Commit 15584bd9 authored by Bryton Lacquement's avatar Bryton Lacquement 🚪

slaprunner: drop collective.recipe.shelloutput and use slapos.recipe.build

collective.recipe.shelloutput does not work well with Python 3: it
outputs values as bytes, which are printed in the format "!py!b'XXX'".

The new "init" option is used as a replacement.
parent 0417d0cd
...@@ -18,7 +18,7 @@ md5sum = 8b78e32b877d591400746ec7fd68ed4c ...@@ -18,7 +18,7 @@ md5sum = 8b78e32b877d591400746ec7fd68ed4c
[template-runner] [template-runner]
filename = instance-runner.cfg filename = instance-runner.cfg
md5sum = be6d9d1c770a1ca63fce40093ffc25b4 md5sum = 99f2c1e0ff1668e57a242a77a33b4d23
[template-runner-import-script] [template-runner-import-script]
filename = template/runner-import.sh.jinja2 filename = template/runner-import.sh.jinja2
......
...@@ -287,35 +287,29 @@ extra-args=-t rsa ...@@ -287,35 +287,29 @@ extra-args=-t rsa
<=runner-sshd-ssh-keygen-base <=runner-sshd-ssh-keygen-base
extra-args=-t ecdsa -b 521 extra-args=-t ecdsa -b 521
[runner-sshd-publickey-fingerprint-shelloutput]
recipe = collective.recipe.shelloutput
# XXX because collective.recipe.shelloutput ignore errors, we run the same
# command in a plone.recipe.command so that if fails if something goes wrong.
commands =
fingerprint = bash -o pipefail -c "${openssh-output:keygen} -lf $${runner-sshd-ssh-host-ecdsa-key:output} | cut -f 2 -d\ | sed 's/+/%2B/g' | sed 's/\//%2F/g' | sed 's/SHA256://'"
[runner-sshd-publickey-fingerprint] [runner-sshd-publickey-fingerprint]
# fingerprint for ssh url, see # fingerprint for ssh url, see
# https://tools.ietf.org/id/draft-salowey-secsh-uri-00.html#connparam # https://tools.ietf.org/id/draft-salowey-secsh-uri-00.html#connparam
# https://winscp.net/eng/docs/session_url#hostkey # https://winscp.net/eng/docs/session_url#hostkey
recipe = slapos.recipe.build
_fingerprint = $${runner-sshd-publickey-fingerprint-shelloutput:fingerprint} init =
import os
# format is host-key-alg-fingerprint, but we know that import subprocess
# $${runner-sshkeys-sshd:public-key} is rsa so for host-key-alg from six.moves.urllib.parse import quote
# we just use use rsa. keyfile = self.buildout['runner-sshd-ssh-host-ecdsa-key']['output']
fingerprint = ssh-rsa-$${:_fingerprint} if os.path.isfile(keyfile):
x = subprocess.check_output(('${openssh-output:keygen}', '-lf', keyfile))
# XXX because collective.recipe.shelloutput ignore errors and capture output x = x.split()[1]
# "Error ...", we use a plone.recipe.command to check that this command did assert x.startswith(b'SHA256:'), x
# not fail. # format is host-key-alg-fingerprint, but we know that
# This command will always fail on first buildout run, because # $${runner-sshd-ssh-host-ecdsa-key:output} is rsa so for host-key-alg
# collective.recipe.shelloutput is evaluated at buildout recipes __init__ step, # we just use use rsa.
# but the key file is created later at install step. options['fingerprint'] = "ssh-rsa-" + quote(x[7:], safe='')
recipe = plone.recipe.command else:
stop-on-error = true # This command will always fail on first buildout run, because it is
command = echo "$${:_fingerprint}" | ( grep ^Error || exit 0 && exit 1 ) # evaluated at buildout recipes __init__ step, but the key file is created
# later at install step.
options['fingerprint'] = "NotReady"
#--------------------------- #---------------------------
#-- #--
......
...@@ -150,7 +150,6 @@ eggs = ...@@ -150,7 +150,6 @@ eggs =
erp5.util erp5.util
lock-file lock-file
plone.recipe.command plone.recipe.command
collective.recipe.shelloutput
slapos.recipe.build slapos.recipe.build
slapos.toolbox[flask_auth] slapos.toolbox[flask_auth]
gunicorn gunicorn
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment