Age | Commit message (Collapse) | Author |
|
When output of SSH host keys and/or SSH fingerprints are disabled for
all keys do not display headers and footers.
Prevent risk of message text being interpreted as "logger" option by
appending "--" to logger options.
Correct syslog output that was tagged with "ec2" regardless of DataSource
in use. Now use "cloud-init" tag instead.
Various "shellcheck" corrections.
Add testcase for disabled output of SSH host keys.
|
|
This has been a recurring ask and we had initially just made the change to
the cloud-init 2.0 codebase. As the current thinking is we'll just
continue to enhance the current codebase, its desirable to relicense to
match what we'd intended as part of the 2.0 plan here.
- put a brief description of license in LICENSE file
- put full license versions in LICENSE-GPLv3 and LICENSE-Apache2.0
- simplify the per-file header to reference LICENSE
- tox: ignore H102 (Apache License Header check)
Add license header to files that ship.
Reformat headers, make sure everything has vi: at end of file.
Non-shipping files do not need the copyright header,
but at the moment tests/ have it.
|
|
instead of using '--stderr' on non-rhel based on the presense of
/etc/redhat-release, just use the short form '-s' everywhere.
|
|
It seems like at least RHEL does not have the "--stderr" option
but instead only supports the short version "-s" so add a check
that will switch from the long version to the short version when
RHEL is detected.
LP: #1083715
|
|
In the previous commit to htis file I had wrapped the writing of
'BEGIN SSH HOST KEY KEYS' to go through logger.
This would cause the keys to be prefixed with 'ec2:' which, previously they
were not. That would break existing users *and* make it more difficult to
consume that data, which was explicitly added to be easy to consume.
|
|
This changes all output write-ssh-key-fingerprints to go to its
stdout by redirecting stderr to stdout.
The reason for this is that cc_keys_to_console.py was swallowing stderr
and not replaying it to /dev/console.
Ideally, we'd have a way in 'util.subp' to do effectively the same thing
as we're doing here in the shell script.
LP: #1055688
|
|
Currently cloud-init writes something like this to console output:
ec2: #############################################################
ec2: -----BEGIN SSH HOST KEY FINGERPRINTS-----
ec2: 2048 78:ae:f3:91:04:6f:8d:ee:ef:e1:2d:72:83:6a:d0:82 root@h (RSA)
ec2: 1024 d3:b6:32:64:22:d4:43:05:f9:25:b4:f3:65:4e:e2:51 root@h (DSA)
ec2: -----END SSH HOST KEY FINGERPRINTS-----
ec2: #############################################################
the key fingerprints are useful for humans to read, but not so useful
for machines, as you cannot populate a KnownHostsFile (~/.ssh/known_hosts)
from the data there.
This change adds output like:
-----BEGIN SSH HOST KEY KEYS-----
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdH......STI= root@h
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYRIQe6m......tWF3 root@h
-----END SSH HOST KEY KEYS-----
Those lines can easily be grabbed and appended to a known_hosts file.
|
|
Notes:
* This also makes cc_ssh.py *not* write ssh keys to the console.
That means that if keys-to-console is configured off, nothing will
write the keys to the console.
* I removed Garret's use of xargs, replacing with a shell for loop
in write-ssh-key-fingerprints.
taken from
git://pkgs.fedoraproject.org/cloud-init.git
commit 87f33190f43d2b26cced4597e7298835024466c2
Author: Garrett Holmstrom <gholms@fedoraproject.org>
Patch8: cloud-init-0.6.2-sshkeytypes.patch
|
|
This will allow this code to be called more easily elsewhere.
I'm considering having the "all the way up" message contain fingerprints
so that they're more or less guaranteed to get to the console where
the user could see them.
|