Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Cédric Le Ninivin
slapos
Commits
c2922ba4
Commit
c2922ba4
authored
Oct 13, 2020
by
Thomas Gambier
🚴🏼
Browse files
Options
Browse Files
Download
Plain Diff
slaprunner: fix multiple SSH keys in authorized-keys
See merge request
nexedi/slapos!834
parents
7f8fcb25
d80168bf
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
49 additions
and
40 deletions
+49
-40
software/slaprunner/buildout.hash.cfg
software/slaprunner/buildout.hash.cfg
+1
-1
software/slaprunner/instance-runner.cfg
software/slaprunner/instance-runner.cfg
+6
-0
software/slaprunner/test/test.py
software/slaprunner/test/test.py
+42
-39
No files found.
software/slaprunner/buildout.hash.cfg
View file @
c2922ba4
...
...
@@ -18,7 +18,7 @@ md5sum = 8d6878ff1d2e75010c50a1a2b0c13b24
[template-runner]
filename = instance-runner.cfg
md5sum =
4a3e1ee61f49909fe3fd0843cde1beb
e
md5sum =
6e279c46b07bf56b7b037a8ee2c6587
e
[template-runner-import-script]
filename = template/runner-import.sh.jinja2
...
...
software/slaprunner/instance-runner.cfg
View file @
c2922ba4
...
...
@@ -650,7 +650,13 @@ monitor-interface-url =
monitor-httpd-port = 8386
buildout-shared-folder = $${runnerdirectory:home}/shared
{% for k, v in slapparameter_dict.items() -%}
{% if k == 'user-authorized-key' and v -%}
{% set key_list = v.split('\n') -%}
{{ k }} =
{{ key_list | join('\n ') }}
{% else -%}
{{ k }} = {{ v }}
{% endif -%}
{% endfor -%}
[slapos-cfg]
...
...
software/slaprunner/test/test.py
View file @
c2922ba4
...
...
@@ -321,9 +321,11 @@ class TestWeb(SlaprunnerTestCase):
class
TestSSH
(
SlaprunnerTestCase
):
@
classmethod
def
getInstanceParameterDict
(
cls
):
cls
.
ssh_key
=
paramiko
.
RSAKey
.
generate
(
1024
)
cls
.
ssh_key
_list
=
[
paramiko
.
RSAKey
.
generate
(
1024
)
for
i
in
range
(
2
)]
return
{
'user-authorized-key'
:
'ssh-rsa {}'
.
format
(
cls
.
ssh_key
.
get_base64
())
'user-authorized-key'
:
'ssh-rsa {}
\
n
ssh-rsa {}'
.
format
(
*
[
key
.
get_base64
()
for
key
in
cls
.
ssh_key_list
]
)
}
def
test_connect
(
self
):
...
...
@@ -355,43 +357,44 @@ class TestSSH(SlaprunnerTestCase):
key_policy
=
KeyPolicy
()
client
.
set_missing_host_key_policy
(
key_policy
)
with
contextlib
.
closing
(
client
):
client
.
connect
(
username
=
username
,
hostname
=
parsed
.
hostname
,
port
=
parsed
.
port
,
pkey
=
self
.
ssh_key
,
)
# Check fingerprint from server matches the published one.
# Paramiko does not allow to get the fingerprint as SHA256 easily yet
# https://github.com/paramiko/paramiko/pull/1103
self
.
assertEqual
(
fingerprint_from_url
,
quote
(
# base64 encoded fingerprint adds an extra = at the end
base64
.
b64encode
(
hashlib
.
sha256
(
key_policy
.
key
.
asbytes
()).
digest
())[:
-
1
],
# also encode /
safe
=
''
))
# Check shell is usable
channel
=
client
.
invoke_shell
()
channel
.
settimeout
(
30
)
received
=
''
while
True
:
r
=
bytes2str
(
channel
.
recv
(
1024
))
self
.
logger
.
debug
(
"received >%s<"
,
r
)
if
not
r
:
break
received
+=
r
if
'slaprunner shell'
in
received
:
break
self
.
assertIn
(
"Welcome to SlapOS slaprunner shell"
,
received
)
# simple commands can also be executed ( this would be like `ssh bash -c 'pwd'` )
self
.
assertEqual
(
self
.
computer_partition_root_path
,
bytes2str
(
client
.
exec_command
(
"pwd"
)[
1
].
read
(
1000
)).
strip
())
for
ssh_key
in
self
.
ssh_key_list
:
with
contextlib
.
closing
(
client
):
client
.
connect
(
username
=
username
,
hostname
=
parsed
.
hostname
,
port
=
parsed
.
port
,
pkey
=
ssh_key
,
)
# Check fingerprint from server matches the published one.
# Paramiko does not allow to get the fingerprint as SHA256 easily yet
# https://github.com/paramiko/paramiko/pull/1103
self
.
assertEqual
(
fingerprint_from_url
,
quote
(
# base64 encoded fingerprint adds an extra = at the end
base64
.
b64encode
(
hashlib
.
sha256
(
key_policy
.
key
.
asbytes
()).
digest
())[:
-
1
],
# also encode /
safe
=
''
))
# Check shell is usable
channel
=
client
.
invoke_shell
()
channel
.
settimeout
(
30
)
received
=
''
while
True
:
r
=
bytes2str
(
channel
.
recv
(
1024
))
self
.
logger
.
debug
(
"received >%s<"
,
r
)
if
not
r
:
break
received
+=
r
if
'slaprunner shell'
in
received
:
break
self
.
assertIn
(
"Welcome to SlapOS slaprunner shell"
,
received
)
# simple commands can also be executed ( this would be like `ssh bash -c 'pwd'` )
self
.
assertEqual
(
self
.
computer_partition_root_path
,
bytes2str
(
client
.
exec_command
(
"pwd"
)[
1
].
read
(
1000
)).
strip
())
class
TestSlapOS
(
SlaprunnerTestCase
):
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment