openstack
/
puppet-octavia
Code Issues Proposed changes

Support customizing ssh key type 

This change introduces a few new parameters to customize type of
the ssh key automatically generated. This is required especially in
recent operating systems like CentOS 9 which no longer allow RSA key
by default.

Closes-Bug: #1986651
Change-Id: I73f8b584ac228a0ba65b531c2e8d9f6495d63ad2
This commit is contained in:
Takashi Kajinami 2022-08-16 16:28:02 +09:00
parent b14e9337f2
commit fcd1225ae6
3 changed files with 69 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
manifests/worker.pp
View File

@ -35,9 +35,18 @@
# Defaults to '/etc/octavia/.ssh/octavia_ssh_key'
#
# [*manage_keygen*]
# (optional) Whether or not create OpenStack keypair for communicating with amphora
# (optional) Whether or not create OpenStack keypair for communicating with
# amphora.
# Defaults to false
#
# [*ssh_key_type*]
# (optional) Type of ssh key to create.
# Defaults to 'rsa'
#
# [*ssh_key_bits*]
# (optional) Number of bits in ssh key.
# Defaults to 2048
#
# [*amp_project_name*]
# (optional) Set the project to be used for creating load balancer instances.
# Defaults to 'services'
@ -51,6 +60,8 @@ class octavia::worker (
$nova_flavor_config = {},
$key_path = '/etc/octavia/.ssh/octavia_ssh_key',
$manage_keygen = false,
$ssh_key_type = 'rsa',
$ssh_key_bits = 2048,
$amp_project_name = 'services',
) inherits octavia::params {
@ -136,8 +147,8 @@ class octavia::worker (
ssh_keygen { $::octavia::controller::amp_ssh_key_name:
user => $::octavia::params::user,
type => 'rsa',
bits => 2048,
type => $ssh_key_type,
bits => $ssh_key_bits,
filename => "${key_path}/${::octavia::controller::amp_ssh_key_name}",
comment => 'Used for Octavia Service VM'
}

9
releasenotes/notes/ssh_key_type-08bccff227a885e2.yaml Normal file
View File

@ -0,0 +1,9 @@
---
features:
- |
The following parameters have been added the ``octavia::worker`` class, to
support customizing type of the ssh key generated when
the ``manage_keygen`` parameter is ``True``.
- ``ssh_key_type``
- ``ssh_key_bits``

48
spec/classes/octavia_worker_spec.rb
View File

@ -121,11 +121,12 @@ describe 'octavia::worker' do
end
end
context 'with enabled sshkey gen' do
context 'with enabled sshkey gen(rsa)' do
before do
params.merge!({
:manage_keygen => true,
:key_path => '/etc/octavia/.ssh/octavia_ssh_key'})
:key_path => '/etc/octavia/.ssh/octavia_ssh_key'
})
end
it 'configures ssh_keygen and directory' do
@ -142,6 +143,49 @@ describe 'octavia::worker' do
:group => 'octavia',
:owner => 'octavia'
)
is_expected.to contain_ssh_keygen('octavia-ssh-key').with(
:user => 'octavia',
:type => 'rsa',
:bits => 2048,
:filename => '/etc/octavia/.ssh/octavia_ssh_key/octavia-ssh-key',
:comment => 'Used for Octavia Service VM',
)
end
end
context 'with enabled sshkey gen(ecdsa)' do
before do
params.merge!({
:manage_keygen => true,
:key_path => '/etc/octavia/.ssh/octavia_ssh_key',
:ssh_key_type => 'ecdsa',
:ssh_key_bits => 256,
})
end
it 'configures ssh_keygen and directory' do
is_expected.to contain_exec('create_amp_key_dir').with(
:path => ['/bin', '/usr/bin'],
:command => 'mkdir -p /etc/octavia/.ssh/octavia_ssh_key',
:creates => '/etc/octavia/.ssh/octavia_ssh_key'
)
is_expected.to contain_file('amp_key_dir').with(
:ensure => 'directory',
:path => '/etc/octavia/.ssh/octavia_ssh_key',
:mode => '0700',
:group => 'octavia',
:owner => 'octavia'
)
is_expected.to contain_ssh_keygen('octavia-ssh-key').with(
:user => 'octavia',
:type => 'ecdsa',
:bits => 256,
:filename => '/etc/octavia/.ssh/octavia_ssh_key/octavia-ssh-key',
:comment => 'Used for Octavia Service VM',
)
end
end