From 492f90b3be012328228af87c780bf281d495fe1c Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Wed, 29 Jun 2022 11:24:33 +0200 Subject: [PATCH] Generating authorized_keys file by information from LDAP --- lib/cr_vmware_tpl/cobbler.py | 9 ++++++--- lib/cr_vmware_tpl/handler.py | 30 ++++++++++++++++++++++++++++-- 2 files changed, 34 insertions(+), 5 deletions(-) diff --git a/lib/cr_vmware_tpl/cobbler.py b/lib/cr_vmware_tpl/cobbler.py index e3cb7b4..a5a8462 100644 --- a/lib/cr_vmware_tpl/cobbler.py +++ b/lib/cr_vmware_tpl/cobbler.py @@ -46,7 +46,7 @@ from .config import CrTplConfiguration from .xlate import XLATOR -__version__ = '0.8.5' +__version__ = '0.8.6' LOG = logging.getLogger(__name__) @@ -939,10 +939,13 @@ class Cobbler(BaseHandler): LOG.debug(_("Output on {}:").format('STDERR') + '\n' + proc.stderr) # ------------------------------------------------------------------------- - def ensure_keys(self): + def ensure_keys(self, tmp_auth_keys_file=None): local_keys_dir = self.base_dir / 'keys' - auth_keys_file = local_keys_dir / "auth_keys_pp_betrieb" + if tmp_auth_keys_file: + auth_keys_file = tmp_auth_keys_file + else: + auth_keys_file = local_keys_dir / "auth_keys_pp_betrieb" docroot = self.cfg.cobbler_ws_docroot / self.cfg.cobbler_ws_rel_filesdir remote_dir = docroot / self.cfg.system_status / 'keys' remote_file = remote_dir / "auth_keys_pp_betrieb" diff --git a/lib/cr_vmware_tpl/handler.py b/lib/cr_vmware_tpl/handler.py index 71db8af..ed95409 100644 --- a/lib/cr_vmware_tpl/handler.py +++ b/lib/cr_vmware_tpl/handler.py @@ -17,6 +17,10 @@ import datetime import socket import textwrap import signal +import tempfile +import os + +from pathlib import Path # Third party modules import pytz @@ -53,7 +57,7 @@ from .cobbler import Cobbler from .xlate import XLATOR -__version__ = '2.2.1' +__version__ = '2.2.2' LOG = logging.getLogger(__name__) TZ = pytz.timezone('Europe/Berlin') @@ -155,6 +159,7 @@ class CrTplHandler(BaseHandler): self.cobbler = None self.ldap = None self.ldap_server = None + self.auth_keys_file = None self.vsphere = VsphereConnection( self.cfg.vsphere_info, cluster=self.cfg.vsphere_cluster, @@ -286,6 +291,11 @@ class CrTplHandler(BaseHandler): self.disconnect_ldap() + if self.auth_keys_file: + if self.auth_keys_file.exists(): + LOG.debug(_("Removing {!r} ...").format(str(self.auth_keys_file))) + self.auth_keys_file.unlink() + # ------------------------------------------------------------------------- def __call__(self): """Executing the underlying action.""" @@ -337,7 +347,14 @@ class CrTplHandler(BaseHandler): self.cobbler.ensure_root_authkeys() self.cobbler.ensure_rsyslog_cfg_files() self.cobbler.ensure_snippets() - self.cobbler.ensure_keys() + + self.cobbler.ensure_keys(self.auth_keys_file) + if self.auth_keys_file: + if self.auth_keys_file.exists(): + LOG.debug(_("Removing {!r} ...").format(str(self.auth_keys_file))) + self.auth_keys_file.unlink() + self.auth_keys_file = None + self.cobbler.ensure_system_ks() self.cobbler.ensure_repo_files() self.cobbler.ensure_bashrc() @@ -1253,6 +1270,13 @@ class CrTplHandler(BaseHandler): LOG.info(_("Creating authorized keys of root from LDAP ...")) + prefix = 'tmp.authorized_keys.root.' + (fh, tmp_keys_file) = tempfile.mkstemp(prefix=prefix, text=True) + self.auth_keys_file = Path(tmp_keys_file) + os.close(fh) + LOG.debug(_("Using temporary file {!r} for authorized keys of root.").format( + tmp_keys_file)) + try: self.connect_ldap() @@ -1285,6 +1309,8 @@ class CrTplHandler(BaseHandler): finally: self.disconnect_ldap() + self.auth_keys_file.write_text(auth_keys) + # ------------------------------------------------------------------------- def get_ldap_admins(self): -- 2.39.5