Add ability of managing ssh key generation
This patch add the ability to generate ssh key pair for Amphora instances to use, it will be disabled by default. Depends-On: I641c3a380c5647d28535914e3a6fb5dd793b6fba Change-Id: I0e7c7df629600f027220272613fc0c85c9d27d76
This commit is contained in:
parent
1dd9d73fd8
commit
952417f622
@ -71,6 +71,10 @@
|
|||||||
# (optional) full path to the private key for the amphora SSH key
|
# (optional) full path to the private key for the amphora SSH key
|
||||||
# Defaults to '/etc/octavia/.ssh/octavia_ssh_key'
|
# Defaults to '/etc/octavia/.ssh/octavia_ssh_key'
|
||||||
#
|
#
|
||||||
|
# [*manage_keygen*]
|
||||||
|
# (optional) Whether or not create OpenStack keypair for communicating with amphora
|
||||||
|
# Defaults to false
|
||||||
|
#
|
||||||
class octavia::worker (
|
class octavia::worker (
|
||||||
$manage_service = true,
|
$manage_service = true,
|
||||||
$enabled = true,
|
$enabled = true,
|
||||||
@ -86,7 +90,8 @@ class octavia::worker (
|
|||||||
$compute_driver = 'compute_nova_driver',
|
$compute_driver = 'compute_nova_driver',
|
||||||
$network_driver = 'allowed_address_pairs_driver',
|
$network_driver = 'allowed_address_pairs_driver',
|
||||||
$amp_ssh_key_name = 'octavia-ssh-key',
|
$amp_ssh_key_name = 'octavia-ssh-key',
|
||||||
$key_path = '/etc/octavia/.ssh/octavia_ssh_key'
|
$key_path = '/etc/octavia/.ssh/octavia_ssh_key',
|
||||||
|
$manage_keygen = false
|
||||||
) inherits octavia::params {
|
) inherits octavia::params {
|
||||||
|
|
||||||
include ::octavia::deps
|
include ::octavia::deps
|
||||||
@ -142,6 +147,35 @@ class octavia::worker (
|
|||||||
tag => ['octavia-service'],
|
tag => ['octavia-service'],
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if $manage_keygen {
|
||||||
|
exec {'create_amp_key_dir':
|
||||||
|
path => ['/bin', '/usr/bin'],
|
||||||
|
command => "mkdir -p ${key_path}",
|
||||||
|
creates => $key_path
|
||||||
|
}
|
||||||
|
|
||||||
|
file { 'amp_key_dir':
|
||||||
|
ensure => directory,
|
||||||
|
path => $key_path,
|
||||||
|
mode => '0700',
|
||||||
|
group => 'octavia',
|
||||||
|
owner => 'octavia'
|
||||||
|
}
|
||||||
|
|
||||||
|
ssh_keygen { $amp_ssh_key_name:
|
||||||
|
user => 'octavia',
|
||||||
|
type => 'rsa',
|
||||||
|
bits => 2048,
|
||||||
|
filename => "${key_path}/${amp_ssh_key_name}",
|
||||||
|
comment => 'Used for Octavia Service VM'
|
||||||
|
}
|
||||||
|
|
||||||
|
Package<| tag == 'octavia-package' |>
|
||||||
|
-> Exec['create_amp_key_dir']
|
||||||
|
-> File['amp_key_dir']
|
||||||
|
-> Ssh_keygen[$amp_ssh_key_name]
|
||||||
|
}
|
||||||
|
|
||||||
octavia_config {
|
octavia_config {
|
||||||
'controller_worker/amp_flavor_id' : value => $amp_flavor_id;
|
'controller_worker/amp_flavor_id' : value => $amp_flavor_id;
|
||||||
'controller_worker/amp_image_tag' : value => $amp_image_tag;
|
'controller_worker/amp_image_tag' : value => $amp_image_tag;
|
||||||
|
@ -24,6 +24,10 @@
|
|||||||
{
|
{
|
||||||
"name": "openstack/oslo",
|
"name": "openstack/oslo",
|
||||||
"version_requirement": ">=12.0.0 <13.0.0"
|
"version_requirement": ">=12.0.0 <13.0.0"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "puppet/ssh_keygen",
|
||||||
|
"version_requirement": ">=2.0.1 <3.0.0"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"description": "Installs and configures OpenStack Octavia.",
|
"description": "Installs and configures OpenStack Octavia.",
|
||||||
|
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- Support for configuring ssh key pair generation for
|
||||||
|
amphora to use.
|
@ -95,10 +95,7 @@ describe 'octavia::worker' do
|
|||||||
|
|
||||||
context 'with disabled service managing' do
|
context 'with disabled service managing' do
|
||||||
before do
|
before do
|
||||||
params.merge!({
|
params.merge!({ :manage_service => false, :enabled => false }) end
|
||||||
:manage_service => false,
|
|
||||||
:enabled => false })
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'configures octavia-worker service' do
|
it 'configures octavia-worker service' do
|
||||||
is_expected.to contain_service('octavia-worker').with(
|
is_expected.to contain_service('octavia-worker').with(
|
||||||
@ -112,6 +109,30 @@ describe 'octavia::worker' do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'with enabled sshkey gen' do
|
||||||
|
before do
|
||||||
|
params.merge!({
|
||||||
|
:manage_keygen => true,
|
||||||
|
:key_path => '/etc/octavia/.ssh/octavia_ssh_key'})
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'configures ssh_keygen and directory' do
|
||||||
|
is_expected.to contain_exec('create_amp_key_dir').with(
|
||||||
|
:path => ['/bin', '/usr/bin'],
|
||||||
|
:command => 'mkdir -p /etc/octavia/.ssh/octavia_ssh_key',
|
||||||
|
:creates => '/etc/octavia/.ssh/octavia_ssh_key'
|
||||||
|
)
|
||||||
|
|
||||||
|
is_expected.to contain_file('amp_key_dir').with(
|
||||||
|
:ensure => 'directory',
|
||||||
|
:path => '/etc/octavia/.ssh/octavia_ssh_key',
|
||||||
|
:mode => '0700',
|
||||||
|
:group => 'octavia',
|
||||||
|
:owner => 'octavia'
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
on_supported_os({
|
on_supported_os({
|
||||||
|
Loading…
Reference in New Issue
Block a user