Add support for ecdsa keys In FIPS mode, using RSA keys for ssh is fine as long as SHA-1 is not used for the signature algorithm. Unfortunately, the version of cirros used in OpenStack CI does not have a version of dropbear that supports SHA-2 signatures. So, any connections from a FIPS enabled machine will fail as the cirros instance will only support ssh-rsa (SHA-1 signatures). To get around this, we add a new option to specify the key type (validation.ssh_key_type). This will allow the addition of other key types in future if needed. Tempest now supports 'rsa' and 'ecdsa' key types. We also add a fips job to the experimental queue to test the usage of the new key type. Change-Id: Ib59eb8432fa1a2813b3047955157d1b3d24a55f8

commit: 6ded070b511263df2b6c06905615a951b29e2035 [log] [tgz]
author: Ade Lee <alee@redhat.com> Sat Sep 04 15:56:34 2021 -0400
committer: Ade Lee <alee@redhat.com> Tue Jan 18 15:25:38 2022 +0000
tree: 1b9f48f55146089e93215c53fc34cee67f8cd171
parent: fe0ac89a5a1c43fa908a76759cd99eea3b1f9853 [diff] [blame]
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index 9ab10d7..3f98f7e 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml

@@ -161,6 +161,8 @@
             irrelevant-files: *tempest-irrelevant-files
         - tempest-full-py3-opensuse15:
             irrelevant-files: *tempest-irrelevant-files
+        - tempest-centos8-stream-fips:
+            irrelevant-files: *tempest-irrelevant-files
     periodic-stable:
       jobs:
         - tempest-full-xena
commit	6ded070b511263df2b6c06905615a951b29e2035	[log] [tgz]
author	Ade Lee <alee@redhat.com>	Sat Sep 04 15:56:34 2021 -0400
committer	Ade Lee <alee@redhat.com>	Tue Jan 18 15:25:38 2022 +0000
tree	1b9f48f55146089e93215c53fc34cee67f8cd171
parent	fe0ac89a5a1c43fa908a76759cd99eea3b1f9853 [diff] [blame]