Commit fc7c0aea authored by Nicolas Wavrant's avatar Nicolas Wavrant

pbs/sshkeys_authority: adds support for openssh, and support port in known_hosts file

parent 6ff8f9d2
...@@ -249,7 +249,8 @@ class Recipe(GenericSlapRecipe, Notify, Callback): ...@@ -249,7 +249,8 @@ class Recipe(GenericSlapRecipe, Notify, Callback):
# Create known_hosts file by default. # Create known_hosts file by default.
# In some case, we don't want to create it (case where we share IP mong partitions) # In some case, we don't want to create it (case where we share IP mong partitions)
if not self.isTrueValue(self.options.get('ignore-known-hosts-file')): if not self.isTrueValue(self.options.get('ignore-known-hosts-file')):
known_hosts_file[parsed_url.hostname] = entry['server-key'] known_hostname = "[%s]:%s" % (parsed_url.hostname, parsed_url.port)
known_hosts_file[known_hostname] = entry['server-key'].strip()
notifier_wrapper_path = os.path.join(self.options['wrappers-directory'], slave_id) notifier_wrapper_path = os.path.join(self.options['wrappers-directory'], slave_id)
rdiff_wrapper_path = notifier_wrapper_path + '_raw' rdiff_wrapper_path = notifier_wrapper_path + '_raw'
......
...@@ -33,18 +33,24 @@ import re ...@@ -33,18 +33,24 @@ import re
from slapos.recipe.librecipe import GenericBaseRecipe from slapos.recipe.librecipe import GenericBaseRecipe
from slapos.recipe.librecipe.inotify import subfiles from slapos.recipe.librecipe.inotify import subfiles
# This authority only works with dropbear sshkey generator # This authority only works with dropbear or openssh sshkey generators
def sshkeys_authority(args): def sshkeys_authority(args):
requests_directory = args['requests'] requests_directory = args['requests']
keygen_binary = args['sshkeygen'] keygen_binary = args['sshkeygen']
if 'openssh' in keygen_binary:
authority_type = 'openssh'
else:
# Keep dropbear for compatibility
authority_type = 'dropbear'
for request_filename in subfiles(requests_directory): for request_filename in subfiles(requests_directory):
with open(request_filename) as request_file: with open(request_filename) as request_file:
request = json.load(request_file) request = json.load(request_file)
key_type = request.get('type', 'rsa') key_type = request.get('type', 'rsa')
size = str(request.get('size', 2048)) size = str(request.get('size', 4096))
try: try:
private_key = request['private_key'] private_key = request['private_key']
public_key = request['public_key'] public_key = request['public_key']
...@@ -54,6 +60,10 @@ def sshkeys_authority(args): ...@@ -54,6 +60,10 @@ def sshkeys_authority(args):
if not os.path.exists(private_key): if not os.path.exists(private_key):
if os.path.exists(public_key): if os.path.exists(public_key):
os.unlink(public_key) os.unlink(public_key)
if authority_type == 'openssh':
keygen_cmd = [keygen_binary, '-N', "", '-C', "", '-t', key_type,
'-f', private_key, '-b', size]
else:
keygen_cmd = [keygen_binary, '-t', key_type, '-f', private_key, keygen_cmd = [keygen_binary, '-t', key_type, '-f', private_key,
'-s', size] '-s', size]
# If the keygeneration return an non-zero status, it means there's a # If the keygeneration return an non-zero status, it means there's a
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment