summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNarayan Desai <desai@mcs.anl.gov>2005-09-07 17:35:15 +0000
committerNarayan Desai <desai@mcs.anl.gov>2005-09-07 17:35:15 +0000
commit6a9f8ba7c24efbf87829cf9ee6026a3e7af4b643 (patch)
treed8a8a7e005613b55c2feb9875ce6f2272878a516
parent22826c4e0d77e4e272224df12f23cd24ffa408a9 (diff)
downloadbcfg2-6a9f8ba7c24efbf87829cf9ee6026a3e7af4b643.tar.gz
bcfg2-6a9f8ba7c24efbf87829cf9ee6026a3e7af4b643.tar.bz2
bcfg2-6a9f8ba7c24efbf87829cf9ee6026a3e7af4b643.zip
Auto merged
}(Logical change 1.300) git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@1217 ce84e21b-d406-0410-9b95-82705330c041
-rw-r--r--src/lib/Server/Generators/SSHbase.py133
1 files changed, 0 insertions, 133 deletions
diff --git a/src/lib/Server/Generators/SSHbase.py b/src/lib/Server/Generators/SSHbase.py
deleted file mode 100644
index 45f41fe68..000000000
--- a/src/lib/Server/Generators/SSHbase.py
+++ /dev/null
@@ -1,133 +0,0 @@
-'''This module manages ssh key files for bcfg2'''
-__revision__ = '$Revision$'
-
-from binascii import b2a_base64
-from os import rename, system
-from socket import gethostbyname, gaierror
-from syslog import syslog, LOG_ERR
-
-from Bcfg2.Server.Generator import Generator, DirectoryBacked
-
-class SSHbase(Generator):
- '''The sshbase generator manages ssh host keys (both v1 and v2)
- for hosts. It also manages the ssh_known_hosts file. It can
- integrate host keys from other management domains and similarly
- export its keys. The repository contains files in the following
- formats:
-
- ssh_host_key.H_(hostname) -> the v1 host private key for
- (hostname)
- ssh_host_key.pub.H_(hostname) -> the v1 host public key
- for (hostname)
- ssh_host_(dr)sa_key.H_(hostname) -> the v2 ssh host
- private key for (hostname)
- ssh_host_(dr)sa_key.pub.H_(hostname) -> the v2 ssh host
- public key for (hostname)
- ssh_known_hosts -> the current known hosts file. this
- is regenerated each time a new key is generated.
-'''
- __name__ = 'SSHbase'
- __version__ = '$Id$'
- __author__ = 'bcfg-dev@mcs.anl.gov'
-
- pubkeys = ["ssh_host_dsa_key.pub.H_%s",
- "ssh_host_rsa_key.pub.H_%s", "ssh_host_key.pub.H_%s"]
- hostkeys = ["ssh_host_dsa_key.H_%s",
- "ssh_host_rsa_key.H_%s", "ssh_host_key.H_%s"]
-
- def __init__(self, core, datastore):
- Generator.__init__(self, core, datastore)
- self.repository = DirectoryBacked(self.data, self.core.fam)
- self.__provides__ = {'ConfigFile':
- {'/etc/ssh/ssh_known_hosts':self.build_skn,
- '/etc/ssh/ssh_host_dsa_key':self.build_hk,
- '/etc/ssh/ssh_host_rsa_key':self.build_hk,
- '/etc/ssh/ssh_host_dsa_key.pub':self.build_hk,
- '/etc/ssh/ssh_host_rsa_key.pub':self.build_hk,
- '/etc/ssh/ssh_host_key':self.build_hk,
- '/etc/ssh/ssh_host_key.pub':self.build_hk}}
- self.ipcache = {}
- self.domains = ['mcs.anl.gov', 'bgl.mcs.anl.gov', 'globus.org', 'uc.teragrid.org']
-
- def get_ipcache_entry(self, client):
- '''build a cache of dns results'''
- if self.ipcache.has_key(client):
- return self.ipcache[client]
- else:
- # need to add entry
- if self.repository.entries.has_key('domains'):
- domains = self.repository.entries['domains'].split()
- else:
- domains = self.domains
- for domain in domains:
- try:
- fqdn = "%s.%s" % (client, domain)
- ipaddr = gethostbyname("%s.%s" % (client, domain))
- self.ipcache[client] = (ipaddr, fqdn)
- return (ipaddr, fqdn)
- except gaierror:
- continue
- syslog(LOG_ERR, "Failed to find fqdn for %s" % client)
- raise gaierror
-
- def cache_skn(self):
- '''build memory cache of the ssh known hosts file'''
- self.static_skn = ''
- for pubkey in [pubk for pubk in self.repository.entries.keys() if pubk.find('.pub.H_') != -1]:
- hostname = pubkey.split('H_')[1]
- try:
- (ipaddr, fqdn) = self.get_ipcache_entry(hostname)
- except gaierror:
- continue
- self.static_skn += "%s,%s,%s %s" % (hostname, fqdn, ipaddr,
- self.repository.entries[pubkey].data)
-
-
- def build_skn(self, entry, metadata):
- '''This function builds builds a host specific known_hosts file'''
- client = metadata.hostname
- if not hasattr(self, 'static_skn'):
- self.cache_skn()
- entry.text = self.static_skn
- for hostkey in [keytmpl % client for keytmpl in self.pubkeys]:
- entry.text += "localhost,localhost.localdomain,127.0.0.1 %s" % (
- self.repository.entries[hostkey].data)
- entry.attrib.update({'owner':'root', 'group':'root', 'perms':'0644'})
-
- def build_hk(self, entry, metadata):
- '''This binds host key data into entries'''
- client = metadata.hostname
- filename = "%s.H_%s" % (entry.get('name').split('/')[-1], client)
- if filename not in self.repository.entries.keys():
- self.GenerateHostKeys(client)
- if hasattr(self, 'static_skn'):
- del self.static_skn
- keydata = self.repository.entries[filename].data
- perms = '0600'
- if entry.get('name')[-4:] == '.pub':
- perms = '0644'
- entry.attrib.update({'owner':'root', 'group':'root', 'perms':perms})
- entry.text = keydata
- if "ssh_host_key.H_" == filename[:15]:
- entry.attrib['encoding'] = 'base64'
- entry.text = b2a_base64(keydata)
-
- def GenerateHostKeys(self, client):
- '''Generate new host keys for client'''
- keylist = [keytmpl % client for keytmpl in self.hostkeys]
- for hostkey in keylist:
- if 'ssh_host_rsa_key.H_' == hostkey[:19]:
- keytype = 'rsa'
- elif 'ssh_host_dsa_key.H_' == hostkey[:19]:
- keytype = 'dsa'
- else:
- keytype = 'rsa1'
-
- if hostkey not in self.repository.entries.keys():
- fileloc = "%s/%s" % (self.data, hostkey)
- system('ssh-keygen -q -f %s -N "" -t %s -C root@%s < /dev/null' % (fileloc, keytype, client))
- rename("%s.pub"%(fileloc),"%s/" %
- (self.data, )+".".join(hostkey.split('.')[:-1]+['pub']+[hostkey.split('.')[-1]]))
- self.repository.AddEntry(hostkey)
- self.repository.AddEntry("%s.pub"%(hostkey))
-