diff --git a/seslib/deployment.py b/seslib/deployment.py index 4a3526e6..f297ef4d 100644 --- a/seslib/deployment.py +++ b/seslib/deployment.py @@ -130,6 +130,7 @@ def __init__(self, dep_id, settings, existing=False): self.__maybe_tweak_roles() self.__maybe_adjust_num_disks() self.__generate_nodes() + self.__get_extra_ssh_keys() self.node_list = ','.join(self.nodes.keys()) def __populate_roles(self): @@ -208,6 +209,25 @@ def __populate_image_paths(self): if self.settings.snmp_gateway_image_path == '': self.settings.snmp_gateway_image_path = image_paths.get('snmp-gateway') + def __get_extra_ssh_keys(self): + Log.debug('__get_extra_ssh_keys') + self._extra_ssh_keys = [] + + try: + keylines = tools.run_sync(['ssh-add', '-L']).splitlines() + except CmdException as _e: + Log.info('Could not fetch keys from ssh agent: {}'.format(_e.stderr)) + keylines = [] + + for line in keylines: + _, _, _keyid = line.split() + if _keyid in self.settings.ssh_extra_auth_keys: + Log.info('found extra key {}'.format(_keyid)) + self._extra_ssh_keys.append({ + 'keyid': _keyid, + 'keyline': line, + }) + def __set_up_make_check(self): self.settings.override('single_node', True) self.settings.override('roles', Constant.ROLES_DEFAULT_BY_VERSION['makecheck']) @@ -560,6 +580,7 @@ def _generate_vagrantfile(self): context = { 'ssh_key_name': Constant.SSH_KEY_NAME, + 'ssh_extra_key_ids': [key['keyid'] for key in self._extra_ssh_keys], 'sesdev_path_to_qa': Constant.PATH_TO_QA, 'dep_id': self.dep_id, 'os': self.settings.os, @@ -727,6 +748,13 @@ def save(self, log_handler): with open(pub_key, 'wb') as file: file.write(public_key + b" sesdev\n") os.chmod(pub_key, 0o600) + + for key in self._extra_ssh_keys: + path = os.path.join(keys_dir, "id_{}.pub".format(key['keyid'])) + with open(path, 'w', encoding='utf-8') as file: + file.write(key['keyline']) + os.chmod(path, 0o600) + # # create bin dir for helper scripts bin_dir = os.path.join(self._dep_dir, 'bin') diff --git a/seslib/settings.py b/seslib/settings.py index 513107ed..ad5b68c5 100644 --- a/seslib/settings.py +++ b/seslib/settings.py @@ -414,6 +414,12 @@ 'help': 'Prioritise secure mode over "crc" in the ms_*_mode options.', 'default': False, }, + 'ssh_extra_auth_keys': { + 'type': list, + 'help': ('Additional public keys to provision into ' + '/root/.ssh/authorized_keys'), + 'default': [] + }, } diff --git a/seslib/templates/Vagrantfile.j2 b/seslib/templates/Vagrantfile.j2 index 76271c6b..2105de88 100644 --- a/seslib/templates/Vagrantfile.j2 +++ b/seslib/templates/Vagrantfile.j2 @@ -18,6 +18,11 @@ Vagrant.configure("2") do |config| destination:".ssh/{{ ssh_key_name }}" node.vm.provision "file", source: "keys/{{ ssh_key_name }}.pub", destination:".ssh/{{ ssh_key_name }}.pub" +{% for _id in ssh_extra_key_ids %} + node.vm.provision "file", source: "keys/id_{{ _id }}.pub", + destination: ".ssh/id_{{ _id }}.pub" +{% endfor %} + {% if node == master %} node.vm.provision "file", source: "bin/", destination: "/home/vagrant/" diff --git a/seslib/templates/provision.sh.j2 b/seslib/templates/provision.sh.j2 index 4d499239..430210ca 100644 --- a/seslib/templates/provision.sh.j2 +++ b/seslib/templates/provision.sh.j2 @@ -58,12 +58,21 @@ grep -E '^127\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+' /etc/hosts # distribute SSH keys cat /home/vagrant/.ssh/{{ ssh_key_name }}.pub >> /home/vagrant/.ssh/authorized_keys +{% for _id in ssh_extra_key_ids %} +cat "/home/vagrant/.ssh/id_{{ _id }}.pub" >> /home/vagrant/.ssh/authorized_keys +{% endfor %} [ ! -e "/root/.ssh" ] && mkdir /root/.ssh chmod 600 /home/vagrant/.ssh/{{ ssh_key_name }} cp /home/vagrant/.ssh/{{ ssh_key_name }}* /root/.ssh/ +{% for _id in ssh_extra_key_ids %} +cp "/home/vagrant/.ssh/id_{{ _id }}.pub" /root/.ssh/ +{% endfor %} ln -s /root/.ssh/{{ ssh_key_name }} /root/.ssh/id_rsa ln -s /root/.ssh/{{ ssh_key_name }}.pub /root/.ssh/id_rsa.pub cat /root/.ssh/{{ ssh_key_name }}.pub >> /root/.ssh/authorized_keys +{% for _id in ssh_extra_key_ids %} +cat "/root/.ssh/id_{{ _id }}.pub" >> /root/.ssh/authorized_keys +{% endfor %} # disable host checking when SSHing within the cluster cat >> /root/.ssh/config << 'EOF'