summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorScott Moser <smoser@ubuntu.com>2010-01-14 17:00:28 -0500
committerScott Moser <smoser@ubuntu.com>2010-01-14 17:00:28 -0500
commit89bff8f826040f7c9d1cc85880eaf016e72d2191 (patch)
treec389845f381833ec236ec663d71298534ea53fc5
parent56563878d00a6dc0c0853e97087ac86e5e8df666 (diff)
downloadvyos-cloud-init-89bff8f826040f7c9d1cc85880eaf016e72d2191.tar.gz
vyos-cloud-init-89bff8f826040f7c9d1cc85880eaf016e72d2191.zip
functional cloud-config-ssh.conf now
This fixes LP: #506599 , LP: #507070 . Also, here, we move config parsing out of the EC2Init class. Instead the parsing of /etc/ec2-init/ec2-init.cfg is now done in the CloudConfig class, and prepended to the cloud-config that comes in from user data. This means that values in user data will over-ride the settings in /etc/ec2-init. Still TODO is support reading the public and private key files from the cloud-config
-rw-r--r--ec2init/CloudConfig.py105
-rw-r--r--ec2init/__init__.py47
-rw-r--r--upstart/cloud-config-ssh.conf (renamed from upstart/cloud-config-ssh.conf.disabled)4
3 files changed, 103 insertions, 53 deletions
diff --git a/ec2init/CloudConfig.py b/ec2init/CloudConfig.py
index bea8810c..a6393df9 100644
--- a/ec2init/CloudConfig.py
+++ b/ec2init/CloudConfig.py
@@ -28,15 +28,42 @@ class CloudConfig():
cfgfile = None
handlers = { }
cfg = None
+ old_conffile = '/etc/ec2-init/ec2-config.cfg'
def __init__(self,cfgfile):
- import pprint; pprint.pprint(self.cfg)
- self.cfg=read_conf(cfgfile)
+ self.cfg = self.get_config_obj(cfgfile)
self.cloud = ec2init.EC2Init()
self.cloud.get_data_source()
self.add_handler('apt-update-upgrade', self.h_apt_update_upgrade)
self.add_handler('config-ssh')
+ def get_config_obj(self,cfgfile):
+ str=""
+ # support reading the old ConfigObj format file and turning it
+ # into a yaml string
+ try:
+ f = file(self.old_conffile)
+ str+=file.read().replace('=',': ')
+ f.close()
+ except:
+ pass
+
+ f = file(cfgfile)
+ cfg=yaml.load(str + f.read())
+ f.close()
+ return(cfg)
+
+ def convert_old_config(self):
+ # support reading the old ConfigObj format file and turning it
+ # into a yaml string
+ try:
+ f = file(self.conffile)
+ str=file.read().replace('=',': ')
+ f.close()
+ return str
+ except:
+ return("")
+
def add_handler(self, name, handler=None, freq=None):
if handler is None:
try:
@@ -124,6 +151,29 @@ class CloudConfig():
def h_config_ssh(self,name,args):
print "Warning, not doing anything for config %s" % name
+ if False:
+ # if there are keys in cloud-config, use them
+ # TODO: need to get keys from cloud-config if present
+ # and replace those in /etc/ssh
+ pass
+ else:
+ # if not, generate them
+ clean_and_gen='rm -f /etc/ssh/ssh_host_*_key*; ' + \
+ 'ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ""; ' + \
+ 'ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t rsa -N ""; '
+ subprocess.call(('sh', '-c', clean_and_gen))
+
+ try:
+ user = get_cfg_option_str(self.cfg,'user')
+ disable_root = get_cfg_option_bool(self.cfg, "disable_root", True)
+ keys = self.cloud.get_public_ssh_keys()
+ apply_credentials(keys,user,disable_root)
+ except:
+ warn("applying credentials failed!\n")
+
+ send_ssh_keys_to_console()
+
+ subprocess.call(('restart', 'ssh'))
def h_ec2_ebs_mounts(self,name,args):
print "Warning, not doing anything for config %s" % name
@@ -136,7 +186,6 @@ class CloudConfig():
def get_cfg_option_bool(yobj, key, default=False):
- print "searching for %s" % key
if not yobj.has_key(key): return default
val = yobj[key]
if yobj[key] in [ True, '1', 'on', 'yes', 'true']:
@@ -152,3 +201,53 @@ def read_conf(fname):
conf = yaml.load(stream)
stream.close()
return conf
+
+def apply_credentials(keys, user, disable_root):
+ if user:
+ setup_user_keys(keys, user, '')
+
+ if disable_root:
+ key_prefix = 'command="echo \'Please login as the %s user rather than root user.\';echo;sleep 10" ' % user
