mirror of
https://github.com/xcat2/confluent.git
synced 2024-11-25 19:10:10 +00:00
Rewrite site ssh even if
the /etc copy already exists. IT may be that /var/lib/confluent is being repaired, in which case just copy existng over while giving warning.
This commit is contained in:
parent
570611f22b
commit
8277701af6
@ -78,7 +78,10 @@ class AlreadyExists(Exception):
|
||||
def initialize_ca():
|
||||
ouid = normalize_uid()
|
||||
# if already there, skip, make warning
|
||||
myname = collective.get_myname()
|
||||
if os.path.exists('/etc/confluent/ssh/ca.pub'):
|
||||
cafilename = '/var/lib/confluent/public/site/ssh/{0}.ca'.format(myname)
|
||||
shutil.copy('/etc/confluent/ssh/ca.pub', cafilename)
|
||||
raise AlreadyExists()
|
||||
try:
|
||||
os.makedirs('/etc/confluent/ssh', mode=0o700)
|
||||
@ -87,7 +90,6 @@ def initialize_ca():
|
||||
raise
|
||||
finally:
|
||||
os.seteuid(ouid)
|
||||
myname = collective.get_myname()
|
||||
comment = '{0} SSH CA'.format(myname)
|
||||
subprocess.check_call(
|
||||
['ssh-keygen', '-C', comment, '-t', 'ed25519', '-f',
|
||||
@ -161,6 +163,7 @@ def sign_host_key(pubkey, nodename, principals=()):
|
||||
def initialize_root_key(generate, automation=False):
|
||||
authorized = []
|
||||
myname = collective.get_myname()
|
||||
alreadyexist = False
|
||||
for currkey in glob.glob('/root/.ssh/*.pub'):
|
||||
authorized.append(currkey)
|
||||
if generate and not authorized and not automation:
|
||||
@ -169,12 +172,13 @@ def initialize_root_key(generate, automation=False):
|
||||
authorized.append(currkey)
|
||||
if automation and generate:
|
||||
if os.path.exists('/etc/confluent/ssh/automation'):
|
||||
raise AlreadyExists()
|
||||
subprocess.check_call(
|
||||
['ssh-keygen', '-t', 'ed25519',
|
||||
'-f','/etc/confluent/ssh/automation', '-N', get_passphrase(),
|
||||
'-C', 'Confluent Automation by {}'.format(myname)],
|
||||
preexec_fn=normalize_uid)
|
||||
alreadyexist = True
|
||||
else:
|
||||
subprocess.check_call(
|
||||
['ssh-keygen', '-t', 'ed25519',
|
||||
'-f','/etc/confluent/ssh/automation', '-N', get_passphrase(),
|
||||
'-C', 'Confluent Automation by {}'.format(myname)],
|
||||
preexec_fn=normalize_uid)
|
||||
authorized = ['/etc/confluent/ssh/automation.pub']
|
||||
ouid = normalize_uid()
|
||||
try:
|
||||
@ -198,6 +202,9 @@ def initialize_root_key(generate, automation=False):
|
||||
myname, suffix), 0o644)
|
||||
os.chown('/var/lib/confluent/public/site/ssh/{0}.{1}'.format(
|
||||
myname, suffix), neededuid, -1)
|
||||
if alreadyexist:
|
||||
raise AlreadyExists()
|
||||
|
||||
|
||||
|
||||
def ca_exists():
|
||||
|
Loading…
Reference in New Issue
Block a user