New Saltstack Salt formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

107 lines
3.4KB

  1. from __future__ import absolute_import
  2. # Import python libs
  3. import logging
  4. import os
  5. try:
  6. import paramiko
  7. HAS_PARAMIKO = True
  8. except:
  9. HAS_PARAMIKO = False
  10. # Import Salt libs
  11. import salt.config
  12. import salt.wheel
  13. LOG = logging.getLogger(__name__)
  14. def __virtual__():
  15. '''
  16. Only load if paramiko library exist.
  17. '''
  18. if not HAS_PARAMIKO:
  19. return (
  20. False,
  21. 'Can not load module saltkey: paramiko library not found')
  22. return True
  23. def key_create(id_, host, force=False):
  24. '''
  25. Generates minion keypair, accepts it on master and injects it to minion via SSH.
  26. CLI Examples:
  27. .. code-block:: bash
  28. salt-call saltkey.key_create <MINION_ID> <MINION_IP_ADDRESS> force=False
  29. '''
  30. ret = {
  31. 'retcode': 0,
  32. 'msg': 'Salt Key for minion %s is already accepted' % id_,
  33. }
  34. opts = salt.config.master_config('/etc/salt/master')
  35. wheel = salt.wheel.WheelClient(opts)
  36. keys = wheel.cmd('key.gen_accept', arg=[id_], kwarg={'force': force})
  37. pub_key = keys.get('pub', None)
  38. priv_key = keys.get('priv', None)
  39. if pub_key and priv_key:
  40. ssh = paramiko.SSHClient()
  41. ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  42. # Establish SSH connection to minion
  43. try:
  44. ssh.connect(host)
  45. except paramiko.ssh_exception.AuthenticationException:
  46. msg = ('Could not establish SSH connection to minion "%s" on address %s, please ensure '
  47. 'that current user\'s SSH key is present in minions authorized_keys.') % (id_, host)
  48. LOG.error(msg)
  49. ret['retcode'] = 1
  50. ret['msg'] = msg
  51. wheel.cmd_async({'fun': 'key.delete', 'match': id_})
  52. return ret
  53. except Exception as e:
  54. msg = ('Unknown error occured while establishing SSH connection '
  55. 'to minion "%s" on address %s: %s') % (id_, host, repr(e))
  56. LOG.error(msg)
  57. ret['retcode'] = 1
  58. ret['msg'] = msg
  59. wheel.cmd_async({'fun': 'key.delete', 'match': id_})
  60. return ret
  61. # Setup the keys on minion side the ugly way, nice one didn't work
  62. key_path = '/etc/salt/pki/minion'
  63. command = ('echo "%(pub_key)s" > %(pub_path)s && chmod 644 %(pub_path)s && '
  64. 'echo "%(priv_key)s" > %(priv_path)s && chmod 400 %(priv_path)s && '
  65. 'salt-call --local service.restart salt-minion') % {
  66. 'pub_path': os.path.join(key_path, 'minion.pub'),
  67. 'pub_key': pub_key,
  68. 'priv_path': os.path.join(key_path, 'minion.pem'),
  69. 'priv_key': priv_key
  70. }
  71. ssh_chan = ssh.get_transport().open_session()
  72. ssh_chan.exec_command(command)
  73. # Wait for command return
  74. while True:
  75. if ssh_chan.exit_status_ready():
  76. exit_status = ssh_chan.recv_exit_status()
  77. stderr = ssh_chan.recv_stderr(1000)
  78. stdout = ssh_chan.recv(1000)
  79. break
  80. ssh.close()
  81. # Evaluate SSH command exit status
  82. if exit_status != 0:
  83. msg = 'Keypair injection to Salt minion failed on target with following error: %s' % stderr
  84. LOG.error(msg)
  85. ret['retcode'] = exit_status
  86. ret['msg'] = msg
  87. return ret
  88. ret['msg'] = 'Salt Key successfully created'
  89. return ret