diff options
author | Scott Moser <smoser@ubuntu.com> | 2010-01-14 17:00:28 -0500 |
---|---|---|
committer | Scott Moser <smoser@ubuntu.com> | 2010-01-14 17:00:28 -0500 |
commit | 89bff8f826040f7c9d1cc85880eaf016e72d2191 (patch) | |
tree | c389845f381833ec236ec663d71298534ea53fc5 | |
parent | 56563878d00a6dc0c0853e97087ac86e5e8df666 (diff) | |
download | vyos-cloud-init-89bff8f826040f7c9d1cc85880eaf016e72d2191.tar.gz vyos-cloud-init-89bff8f826040f7c9d1cc85880eaf016e72d2191.zip |
functional cloud-config-ssh.conf now
This fixes LP: #506599 , LP: #507070 .
Also, here, we move config parsing out of the EC2Init class.
Instead the parsing of /etc/ec2-init/ec2-init.cfg is now done in the
CloudConfig class, and prepended to the cloud-config that comes in
from user data. This means that values in user data will over-ride
the settings in /etc/ec2-init.
Still TODO is support reading the public and private key files from
the cloud-config
-rw-r--r-- | ec2init/CloudConfig.py | 105 | ||||
-rw-r--r-- | ec2init/__init__.py | 47 | ||||
-rw-r--r-- | upstart/cloud-config-ssh.conf (renamed from upstart/cloud-config-ssh.conf.disabled) | 4 |
3 files changed, 103 insertions, 53 deletions
diff --git a/ec2init/CloudConfig.py b/ec2init/CloudConfig.py index bea8810c..a6393df9 100644 --- a/ec2init/CloudConfig.py +++ b/ec2init/CloudConfig.py @@ -28,15 +28,42 @@ class CloudConfig(): cfgfile = None handlers = { } cfg = None + old_conffile = '/etc/ec2-init/ec2-config.cfg' def __init__(self,cfgfile): - import pprint; pprint.pprint(self.cfg) - self.cfg=read_conf(cfgfile) + self.cfg = self.get_config_obj(cfgfile) self.cloud = ec2init.EC2Init() self.cloud.get_data_source() self.add_handler('apt-update-upgrade', self.h_apt_update_upgrade) self.add_handler('config-ssh') + def get_config_obj(self,cfgfile): + str="" + # support reading the old ConfigObj format file and turning it + # into a yaml string + try: + f = file(self.old_conffile) + str+=file.read().replace('=',': ') + f.close() + except: + pass + + f = file(cfgfile) + cfg=yaml.load(str + f.read()) + f.close() + return(cfg) + + def convert_old_config(self): + # support reading the old ConfigObj format file and turning it + # into a yaml string + try: + f = file(self.conffile) + str=file.read().replace('=',': ') + f.close() + return str + except: + return("") + def add_handler(self, name, handler=None, freq=None): if handler is None: try: @@ -124,6 +151,29 @@ class CloudConfig(): def h_config_ssh(self,name,args): print "Warning, not doing anything for config %s" % name + if False: + # if there are keys in cloud-config, use them + # TODO: need to get keys from cloud-config if present + # and replace those in /etc/ssh + pass + else: + # if not, generate them + clean_and_gen='rm -f /etc/ssh/ssh_host_*_key*; ' + \ + 'ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ""; ' + \ + 'ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t rsa -N ""; ' + subprocess.call(('sh', '-c', clean_and_gen)) + + try: + user = get_cfg_option_str(self.cfg,'user') + disable_root = get_cfg_option_bool(self.cfg, "disable_root", True) + keys = self.cloud.get_public_ssh_keys() + apply_credentials(keys,user,disable_root) + except: + warn("applying credentials failed!\n") + + send_ssh_keys_to_console() + + subprocess.call(('restart', 'ssh')) def h_ec2_ebs_mounts(self,name,args): print "Warning, not doing anything for config %s" % name @@ -136,7 +186,6 @@ class CloudConfig(): def get_cfg_option_bool(yobj, key, default=False): - print "searching for %s" % key if not yobj.has_key(key): return default val = yobj[key] if yobj[key] in [ True, '1', 'on', 'yes', 'true']: @@ -152,3 +201,53 @@ def read_conf(fname): conf = yaml.load(stream) stream.close() return conf + +def apply_credentials(keys, user, disable_root): + if user: + setup_user_keys(keys, user, '') + + if disable_root: + key_prefix = 'command="echo \'Please login as the %s user rather than root user.