From fb3cc81d0cd07dd17f72414c0246f4d9ff4e9f5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20Dost=C3=A1l?= Date: Wed, 21 Feb 2024 09:59:50 +0100 Subject: [PATCH] Public Cloud: Use ed25519 in GCP and AWS --- data/publiccloud/terraform/azure.tf | 6 +++++- data/publiccloud/terraform/azure_nfstest.tf | 7 ++++++- data/publiccloud/terraform/ec2.tf | 6 +++++- data/publiccloud/terraform/gce.tf | 7 ++++++- lib/publiccloud/azure.pm | 2 ++ lib/publiccloud/provider.pm | 15 +++++++++------ tests/publiccloud/aws_cli.pm | 2 +- 7 files changed, 34 insertions(+), 11 deletions(-) diff --git a/data/publiccloud/terraform/azure.tf b/data/publiccloud/terraform/azure.tf index 84a8d8b7dc97..7bd2577e9f2e 100644 --- a/data/publiccloud/terraform/azure.tf +++ b/data/publiccloud/terraform/azure.tf @@ -84,6 +84,10 @@ variable "subnet_id" { default = "" } +variable "ssh_public_key" { + default = "/root/.ssh/id_ed25519.pub" +} + resource "random_id" "service" { count = var.instance_count keepers = { @@ -162,7 +166,7 @@ resource "azurerm_linux_virtual_machine" "openqa-vm" { admin_ssh_key { username = "azureuser" - public_key = file("/root/.ssh/id_rsa.pub") + public_key = file("${var.ssh_public_key}") } os_disk { diff --git a/data/publiccloud/terraform/azure_nfstest.tf b/data/publiccloud/terraform/azure_nfstest.tf index 6d903a26473e..88c8a8e24548 100644 --- a/data/publiccloud/terraform/azure_nfstest.tf +++ b/data/publiccloud/terraform/azure_nfstest.tf @@ -61,6 +61,11 @@ variable "subnet_id" { default = "" } +variable "ssh_public_key" { + default = "/root/.ssh/id_ed25519.pub" +} + + ## ---- data ---------------------------------------------------------------- ## // IP address of the client @@ -185,7 +190,7 @@ resource "azurerm_linux_virtual_machine" "openqa-vm" { admin_ssh_key { username = "azureuser" - public_key = file("~/.ssh/id_rsa.pub") + public_key = file("${var.ssh_public_key}") } os_disk { diff --git a/data/publiccloud/terraform/ec2.tf b/data/publiccloud/terraform/ec2.tf index 2d0eb82bcfff..f02e723b9ff1 100644 --- a/data/publiccloud/terraform/ec2.tf +++ b/data/publiccloud/terraform/ec2.tf @@ -76,6 +76,10 @@ variable "ipv6_address_count" { default = 0 } +variable "ssh_public_key" { + default = "/root/.ssh/id_ed25519.pub" +} + resource "random_id" "service" { count = var.instance_count keepers = { @@ -86,7 +90,7 @@ resource "random_id" "service" { resource "aws_key_pair" "openqa-keypair" { key_name = "openqa-${element(random_id.service.*.hex, 0)}" - public_key = file("/root/.ssh/id_rsa.pub") + public_key = file("${var.ssh_public_key}") } resource "aws_instance" "openqa" { diff --git a/data/publiccloud/terraform/gce.tf b/data/publiccloud/terraform/gce.tf index 09f3284d4063..9a74e6b8b3b7 100644 --- a/data/publiccloud/terraform/gce.tf +++ b/data/publiccloud/terraform/gce.tf @@ -88,6 +88,11 @@ variable "vm_create_timeout" { default = "20m" } +variable "ssh_public_key" { + default = "/root/.ssh/id_ed25519.pub" +} + + resource "random_id" "service" { count = var.instance_count keepers = { @@ -124,7 +129,7 @@ resource "google_compute_instance" "openqa" { } metadata = merge({ - sshKeys = "susetest:${file("/root/.ssh/id_rsa.pub")}" + sshKeys = "susetest:${file("${var.ssh_public_key}")}" openqa_created_by = var.name openqa_created_date = timestamp() openqa_created_id = element(random_id.service.