opendev/system-config
Code Issues Proposed changes

launch: add ssh keys to inventory

Browse Source 
When bringing up a new server, scan the ssh-keys of the remote IP and
add them automatically to the inventory output.

c.f. I4863425d5b784d0cdf118e1252414ca78fd24179

Change-Id: I2120fd476aa89e207ab76a1fc0faeeb5a0fb55ce
This commit is contained in:
Ian Wienand 2022-11-24 15:13:33 +11:00
parent 8fa64482dd
commit 87115f512c
No known key found for this signature in database
2 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
launch/src/opendev_launch/dns.py
View File

@ -21,6 +21,7 @@
import argparse import argparse
from . import rax_rdns from . import rax_rdns
from .sshfp import sshfp_print_records from .sshfp import sshfp_print_records
from .ssh_knownhosts import generate_known_hosts
def get_href(server): def get_href(server):
@ -70,6 +71,8 @@ def set_rax_reverse_dns(cloud, server, ip4, ip6):
def print_inventory_yaml(server, ip4, ip6): def print_inventory_yaml(server, ip4, ip6):
known_hosts = generate_known_hosts(ip4)
print("\n") print("\n")
print("Put the following into system-config:inventory/base/hosts.yaml") print("Put the following into system-config:inventory/base/hosts.yaml")
print("\n") print("\n")
@ -82,6 +85,9 @@ def print_inventory_yaml(server, ip4, ip6):
print(" public_v4: {ip4}".format(ip4=ip4)) print(" public_v4: {ip4}".format(ip4=ip4))
if ip6: if ip6:
print(" public_v6: {ip6}".format(ip6=ip6)) print(" public_v6: {ip6}".format(ip6=ip6))
print(" host_keys:")
for (key, fingerprint) in known_hosts:
print(" - '%s %s'" % (key, fingerprint))
def main(): def main():

37
launch/src/opendev_launch/ssh_knownhosts.py Normal file
View File

@ -0,0 +1,37 @@
#!/usr/bin/env python3
import argparse
import subprocess
def generate_known_hosts(ip):
'''Given an IP address (hostname not in dns yet), scan and return
inventory known_hosts strings
'''
p = ['ssh-keyscan', ip]
s = subprocess.run(p,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE).stdout.decode('utf-8')
known_hosts = []
for line in s.split('\n'):
if not line:
continue
if line.startswith('#'):
continue
_, key_type, fingerprint = line.split(' ')
known_hosts.append((key_type, fingerprint))
return known_hosts
def main():
parser = argparse.ArgumentParser()
parser.add_argument("ip", help="address to scan")
args = parser.parse_args()
known_hosts = generate_known_hosts(args.ip)
for (host, fingerprint) in known_hosts:
print("%s %s" % (host, fingerprint))
if __name__ == '__main__':
main()