Add ability of managing ssh key generation

This patch add the ability to generate ssh key pair for Amphora
instances to use, it will be disabled by default.

Depends-On: I641c3a380c5647d28535914e3a6fb5dd793b6fba

Change-Id: I0e7c7df629600f027220272613fc0c85c9d27d76

manifests/worker.pp

@@ -71,6 +71,10 @@
 #   (optional) full path to the private key for the amphora SSH key
 #   Defaults to '/etc/octavia/.ssh/octavia_ssh_key'
 #
+# [*manage_keygen*]
+#   (optional) Whether or not create OpenStack keypair for communicating with amphora
+#   Defaults to false
+#
 class octavia::worker (
   $manage_service        = true,
   $enabled               = true,
@@ -86,7 +90,8 @@ class octavia::worker (
   $compute_driver        = 'compute_nova_driver',
   $network_driver        = 'allowed_address_pairs_driver',
   $amp_ssh_key_name      = 'octavia-ssh-key',
-  $key_path              = '/etc/octavia/.ssh/octavia_ssh_key'
+  $key_path              = '/etc/octavia/.ssh/octavia_ssh_key',
+  $manage_keygen         = false
 ) inherits octavia::params {
 
   include ::octavia::deps
@@ -142,6 +147,35 @@ class octavia::worker (
     tag        => ['octavia-service'],
   }
 
+  if $manage_keygen {
+    exec {'create_amp_key_dir':
+      path    => ['/bin', '/usr/bin'],
+      command => "mkdir -p ${key_path}",
+      creates => $key_path
+    }
+
+    file { 'amp_key_dir':
+      ensure => directory,
+      path   => $key_path,
+      mode   => '0700',
+      group  => 'octavia',
+      owner  => 'octavia'
+    }
+
+    ssh_keygen { $amp_ssh_key_name:
+      user     => 'octavia',
+      type     => 'rsa',
+      bits     => 2048,
+      filename => "${key_path}/${amp_ssh_key_name}",
+      comment  => 'Used for Octavia Service VM'
+    }
+
+    Package<| tag == 'octavia-package' |>
+    -> Exec['create_amp_key_dir']
+    -> File['amp_key_dir']
+    -> Ssh_keygen[$amp_ssh_key_name]
+  }
+
   octavia_config {
     'controller_worker/amp_flavor_id'         : value => $amp_flavor_id;
     'controller_worker/amp_image_tag'         : value => $amp_image_tag;

metadata.json

@@ -24,6 +24,10 @@
         {
             "name": "openstack/oslo",
             "version_requirement": ">=12.0.0 <13.0.0"
+        },
+        {
+            "name": "puppet/ssh_keygen",
+            "version_requirement": ">=2.0.1 <3.0.0"
         }
     ],
     "description": "Installs and configures OpenStack Octavia.",
@@ -70,4 +74,4 @@
     "source": "git://github.com/openstack/puppet-octavia.git",
     "summary": "Puppet module for OpenStack Octavia",
     "version": "12.0.0"
-}
+}

releasenotes/notes/add-sshkey-gen-management-d76f17ed3f6056b9.yaml

@@ -0,0 +1,4 @@
+---
+features:
+  - Support for configuring ssh key pair generation for
+    amphora to use.

spec/classes/octavia_worker_spec.rb

@@ -95,10 +95,7 @@ describe 'octavia::worker' do
 
     context 'with disabled service managing' do
       before do
-        params.merge!({
+        params.merge!({ :manage_service => false, :enabled        => false }) end
-          :manage_service => false,
-          :enabled        => false })
-      end
 
       it 'configures octavia-worker service' do
         is_expected.to contain_service('octavia-worker').with(
@@ -112,6 +109,30 @@ describe 'octavia::worker' do
       end
     end
 
+    context 'with enabled sshkey gen' do
+      before do
+        params.merge!({
+          :manage_keygen => true,
+          :key_path      => '/etc/octavia/.ssh/octavia_ssh_key'})
+      end
+
+      it 'configures ssh_keygen and directory' do
+        is_expected.to contain_exec('create_amp_key_dir').with(
+          :path    => ['/bin', '/usr/bin'],
+          :command => 'mkdir -p /etc/octavia/.ssh/octavia_ssh_key',
+          :creates => '/etc/octavia/.ssh/octavia_ssh_key'
+        )
+
+        is_expected.to contain_file('amp_key_dir').with(
+          :ensure  => 'directory',
+          :path    => '/etc/octavia/.ssh/octavia_ssh_key',
+          :mode    => '0700',
+          :group   => 'octavia',
+          :owner   => 'octavia'
+        )
+      end
+    end
+
   end
 
   on_supported_os({