Adding support of a deploy SSH key

diff --git a/lib/cr_tf/handler/__init__.py b/lib/cr_tf/handler/__init__.py
index 3c54520acfc3cd644715c170e74b8906a35225ce..cf95fae22041a39a42d3be59201c94536fa63f6c 100644 (file)
--- a/lib/cr_tf/handler/__init__.py
+++ b/lib/cr_tf/handler/__init__.py
@@ -46,7 +46,7 @@ from ..errors import AbortExecution
 
 from ..xlate import XLATOR
 
-__version__ = '3.9.6'
+__version__ = '3.10.0'
 LOG = logging.getLogger(__name__)
 
 _ = XLATOR.gettext
@@ -72,6 +72,8 @@ class CreateTerraformHandler(
     std_file_permissions = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH
     std_secure_file_permissions = stat.S_IRUSR | stat.S_IWUSR
 
+    sshkey_basename = 'id_rsa_cr_vmw_tpl'
+
     open_opts = {}
     if six.PY3:
         open_opts['encoding'] = 'utf-8'
@@ -156,6 +158,10 @@ class CreateTerraformHandler(
 
         self.script_dir = None
         self.script_dir_rel = None
+        self.keys_dir = None
+        self.keys_dir_rel = None
+        self.private_key = None
+        self.private_key_rel = None
 
         self._stop_at_step = None
 
@@ -207,6 +213,25 @@ class CreateTerraformHandler(
                 str(self.script_dir))
             raise ExpectedHandlerError(msg)
 
+        self.keys_dir = self.base_dir.joinpath('keys')
+        LOG.debug(_("Directory for SSH deploy keys: {!r}.").format(str(self.keys_dir)))
+        if not self.keys_dir.exists():
+            msg = _("Directory for SSH deploy keys {!r} does not exists.").format(
+                str(self.keys_dir))
+            raise ExpectedHandlerError(msg)
+        if not self.keys_dir.is_dir():
+            msg = _("Path {!r} for SSH deploy keys exists, but is not a directory.").format(
+                str(self.keys_dir))
+            raise ExpectedHandlerError(msg)
+
+        self.private_key = self.keys_dir / self.sshkey_basename
+        LOG.debug(_("Filename of the private SSH deploy key: {!r}").format(str(self.private_key)))
+        if not self.private_key.is_file():
+            msg = _(
+                "Private SSH deploy key file {!r} does not exists or is not a "
+                "regular file.").format(str(self.private_key))
+            raise ExpectedHandlerError(msg)
+
         if initialized:
             self.initialized = True
 

diff --git a/lib/cr_tf/handler/files.py b/lib/cr_tf/handler/files.py
index 58fa231933f65668e8b242b16d6be24dec6b4258..f34d93bd044f3495416288d2f483c940794b98f1 100644 (file)
--- a/lib/cr_tf/handler/files.py
+++ b/lib/cr_tf/handler/files.py
@@ -27,7 +27,7 @@ from ..errors import AbortExecution
 
 from ..xlate import XLATOR
 
-__version__ = '0.3.1'
+__version__ = '0.4.0'
 LOG = logging.getLogger(__name__)
 
 _ = XLATOR.gettext
@@ -168,6 +168,16 @@ class CrTfHandlerFilesMixin():
             str(self.script_dir), str(self.project_dir)))
         LOG.debug(_("Script-Dir relative to project dir: {!r}.").format(str(self.script_dir_rel)))
 
+        self.keys_dir_rel = Path(os.path.relpath(
+            str(self.keys_dir), str(self.project_dir)))
+        LOG.debug(_("Directory for SSH deploy keys relative to project dir: {!r}.").format(
+            str(self.keys_dir_rel)))
+
+        self.private_key_rel = self.keys_dir_rel / self.sshkey_basename
+        LOG.debug(_(
+            "Filename of the private SSH deploy key relative to project "
+            "dir: {!r}").format(str(self.private_key_rel)))
+
         if self.verbose > 1:
             LOG.debug(_("Checking {!r} for a previous terraform configuration.").format(
                 str(self.project_dir)))
@@ -745,14 +755,16 @@ class CrTfHandlerFilesMixin():
               source      = "{d}/{f}"
               destination = "/tmp/{f}"
               connection {{
-                type = "ssh"
-                user = "root"
-                host = "{h}"
+                type        = "ssh"
+                host        = "{h}"
+                user        = "root"
+                private_key = "{k}"
+                agent       = "false"
               }}
             }}
 
