From 370f170a6dd31c1a0ac39e0a0ea957b3f066e31d Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Fri, 10 Nov 2023 14:59:27 +0100 Subject: [PATCH] Adding support of a deploy SSH key --- lib/cr_tf/handler/__init__.py | 27 +++++++++++++- lib/cr_tf/handler/files.py | 68 +++++++++++++++++++++++------------ 2 files changed, 71 insertions(+), 24 deletions(-) diff --git a/lib/cr_tf/handler/__init__.py b/lib/cr_tf/handler/__init__.py index 3c54520..cf95fae 100644 --- a/lib/cr_tf/handler/__init__.py +++ b/lib/cr_tf/handler/__init__.py @@ -46,7 +46,7 @@ from ..errors import AbortExecution from ..xlate import XLATOR -__version__ = '3.9.6' +__version__ = '3.10.0' LOG = logging.getLogger(__name__) _ = XLATOR.gettext @@ -72,6 +72,8 @@ class CreateTerraformHandler( std_file_permissions = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH std_secure_file_permissions = stat.S_IRUSR | stat.S_IWUSR + sshkey_basename = 'id_rsa_cr_vmw_tpl' + open_opts = {} if six.PY3: open_opts['encoding'] = 'utf-8' @@ -156,6 +158,10 @@ class CreateTerraformHandler( self.script_dir = None self.script_dir_rel = None + self.keys_dir = None + self.keys_dir_rel = None + self.private_key = None + self.private_key_rel = None self._stop_at_step = None @@ -207,6 +213,25 @@ class CreateTerraformHandler( str(self.script_dir)) raise ExpectedHandlerError(msg) + self.keys_dir = self.base_dir.joinpath('keys') + LOG.debug(_("Directory for SSH deploy keys: {!r}.").format(str(self.keys_dir))) + if not self.keys_dir.exists(): + msg = _("Directory for SSH deploy keys {!r} does not exists.").format( + str(self.keys_dir)) + raise ExpectedHandlerError(msg) + if not self.keys_dir.is_dir(): + msg = _("Path {!r} for SSH deploy keys exists, but is not a directory.").format( + str(self.keys_dir)) + raise ExpectedHandlerError(msg) + + self.private_key = self.keys_dir / self.sshkey_basename + LOG.debug(_("Filename of the private SSH deploy key: {!r}").format(str(self.private_key))) + if not self.private_key.is_file(): + msg = _( + "Private SSH deploy key file {!r} does not exists or is not a " + "regular file.").format(str(self.private_key)) + raise ExpectedHandlerError(msg) + if initialized: self.initialized = True diff --git a/lib/cr_tf/handler/files.py b/lib/cr_tf/handler/files.py index 58fa231..f34d93b 100644 --- a/lib/cr_tf/handler/files.py +++ b/lib/cr_tf/handler/files.py @@ -27,7 +27,7 @@ from ..errors import AbortExecution from ..xlate import XLATOR -__version__ = '0.3.1' +__version__ = '0.4.0' LOG = logging.getLogger(__name__) _ = XLATOR.gettext @@ -168,6 +168,16 @@ class CrTfHandlerFilesMixin(): str(self.script_dir), str(self.project_dir))) LOG.debug(_("Script-Dir relative to project dir: {!r}.").format(str(self.script_dir_rel))) + self.keys_dir_rel = Path(os.path.relpath( + str(self.keys_dir), str(self.project_dir))) + LOG.debug(_("Directory for SSH deploy keys relative to project dir: {!r}.").format( + str(self.keys_dir_rel))) + + self.private_key_rel = self.keys_dir_rel / self.sshkey_basename + LOG.debug(_( + "Filename of the private SSH deploy key relative to project " + "dir: {!r}").format(str(self.private_key_rel))) + if self.verbose > 1: LOG.debug(_("Checking {!r} for a previous terraform configuration.").format( str(self.project_dir))) @@ -745,14 +755,16 @@ class CrTfHandlerFilesMixin(): source = "{d}/{f}" destination = "/tmp/{f}" connection {{ - type = "ssh" - user = "root" - host = "{h}" + type = "ssh" + host = "{h}" + user = "root" + private_key = "{k}" + agent = "false" }} }} '''), ' ').format( - d=self.script_dir_rel, f=sname, h=vm.fqdn) + d=self.script_dir_rel, f=sname, h=vm.fqdn, k=self.private_key_rel) if vm.is_rhel: if self.verbose > 1: @@ -764,13 +776,15 @@ class CrTfHandlerFilesMixin(): destination = "/tmp/rhsm-user-passwd" content = "${{var.rhsm_user_password}}" connection {{ - type = "ssh" - user = "root" - host = "{h}" + type = "ssh" + host = "{h}" + user = "root" + private_key = "{k}" + agent = "false" }} }} - '''), ' ').format(h=vm.fqdn) + '''), ' ').format(h=vm.fqdn, k=self.private_key_rel) # ## Postinstall commands on host commands = [] @@ -835,9 +849,11 @@ class CrTfHandlerFilesMixin(): content += ' "{}",\n'.format(cmd) content += ' ]\n' content += ' connection {\n' - content += ' type = "ssh"\n' - content += ' user = "root"\n' - content += ' host = "{}"\n'.format(vm.fqdn) + content += ' type = "ssh"\n' + content += ' host = "{}"\n'.format(vm.fqdn) + content += ' user = "root"\n' + content += ' private_key = "{}"\n'.format(self.private_key_rel) + content += ' agent = "false"\n' content += ' }\n' content += ' }\n\n' @@ -855,9 +871,11 @@ class CrTfHandlerFilesMixin(): content += ' ]\n' content += ' when = destroy\n' content += ' connection {\n' - content += ' type = "ssh"\n' - content += ' user = "root"\n' - content += ' host = "{}"\n'.format(vm.fqdn) + content += ' type = "ssh"\n' + content += ' host = "{}"\n'.format(vm.fqdn) + content += ' user = "root"\n' + content += ' private_key = "{}"\n'.format(self.private_key_rel) + content += ' agent = "false"\n' content += ' }\n' content += ' }\n\n' @@ -936,13 +954,15 @@ class CrTfHandlerFilesMixin(): "rm -fv /tmp/update-all-packages /tmp/functions.rc", ] connection {{ - type = "ssh" - user = "root" - host = "{h}" + type = "ssh" + host = "{h}" + user = "root" + private_key = "{k}" + agent = "false" }} }} - '''), ' ').format(cmd=cmd, h=vm.fqdn,) + '''), ' ').format(cmd=cmd, h=vm.fqdn, k=self.private_key_rel) # Destroy actions with puppet cmd1 = "ssh -o StrictHostKeyChecking=no {ma} " @@ -960,9 +980,11 @@ class CrTfHandlerFilesMixin(): ] when = destroy connection {{ - type = "ssh" - user = "root" - host = "{h}" + type = "ssh" + host = "{h}" + user = "root" + private_key = "{k}" + agent = "false" }} }} @@ -976,7 +998,7 @@ class CrTfHandlerFilesMixin(): when = destroy }} - '''), ' ').format(cmd1=cmd1, cmd2=cmd2, h=vm.fqdn) + '''), ' ').format(cmd1=cmd1, cmd2=cmd2, h=vm.fqdn, k=self.private_key_rel) return content -- 2.39.5