Revision a1766664
Added by Marek Hulán about 7 years ago
manifests/plugin/remote_execution/ssh.pp | ||
---|---|---|
# $generate_keys:: Automatically generate SSH keys
|
||
# type:boolean
|
||
#
|
||
# $install_key:: Automatically install generated SSH key to root authorized keys
|
||
# which allows managing this host through Remote Execution
|
||
# type:boolean
|
||
#
|
||
# $ssh_identity_dir:: Directory where SSH keys are stored
|
||
#
|
||
# $ssh_identity_file:: Provide an alternative name for the SSH keys
|
||
... | ... | |
$enabled = $::foreman_proxy::plugin::remote_execution::ssh::params::enabled,
|
||
$listen_on = $::foreman_proxy::plugin::remote_execution::ssh::params::listen_on,
|
||
$generate_keys = $::foreman_proxy::plugin::remote_execution::ssh::params::generate_keys,
|
||
$install_key = $::foreman_proxy::plugin::remote_execution::ssh::params::install_key,
|
||
$ssh_identity_dir = $::foreman_proxy::plugin::remote_execution::ssh::params::ssh_identity_dir,
|
||
$ssh_identity_file = $::foreman_proxy::plugin::remote_execution::ssh::params::ssh_identity_file,
|
||
$ssh_keygen = $::foreman_proxy::plugin::remote_execution::ssh::params::ssh_keygen,
|
||
... | ... | |
$ssh_identity_path = "${ssh_identity_dir}/${ssh_identity_file}"
|
||
|
||
validate_absolute_path($ssh_identity_path, $local_working_dir, $remote_working_dir)
|
||
validate_bool($enabled, $generate_keys)
|
||
validate_bool($enabled, $generate_keys, $install_key)
|
||
validate_listen_on($listen_on)
|
||
|
||
include ::foreman_proxy::plugin::dynflow
|
||
... | ... | |
cwd => $ssh_identity_dir,
|
||
creates => $ssh_identity_path,
|
||
}
|
||
if $install_key {
|
||
# Ensure the .ssh directory exists with the right permissions
|
||
file { '/root/.ssh':
|
||
ensure => directory,
|
||
owner => 'root',
|
||
group => 'root',
|
||
mode => '0700',
|
||
} ->
|
||
exec { 'install_ssh_key':
|
||
path => '/usr/bin:/usr/sbin:/bin',
|
||
command => "cat ${ssh_identity_path}.pub >> /root/.ssh/authorized_keys",
|
||
unless => "grep -f ${ssh_identity_path}.pub /root/.ssh/authorized_keys",
|
||
require => Exec['generate_ssh_key'],
|
||
}
|
||
}
|
||
}
|
||
|
||
if $::osfamily == 'RedHat' and $::operatingsystem != 'Fedora' {
|
manifests/plugin/remote_execution/ssh/params.pp | ||
---|---|---|
$local_working_dir = '/var/tmp'
|
||
$remote_working_dir = '/var/tmp'
|
||
$generate_keys = true
|
||
$install_key = false
|
||
$ssh_identity_dir = "${::foreman_proxy::params::dir}/.ssh"
|
||
$ssh_identity_file = 'id_rsa_foreman_proxy'
|
||
$ssh_keygen = '/usr/bin/ssh-keygen'
|
spec/classes/foreman_proxy__plugin__remote_execution__ssh_spec.rb | ||
---|---|---|
:command => "/usr/bin/ssh-keygen -f /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy -N ''"
|
||
})
|
||
end
|
||
|
||
it 'should not install the ssh key' do
|
||
should_not contain_file('/root/.ssh')
|
||
end
|
||
end
|
||
|
||
describe 'with override parameters' do
|
||
... | ... | |
:generate_keys => false,
|
||
:ssh_identity_dir => '/usr/share/foreman-proxy/.ssh-rex',
|
||
:ssh_identity_file => 'id_rsa',
|
||
:install_key => true,
|
||
} end
|
||
|
||
it { should contain_foreman_proxy__plugin('dynflow') }
|
||
... | ... | |
end
|
||
|
||
it { should_not contain_exec('generate_ssh_key') }
|
||
it { should_not contain_file('/root/.ssh') }
|
||
end
|
||
|
||
describe 'with ssh key generating and installation' do
|
||
let :pre_condition do
|
||
"include foreman_proxy"
|
||
end
|
||
|
||
let :params do {
|
||
:enabled => true,
|
||
:listen_on => 'http',
|
||
:local_working_dir => '/tmp',
|
||
:remote_working_dir => '/tmp',
|
||
:generate_keys => true,
|
||
:ssh_identity_dir => '/usr/share/foreman-proxy/.ssh-rex',
|
||
:ssh_identity_file => 'id_rsa',
|
||
:install_key => true,
|
||
} end
|
||
|
||
it { should contain_exec('generate_ssh_key') }
|
||
it { should contain_file('/root/.ssh') }
|
||
end
|
||
end
|
Also available in: Unified diff
Fixes #18215 - Install REX SSH key