I generated a key: ssh-keygen -t ed25519
Put it in the key directory with the same rights as the other key: [root@ansible-foreman-centos ssh]# pwd /var/lib/foreman-proxy/ssh [root@ansible-foreman-centos ssh]# ls -l total 12 -rw-------. 1 foreman-proxy foreman-proxy 452 8 janv. 09:31 id_ed25519_ocd-deployment -rw-r--r--. 1 foreman-proxy foreman-proxy 130 8 janv. 09:36 id_ed25519_ocd-deployment.pub
Changed the proxy configuration file: root@ansible-foreman-centos ssh]# cat /etc/foreman-proxy/settings.d/remote_execution_ssh.yml --- :enabled: https :ssh_identity_key_file: /var/lib/foreman-proxy/ssh/id_ed25519_ocd-deployment :local_working_dir: /var/tmp :remote_working_dir: /var/tmp :kerberos_auth: false
# Whether to run remote execution jobs asynchronously :async_ssh: false
Restarted the services and refreshed the proxy through the web interface (dynflowd from the doc doesn’t exist): service httpd restart ; service foreman-proxy restart ; service smart_proxy_dynflow_core restart
I also tried to remove the old key files and make them a symlink to the new ones, and it works.
But I’d like to know why changing the parameter in the proxy conf file doesn’t work.
My guess would be because ansible has its own config file where the path to private key is defined and you most likely haven’t changed that one. Anything you set in /etc/foreman-proxy/settings.d/remote_execution_ssh.yml applies only to non-ansible execution with the ssh provider
I looked at the code in the meantime and it looks like I was wrong. While it is overridable from the settings as you mentioned, if you don’t do that (and if I’m reading it right) it should inherit the configuration from /etc/foreman-proxy/settings.d/remote_execution_ssh.yml