Project

General

Profile

« Previous | Next » 

Revision a1766664

Added by Marek Hulán about 7 years ago

Fixes #18215 - Install REX SSH key

View differences:

manifests/plugin/remote_execution/ssh.pp
# $generate_keys:: Automatically generate SSH keys
# type:boolean
#
# $install_key:: Automatically install generated SSH key to root authorized keys
# which allows managing this host through Remote Execution
# type:boolean
#
# $ssh_identity_dir:: Directory where SSH keys are stored
#
# $ssh_identity_file:: Provide an alternative name for the SSH keys
......
$enabled = $::foreman_proxy::plugin::remote_execution::ssh::params::enabled,
$listen_on = $::foreman_proxy::plugin::remote_execution::ssh::params::listen_on,
$generate_keys = $::foreman_proxy::plugin::remote_execution::ssh::params::generate_keys,
$install_key = $::foreman_proxy::plugin::remote_execution::ssh::params::install_key,
$ssh_identity_dir = $::foreman_proxy::plugin::remote_execution::ssh::params::ssh_identity_dir,
$ssh_identity_file = $::foreman_proxy::plugin::remote_execution::ssh::params::ssh_identity_file,
$ssh_keygen = $::foreman_proxy::plugin::remote_execution::ssh::params::ssh_keygen,
......
$ssh_identity_path = "${ssh_identity_dir}/${ssh_identity_file}"
validate_absolute_path($ssh_identity_path, $local_working_dir, $remote_working_dir)
validate_bool($enabled, $generate_keys)
validate_bool($enabled, $generate_keys, $install_key)
validate_listen_on($listen_on)
include ::foreman_proxy::plugin::dynflow
......
cwd => $ssh_identity_dir,
creates => $ssh_identity_path,
}
if $install_key {
# Ensure the .ssh directory exists with the right permissions
file { '/root/.ssh':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0700',
} ->
exec { 'install_ssh_key':
path => '/usr/bin:/usr/sbin:/bin',
command => "cat ${ssh_identity_path}.pub >> /root/.ssh/authorized_keys",
unless => "grep -f ${ssh_identity_path}.pub /root/.ssh/authorized_keys",
require => Exec['generate_ssh_key'],
}
}
}
if $::osfamily == 'RedHat' and $::operatingsystem != 'Fedora' {
manifests/plugin/remote_execution/ssh/params.pp
$local_working_dir = '/var/tmp'
$remote_working_dir = '/var/tmp'
$generate_keys = true
$install_key = false
$ssh_identity_dir = "${::foreman_proxy::params::dir}/.ssh"
$ssh_identity_file = 'id_rsa_foreman_proxy'
$ssh_keygen = '/usr/bin/ssh-keygen'
spec/classes/foreman_proxy__plugin__remote_execution__ssh_spec.rb
:command => "/usr/bin/ssh-keygen -f /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy -N ''"
})
end
it 'should not install the ssh key' do
should_not contain_file('/root/.ssh')
end
end
describe 'with override parameters' do
......
:generate_keys => false,
:ssh_identity_dir => '/usr/share/foreman-proxy/.ssh-rex',
:ssh_identity_file => 'id_rsa',
:install_key => true,
} end
it { should contain_foreman_proxy__plugin('dynflow') }
......
end
it { should_not contain_exec('generate_ssh_key') }
it { should_not contain_file('/root/.ssh') }
end
describe 'with ssh key generating and installation' do
let :pre_condition do
"include foreman_proxy"
end
let :params do {
:enabled => true,
:listen_on => 'http',
:local_working_dir => '/tmp',
:remote_working_dir => '/tmp',
:generate_keys => true,
:ssh_identity_dir => '/usr/share/foreman-proxy/.ssh-rex',
:ssh_identity_file => 'id_rsa',
:install_key => true,
} end
it { should contain_exec('generate_ssh_key') }
it { should contain_file('/root/.ssh') }
end
end

Also available in: Unified diff