2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-12-25 04:32:11 +00:00

Skip newer agent behaviors with incompatible old ssh

The previous attempt to support older ssh failed to completely
enact old behavior when needed.
This commit is contained in:
Jarrod Johnson 2021-06-04 13:40:39 -04:00
parent a2edf46b8a
commit 269300119a

View File

@ -34,7 +34,7 @@ def normalize_uid():
def assure_agent():
if sshver() <= 7.6:
return
return False
global agent_pid
if agent_pid is None:
sai = subprocess.check_output(['ssh-agent'])
@ -51,6 +51,7 @@ def assure_agent():
if k == 'SSH_AGENT_PID':
agent_pid = v
os.environ[k] = v
return True
def get_passphrase():
if sshver() <= 7.6:
@ -90,9 +91,11 @@ def initialize_ca():
def prep_ssh_key(keyname):
assure_agent()
if keyname in ready_keys:
return
if not assure_agent():
ready_keys[keyname] = 1
return
tmpdir = tempfile.mkdtemp()
try:
askpass = os.path.join(tmpdir, 'askpass.sh')
@ -121,8 +124,9 @@ def sign_host_key(pubkey, nodename, principals=()):
principals.add(nodename)
principals = ','.join(sorted(principals))
flags = '-Us' if sshver() > 7.6 else '-s'
keyname = '/etc/confluent/ssh/ca.pub' if flags == '-Us' else '/etc/confluent/ssh/ca'
subprocess.check_call(
['ssh-keygen', flags, '/etc/confluent/ssh/ca.pub', '-I', nodename,
['ssh-keygen', flags, keyname, '-I', nodename,
'-n', principals, '-h', pkeyname])
certname = pkeyname.replace('.pub', '-cert.pub')
with open(certname) as cert: