Add support for Ed25519 ssh keys
The Ed25519 public key algorithm is broadly deployed, and this commit adds support for it. Change-Id: I9300b3d5eb0bf351c094e1261dc56f990111934d
This commit is contained in:
		 Trygve Vea
					Trygve Vea
				
			
				
					committed by
					
						 Takashi Kajinami
						Takashi Kajinami
					
				
			
			
				
	
			
			
			 Takashi Kajinami
						Takashi Kajinami
					
				
			
						parent
						
							1eb61e7fc9
						
					
				
				
					commit
					050523a3fb
				
			| @@ -226,14 +226,14 @@ | ||||
| # [*nova_public_key*] | ||||
| #   (optional) Install public key in .ssh/authorized_keys for the 'nova' user. | ||||
| #   Expects a hash of the form { type => 'key-type', key => 'key-data' } where | ||||
| #   'key-type' is one of (ssh-rsa, ssh-dsa, ssh-ecdsa) and 'key-data' is the | ||||
| #   actual key data (e.g, 'AAAA...'). | ||||
| #   'key-type' is one of (ssh-rsa, ssh-dsa, ssh-ecdsa, ssh-ed25519) and | ||||
| #   'key-data' is the actual key data (e.g, 'AAAA...'). | ||||
| # | ||||
| # [*nova_private_key*] | ||||
| #   (optional) Install private key into .ssh/id_rsa (or appropriate equivalent | ||||
| #   for key type).  Expects a hash of the form { type => 'key-type', key => | ||||
| #   'key-data' }, where 'key-type' is one of (ssh-rsa, ssh-dsa, ssh-ecdsa) and | ||||
| #   'key-data' is the contents of the private key file. | ||||
| #   'key-data' }, where 'key-type' is one of (ssh-rsa, ssh-dsa, ssh-ecdsa, | ||||
| #   ssh-ed25519) and 'key-data' is the contents of the private key file. | ||||
| # | ||||
| # [*ssl_only*] | ||||
| #   (optional) Disallow non-encrypted connections. | ||||
| @@ -505,15 +505,16 @@ in a future release.") | ||||
|       } | ||||
|  | ||||
|       $nova_private_key_file = $nova_private_key['type'] ? { | ||||
|         'ssh-rsa'   => '/var/lib/nova/.ssh/id_rsa', | ||||
|         'ssh-dsa'   => '/var/lib/nova/.ssh/id_dsa', | ||||
|         'ssh-ecdsa' => '/var/lib/nova/.ssh/id_ecdsa', | ||||
|         default     => undef | ||||
|         'ssh-rsa'     => '/var/lib/nova/.ssh/id_rsa', | ||||
|         'ssh-dsa'     => '/var/lib/nova/.ssh/id_dsa', | ||||
|         'ssh-ecdsa'   => '/var/lib/nova/.ssh/id_ecdsa', | ||||
|         'ssh-ed25519' => '/var/lib/nova/.ssh/id_ed25519', | ||||
|         default       => undef | ||||
|       } | ||||
|  | ||||
|       if ! $nova_private_key_file { | ||||
|         fail("Unable to determine name of private key file.  Type specified was '${nova_private_key['type']}' \ | ||||
| but should be one of: ssh-rsa, ssh-dsa, ssh-ecdsa.") | ||||
| but should be one of: ssh-rsa, ssh-dsa, ssh-ecdsa, ssh-ed25519.") | ||||
|       } | ||||
|  | ||||
|       file { $nova_private_key_file: | ||||
|   | ||||
							
								
								
									
										5
									
								
								releasenotes/notes/ed25519-key-ce510b4bbbd172b5.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								releasenotes/notes/ed25519-key-ce510b4bbbd172b5.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,5 @@ | ||||
| --- | ||||
| features: | ||||
|   - | | ||||
|     The ``nova::nova_private_key`` parameter now supports the ``ssh-ed25519`` | ||||
|     type. | ||||
| @@ -333,18 +333,28 @@ describe 'nova' do | ||||
|       end | ||||
|     end | ||||
|  | ||||
|     context 'with ssh private key' do | ||||
|       let :params do | ||||
|         { | ||||
|           :nova_private_key => {'type' => 'ssh-rsa', | ||||
|                                 'key'  => 'keydata'} | ||||
|         } | ||||
|       end | ||||
|     { | ||||
|       'ssh-rsa'     => 'id_rsa', | ||||
|       'ssh-dsa'     => 'id_dsa', | ||||
|       'ssh-ecdsa'   => 'id_ecdsa', | ||||
|       'ssh-ed25519' => 'id_ed25519' | ||||
|     }.each do |keytype, keyname| | ||||
|       context "with ssh private key(#{keytype})" do | ||||
|         let :params do | ||||
|           { | ||||
|             :nova_private_key => {'type' => keytype, | ||||
|                                   'key'  => 'keydata'} | ||||
|           } | ||||
|         end | ||||
|  | ||||
|       it 'should install ssh private key' do | ||||
|         is_expected.to contain_file('/var/lib/nova/.ssh/id_rsa').with( | ||||
|           :content => 'keydata' | ||||
|         ) | ||||
|         it 'should install ssh private key' do | ||||
|           is_expected.to contain_file("/var/lib/nova/.ssh/#{keyname}").with( | ||||
|             :content => 'keydata', | ||||
|             :mode    => '0600', | ||||
|             :owner   => 'nova', | ||||
|             :group   => 'nova', | ||||
|           ) | ||||
|         end | ||||
|       end | ||||
|     end | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user