| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
By default, don't set the "sensitive" attribute for private SSH keys, as
this breaks pulling them with bcfg2-admin. Users can set the attribute
in an info.xml file.
|
|
|
|
|
| |
Sort the (non-static) public keys in the auto-generated ssh_known_hosts
files by hostname (or group).
|
|
|
|
|
| |
A newline character was missing before the first localhost entry in the
ssh_known_hosts files created by SSHbase.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
* Support for group-specific host keys
* Support for fully static host- and group-specific ssh_known_hosts
* (Support for totally generic host keys and ssh_known_hosts, too, but that's pretty useless.)
* Support for info.xml, info, and :info files; only info.xml is likely to be useful, with the <Path> directive
|
|
|
|
| |
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
|
|
|
| |
cb8b988774c573bb8f6840aa60be0ced60323940
|
|
|
|
|
|
|
|
|
|
| |
Instead of always creating DSA, RSA, and RSA1 key pairs when any of them
is missing, create only the key pair currently requested via Bcfg2.
That is, the abstract configuration entries now determine which key
types are generated (and therefore included in the ssh_known_hosts
files).
The rationale is that many sites don't use RSA1 keys anymore.
|
|
|
|
|
|
|
| |
Previously, we wanted one second for the FileMonitor to notify us
about newly generated SSHkeys. Now, we wait up to ten seconds before
logging a warning and giving up.
(cherry picked from commit 204ddcddea55b1f8eed5f6dfe4dd2967bac5bad7)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
allowing the normal FileMonitor events to populate the data
structures.
We now call the File Monitor's handle_events_in_interval() method
after generating new host keys, so that the normal code paths can
populate the data structures used for binding to file data.
We need the explicit call because we can't wait for the server's
normal event queue processing to discover the changes; we need the
newly-generated keys available immediately for binding during the
current connection with the client.
(cherry picked from commit 74a6e4707725710f6629b292902f2312710e4980)
|
| |
|
|
|
|
|
|
| |
The contents/diffs of <Path>s which are marked as "sensitive" are now
omitted from the reports transmitted to the server, so that they won't
end up in the statistics database.
|
|
|
|
| |
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
|
|
|
| |
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
|
|
|
| |
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
|
|
|
| |
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
|
|
|
| |
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5904 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the ticket:
---
From what I can tell, there is an os.system call (line #214 of
Bcfg2/Server/Plugins/SSHbase.py) that is supposed to fire off ssh-keygen
to generate the keys in a temporary directory. It seems that this call
isn't generating the keys correctly. Adding in some debug
os.listdir(tempdir) calls before and after the os.system call, shows
that there are no files before and after the os.system call. Running the
command manually generates valid key pairs.
---
So, while this commit won't fix the os.system call, it should at least
prevent the plugin from generating empty ssh keys.
Signed-off-by: Sol Jerome <solj@ices.utexas.edu>
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5794 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From Ticket #869:
Because the order of a python set is dependent on the order of the hash
of entries of that set, the get_skn method generates a entries in the
ssh_known_hosts with the names ordered according to their has instead of
a consistent (from the user point of view) order. Some entries are IP,
hostname and other entries are hostname, IP.
This patch corrects that.
Signed-off-by: Sol Jerome <solj@ices.utexas.edu>
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5793 ce84e21b-d406-0410-9b95-82705330c041
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This commit forces the user to specify <Path> entries on the server
side while still maintaining compatibility with old clients via the
POSIXCompat plugin.
Signed-off-by: Sol Jerome <solj@ices.utexas.edu>
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5582 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
|
|
| |
Signed-off-by: Sol Jerome <solj@ices.utexas.edu>
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5477 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
| |
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5387 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
|
|
|
|
| |
Our cache check actually triggered skn build early, causing extremely
poor startup performance in general. (and extremely bad performance
on repositories with large quantities of keys)
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5332 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
| |
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5326 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rework metadata so that each instance has addresses and aliases instance
attributes containing manually specified addresses and alias names.
Unify pub key resolution loop to process this data once per client.
Change: only clients with active metadata will be included in
ssh_known_hosts data now. Other keys can be stored in *.static, in final
known_hosts file format.
Also, a more exhaustive search for ip addresses is now performed. DNS
resolution for the client hostname, as well as all aliases is performed.
Manually specified addresses are added included as well.
This should also fix some tracebacks reported by Cory and Teknix, as
well as improve performance.
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5319 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
|
|
|
|
|
|
|
| |
SSHBase is now aware of aliases listed in the clients.xml file.
ClientMetadata now includes `addresses` which are a mapping from an
alias to an (ip, name) tuple. The ip addresses can be specified either
in clients.xml as an address attribute to the Alias or in DNS.
Signed-off-by: Sol Jerome <solj@ices.utexas.edu>
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5295 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
|
|
|
| |
Signed-off-by: Sol Jerome <solj@ices.utexas.edu>
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5088 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
| |
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5029 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
|
|
| |
SSHbase on PullTarget
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5011 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
| |
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5010 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
|
|
|
|
| |
- define new plugin base classes
- switch Plugin.__name__ => Plugin.name
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5004 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
| |
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4999 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
| |
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4880 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
| |
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4854 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
| |
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4680 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
| |
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4458 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
|
|
|
|
|
| |
- forward port Cfg and SSHbase support
- reimplement admin mode
- add verbose flag, and implement initial interactive mode, also force mode
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4446 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
| |
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4281 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
| |
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4154 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
| |
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4124 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
| |
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4046 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
| |
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@3947 ce84e21b-d406-0410-9b95-82705330c041
|
|
|
|
| |
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@3906 ce84e21b-d406-0410-9b95-82705330c041
|