From 7ac13a1ef376a7b461673b90dfcd2c7c8612227a Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Tue, 21 Jul 2015 20:28:44 -0400 Subject: untested suggested change LP: #1461242 --- cloudinit/config/cc_ssh.py | 53 +++++++++++++++++++++++----------------------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/cloudinit/config/cc_ssh.py b/cloudinit/config/cc_ssh.py index ab6940fa..7a673994 100644 --- a/cloudinit/config/cc_ssh.py +++ b/cloudinit/config/cc_ssh.py @@ -20,6 +20,7 @@ import glob import os +import sys # Ensure this is aliased to a name not 'distros' # since the module attribute 'distros' @@ -33,26 +34,17 @@ DISABLE_ROOT_OPTS = ("no-port-forwarding,no-agent-forwarding," "no-X11-forwarding,command=\"echo \'Please login as the user \\\"$USER\\\" " "rather than the user \\\"root\\\".\';echo;sleep 10\"") -KEY_2_FILE = { - "rsa_private": ("/etc/ssh/ssh_host_rsa_key", 0o600), - "rsa_public": ("/etc/ssh/ssh_host_rsa_key.pub", 0o644), - "dsa_private": ("/etc/ssh/ssh_host_dsa_key", 0o600), - "dsa_public": ("/etc/ssh/ssh_host_dsa_key.pub", 0o644), - "ecdsa_private": ("/etc/ssh/ssh_host_ecdsa_key", 0o600), - "ecdsa_public": ("/etc/ssh/ssh_host_ecdsa_key.pub", 0o644), -} - -PRIV_2_PUB = { - 'rsa_private': 'rsa_public', - 'dsa_private': 'dsa_public', - 'ecdsa_private': 'ecdsa_public', -} - -KEY_GEN_TPL = 'o=$(ssh-keygen -yf "%s") && echo "$o" root@localhost > "%s"' +GENERATE_KEY_NAMES = ['rsa', 'dsa', 'ecdsa', 'ed25519'] +KEY_FILE_TPL = '/etc/ssh/ssh_host_%s_key' -GENERATE_KEY_NAMES = ['rsa', 'dsa', 'ecdsa'] +KEY_2_FILE = {} +PRIV_2_PUB = {} +for k in GENERATE_KEY_NAMES: + KEY_2_FILE.update({"%s_private" % k: (KEY_FILE_TPL % k, 0o600)}) + KEY_2_FILE.update({"%s_public" % k: (KEY_FILE_TPL % k + ".pub", 0o600)}) + PRIV_2_PUB["%s_private" % k] = "%s_public" % k -KEY_FILE_TPL = '/etc/ssh/ssh_host_%s_key' +KEY_GEN_TPL = 'o=$(ssh-keygen -yf "%s") && echo "$o" root@localhost > "%s"' def handle(_name, cfg, cloud, log, _args): @@ -92,18 +84,27 @@ def handle(_name, cfg, cloud, log, _args): genkeys = util.get_cfg_option_list(cfg, 'ssh_genkeytypes', GENERATE_KEY_NAMES) + lang_c = os.environ.copy() + lang_c['LANG'] = 'C' for keytype in genkeys: keyfile = KEY_FILE_TPL % (keytype) + if os.path.exists(keyfile): + continue util.ensure_dir(os.path.dirname(keyfile)) - if not os.path.exists(keyfile): - cmd = ['ssh-keygen', '-t', keytype, '-N', '', '-f', keyfile] + cmd = ['ssh-keygen', '-t', keytype, '-N', '', '-f', keyfile] + + # TODO(harlowja): Is this guard needed? + with util.SeLinuxGuard("/etc/ssh", recursive=True): try: - # TODO(harlowja): Is this guard needed? - with util.SeLinuxGuard("/etc/ssh", recursive=True): - util.subp(cmd, capture=False) - except: - util.logexc(log, "Failed generating key type %s to " - "file %s", keytype, keyfile) + out, err = util.subp(cmd, capture=True, rcs=[0, 1], env=lang_c) + sys.stdout.write(util.encode_text(out)) + except util.ProcessExecutionError as e: + err = util.decode_binary(e.stderr).lower() + if err.lower().startswith("unknown key"): + log.debug("unknown key type %s" % keytype) + else: + util.logexc(log, "Failed generating key type %s to " + "file %s", keytype, keyfile) try: (users, _groups) = ds.normalize_users_groups(cfg, cloud.distro) -- cgit v1.2.3 From e86decfd53418ff481cb5db8d8b089417f1dafdf Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Wed, 22 Jul 2015 13:23:19 -0400 Subject: pep8 line too long --- cloudinit/config/cc_ssh.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cloudinit/config/cc_ssh.py b/cloudinit/config/cc_ssh.py index 7a673994..cfaceac6 100644 --- a/cloudinit/config/cc_ssh.py +++ b/cloudinit/config/cc_ssh.py @@ -96,7 +96,8 @@ def handle(_name, cfg, cloud, log, _args): # TODO(harlowja): Is this guard needed? with util.SeLinuxGuard("/etc/ssh", recursive=True): try: - out, err = util.subp(cmd, capture=True, rcs=[0, 1], env=lang_c) + out, err = util.subp(cmd, capture=True, rcs=[0, 1], + env=lang_c) sys.stdout.write(util.encode_text(out)) except util.ProcessExecutionError as e: err = util.decode_binary(e.stderr).lower() -- cgit v1.2.3 From a21baa2bf5619358250821aa3c3d69dd54b81b18 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Wed, 22 Jul 2015 13:25:05 -0400 Subject: replace '2' with 'TO' in globals --- cloudinit/config/cc_ssh.