{{ octavia_tmp_dir }}"
+    state: directory
+    mode: '0700'
+
 - name: Create ssh keypair for amphorae
   community.crypto.openssh_keypair:
-    path: /tmp/amphora_ssh_key
+    path: "{{ octavia_tmp_dir }}/amphora_ssh_key"
     size: 2048
     comment: "amphora ssh key"
   when: amphora_ssh_enabled
 
 - name: Create ssh keypair in nova for amphora
   openstack.cloud.keypair:
     name: "{{ amphora_ssh_key_name }}"
-    public_key: "{{ lookup('file', '/tmp/amphora_ssh_key.pub') }}"
+    public_key: "{{ lookup('file', octavia_tmp_dir + '/amphora_ssh_key.pub') }}"
     state: present
     interface: public
   when: amphora_ssh_enabled
@@ -36,7 +42,7 @@
 - name: Get the image for amphora
   get_url:
     url: "{{ amphora_image_url }}"
-    dest: /tmp/test-only-amphora-x64-haproxy-ubuntu-{{ amphora_image_version }}.qcow2
+    dest: "{{ octavia_tmp_dir }}/test-only-amphora-x64-haproxy-ubuntu-{{ amphora_image_version }}.qcow2"
   register: download_amphora_image
   until: download_amphora_image is success
   retries: 5
@@ -46,7 +52,7 @@
   openstack.cloud.image:
     name: "{{ amphora_image_name }}"
     state: present
-    filename: /tmp/test-only-amphora-x64-haproxy-ubuntu-{{ amphora_image_version }}.qcow2
+    filename: "{{ octavia_tmp_dir }}/test-only-amphora-x64-haproxy-ubuntu-{{ amphora_image_version }}.qcow2"
     container_format: bare
     disk_format: qcow2
     visibility: private
