diff --git a/lower-constraints.txt b/lower-constraints.txt index 599590fd6..2e5ad9af3 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -10,7 +10,7 @@ netaddr==0.8.0 neutron-lib==2.7.0 oslo.config==8.4.0 oslo.log==4.4.0 -paramiko==2.7.2 +paramiko==2.9.2 pbr==5.5.1 psutil==5.8.0 pytest===6.2.5 diff --git a/requirements.txt b/requirements.txt index f579e9ceb..d3bcc4146 100644 --- a/requirements.txt +++ b/requirements.txt @@ -10,7 +10,7 @@ netaddr>=0.8.0 # BSD neutron-lib>=2.7.0 # Apache-2.0 oslo.config>=8.4.0 # Apache-2.0 oslo.log>=4.4.0 # Apache-2.0 -paramiko>=2.7.2 # LGPLv2.1 +paramiko>=2.9.2 # LGPLv2.1 pbr>=5.5.1 # Apache-2.0 psutil>=5.8.0 # BSD python-dateutil>=2.8.0 # Apache-2.0 diff --git a/tobiko/openstack/glance/_image.py b/tobiko/openstack/glance/_image.py index 9c49a398b..ea33eac26 100644 --- a/tobiko/openstack/glance/_image.py +++ b/tobiko/openstack/glance/_image.py @@ -87,6 +87,7 @@ class GlanceImageFixture(_client.HasGlanceClientMixin, tobiko.SharedFixture): image_name: typing.Optional[str] = None username: typing.Optional[str] = None password: typing.Optional[str] = None + disabled_algorithms: typing.Optional[typing.Dict[str, typing.Any]] = None image = None wait_interval = 5. diff --git a/tobiko/openstack/glance/config.py b/tobiko/openstack/glance/config.py index 369cf7995..d30a2aa50 100644 --- a/tobiko/openstack/glance/config.py +++ b/tobiko/openstack/glance/config.py @@ -65,7 +65,13 @@ def get_images_options(): cfg.FloatOpt('connection_timeout', default=None, help=("Default " + name + - " SSH connection timeout (seconds)")), ] + " SSH connection timeout (seconds)")), + cfg.DictOpt('disabled_algorithms', + default=None, + help=("Allow to disable SSH auth algorithms" + "in order to SSH to old servers like" + "CirrOS ones")), + ] )] return options diff --git a/tobiko/openstack/stacks/_centos.py b/tobiko/openstack/stacks/_centos.py index f5db7b421..d0bc2af89 100644 --- a/tobiko/openstack/stacks/_centos.py +++ b/tobiko/openstack/stacks/_centos.py @@ -35,6 +35,7 @@ class CentosImageFixture(glance.URLGlanceImageFixture): username = CONF.tobiko.centos.username or 'centos' password = CONF.tobiko.centos.password connection_timeout = CONF.tobiko.centos.connection_timeout or 800. + disabled_algorithms = CONF.tobiko.centos.disabled_algorithms CENTOS7_IMAGE_URL = ( diff --git a/tobiko/openstack/stacks/_cirros.py b/tobiko/openstack/stacks/_cirros.py index cff92909e..70ab65caa 100644 --- a/tobiko/openstack/stacks/_cirros.py +++ b/tobiko/openstack/stacks/_cirros.py @@ -49,6 +49,10 @@ class CirrosImageFixture(glance.URLGlanceImageFixture): username = CONF.tobiko.cirros.username or 'cirros' password = CONF.tobiko.cirros.password or 'gocubsgo' connection_timeout = CONF.tobiko.cirros.connection_timeout or 200. + disabled_algorithms = CONF.tobiko.cirros.disabled_algorithms or { + #: disabled_algorithms is required to connect to CirrOS servers + # when using recent Paramiko versions (>= 2.9.2) + 'pubkeys': ['rsa-sha2-256', 'rsa-sha2-512']} class CirrosFlavorStackFixture(_nova.FlavorStackFixture): diff --git a/tobiko/openstack/stacks/_fedora.py b/tobiko/openstack/stacks/_fedora.py index c420bffcf..924036d52 100644 --- a/tobiko/openstack/stacks/_fedora.py +++ b/tobiko/openstack/stacks/_fedora.py @@ -38,6 +38,7 @@ class FedoraBaseImageFixture(glance.URLGlanceImageFixture): username = CONF.tobiko.fedora.username or 'fedora' password = CONF.tobiko.fedora.password connection_timeout = CONF.tobiko.fedora.connection_timeout or 800. + disabled_algorithms = CONF.tobiko.fedora.disabled_algorithms class FedoraImageFixture(FedoraBaseImageFixture, diff --git a/tobiko/openstack/stacks/_nova.py b/tobiko/openstack/stacks/_nova.py index 9e00deaaa..948752910 100644 --- a/tobiko/openstack/stacks/_nova.py +++ b/tobiko/openstack/stacks/_nova.py @@ -130,6 +130,10 @@ class ServerStackFixture(heat.HeatStackFixture, abc.ABC): def connection_timeout(self) -> tobiko.Seconds: return self.image_fixture.connection_timeout + @property + def disabled_algorithms(self) -> typing.Dict[str, typing.Any]: + return self.image_fixture.disabled_algorithms + flavor_stack: tobiko.RequiredFixture[FlavorStackFixture] @property @@ -165,14 +169,19 @@ class ServerStackFixture(heat.HeatStackFixture, abc.ABC): return bool(self.floating_network) @property - def ssh_client(self) -> ssh.SSHClientFixture: - return ssh.ssh_client(host=self.ip_address, - username=self.username, - password=self.password, - connection_timeout=self.connection_timeout) + def ssh_client_parameters(self) -> typing.Dict[str, typing.Any]: + return dict(host=self.ip_address, + username=self.username, + password=self.password, + connection_timeout=self.connection_timeout, + disabled_algorithms=self.disabled_algorithms) @property - def peer_ssh_client(self) -> typing.Optional[ssh.SSHClientFixture]: + def ssh_client(self) -> ssh.SSHClientFixture: + return ssh.ssh_client(**self.ssh_client_parameters) + + @property + def peer_ssh_client(self) -> ssh.SSHClientType: """Nearest SSH client to an host that can see server fixed IPs ports """ @@ -473,12 +482,10 @@ class PeerServerStackFixture(ServerStackFixture, abc.ABC): peer_stack: tobiko.RequiredFixture[ServerStackFixture] @property - def ssh_client(self) -> ssh.SSHClientFixture: - return ssh.ssh_client(host=self.ip_address, - username=self.username, - password=self.password, - connection_timeout=self.connection_timeout, - proxy_jump=self.peer_ssh_client) + def ssh_client_parameters(self) -> typing.Dict[str, typing.Any]: + parameters = super().ssh_client_parameters + parameters.update(proxy_jump=self.peer_ssh_client) + return parameters @property def peer_ssh_client(self) -> ssh.SSHClientFixture: diff --git a/tobiko/openstack/stacks/_redhat.py b/tobiko/openstack/stacks/_redhat.py index 15e8140e5..b63d81110 100644 --- a/tobiko/openstack/stacks/_redhat.py +++ b/tobiko/openstack/stacks/_redhat.py @@ -71,6 +71,7 @@ class RhelImageFixture(glance.URLGlanceImageFixture): username = CONF.tobiko.rhel.username or 'cloud-user' password = CONF.tobiko.rhel.password connection_timeout = CONF.tobiko.rhel.connection_timeout + disabled_algorithms = CONF.tobiko.rhel.disabled_algorithms class RedHatFlavorStackFixture(_centos.CentosFlavorStackFixture): diff --git a/tobiko/openstack/stacks/_ubuntu.py b/tobiko/openstack/stacks/_ubuntu.py index 51954add1..6c691b039 100644 --- a/tobiko/openstack/stacks/_ubuntu.py +++ b/tobiko/openstack/stacks/_ubuntu.py @@ -44,6 +44,7 @@ class UbuntuMinimalImageFixture(glance.URLGlanceImageFixture): username = CONF.tobiko.ubuntu.username or 'ubuntu' password = CONF.tobiko.ubuntu.password or 'ununtu' connection_timeout = CONF.tobiko.ubuntu.connection_timeout or 600. + disabled_algorithms = CONF.tobiko.ubuntu.disabled_algorithms IPERF3_SERVICE_FILE = """ diff --git a/tobiko/shell/ssh/_client.py b/tobiko/shell/ssh/_client.py index d6363e811..0f1015671 100644 --- a/tobiko/shell/ssh/_client.py +++ b/tobiko/shell/ssh/_client.py @@ -151,6 +151,9 @@ SSH_CONNECT_PARAMETERS = { #: Command to be executed to open proxy sock 'proxy_command': str, + + #: Allow to disable some algorithms for old servers + 'disabled_algorithms': dict } diff --git a/upper-constraints.txt b/upper-constraints.txt index 54d3dd8ca..83caa4236 100644 --- a/upper-constraints.txt +++ b/upper-constraints.txt @@ -281,7 +281,7 @@ ovs===2.16.0 ovsdbapp===1.13.0 packaging===21.3 pact===1.12.0 -paramiko===2.8.1 +paramiko===2.10.4 passlib===1.7.4 Paste===3.5.0 PasteDeploy===2.1.1