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/cloudinit/config/cc_ssh.py b/cloudinit/config/cc_ssh.py index cfaceac6..cd0174da 100644 --- a/cloudinit/config/cc_ssh.py +++ b/cloudinit/config/cc_ssh.py @@ -37,12 +37,12 @@ DISABLE_ROOT_OPTS = ("no-port-forwarding,no-agent-forwarding," GENERATE_KEY_NAMES = ['rsa', 'dsa', 'ecdsa', 'ed25519'] KEY_FILE_TPL = '/etc/ssh/ssh_host_%s_key' -KEY_2_FILE = {} -PRIV_2_PUB = {} +CONFIG_KEY_TO_FILE = {} +PRIV_TO_PUB = {} for k in GENERATE_KEY_NAMES: - KEY_2_FILE.update({"%s_private" % k: (KEY_FILE_TPL % k, 0o600)}) - KEY_2_FILE.update({"%s_public" % k: (KEY_FILE_TPL % k + ".pub", 0o600)}) - PRIV_2_PUB["%s_private" % k] = "%s_public" % k + CONFIG_KEY_TO_FILE.update({"%s_private" % k: (KEY_FILE_TPL % k, 0o600)}) + CONFIG_KEY_TO_FILE.update({"%s_public" % k: (KEY_FILE_TPL % k + ".pub", 0o600)}) + PRIV_TO_PUB["%s_private" % k] = "%s_public" % k KEY_GEN_TPL = 'o=$(ssh-keygen -yf "%s") && echo "$o" root@localhost > "%s"' @@ -61,15 +61,15 @@ def handle(_name, cfg, cloud, log, _args): if "ssh_keys" in cfg: # if there are keys in cloud-config, use them for (key, val) in cfg["ssh_keys"].items(): - if key in KEY_2_FILE: - tgt_fn = KEY_2_FILE[key][0] - tgt_perms = KEY_2_FILE[key][1] + if key in CONFIG_KEY_TO_FILE: + tgt_fn = CONFIG_KEY_TO_FILE[key][0] + tgt_perms = CONFIG_KEY_TO_FILE[key][1] util.write_file(tgt_fn, val, tgt_perms) - for (priv, pub) in PRIV_2_PUB.items(): + for (priv, pub) in PRIV_TO_PUB.items(): if pub in cfg['ssh_keys'] or priv not in cfg['ssh_keys']: continue - pair = (KEY_2_FILE[priv][0], KEY_2_FILE[pub][0]) + pair = (CONFIG_KEY_TO_FILE[priv][0], CONFIG_KEY_TO_FILE[pub][0]) cmd = ['sh', '-xc', KEY_GEN_TPL % pair] try: # TODO(harlowja): Is this guard needed? -- cgit v1.2.3 From 404baf87e58f2c9740c8b31137b727c77d182058 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Wed, 22 Jul 2015 14:10:58 -0400 Subject: fixes from testing --- cloudinit/config/cc_ssh.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/cloudinit/config/cc_ssh.py b/cloudinit/config/cc_ssh.py index cd0174da..7fb13333 100644 --- a/cloudinit/config/cc_ssh.py +++ b/cloudinit/config/cc_ssh.py @@ -96,12 +96,11 @@ def handle(_name, cfg, cloud, log, _args): # TODO(harlowja): Is this guard needed? with util.SeLinuxGuard("/etc/ssh", recursive=True): try: - out, err = util.subp(cmd, capture=True, rcs=[0, 1], - env=lang_c) - sys.stdout.write(util.encode_text(out)) + out, err = util.subp(cmd, capture=True, env=lang_c) + sys.stdout.write(util.decode_binary(out)) except util.ProcessExecutionError as e: err = util.decode_binary(e.stderr).lower() - if err.lower().startswith("unknown key"): + if e.exit_code == 1 and err.lower().startswith("unknown key"): log.debug("unknown key type %s" % keytype) else: util.logexc(log, "Failed generating key type %s to " -- cgit v1.2.3 From 4c799192a9d3132da0138e1adb640a9ab7e191b0 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Wed, 22 Jul 2015 14:15:57 -0400 Subject: improve log message --- cloudinit/config/cc_ssh.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudinit/config/cc_ssh.py b/cloudinit/config/cc_ssh.py index 7fb13333..c2a7af72 100644 --- a/cloudinit/config/cc_ssh.py +++ b/cloudinit/config/cc_ssh.py @@ -101,7 +101,7 @@ def handle(_name, cfg, cloud, log, _args): except util.ProcessExecutionError as e: err = util.decode_binary(e.stderr).lower() if e.exit_code == 1 and err.lower().startswith("unknown key"): - log.debug("unknown key type %s" % keytype) + log.debug("ssh-keygen: unknown key type '%s'", keytype) else: util.logexc(log, "Failed generating key type %s to " "file %s", keytype, keyfile) -- cgit v1.2.3