Add type to allow ECDSA keys

Some tempest tests will fail under FIPS because they are trying to ssh to a cirrus instance that has a version of dropbear that does not support signatures other than using SHA-1 for RSA keys. This is not allowed under FIPS. The workaround until cirros is updated is to use ECDSA keys. This patch allows the key type to be specified. Depends-On: https://review.opendev.org/c/openstack/tempest/+/807465 Change-Id: I34ac429ab5442cef056ee8b63fcb2ba41e8b9b27
2021-09-06 15:33:27 -04:00 · 2021-09-06 15:33:27 -04:00 · d0ea406ee4
parent 7de0490e79
commit d0ea406ee4
2 changed files with 8 additions and 4 deletions
--- a/octavia_tempest_plugin/tests/act_stdby_scenario/v2/test_active_standby_iptables.py
+++ b/octavia_tempest_plugin/tests/act_stdby_scenario/v2/test_active_standby_iptables.py
@ -185,7 +185,8 @@ class ActiveStandbyIptablesScenarioTest(
        ssh_key = cls._get_amphora_ssh_key()
        linux_client = remote_client.RemoteClient(
            amp['lb_network_ip'], CONF.load_balancer.amphora_ssh_user,
-            pkey=ssh_key)
+            pkey=ssh_key,
+            ssh_key_type=CONF.validation.ssh_key_type)
        linux_client.validate_authentication()

        # Allow logging from non-init namespaces
@ -202,7 +203,8 @@ class ActiveStandbyIptablesScenarioTest(
    def _has_vip_traffic(cls, ip_address, log_prefix):
        ssh_key = cls._get_amphora_ssh_key()
        linux_client = remote_client.RemoteClient(
-            ip_address, CONF.load_balancer.amphora_ssh_user, pkey=ssh_key)
+            ip_address, CONF.load_balancer.amphora_ssh_user, pkey=ssh_key,
+            ssh_key_type=CONF.validation.ssh_key_type)
        linux_client.validate_authentication()

        try:
--- a/octavia_tempest_plugin/tests/test_base.py
+++ b/octavia_tempest_plugin/tests/test_base.py
@ -981,7 +981,8 @@ class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
        local_file = CONF.load_balancer.test_server_path

        linux_client = remote_client.RemoteClient(
-            ip_address, CONF.validation.image_ssh_user, pkey=ssh_key)
+            ip_address, CONF.validation.image_ssh_user, pkey=ssh_key,
+            ssh_key_type=CONF.validation.ssh_key_type)
        linux_client.validate_authentication()

        with tempfile.NamedTemporaryFile() as key:
@ -1036,7 +1037,8 @@ class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
    def _enable_ipv6_nic_webserver(cls, ip_address, ssh_key,
                                   ipv6_address, ipv6_prefix):
        linux_client = remote_client.RemoteClient(
-            ip_address, CONF.validation.image_ssh_user, pkey=ssh_key)
+            ip_address, CONF.validation.image_ssh_user, pkey=ssh_key,
+            ssh_key_type=CONF.validation.ssh_key_type)
        linux_client.validate_authentication()

        linux_client.exec_command('sudo ip address add {0}/{1} dev '