salt
/
openssh-formula
forked from ExternalMirrors/openssh-formula
Watch 1
Star 0
Fork 0
Code Releases 0 Activity
Saltstack Official OpenSSH Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
252 Commits
1 Branch
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
openssh-formula/_pillar/known_hosts_salt_ssh.sls

known_hosts_salt_ssh.sls 3.3KB
Raw Permalink Normal View History

Pillar openssh.known_hosts_salt_ssh (#128) * Pillar openssh.known_hosts_salt_ssh * Dropped ill-named file * Fixed aliasing of host names * Improved pillar.example * Opt-in to include localhost * pillar/known_hosts_salt_ssh: clear cache in run() * Dropped forgotten debugging output
6 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 
  1. #!py

  2. 

  3. import logging

  4. import os.path

  5. import re

  6. import subprocess

  7. 

  8. cache = {}

  9. ssh_key_pattern = re.compile("^[^ ]+ (ssh-.+)$")

  10. log = logging.getLogger(__name__)

  11. 

  12. def config_dir():

  13.     if '__master_opts__' in __opts__:

  14.         # run started via salt-ssh

  15.         return __opts__['__master_opts__']['config_dir']

  16.     else:

  17.         # run started via salt

  18.         return __opts__['config_dir']

  19. 

  20. def cache_dir():

  21.     if '__master_opts__' in __opts__:

  22.         # run started via salt-ssh

  23.         return __opts__['__master_opts__']['cachedir']

  24.     else:

  25.         # run started via salt

  26.         return __opts__['cachedir']+'/../master'

  27. 

  28. def minions():

  29.     if not 'minions' in cache:

  30.         cache['minions'] = __salt__.slsutil.renderer(config_dir() + '/roster')

  31.     return cache['minions']

  32. 

  33. def host_variants(minion):

  34.     _variants = [minion]

  35.     def add_port_variant(host):

  36.         if 'port' in minions()[minion]:

  37.             _variants.append("[{}]:{}".format(host, minions()[minion]['port']))

  38.     add_port_variant(minion)

  39.     if 'host' in minions()[minion]:

  40.         host = minions()[minion]['host']

  41.         _variants.append(host)

  42.         add_port_variant(host)

  43.     return _variants

  44. 

  45. def host_keys_from_known_hosts(minion, path):

  46.     '''

  47.     Fetches all host keys of the given minion.

  48.     '''

  49.     if not os.path.isfile(path):

  50.         return []

  51.     pubkeys = []

  52.     def fill_pubkeys(host):

  53.         for line in host_key_of(host, path).splitlines():

  54.             match = ssh_key_pattern.search(line)

  55.             if match:

  56.               pubkeys.append(match.group(1))

  57.     # Try the minion ID and its variants first

  58.     for host in host_variants(minion):

  59.         fill_pubkeys(host)

  60.     # When no keys were found ...

  61.     if not pubkeys:

  62.         # ... fetch IP addresses via DNS and try them.

  63.         for host in (salt['dig.A'](minion) + salt['dig.AAAA'](minion)):

  64.             fill_pubkeys(host)

  65.     # When not a single key was found anywhere:

  66.     if not pubkeys:

  67.         log.error("No SSH host key found for {}. "

  68.                   "You may need to add it to {}.".format(minion, path))

  69.     return "\n".join(pubkeys)

  70. 

  71. def host_key_of(host, path):

  72.     cmd = ["ssh-keygen", "-H", "-F", host, "-f", path]

  73.     call = subprocess.Popen(

  74.         cmd,

  75.         stdout=subprocess.PIPE,

  76.         stderr=subprocess.PIPE

  77.     )

  78.     out, err = call.communicate()

  79.     if err == '':

  80.         return out

  81.     else:

  82.         log.error("{} failed:\nSTDERR: {}\nSTDOUT: {}".format(

  83.             " ".join(cmd),

  84.             err,

  85.             out

  86.         ))

  87.         return ""

  88. 

  89. def host_keys(minion_id):

  90.     # Get keys from trusted known_hosts file

  91.     trusted_keys = host_keys_from_known_hosts(minion_id,

  92.         config_dir()+'/known_hosts')

  93.     if trusted_keys:

  94.         print "trusted_keys"

  95.         return trusted_keys

  96.     # Get keys from host key cache

  97.     cache_file = "{}/known_hosts_salt_ssh/{}.pub".format(cache_dir(), minion_id)

  98.     try:

  99.         with open(cache_file, 'r') as f:

  100.           return f.read()

  101.     except IOError:

  102.         return ''

  103. 

  104. def run():

  105.     cache = {}  # clear the cache

  106.     config = {

  107.         'public_ssh_host_keys': {},

  108.         'public_ssh_host_names': {}

  109.     }

  110.     for minion in minions().keys():

  111.         config['public_ssh_host_keys'][minion] = host_keys(minion)

  112.         config['public_ssh_host_names'][minion] = minion

  113.     return {'openssh': {'known_hosts': {'salt_ssh': config}}}

  114. 

  115. # vim: ts=4:sw=4:syntax=python