mirror of
https://github.com/xcat2/confluent.git
synced 2024-11-24 18:41:55 +00:00
Pull in the automation key into default profiles
This commit is contained in:
parent
a26624a614
commit
e38dbc4470
@ -12,7 +12,7 @@ sed -i 's/install::/install:*:/' /sysroot/etc/shadow
|
||||
sed -i 's/root::/root:*:/' /sysroot/etc/shadow
|
||||
mkdir -p /sysroot/root/.ssh
|
||||
#chmod 700 /sysroot/root/.ssh
|
||||
cat /ssh/*.rootpubkey > /sysroot/root/.ssh/authorized_keys
|
||||
cat /ssh/*pubkey > /sysroot/root/.ssh/authorized_keys
|
||||
#chmod 600 /sysroot/root/.ssh/authorized_keys
|
||||
mkdir -p /sysroot/etc/ssh/
|
||||
for i in /ssh/*.ca; do
|
||||
|
@ -13,7 +13,7 @@ sed -i 's/install::/install:*:/' /sysroot/etc/shadow
|
||||
sed -i 's/root::/root:*:/' /sysroot/etc/shadow
|
||||
mkdir -p /sysroot/root/.ssh
|
||||
chmod 700 /sysroot/root/.ssh
|
||||
cat /ssh/*.rootpubkey > /sysroot/root/.ssh/authorized_keys
|
||||
cat /ssh/*pubkey > /sysroot/root/.ssh/authorized_keys
|
||||
chmod 600 /sysroot/root/.ssh/authorized_keys
|
||||
mkdir -p /sysroot/etc/ssh/
|
||||
for i in /ssh/*.ca; do
|
||||
|
@ -35,7 +35,7 @@ PermitRootLogin yes
|
||||
AuthorizedKeysFile .ssh/authorized_keys
|
||||
EOF
|
||||
mkdir ~/.ssh
|
||||
cat /ssh/*.rootpubkey > ~/.ssh/authorized_keys
|
||||
cat /ssh/*pubkey > ~/.ssh/authorized_keys 2>/dev/null
|
||||
cat /tls/*.pem > /etc/confluent/ca.pem
|
||||
mkdir -p /etc/pki/tls/certs
|
||||
cat /tls/*.pem > /etc/pki/tls/certs/ca-bundle.crt
|
||||
|
@ -12,7 +12,7 @@ sed -i 's/install::/install:*:/' /sysroot/etc/shadow
|
||||
sed -i 's/root::/root:*:/' /sysroot/etc/shadow
|
||||
mkdir -p /sysroot/root/.ssh
|
||||
#chmod 700 /sysroot/root/.ssh
|
||||
cat /ssh/*.rootpubkey > /sysroot/root/.ssh/authorized_keys
|
||||
cat /ssh/*pubkey > /sysroot/root/.ssh/authorized_keys
|
||||
#chmod 600 /sysroot/root/.ssh/authorized_keys
|
||||
mkdir -p /sysroot/etc/ssh/
|
||||
for i in /ssh/*.ca; do
|
||||
|
@ -1,7 +1,7 @@
|
||||
#!/bin/bash
|
||||
echo "Installing certificates"
|
||||
echo '<authorized_keys xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns" config:type="list">' > /tmp/rootkeys.xml
|
||||
for pub in /ssh/*.rootpubkey; do
|
||||
for pub in /ssh/*pubkey; do
|
||||
echo '<listentry>'$(cat $pub)'</listentry>' >> /tmp/rootkeys.xml
|
||||
done
|
||||
echo '</authorized_keys>' >> /tmp/rootkeys.xml
|
||||
|
@ -16,7 +16,8 @@ if [ "$cryptboot" != "" ] && [ "$cryptboot" != "none" ] && [ "$cryptboot" != "n
|
||||
fi
|
||||
|
||||
mkdir ~/.ssh
|
||||
cat /ssh/*.rootpubkey > ~/.ssh/authorized_keys
|
||||
cat /ssh/*pubkey > ~/.ssh/authorized_keys 2>/dev/null
|
||||
|
||||
ssh-keygen -A
|
||||
for i in /etc/ssh/ssh_host*key.pub; do
|
||||
certname=${i/.pub/-cert.pub}
|
||||
|
@ -9,7 +9,7 @@ if [ "$cryptboot" != "" ] && [ "$cryptboot" != "none" ] && [ "$cryptboot" != "n
|
||||
fi
|
||||
|
||||
|
||||
cat /custom-installation/ssh/*.rootpubkey > /root/.ssh/authorized_keys
|
||||
cat /custom-installation/ssh/*pubkey > /root/.ssh/authorized_keys
|
||||
nodename=$(grep ^NODENAME: /custom-installation/confluent/confluent.info|awk '{print $2}')
|
||||
apikey=$(cat /custom-installation/confluent/confluent.apikey)
|
||||
for pubkey in /etc/ssh/ssh_host*key.pub; do
|
||||
|
@ -77,6 +77,8 @@ def initialize_ca():
|
||||
|
||||
def prep_ssh_key(keyname):
|
||||
assure_agent()
|
||||
if keyname in ready_keys:
|
||||
return
|
||||
tmpdir = tempfile.mkdtemp()
|
||||
try:
|
||||
askpass = os.path.join(tmpdir, 'askpass.sh')
|
||||
@ -89,15 +91,15 @@ def prep_ssh_key(keyname):
|
||||
with open(os.devnull, 'wb') as devnull:
|
||||
subprocess.check_call(['ssh-add', keyname], stdin=devnull)
|
||||
del os.environ['CONFLUENT_SSH_PASSPHRASE']
|
||||
ready_keys[keyname] = 1
|
||||
finally:
|
||||
shutil.rmtree(tmpdir)
|
||||
|
||||
def sign_host_key(pubkey, nodename, principals=()):
|
||||
tmpdir = tempfile.mkdtemp()
|
||||
try:
|
||||
if 'ca.pub' not in ready_keys:
|
||||
prep_ssh_key('/etc/confluent/ssh/ca')
|
||||
ready_keys['ca.pub'] = 1
|
||||
prep_ssh_key('/etc/confluent/ssh/ca')
|
||||
ready_keys['ca.pub'] = 1
|
||||
pkeyname = os.path.join(tmpdir, 'hostkey.pub')
|
||||
with open(pkeyname, 'wb') as pubfile:
|
||||
pubfile.write(pubkey)
|
||||
|
@ -15,7 +15,7 @@ fi
|
||||
sed -i "s!root:[^:]*:!root:$rootpw:!" /sysroot/etc/shadow
|
||||
mkdir -p /sysroot/root/.ssh
|
||||
chmod 700 /sysroot/root/.ssh
|
||||
cat /ssh/*.rootpubkey > /sysroot/root/.ssh/authorized_keys
|
||||
cat /ssh/*pubkey > /sysroot/root/.ssh/authorized_keys
|
||||
chmod 600 /sysroot/root/.ssh/authorized_keys
|
||||
mkdir -p /sysroot/etc/ssh/
|
||||
for i in /ssh/*.ca; do
|
||||
|
Loading…
Reference in New Issue
Block a user