Support customizing ssh key type
This change introduces a few new parameters to customize type of the ssh key automatically generated. This is required especially in recent operating systems like CentOS 9 which no longer allow RSA key by default. Closes-Bug: #1986651 Change-Id: I73f8b584ac228a0ba65b531c2e8d9f6495d63ad2
This commit is contained in:
parent
b14e9337f2
commit
fcd1225ae6
|
@ -35,9 +35,18 @@
|
|||
# Defaults to '/etc/octavia/.ssh/octavia_ssh_key'
|
||||
#
|
||||
# [*manage_keygen*]
|
||||
# (optional) Whether or not create OpenStack keypair for communicating with amphora
|
||||
# (optional) Whether or not create OpenStack keypair for communicating with
|
||||
# amphora.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*ssh_key_type*]
|
||||
# (optional) Type of ssh key to create.
|
||||
# Defaults to 'rsa'
|
||||
#
|
||||
# [*ssh_key_bits*]
|
||||
# (optional) Number of bits in ssh key.
|
||||
# Defaults to 2048
|
||||
#
|
||||
# [*amp_project_name*]
|
||||
# (optional) Set the project to be used for creating load balancer instances.
|
||||
# Defaults to 'services'
|
||||
|
@ -51,6 +60,8 @@ class octavia::worker (
|
|||
$nova_flavor_config = {},
|
||||
$key_path = '/etc/octavia/.ssh/octavia_ssh_key',
|
||||
$manage_keygen = false,
|
||||
$ssh_key_type = 'rsa',
|
||||
$ssh_key_bits = 2048,
|
||||
$amp_project_name = 'services',
|
||||
) inherits octavia::params {
|
||||
|
||||
|
@ -136,8 +147,8 @@ class octavia::worker (
|
|||
|
||||
ssh_keygen { $::octavia::controller::amp_ssh_key_name:
|
||||
user => $::octavia::params::user,
|
||||
type => 'rsa',
|
||||
bits => 2048,
|
||||
type => $ssh_key_type,
|
||||
bits => $ssh_key_bits,
|
||||
filename => "${key_path}/${::octavia::controller::amp_ssh_key_name}",
|
||||
comment => 'Used for Octavia Service VM'
|
||||
}
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
The following parameters have been added the ``octavia::worker`` class, to
|
||||
support customizing type of the ssh key generated when
|
||||
the ``manage_keygen`` parameter is ``True``.
|
||||
|
||||
- ``ssh_key_type``
|
||||
- ``ssh_key_bits``
|
|
@ -121,11 +121,12 @@ describe 'octavia::worker' do
|
|||
end
|
||||
end
|
||||
|
||||
context 'with enabled sshkey gen' do
|
||||
context 'with enabled sshkey gen(rsa)' do
|
||||
before do
|
||||
params.merge!({
|
||||
:manage_keygen => true,
|
||||
:key_path => '/etc/octavia/.ssh/octavia_ssh_key'})
|
||||
:key_path => '/etc/octavia/.ssh/octavia_ssh_key'
|
||||
})
|
||||
end
|
||||
|
||||
it 'configures ssh_keygen and directory' do
|
||||
|
@ -142,6 +143,49 @@ describe 'octavia::worker' do
|
|||
:group => 'octavia',
|
||||
:owner => 'octavia'
|
||||
)
|
||||
|
||||
is_expected.to contain_ssh_keygen('octavia-ssh-key').with(
|
||||
:user => 'octavia',
|
||||
:type => 'rsa',
|
||||
:bits => 2048,
|
||||
:filename => '/etc/octavia/.ssh/octavia_ssh_key/octavia-ssh-key',
|
||||
:comment => 'Used for Octavia Service VM',
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
context 'with enabled sshkey gen(ecdsa)' do
|
||||
before do
|
||||
params.merge!({
|
||||
:manage_keygen => true,
|
||||
:key_path => '/etc/octavia/.ssh/octavia_ssh_key',
|
||||
:ssh_key_type => 'ecdsa',
|
||||
:ssh_key_bits => 256,
|
||||
})
|
||||
end
|
||||
|
||||
it 'configures ssh_keygen and directory' do
|
||||
is_expected.to contain_exec('create_amp_key_dir').with(
|
||||
:path => ['/bin', '/usr/bin'],
|
||||
:command => 'mkdir -p /etc/octavia/.ssh/octavia_ssh_key',
|
||||
:creates => '/etc/octavia/.ssh/octavia_ssh_key'
|
||||
)
|
||||
|
||||
is_expected.to contain_file('amp_key_dir').with(
|
||||
:ensure => 'directory',
|
||||
:path => '/etc/octavia/.ssh/octavia_ssh_key',
|
||||
:mode => '0700',
|
||||
:group => 'octavia',
|
||||
:owner => 'octavia'
|
||||
)
|
||||
|
||||
is_expected.to contain_ssh_keygen('octavia-ssh-key').with(
|
||||
:user => 'octavia',
|
||||
:type => 'ecdsa',
|
||||
:bits => 256,
|
||||
:filename => '/etc/octavia/.ssh/octavia_ssh_key/octavia-ssh-key',
|
||||
:comment => 'Used for Octavia Service VM',
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue