openstack/puppet-nova
Code Issues Proposed changes

Add support for Ed25519 ssh keys

Browse Source 
The Ed25519 public key algorithm is broadly deployed, and this commit
adds support for it.

Change-Id: I9300b3d5eb0bf351c094e1261dc56f990111934d
This commit is contained in:
Trygve Vea
2023-07-07 14:02:43 +02:00
committed by Takashi Kajinami
parent 1eb61e7fc9
commit 050523a3fb
3 changed files with 36 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
manifests/init.pp
View File

@@ -226,14 +226,14 @@
# [*nova_public_key*] # [*nova_public_key*]
# (optional) Install public key in .ssh/authorized_keys for the 'nova' user. # (optional) Install public key in .ssh/authorized_keys for the 'nova' user.
# Expects a hash of the form { type => 'key-type', key => 'key-data' } where # Expects a hash of the form { type => 'key-type', key => 'key-data' } where
# 'key-type' is one of (ssh-rsa, ssh-dsa, ssh-ecdsa) and 'key-data' is the # 'key-type' is one of (ssh-rsa, ssh-dsa, ssh-ecdsa, ssh-ed25519) and
# actual key data (e.g, 'AAAA...'). # 'key-data' is the actual key data (e.g, 'AAAA...').
# #
# [*nova_private_key*] # [*nova_private_key*]
# (optional) Install private key into .ssh/id_rsa (or appropriate equivalent # (optional) Install private key into .ssh/id_rsa (or appropriate equivalent
# for key type). Expects a hash of the form { type => 'key-type', key => # for key type). Expects a hash of the form { type => 'key-type', key =>
# 'key-data' }, where 'key-type' is one of (ssh-rsa, ssh-dsa, ssh-ecdsa) and # 'key-data' }, where 'key-type' is one of (ssh-rsa, ssh-dsa, ssh-ecdsa,
# 'key-data' is the contents of the private key file. # ssh-ed25519) and 'key-data' is the contents of the private key file.
# #
# [*ssl_only*] # [*ssl_only*]
# (optional) Disallow non-encrypted connections. # (optional) Disallow non-encrypted connections.
@@ -505,15 +505,16 @@ in a future release.")
} }
$nova_private_key_file = $nova_private_key['type'] ? { $nova_private_key_file = $nova_private_key['type'] ? {
'ssh-rsa' => '/var/lib/nova/.ssh/id_rsa', 'ssh-rsa' => '/var/lib/nova/.ssh/id_rsa',
'ssh-dsa' => '/var/lib/nova/.ssh/id_dsa', 'ssh-dsa' => '/var/lib/nova/.ssh/id_dsa',
'ssh-ecdsa' => '/var/lib/nova/.ssh/id_ecdsa', 'ssh-ecdsa' => '/var/lib/nova/.ssh/id_ecdsa',
default => undef 'ssh-ed25519' => '/var/lib/nova/.ssh/id_ed25519',
default => undef
} }
if ! $nova_private_key_file { if ! $nova_private_key_file {
fail("Unable to determine name of private key file. Type specified was '${nova_private_key['type']}' \ fail("Unable to determine name of private key file. Type specified was '${nova_private_key['type']}' \
but should be one of: ssh-rsa, ssh-dsa, ssh-ecdsa.") but should be one of: ssh-rsa, ssh-dsa, ssh-ecdsa, ssh-ed25519.")
} }
file { $nova_private_key_file: file { $nova_private_key_file:

5
releasenotes/notes/ed25519-key-ce510b4bbbd172b5.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
features:
- |
The ``nova::nova_private_key`` parameter now supports the ``ssh-ed25519``
type.

32
spec/classes/nova_init_spec.rb
View File

@@ -333,18 +333,28 @@ describe 'nova' do
end end
end end
context 'with ssh private key' do {
let :params do 'ssh-rsa' => 'id_rsa',
{ 'ssh-dsa' => 'id_dsa',
:nova_private_key => {'type' => 'ssh-rsa', 'ssh-ecdsa' => 'id_ecdsa',
'key' => 'keydata'} 'ssh-ed25519' => 'id_ed25519'
} }.each do |keytype, keyname|
end context "with ssh private key(#{keytype})" do
let :params do
{
:nova_private_key => {'type' => keytype,
'key' => 'keydata'}
}
end
it 'should install ssh private key' do it 'should install ssh private key' do
is_expected.to contain_file('/var/lib/nova/.ssh/id_rsa').with( is_expected.to contain_file("/var/lib/nova/.ssh/#{keyname}").with(
:content => 'keydata' :content => 'keydata',
) :mode => '0600',
:owner => 'nova',
:group => 'nova',
)
end
end end
end end