From fc7c0aea0ad4f07b9ab1fff25ae0332ed55560ca Mon Sep 17 00:00:00 2001 From: Nicolas Wavrant <nicolas.wavrant@nexedi.com> Date: Wed, 24 Aug 2016 13:54:52 +0200 Subject: [PATCH] pbs/sshkeys_authority: adds support for openssh, and support port in known_hosts file --- slapos/recipe/pbs.py | 3 ++- slapos/recipe/sshkeys_authority.py | 18 ++++++++++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/slapos/recipe/pbs.py b/slapos/recipe/pbs.py index a9782279f..4fe255260 100644 --- a/slapos/recipe/pbs.py +++ b/slapos/recipe/pbs.py @@ -249,7 +249,8 @@ class Recipe(GenericSlapRecipe, Notify, Callback): # Create known_hosts file by default. # In some case, we don't want to create it (case where we share IP mong partitions) if not self.isTrueValue(self.options.get('ignore-known-hosts-file')): - known_hosts_file[parsed_url.hostname] = entry['server-key'] + known_hostname = "[%s]:%s" % (parsed_url.hostname, parsed_url.port) + known_hosts_file[known_hostname] = entry['server-key'].strip() notifier_wrapper_path = os.path.join(self.options['wrappers-directory'], slave_id) rdiff_wrapper_path = notifier_wrapper_path + '_raw' diff --git a/slapos/recipe/sshkeys_authority.py b/slapos/recipe/sshkeys_authority.py index 22725e214..80bd3fadc 100644 --- a/slapos/recipe/sshkeys_authority.py +++ b/slapos/recipe/sshkeys_authority.py @@ -33,18 +33,24 @@ import re from slapos.recipe.librecipe import GenericBaseRecipe from slapos.recipe.librecipe.inotify import subfiles -# This authority only works with dropbear sshkey generator +# This authority only works with dropbear or openssh sshkey generators def sshkeys_authority(args): requests_directory = args['requests'] keygen_binary = args['sshkeygen'] + if 'openssh' in keygen_binary: + authority_type = 'openssh' + else: + # Keep dropbear for compatibility + authority_type = 'dropbear' + for request_filename in subfiles(requests_directory): with open(request_filename) as request_file: request = json.load(request_file) key_type = request.get('type', 'rsa') - size = str(request.get('size', 2048)) + size = str(request.get('size', 4096)) try: private_key = request['private_key'] public_key = request['public_key'] @@ -54,8 +60,12 @@ def sshkeys_authority(args): if not os.path.exists(private_key): if os.path.exists(public_key): os.unlink(public_key) - keygen_cmd = [keygen_binary, '-t', key_type, '-f', private_key, - '-s', size] + if authority_type == 'openssh': + keygen_cmd = [keygen_binary, '-N', "", '-C', "", '-t', key_type, + '-f', private_key, '-b', size] + else: + keygen_cmd = [keygen_binary, '-t', key_type, '-f', private_key, + '-s', size] # If the keygeneration return an non-zero status, it means there's a # big problem. Let's exit in this case subprocess.check_call(keygen_cmd, env=os.environ.copy()) -- 2.30.9