Extend manager principals for ssh

When doing osdeploy initialize -l (not recommended usually), add on more forms of the name and ip addresses to be consistent with node ssh behavior.
2024-11-22 09:32:21 +00:00 · 2022-05-24 07:24:56 -04:00 · 2022-05-24 07:24:56 -04:00 · a3cce144bc
commit a3cce144bc
parent f9d47bb0d3
1 changed files with 9 additions and 4 deletions
--- a/confluent_server/bin/osdeploy
+++ b/confluent_server/bin/osdeploy
@ -22,6 +22,8 @@ import confluent.util as util
 import confluent.client as client
 import confluent.sshutil as sshutil
 import confluent.certutil as certutil
+import confluent.netutil as netutil
+import socket
 try:
    input = raw_input
 except NameError:
@ -149,10 +151,13 @@ def local_node_trust_setup():
    neededlines = set([
        'HostbasedAuthentication yes', 'HostbasedUsesNameFromPacketOnly yes',
        'IgnoreRhosts no'])
-    if domain and not myname.endswith(domain):
-        myprincipals.add('{0}.{1}'.format(myname, domain))
-    if domain and '.' in myname and myname.endswith(domain):
-        myprincipals.add(myname.split('.')[0])
+    myshortname = myname.split('.')[0]
+    myprincipals.add(myshortname)
+    if domain:
+        myprincipals.add('{0}.{1}'.format(myshortname, domain))
+    for addr in netutil.get_my_addresses():
+        addr = socket.inet_ntop(addr[0], addr[1])
+        myprincipals.add(addr)
    for pubkey in glob.glob('/etc/ssh/ssh_host_*_key.pub'):
        currpubkey = open(pubkey, 'rb').read()
        cert = sshutil.sign_host_key(currpubkey, myname, myprincipals)