diff --git a/manifests/worker.pp b/manifests/worker.pp index e8281f58..fbea7477 100644 --- a/manifests/worker.pp +++ b/manifests/worker.pp @@ -71,6 +71,10 @@ # (optional) full path to the private key for the amphora SSH key # Defaults to '/etc/octavia/.ssh/octavia_ssh_key' # +# [*manage_keygen*] +# (optional) Whether or not create OpenStack keypair for communicating with amphora +# Defaults to false +# class octavia::worker ( $manage_service = true, $enabled = true, @@ -86,7 +90,8 @@ class octavia::worker ( $compute_driver = 'compute_nova_driver', $network_driver = 'allowed_address_pairs_driver', $amp_ssh_key_name = 'octavia-ssh-key', - $key_path = '/etc/octavia/.ssh/octavia_ssh_key' + $key_path = '/etc/octavia/.ssh/octavia_ssh_key', + $manage_keygen = false ) inherits octavia::params { include ::octavia::deps @@ -142,6 +147,35 @@ class octavia::worker ( tag => ['octavia-service'], } + if $manage_keygen { + exec {'create_amp_key_dir': + path => ['/bin', '/usr/bin'], + command => "mkdir -p ${key_path}", + creates => $key_path + } + + file { 'amp_key_dir': + ensure => directory, + path => $key_path, + mode => '0700', + group => 'octavia', + owner => 'octavia' + } + + ssh_keygen { $amp_ssh_key_name: + user => 'octavia', + type => 'rsa', + bits => 2048, + filename => "${key_path}/${amp_ssh_key_name}", + comment => 'Used for Octavia Service VM' + } + + Package<| tag == 'octavia-package' |> + -> Exec['create_amp_key_dir'] + -> File['amp_key_dir'] + -> Ssh_keygen[$amp_ssh_key_name] + } + octavia_config { 'controller_worker/amp_flavor_id' : value => $amp_flavor_id; 'controller_worker/amp_image_tag' : value => $amp_image_tag; diff --git a/metadata.json b/metadata.json index 35c9aa3c..bacda097 100644 --- a/metadata.json +++ b/metadata.json @@ -24,6 +24,10 @@ { "name": "openstack/oslo", "version_requirement": ">=12.0.0 <13.0.0" + }, + { + "name": "puppet/ssh_keygen", + "version_requirement": ">=2.0.1 <3.0.0" } ], "description": "Installs and configures OpenStack Octavia.", @@ -70,4 +74,4 @@ "source": "git://github.com/openstack/puppet-octavia.git", "summary": "Puppet module for OpenStack Octavia", "version": "12.0.0" -} \ No newline at end of file +} diff --git a/releasenotes/notes/add-sshkey-gen-management-d76f17ed3f6056b9.yaml b/releasenotes/notes/add-sshkey-gen-management-d76f17ed3f6056b9.yaml new file mode 100644 index 00000000..cad4acb6 --- /dev/null +++ b/releasenotes/notes/add-sshkey-gen-management-d76f17ed3f6056b9.yaml @@ -0,0 +1,4 @@ +--- +features: + - Support for configuring ssh key pair generation for + amphora to use. diff --git a/spec/classes/octavia_worker_spec.rb b/spec/classes/octavia_worker_spec.rb index 70362b16..1f067a26 100644 --- a/spec/classes/octavia_worker_spec.rb +++ b/spec/classes/octavia_worker_spec.rb @@ -95,10 +95,7 @@ describe 'octavia::worker' do context 'with disabled service managing' do before do - params.merge!({ - :manage_service => false, - :enabled => false }) - end + params.merge!({ :manage_service => false, :enabled => false }) end it 'configures octavia-worker service' do is_expected.to contain_service('octavia-worker').with( @@ -112,6 +109,30 @@ describe 'octavia::worker' do end end + context 'with enabled sshkey gen' do + before do + params.merge!({ + :manage_keygen => true, + :key_path => '/etc/octavia/.ssh/octavia_ssh_key'}) + end + + it 'configures ssh_keygen and directory' do + is_expected.to contain_exec('create_amp_key_dir').with( + :path => ['/bin', '/usr/bin'], + :command => 'mkdir -p /etc/octavia/.ssh/octavia_ssh_key', + :creates => '/etc/octavia/.ssh/octavia_ssh_key' + ) + + is_expected.to contain_file('amp_key_dir').with( + :ensure => 'directory', + :path => '/etc/octavia/.ssh/octavia_ssh_key', + :mode => '0700', + :group => 'octavia', + :owner => 'octavia' + ) + end + end + end on_supported_os({