Why is module os_keypair not returning private_key?

I am deploying to Rackspace Cloud with the OpenStack ansible module.

I am facing an issue with the SSH keypair creation. It creates the public key, and installs it on the host. However I can see that the returned JSON does not contain a private_key key-value pair.

- name: SSH key check
  os_keypair:
    auth:
      auth_url: "{{ os_auth_url }}"
      project_name: "{{ os_project_name }}"
      username: "{{ os_username }}"
      password: "{{ os_password }}"
    state: present
    region_name: "{{ os_region }}"
    name: "{{ os_key_name }}"
  register: keypair

- name: Create local public
  local_action:
    module: copy
    content: "{{ keypair.key.public_key }}"
    dest: "~/.ssh/{{ keypair.key.name }}.pub"

- name: Create local private key
  local_action:
    module: copy
    content: "{{ keypair.key.private_key }}"
    dest: "~/.ssh/{{ keypair.key.name }}"
  ignore_errors: True

Value of keypair var:

{
"changed": false,
"id": "openstack",
"key": {
  "public_key": "ssh-rsa AAAAByouknowwhatapublickeylookslikeyouknowwhatapublickeylookslikeyouknowwhatapublickeylookslikeyouknowwhatapublickeylookslikeyouknowwhatapublickeylookslikeyouknowwhatapublickeylookslikeyouknowwhatapublickeylookslikeyouknowwhatapublickeylookslikeyouknowwhatapublickeylookslikeyouknowwhatapublickeylookslikeyouknowwhatapublickeylookslikeyouknowwhatapublickeylookslikeJiln Generated-by-Nova",
  "NAME_ATTR": "name",
  "name": "openstack",
  "fingerprint": "89:e9:3d:s0:m3:nu:mb:3r:41:d5:09:8b:a9:b8:50:65",
  "id": "openstack",
  "human_id": null,
  "request_ids": [],
  "HUMAN_ID": false,
  "x_openstack_request_ids": []
  }
}

As you can see private_key is not present. According to the docs it should return it.

Fairly new to all of this, so be gentle :)


I believe the os_keypair module has not performed any changes to the system. The contents of your keypair variable indicate:

{
  "changed": false,
  ...
}

The ansible docs say this about return of a private_key.

Only when a keypair is generated for the user (e.g., when creating one and a public key is not specified).

If a public key exists, I do not think the module would have generated a new key pair.