Commit c2922ba4 authored by Thomas Gambier's avatar Thomas Gambier 🚴🏼

slaprunner: fix multiple SSH keys in authorized-keys

See merge request nexedi/slapos!834
parents 7f8fcb25 d80168bf
Pipeline #11890 failed with stage
...@@ -18,7 +18,7 @@ md5sum = 8d6878ff1d2e75010c50a1a2b0c13b24 ...@@ -18,7 +18,7 @@ md5sum = 8d6878ff1d2e75010c50a1a2b0c13b24
[template-runner] [template-runner]
filename = instance-runner.cfg filename = instance-runner.cfg
md5sum = 4a3e1ee61f49909fe3fd0843cde1bebe md5sum = 6e279c46b07bf56b7b037a8ee2c6587e
[template-runner-import-script] [template-runner-import-script]
filename = template/runner-import.sh.jinja2 filename = template/runner-import.sh.jinja2
......
...@@ -650,7 +650,13 @@ monitor-interface-url = ...@@ -650,7 +650,13 @@ monitor-interface-url =
monitor-httpd-port = 8386 monitor-httpd-port = 8386
buildout-shared-folder = $${runnerdirectory:home}/shared buildout-shared-folder = $${runnerdirectory:home}/shared
{% for k, v in slapparameter_dict.items() -%} {% for k, v in slapparameter_dict.items() -%}
{% if k == 'user-authorized-key' and v -%}
{% set key_list = v.split('\n') -%}
{{ k }} =
{{ key_list | join('\n ') }}
{% else -%}
{{ k }} = {{ v }} {{ k }} = {{ v }}
{% endif -%}
{% endfor -%} {% endfor -%}
[slapos-cfg] [slapos-cfg]
......
...@@ -321,9 +321,11 @@ class TestWeb(SlaprunnerTestCase): ...@@ -321,9 +321,11 @@ class TestWeb(SlaprunnerTestCase):
class TestSSH(SlaprunnerTestCase): class TestSSH(SlaprunnerTestCase):
@classmethod @classmethod
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
cls.ssh_key = paramiko.RSAKey.generate(1024) cls.ssh_key_list = [paramiko.RSAKey.generate(1024) for i in range(2)]
return { return {
'user-authorized-key': 'ssh-rsa {}'.format(cls.ssh_key.get_base64()) 'user-authorized-key': 'ssh-rsa {}\nssh-rsa {}'.format(
*[key.get_base64() for key in cls.ssh_key_list]
)
} }
def test_connect(self): def test_connect(self):
...@@ -355,12 +357,13 @@ class TestSSH(SlaprunnerTestCase): ...@@ -355,12 +357,13 @@ class TestSSH(SlaprunnerTestCase):
key_policy = KeyPolicy() key_policy = KeyPolicy()
client.set_missing_host_key_policy(key_policy) client.set_missing_host_key_policy(key_policy)
for ssh_key in self.ssh_key_list:
with contextlib.closing(client): with contextlib.closing(client):
client.connect( client.connect(
username=username, username=username,
hostname=parsed.hostname, hostname=parsed.hostname,
port=parsed.port, port=parsed.port,
pkey=self.ssh_key, pkey=ssh_key,
) )
# Check fingerprint from server matches the published one. # Check fingerprint from server matches the published one.
# Paramiko does not allow to get the fingerprint as SHA256 easily yet # Paramiko does not allow to get the fingerprint as SHA256 easily yet
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment