From 3b668158c6e05f5238b7b80faae984df649527dd Mon Sep 17 00:00:00 2001
From: Ankit Agarwal <ankit.agarwal@wadi.com>
Date: Sun, 31 Jul 2016 23:32:04 +0530
Subject: [PATCH] Adding feature ssh_interface for Digital Ocean Cloud Config

---
 doc/topics/cloud/digitalocean.rst  |  9 +++++++++
 salt/cloud/clouds/digital_ocean.py | 24 ++++++++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/doc/topics/cloud/digitalocean.rst b/doc/topics/cloud/digitalocean.rst
index 00348cbd01..5633466d1c 100644
--- a/doc/topics/cloud/digitalocean.rst
+++ b/doc/topics/cloud/digitalocean.rst
@@ -177,6 +177,15 @@ Miscellaneous Information
     attempt to delete your DNS records if the minion name matches. This will
     prevent advertising any recycled IP addresses for destroyed minions.
 
+.. note::
+
+   If you need to perform the bootstrap using the local interface for droplets,
+   this can be done by setting ``ssh_interface: private`` in your config. By
+   default the salt-cloud script would run on the public interface however if firewall
+   is preventing the connection to the Droplet over the public interface you might need
+   to set this option to connect via private interface. Also, to use this feature
+   ``private_networking: True`` must be set in the config.
+
 .. note::
 
     Additional documentation is available from `DigitalOcean <https://www.digitalocean.com/community/articles/automated-provisioning-of-digitalocean-cloud-servers-with-salt-cloud-on-ubuntu-12-04>`_.
diff --git a/salt/cloud/clouds/digital_ocean.py b/salt/cloud/clouds/digital_ocean.py
index f45ac9e8ed..0cac2bf279 100644
--- a/salt/cloud/clouds/digital_ocean.py
+++ b/salt/cloud/clouds/digital_ocean.py
@@ -20,6 +20,7 @@ under the "SSH Keys" section.
       personal_access_token: xxx
       ssh_key_file: /path/to/ssh/key/file
       ssh_key_names: my-key-name,my-key-name-2
+      ssh_interface: private
       driver: digital_ocean
 
 :depends: requests
@@ -340,6 +341,22 @@ def create(vm_):
             'because it does not supply a root password upon building the server.'
         )
 
+    ssh_interface = config.get_cloud_config_value(
+        'ssh_interface', vm_, __opts__, search_global=False, default='public'
+    )
+
+    if ssh_interface == 'private':
+        log.info("ssh_interafce: Setting interface for ssh to 'private'.")
+        kwargs['ssh_interface'] = ssh_interface
+    else:
+        if ssh_interface <> 'public':
+            raise SaltCloudConfigError(
+                "The DigitalOcean driver requires ssh_interface to be defined as 'public' or 'private'."
+            )
+        else:
+           log.info("ssh_interafce: Setting interface for ssh to 'public'.")
+           kwargs['ssh_interface'] = ssh_interface
+
     private_networking = config.get_cloud_config_value(
         'private_networking', vm_, __opts__, search_global=False, default=None,
     )
@@ -349,6 +366,12 @@ def create(vm_):
             raise SaltCloudConfigError("'private_networking' should be a boolean value.")
         kwargs['private_networking'] = private_networking
 
+    if not private_networking and ssh_interface == 'private':
+        raise SaltCloudConfigError(
+                "The DigitalOcean driver requires ssh_interface if defined as 'private' "
+                "then private_networking should be set as 'True'."
+    )
+
     backups_enabled = config.get_cloud_config_value(
         'backups_enabled', vm_, __opts__, search_global=False, default=None,
     )
@@ -470,6 +493,7 @@ def create(vm_):
         if facing == 'public':
             if create_dns_record:
                 __add_dns_addr__(dns_rec_type, ip_address)
+        if facing == ssh_interface:
             if not vm_['ssh_host']:
                 vm_['ssh_host'] = ip_address