\';echo;sleep 10" ' % user + else: + key_prefix = '' + + setup_user_keys(keys, 'root', key_prefix) + +def setup_user_keys(keys, user, key_prefix): + import pwd + saved_umask = os.umask(077) + + pwent = pwd.getpwnam(user) + + ssh_dir = '%s/.ssh' % pwent.pw_dir + if not os.path.exists(ssh_dir): + os.mkdir(ssh_dir) + os.chown(ssh_dir, pwent.pw_uid, pwent.pw_gid) + + authorized_keys = '%s/.ssh/authorized_keys' % pwent.pw_dir + fp = open(authorized_keys, 'a') + fp.write(''.join(['%s%s\n' % (key_prefix, key) for key in keys])) + fp.close() + + os.chown(authorized_keys, pwent.pw_uid, pwent.pw_gid) + + os.umask(saved_umask) + +def send_ssh_keys_to_console(): + send_keys_sh = """ + { + echo + echo "#############################################################" + echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" + ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub + ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub + echo "-----END SSH HOST KEY FINGERPRINTS-----" + echo "#############################################################" + } | logger -p user.info -s -t "ec2" + """ + subprocess.call(('sh', '-c', send_keys_sh)) + + +def warn(str): + sys.stderr.write("Warning:%s\n" % str) + diff --git a/ec2init/__init__.py b/ec2init/__init__.py index 6816de60..a3bab271 100644 --- a/ec2init/__init__.py +++ b/ec2init/__init__.py @@ -43,7 +43,6 @@ import UserDataHandler class EC2Init: datasource_list = [ DataSourceEc2.DataSourceEc2 ] part_handlers = { } - conffile = '/etc/ec2-init/ec2-config.cfg' def __init__(self): self.part_handlers = { @@ -53,8 +52,6 @@ class EC2Init: 'text/part-handler' : self.handle_handler } - self.config = ConfigObj(self.conffile) - def restore_from_cache(self): try: f=open(data_source_cache, "rb") @@ -97,15 +94,6 @@ class EC2Init: write_file(userdata_raw, self.datasource.get_userdata_raw(), 0644) write_file(userdata, self.datasource.get_userdata(), 0644) - def get_cfg_option_bool(self, key, default=None): - val = self.config.get(key, default) - if val.lower() in ['1', 'on', 'yes']: - return True - return False - - def get_cfg_option_str(self, key, default=None): - return self.config.get(key, default) - def initctl_emit(self): subprocess.Popen(['initctl', 'emit', 'cloud-config', '%s=%s' % (cfg_env_name,cloud_config)]).communicate() @@ -233,22 +221,6 @@ class EC2Init: def get_hostname(self): return(self.datasource.get_hostname()) - def apply_credentials(self): - user = self.get_cfg_option_str('user') - disable_root = self.get_cfg_option_bool('disable_root', True) - - keys = self.get_public_ssh_keys() - - if user: - setup_user_keys(keys, user, '') - - if disable_root: - key_prefix = 'command="echo \'Please login as the ubuntu user rather than root user.\';echo;sleep 10" ' - else: - key_prefix = '' - - setup_user_keys(keys, 'root', key_prefix) - def enable_swap(self): swaps=[] try: @@ -302,22 +274,3 @@ def write_file(file,content,mode=0644): f.close() os.chmod(file,mode) -def setup_user_keys(keys, user, key_prefix): - saved_umask = os.umask(077) - - pwent = pwd.getpwnam(user) - - ssh_dir = '%s/.ssh' % pwent.pw_dir - if not os.path.exists(ssh_dir): - os.mkdir(ssh_dir) - os.chown(ssh_dir, pwent.pw_uid, pwent.pw_gid) - - authorized_keys = '%s/.ssh/authorized_keys' % pwent.pw_dir - fp = open(authorized_keys, 'a') - fp.write(''.join(['%s%s\n' % (key_prefix, key) for key in keys])) - fp.close() - - os.chown(authorized_keys, pwent.pw_uid, pwent.pw_gid) - - os.umask(saved_umask) - diff --git a/upstart/cloud-config-ssh.conf.disabled b/upstart/cloud-config-ssh.conf index 6127cb73..a5833198 100644 --- a/upstart/cloud-config-ssh.conf.disabled +++ b/upstart/cloud-config-ssh.conf @@ -4,9 +4,7 @@ description "Download preconfigured ssh keys" -start on (cloud-config - and local-filesystems - and net-device-ifup IFACE=eth0 and starting ssh) +start on (cloud-config and local-filesystems) console output task |