diff options
author | Narayan Desai <desai@mcs.anl.gov> | 2005-09-07 17:35:15 +0000 |
---|---|---|
committer | Narayan Desai <desai@mcs.anl.gov> | 2005-09-07 17:35:15 +0000 |
commit | 6a9f8ba7c24efbf87829cf9ee6026a3e7af4b643 (patch) | |
tree | d8a8a7e005613b55c2feb9875ce6f2272878a516 | |
parent | 22826c4e0d77e4e272224df12f23cd24ffa408a9 (diff) | |
download | bcfg2-6a9f8ba7c24efbf87829cf9ee6026a3e7af4b643.tar.gz bcfg2-6a9f8ba7c24efbf87829cf9ee6026a3e7af4b643.tar.bz2 bcfg2-6a9f8ba7c24efbf87829cf9ee6026a3e7af4b643.zip |
Auto merged
}(Logical change 1.300)
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@1217 ce84e21b-d406-0410-9b95-82705330c041
-rw-r--r-- | src/lib/Server/Generators/SSHbase.py | 133 |
1 files changed, 0 insertions, 133 deletions
diff --git a/src/lib/Server/Generators/SSHbase.py b/src/lib/Server/Generators/SSHbase.py deleted file mode 100644 index 45f41fe68..000000000 --- a/src/lib/Server/Generators/SSHbase.py +++ /dev/null @@ -1,133 +0,0 @@ -'''This module manages ssh key files for bcfg2''' -__revision__ = '$Revision$' - -from binascii import b2a_base64 -from os import rename, system -from socket import gethostbyname, gaierror -from syslog import syslog, LOG_ERR - -from Bcfg2.Server.Generator import Generator, DirectoryBacked - -class SSHbase(Generator): - '''The sshbase generator manages ssh host keys (both v1 and v2) - for hosts. It also manages the ssh_known_hosts file. It can - integrate host keys from other management domains and similarly - export its keys. The repository contains files in the following - formats: - - ssh_host_key.H_(hostname) -> the v1 host private key for - (hostname) - ssh_host_key.pub.H_(hostname) -> the v1 host public key - for (hostname) - ssh_host_(dr)sa_key.H_(hostname) -> the v2 ssh host - private key for (hostname) - ssh_host_(dr)sa_key.pub.H_(hostname) -> the v2 ssh host - public key for (hostname) - ssh_known_hosts -> the current known hosts file. this - is regenerated each time a new key is generated. -''' - __name__ = 'SSHbase' - __version__ = '$Id$' - __author__ = 'bcfg-dev@mcs.anl.gov' - - pubkeys = ["ssh_host_dsa_key.pub.H_%s", - "ssh_host_rsa_key.pub.H_%s", "ssh_host_key.pub.H_%s"] - hostkeys = ["ssh_host_dsa_key.H_%s", - "ssh_host_rsa_key.H_%s", "ssh_host_key.H_%s"] - - def __init__(self, core, datastore): - Generator.__init__(self, core, datastore) - self.repository = DirectoryBacked(self.data, self.core.fam) - self.__provides__ = {'ConfigFile': - {'/etc/ssh/ssh_known_hosts':self.build_skn, - '/etc/ssh/ssh_host_dsa_key':self.build_hk, - '/etc/ssh/ssh_host_rsa_key':self.build_hk, - '/etc/ssh/ssh_host_dsa_key.pub':self.build_hk, - '/etc/ssh/ssh_host_rsa_key.pub':self.build_hk, - '/etc/ssh/ssh_host_key':self.build_hk, - '/etc/ssh/ssh_host_key.pub':self.build_hk}} - self.ipcache = {} - self.domains = ['mcs.anl.gov', 'bgl.mcs.anl.gov', 'globus.org', 'uc.teragrid.org'] - - def get_ipcache_entry(self, client): - '''build a cache of dns results''' - if self.ipcache.has_key(client): - return self.ipcache[client] - else: - # need to add entry - if self.repository.entries.has_key('domains'): - domains = self.repository.entries['domains'].split() - else: - domains = self.domains - for domain in domains: - try: - fqdn = "%s.%s" % (client, domain) - ipaddr = gethostbyname("%s.%s" % (client, domain)) - self.ipcache[client] = (ipaddr, fqdn) - return (ipaddr, fqdn) - except gaierror: - continue - syslog(LOG_ERR, "Failed to find fqdn for %s" % client) - raise gaierror - - def cache_skn(self): - '''build memory cache of the ssh known hosts file''' - self.static_skn = '' - for pubkey in [pubk for pubk in self.repository.entries.keys() if pubk.find('.pub.H_') != -1]: - hostname = pubkey.split('H_')[1] - try: - (ipaddr, fqdn) = self.get_ipcache_entry(hostname) - except gaierror: - continue - self.static_skn += "%s,%s,%s %s" % (hostname, fqdn, ipaddr, - self.repository.entries[pubkey].data) - - - def build_skn(self, entry, metadata): - '''This function builds builds a host specific known_hosts file''' - client = metadata.hostname - if not hasattr(self, 'static_skn'): - self.cache_skn() - entry.text = self.static_skn - for hostkey in [keytmpl % client for keytmpl in self.pubkeys]: - entry.text += "localhost,localhost.localdomain,127.0.0.1 %s" % ( - self.repository.entries[hostkey].data) - entry.attrib.update({'owner':'root', 'group':'root', 'perms':'0644'}) - - def build_hk(self, entry, metadata): - '''This binds host key data into entries''' - client = metadata.hostname - filename = "%s.H_%s" % (entry.get('name').split('/')[-1], client) - if filename not in self.repository.entries.keys(): - self.GenerateHostKeys(client) - if hasattr(self, 'static_skn'): - del self.static_skn - keydata = self.repository.entries[filename].data - perms = '0600' - if entry.get('name')[-4:] == '.pub': - perms = '0644' - entry.attrib.update({'owner':'root', 'group':'root', 'perms':perms}) - entry.text = keydata - if "ssh_host_key.H_" == filename[:15]: - entry.attrib['encoding'] = 'base64' - entry.text = b2a_base64(keydata) - - def GenerateHostKeys(self, client): - '''Generate new host keys for client''' - keylist = [keytmpl % client for keytmpl in self.hostkeys] - for hostkey in keylist: - if 'ssh_host_rsa_key.H_' == hostkey[:19]: - keytype = 'rsa' - elif 'ssh_host_dsa_key.H_' == hostkey[:19]: - keytype = 'dsa' - else: - keytype = 'rsa1' - - if hostkey not in self.repository.entries.keys(): - fileloc = "%s/%s" % (self.data, hostkey) - system('ssh-keygen -q -f %s -N "" -t %s -C root@%s < /dev/null' % (fileloc, keytype, client)) - rename("%s.pub"%(fileloc),"%s/" % - (self.data, )+".".join(hostkey.split('.')[:-1]+['pub']+[hostkey.split('.')[-1]])) - self.repository.AddEntry(hostkey) - self.repository.AddEntry("%s.pub"%(hostkey)) - |