             '''), '  ').format(
-                d=self.script_dir_rel, f=sname, h=vm.fqdn)
+                d=self.script_dir_rel, f=sname, h=vm.fqdn, k=self.private_key_rel)
 
         if vm.is_rhel:
             if self.verbose > 1:
@@ -764,13 +776,15 @@ class CrTfHandlerFilesMixin():
               destination = "/tmp/rhsm-user-passwd"
               content     = "${{var.rhsm_user_password}}"
               connection {{
-                type = "ssh"
-                user = "root"
-                host = "{h}"
+                type        = "ssh"
+                host        = "{h}"
+                user        = "root"
+                private_key = "{k}"
+                agent       = "false"
               }}
             }}
 
-            '''), '  ').format(h=vm.fqdn)
+            '''), '  ').format(h=vm.fqdn, k=self.private_key_rel)
 
         # ## Postinstall commands on host
         commands = []
@@ -835,9 +849,11 @@ class CrTfHandlerFilesMixin():
             content += '      "{}",\n'.format(cmd)
         content += '    ]\n'
         content += '    connection {\n'
-        content += '      type = "ssh"\n'
-        content += '      user = "root"\n'
-        content += '      host = "{}"\n'.format(vm.fqdn)
+        content += '      type        = "ssh"\n'
+        content += '      host        = "{}"\n'.format(vm.fqdn)
+        content += '      user        = "root"\n'
+        content += '      private_key = "{}"\n'.format(self.private_key_rel)
+        content += '      agent       = "false"\n'
         content += '    }\n'
         content += '  }\n\n'
 
@@ -855,9 +871,11 @@ class CrTfHandlerFilesMixin():
             content += '    ]\n'
             content += '    when   = destroy\n'
             content += '    connection {\n'
-            content += '      type = "ssh"\n'
-            content += '      user = "root"\n'
-            content += '      host = "{}"\n'.format(vm.fqdn)
+            content += '      type        = "ssh"\n'
+            content += '      host        = "{}"\n'.format(vm.fqdn)
+            content += '      user        = "root"\n'
+            content += '      private_key = "{}"\n'.format(self.private_key_rel)
+            content += '      agent       = "false"\n'
             content += '    }\n'
             content += '  }\n\n'
 
@@ -936,13 +954,15 @@ class CrTfHandlerFilesMixin():
             "rm -fv /tmp/update-all-packages /tmp/functions.rc",
           ]
           connection {{
-            type = "ssh"
-            user = "root"
-            host = "{h}"
+            type        = "ssh"
+            host        = "{h}"
+            user        = "root"
+            private_key = "{k}"
+            agent       = "false"
           }}
         }}
 
-        '''), '  ').format(cmd=cmd, h=vm.fqdn,)
+        '''), '  ').format(cmd=cmd, h=vm.fqdn, k=self.private_key_rel)
 
         # Destroy actions with puppet
         cmd1 = "ssh -o StrictHostKeyChecking=no {ma} "
@@ -960,9 +980,11 @@ class CrTfHandlerFilesMixin():
           ]
           when   = destroy
           connection {{
-            type = "ssh"
-            user = "root"
-            host = "{h}"
+            type        = "ssh"
+            host        = "{h}"
+            user        = "root"
+            private_key = "{k}"
+            agent       = "false"
           }}
         }}
 
@@ -976,7 +998,7 @@ class CrTfHandlerFilesMixin():
           when    = destroy
         }}
 
-        '''), '  ').format(cmd1=cmd1, cmd2=cmd2, h=vm.fqdn)
+        '''), '  ').format(cmd1=cmd1, cmd2=cmd2, h=vm.fqdn, k=self.private_key_rel)
 
         return content