openstack/puppet-octavia
Code Issues Proposed changes

Add ability of managing ssh key generation

Browse Source 
This patch add the ability to generate ssh key pair for Amphora
instances to use, it will be disabled by default.

Depends-On: I641c3a380c5647d28535914e3a6fb5dd793b6fba

Change-Id: I0e7c7df629600f027220272613fc0c85c9d27d76
This commit is contained in:
Xingchao Yu 2017-10-30 09:25:05 +08:00
parent 1dd9d73fd8
commit 952417f622
4 changed files with 69 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
manifests/worker.pp
View File

@ -71,6 +71,10 @@
# (optional) full path to the private key for the amphora SSH key
# Defaults to '/etc/octavia/.ssh/octavia_ssh_key'
#
# [*manage_keygen*]
# (optional) Whether or not create OpenStack keypair for communicating with amphora
# Defaults to false
#
class octavia::worker (
$manage_service = true,
$enabled = true,
@ -86,7 +90,8 @@ class octavia::worker (
$compute_driver = 'compute_nova_driver',
$network_driver = 'allowed_address_pairs_driver',
$amp_ssh_key_name = 'octavia-ssh-key',
$key_path = '/etc/octavia/.ssh/octavia_ssh_key'
$key_path = '/etc/octavia/.ssh/octavia_ssh_key',
$manage_keygen = false
) inherits octavia::params {
include ::octavia::deps
@ -142,6 +147,35 @@ class octavia::worker (
tag => ['octavia-service'],
}
if $manage_keygen {
exec {'create_amp_key_dir':
path => ['/bin', '/usr/bin'],
command => "mkdir -p ${key_path}",
creates => $key_path
}
file { 'amp_key_dir':
ensure => directory,
path => $key_path,
mode => '0700',
group => 'octavia',
owner => 'octavia'
}
ssh_keygen { $amp_ssh_key_name:
user => 'octavia',
type => 'rsa',
bits => 2048,
filename => "${key_path}/${amp_ssh_key_name}",
comment => 'Used for Octavia Service VM'
}
Package<| tag == 'octavia-package' |>
-> Exec['create_amp_key_dir']
-> File['amp_key_dir']
-> Ssh_keygen[$amp_ssh_key_name]
}
octavia_config {
'controller_worker/amp_flavor_id' : value => $amp_flavor_id;
'controller_worker/amp_image_tag' : value => $amp_image_tag;

6
metadata.json
View File

@ -24,6 +24,10 @@
{
"name": "openstack/oslo",
"version_requirement": ">=12.0.0 <13.0.0"
},
{
"name": "puppet/ssh_keygen",
"version_requirement": ">=2.0.1 <3.0.0"
}
],
"description": "Installs and configures OpenStack Octavia.",
@ -70,4 +74,4 @@
"source": "git://github.com/openstack/puppet-octavia.git",
"summary": "Puppet module for OpenStack Octavia",
"version": "12.0.0"
}
}

4
releasenotes/notes/add-sshkey-gen-management-d76f17ed3f6056b9.yaml Normal file
View File

@ -0,0 +1,4 @@
---
features:
- Support for configuring ssh key pair generation for
amphora to use.

29
spec/classes/octavia_worker_spec.rb
View File

@ -95,10 +95,7 @@ describe 'octavia::worker' do
context 'with disabled service managing' do
before do
params.merge!({
:manage_service => false,
:enabled => false })
end
params.merge!({ :manage_service => false, :enabled => false }) end
it 'configures octavia-worker service' do
is_expected.to contain_service('octavia-worker').with(
@ -112,6 +109,30 @@ describe 'octavia::worker' do
end
end
context 'with enabled sshkey gen' do
before do
params.merge!({
:manage_keygen => true,
:key_path => '/etc/octavia/.ssh/octavia_ssh_key'})
end
it 'configures ssh_keygen and directory' do
is_expected.to contain_exec('create_amp_key_dir').with(
:path => ['/bin', '/usr/bin'],
:command => 'mkdir -p /etc/octavia/.ssh/octavia_ssh_key',
:creates => '/etc/octavia/.ssh/octavia_ssh_key'
)
is_expected.to contain_file('amp_key_dir').with(
:ensure => 'directory',
:path => '/etc/octavia/.ssh/octavia_ssh_key',
:mode => '0700',
:group => 'octavia',
:owner => 'octavia'
)
end
end
end
on_supported_os({