*.hex, count.index) diff --git a/lib/publiccloud/azure.pm b/lib/publiccloud/azure.pm index 5d0c082e1bb1..13c77c1a89ac 100644 --- a/lib/publiccloud/azure.pm +++ b/lib/publiccloud/azure.pm @@ -24,6 +24,8 @@ has container => 'sle-images'; has image_gallery => 'test_image_gallery'; has lease_id => undef; has storage_region => 'westeurope'; +# The ssh_key already exists in parrent class +has ssh_key => '/root/.ssh/id_rsa'; my $default_sku = 'gen2'; diff --git a/lib/publiccloud/provider.pm b/lib/publiccloud/provider.pm index 4627fbe975f6..d9bd29848a3e 100644 --- a/lib/publiccloud/provider.pm +++ b/lib/publiccloud/provider.pm @@ -30,7 +30,7 @@ has terraform_applied => 0; has resource_name => sub { get_var('PUBLIC_CLOUD_RESOURCE_NAME', 'openqa-vm') }; has provider_client => undef; -has ssh_key => '/root/.ssh/id_rsa'; +has ssh_key => '/root/.ssh/id_ed25519'; =head1 METHODS @@ -154,11 +154,13 @@ Creates an ssh keypair in a given file path by $args{ssh_private_key_file} =cut sub create_ssh_key { - my ($self, %args) = @_; - $args{ssh_private_key_file} //= '/root/.ssh/id_rsa'; - if (script_run('test -f ' . $args{ssh_private_key_file}) != 0) { - assert_script_run('SSH_DIR=`dirname ' . $args{ssh_private_key_file} . '`; mkdir -p $SSH_DIR'); - assert_script_run('ssh-keygen -b 2048 -t rsa -q -N "" -C "" -m pem -f ' . $args{ssh_private_key_file}); + my ($self) = @_; + my $alg = $self->ssh_key; + $alg =~ s@[a-z0-9/-_~.]*id_@@; + record_info($alg, "The $alg key will be generated."); + if (script_run('test -f ' . $self->ssh_key) != 0) { + assert_script_run('SSH_DIR=`dirname ' . $self->ssh_key . '`; mkdir -p $SSH_DIR'); + assert_script_run('ssh-keygen -t ' . $alg . ' -q -N "" -C "" -m pem -f ' . $self->ssh_key); } } @@ -510,6 +512,7 @@ sub terraform_apply { if (get_var('PUBLIC_CLOUD_NVIDIA')) { $cmd .= "-var gpu=true "; } + $cmd .= "-var 'ssh_public_key=" . $self->ssh_key . ".pub' "; $cmd .= "-out myplan"; record_info('TFM cmd', $cmd); diff --git a/tests/publiccloud/aws_cli.pm b/tests/publiccloud/aws_cli.pm index 39e1d0e4936b..655bbc267131 100644 --- a/tests/publiccloud/aws_cli.pm +++ b/tests/publiccloud/aws_cli.pm @@ -38,7 +38,7 @@ sub run { record_info("EC2 AMI", "EC2 AMI query: " . $image_id); my $ssh_key = "openqa-cli-test-key-$job_id"; - assert_script_run("aws ec2 import-key-pair --key-name '$ssh_key' --public-key-material fileb://~/.ssh/id_rsa.pub"); + assert_script_run("aws ec2 import-key-pair --key-name '$ssh_key' --public-key-material fileb://" . $provider->ssh_key . ".pub"); my $machine_name = "openqa-cli-test-vm-$job_id"; my $security_group_name = "openqa-cli-test-sg-$job_id";