+ else:
+ key_prefix = ''
+
+ setup_user_keys(keys, 'root', key_prefix)
+
+def setup_user_keys(keys, user, key_prefix):
+ import pwd
+ saved_umask = os.umask(077)
+
+ pwent = pwd.getpwnam(user)
+
+ ssh_dir = '%s/.ssh' % pwent.pw_dir
+ if not os.path.exists(ssh_dir):
+ os.mkdir(ssh_dir)
+ os.chown(ssh_dir, pwent.pw_uid, pwent.pw_gid)
+
+ authorized_keys = '%s/.ssh/authorized_keys' % pwent.pw_dir
+ fp = open(authorized_keys, 'a')
+ fp.write(''.join(['%s%s\n' % (key_prefix, key) for key in keys]))
+ fp.close()
+
+ os.chown(authorized_keys, pwent.pw_uid, pwent.pw_gid)
+
+ os.umask(saved_umask)
+
+def send_ssh_keys_to_console():
+ send_keys_sh = """
+ {
+ echo
+ echo "#############################################################"
+ echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----"
+ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
+ ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
+ echo "-----END SSH HOST KEY FINGERPRINTS-----"
+ echo "#############################################################"
+ } | logger -p user.info -s -t "ec2"
+ """
+ subprocess.call(('sh', '-c', send_keys_sh))
+
+
+def warn(str):
+ sys.stderr.write("Warning:%s\n" % str)
+
diff --git a/ec2init/__init__.py b/ec2init/__init__.py
index 6816de60..a3bab271 100644
--- a/ec2init/__init__.py
+++ b/ec2init/__init__.py
@@ -43,7 +43,6 @@ import UserDataHandler
class EC2Init:
datasource_list = [ DataSourceEc2.DataSourceEc2 ]
part_handlers = { }
- conffile = '/etc/ec2-init/ec2-config.cfg'
def __init__(self):
self.part_handlers = {
@@ -53,8 +52,6 @@ class EC2Init:
'text/part-handler' : self.handle_handler
}
- self.config = ConfigObj(self.conffile)
-
def restore_from_cache(self):
try:
f=open(data_source_cache, "rb")
@@ -97,15 +94,6 @@ class EC2Init:
write_file(userdata_raw, self.datasource.get_userdata_raw(), 0644)
write_file(userdata, self.datasource.get_userdata(), 0644)
- def get_cfg_option_bool(self, key, default=None):
- val = self.config.get(key, default)
- if val.lower() in ['1', 'on', 'yes']:
- return True
- return False
-
- def get_cfg_option_str(self, key, default=None):
- return self.config.get(key, default)
-
def initctl_emit(self):
subprocess.Popen(['initctl', 'emit', 'cloud-config',
'%s=%s' % (cfg_env_name,cloud_config)]).communicate()
@@ -233,22 +221,6 @@ class EC2Init:
def get_hostname(self):
return(self.datasource.get_hostname())
- def apply_credentials(self):
- user = self.get_cfg_option_str('user')
- disable_root = self.get_cfg_option_bool('disable_root', True)
-
- keys = self.get_public_ssh_keys()
-
- if user:
- setup_user_keys(keys, user, '')
-
- if disable_root:
- key_prefix = 'command="echo \'Please login as the ubuntu user rather than root user.\';echo;sleep 10" '
- else:
- key_prefix = ''
-
- setup_user_keys(keys, 'root', key_prefix)
-
def enable_swap(self):
swaps=[]
try:
@@ -302,22 +274,3 @@ def write_file(file,content,mode=0644):
f.close()
os.chmod(file,mode)
-def setup_user_keys(keys, user, key_prefix):
- saved_umask = os.umask(077)
-
- pwent = pwd.getpwnam(user)
-
- ssh_dir = '%s/.ssh' % pwent.pw_dir
- if not os.path.exists(ssh_dir):
- os.mkdir(ssh_dir)
- os.chown(ssh_dir, pwent.pw_uid, pwent.pw_gid)
-
- authorized_keys = '%s/.ssh/authorized_keys' % pwent.pw_dir
- fp = open(authorized_keys, 'a')
- fp.write(''.join(['%s%s\n' % (key_prefix, key) for key in keys]))
- fp.close()
-
- os.chown(authorized_keys, pwent.pw_uid, pwent.pw_gid)
-
- os.umask(saved_umask)
-
diff --git a/upstart/cloud-config-ssh.conf.disabled b/upstart/cloud-config-ssh.conf
index 6127cb73..a5833198 100644
--- a/upstart/cloud-config-ssh.conf.disabled
+++ b/upstart/cloud-config-ssh.conf
@@ -4,9 +4,7 @@
description "Download preconfigured ssh keys"
-start on (cloud-config
- and local-filesystems
- and net-device-ifup IFACE=eth0 and starting ssh)
+start on (cloud-config and local-filesystems)
console output
task