opendev/system-config
Code Issues Proposed changes

Merge "launch-node: get sshfp entries from the host"

Browse Source
This commit is contained in:
Zuul 2020-09-22 19:39:12 +00:00 committed by Gerrit Code Review
commit eabd2e3aac
1 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
launch/sshfp.py
View File

@ -3,19 +3,32 @@
import argparse import argparse
import subprocess import subprocess
def generate_sshfp_records(hostname, ip): def generate_sshfp_records(hostname, ip, local):
'''Given a hostname and and IP address, scan the IP address (hostname '''Given a hostname and and IP address, scan the IP address (hostname
not in dns yet) and return a bind string with sshfp records''' not in dns yet) and return a bind string with sshfp records'''
s = subprocess.run(['ssh-keyscan', '-D', ip], if local:
p = ['ssh-keyscan', '-D', ip]
else:
# Handle being run via sudo which is the usual way
# this is run.
p = ['ssh', '-o', 'StrictHostKeyChecking=no',
'-i', '/root/.ssh/id_rsa',
'root@%s' % ip, 'ssh-keygen', '-r', ip]
s = subprocess.run(p,
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=subprocess.PIPE).stdout.decode('utf-8') stderr=subprocess.PIPE).stdout.decode('utf-8')
fingerprints = [] fingerprints = []
for line in s.split('\n'): for line in s.split('\n'):
if not line: if not line:
continue continue
_, _, _, algo, key_type, fingerprint = line.split(' ') _, _, _, algo, key_type, fingerprint = line.split(' ')
# ssh-keygen on the host seems to return DSS/DSA keys, which
# aren't valid to log in and not shown by ssh-keyscan -D
# ... prune it.
if algo == '2':
continue
fingerprints.append( fingerprints.append(
(algo, key_type, fingerprint)) (algo, key_type, fingerprint))
@ -32,17 +45,19 @@ def generate_sshfp_records(hostname, ip):
return ret return ret
def sshfp_print_records(hostname, ip): def sshfp_print_records(hostname, ip, local=False):
print(generate_sshfp_records(hostname, ip)) print(generate_sshfp_records(hostname, ip, local))
def main(): def main():
parser = argparse.ArgumentParser() parser = argparse.ArgumentParser()
parser.add_argument("hostname", help="hostname") parser.add_argument("hostname", help="hostname")
parser.add_argument("ip", help="address to scan") parser.add_argument("ip", help="address to scan")
parser.add_argument("--local", action='store_true',
help="Run keyscan locally, rather than via ssh")
args = parser.parse_args() args = parser.parse_args()
sshfp_print_records(args.hostname, args.ip) sshfp_print_records(args.hostname, args.ip, args.local)
if __name__ == '__main__': if __name__ == '__main__':
main() main()