Move REX ssh generation into separate class

theforeman · Feb 11, 2022 · 8a3330c · 8a3330c
1 parent aebbec7
commit 8a3330c
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 29 deletions.
diff --git a/manifests/plugin/remote_execution/ssh.pp b/manifests/plugin/remote_execution/ssh.pp
@@ -42,9 +42,6 @@
   Boolean $ssh_kerberos_auth = false,
   Enum['ssh', 'ssh-async'] $mode = 'ssh'
 ) {
-
-  $ssh_identity_path = "${ssh_identity_dir}/${ssh_identity_file}"
-
   include foreman_proxy::params
   include foreman_proxy::plugin::dynflow
 
@@ -62,32 +59,11 @@
   }
 
   if $generate_keys {
-    file { $ssh_identity_dir:
-      ensure => directory,
-      owner  => $foreman_proxy::user,
-      group  => $foreman_proxy::user,
-      mode   => '0700',
-    }
-    -> exec { 'generate_ssh_key':
-      command => "${ssh_keygen} -f ${ssh_identity_path} -N '' -m pem",
-      user    => $foreman_proxy::user,
-      cwd     => $ssh_identity_dir,
-      creates => $ssh_identity_path,
-    }
-    if $install_key {
-      # Ensure the .ssh directory exists with the right permissions
-      file { '/root/.ssh':
-        ensure => directory,
-        owner  => 'root',
-        group  => 'root',
-        mode   => '0700',
-      }
-      -> exec { 'install_ssh_key':
-        path    => '/usr/bin:/usr/sbin:/bin',
-        command => "cat ${ssh_identity_path}.pub >> /root/.ssh/authorized_keys",
-        unless  => "grep -f ${ssh_identity_path}.pub /root/.ssh/authorized_keys",
-        require => Exec['generate_ssh_key'],
-      }
+    foreman_proxy::plugin::remote_execution::ssh::keys {
+      install_key       => $install_key,
+      ssh_identity_dir  => $ssh_identity_dir,
+      ssh_identity_file => $ssh_identity_file,
+      ssh_keygen        => $ssh_keygen,
     }
   }
 }
diff --git a/manifests/plugin/remote_execution/ssh/keys.pp b/manifests/plugin/remote_execution/ssh/keys.pp
@@ -0,0 +1,51 @@
+# = Foreman Proxy Remote Execution SSH plugin key management
+#
+# This class generates and installs Remote Execution SSH keys for Foreman proxy
+#
+# === Parameters:
+#
+# $install_key::        Automatically install generated SSH key to root authorized keys
+#                       which allows managing this host through Remote Execution
+#
+# $ssh_identity_dir::   Directory where SSH keys are stored
+#
+# $ssh_identity_file::  Provide an alternative name for the SSH keys
+#
+# $ssh_keygen::         Location of the ssh-keygen binary
+#
+class foreman_proxy::plugin::remote_execution::ssh::keys (
+  Boolean $install_key = false,
+  Stdlib::Absolutepath $ssh_identity_dir = '/var/lib/foreman-proxy/ssh',
+  String $ssh_identity_file = 'id_rsa_foreman_proxy',
+  String $ssh_keygen = '/usr/bin/ssh-keygen',
+) {
+  $ssh_identity_path = "${ssh_identity_dir}/${ssh_identity_file}"
+
+  file { $ssh_identity_dir:
+    ensure => directory,
+    owner  => $foreman_proxy::user,
+    group  => $foreman_proxy::user,
+    mode   => '0700',
+  }
+  -> exec { 'generate_ssh_key':
+    command => "${ssh_keygen} -f ${ssh_identity_path} -N '' -m pem",
+    user    => $foreman_proxy::user,
+    cwd     => $ssh_identity_dir,
+    creates => $ssh_identity_path,
+  }
+  if $install_key {
+    # Ensure the .ssh directory exists with the right permissions
+    file { '/root/.ssh':
+      ensure => directory,
+      owner  => 'root',
+      group  => 'root',
+      mode   => '0700',
+    }
+    -> exec { 'install_ssh_key':
+      path    => '/usr/bin:/usr/sbin:/bin',
+      command => "cat ${ssh_identity_path}.pub >> /root/.ssh/authorized_keys",
+      unless  => "grep -f ${ssh_identity_path}.pub /root/.ssh/authorized_keys",
+      require => Exec['generate_ssh_key'],
+    }
+  }
+}