- random.seed(42)
- for sliver in data['slivers']:
- found_hmac = False
- for attribute in sliver['attributes']:
- name = attribute.get('tagname',attribute.get('name',''))
- if name == 'hmac':
- found_hmac = True
- hmac = attribute['value']
- break
-
- if not found_hmac:
- d = [random.choice(string.letters) for x in xrange(32)]
- hmac = "".join(d)
- SetSliverTag(plc,sliver['name'],'hmac',hmac)
-
- path = '/vservers/%s/etc/planetlab' % sliver['name']
- if os.path.exists(path):
- keyfile = '%s/key' % path
- oldhmac = ''
- if os.path.exists(keyfile):
- f = open(keyfile,'r')
- oldhmac = f.read()
- f.close()
-
- if oldhmac <> hmac:
- # create a temporary file in the vserver
- fd, name = tempfile.mkstemp('','key',path)
- os.write(fd,hmac)
- os.close(fd)
- if os.path.exists(keyfile):
- os.unlink(keyfile)
- os.rename(name,keyfile)
-
- os.chmod(keyfile,0400)
+def manage_hmac (plc, sliver):
+ hmac = find_tag (sliver, 'hmac')
+
+ if not hmac:
+ # let python do its thing
+ random.seed()
+ d = [random.choice(string.letters) for x in xrange(32)]
+ hmac = "".join(d)
+ SetSliverTag(plc,sliver['name'],'hmac',hmac)
+ logger.log("sliverauth: %s: setting hmac" % sliver['name'])
+
+ path = '/vservers/%s/etc/planetlab' % sliver['name']
+ if os.path.exists(path):
+ keyfile = '%s/key' % path
+ if (tools.replace_file_with_string(keyfile,hmac,chmod=0400)):
+ logger.log ("sliverauth: (over)wrote hmac into %s " % keyfile)
+
+# create the key if needed and returns the key contents
+def generate_sshkey (sliver):
+# initial version was storing stuff in the sliver directly
+# keyfile="/vservers/%s/home/%s/.ssh/id_rsa"%(sliver['name'],sliver['name'])
+# we're now storing this in the same place as the authorized_keys, which in turn
+# gets mounted to the user's home directory in the sliver
+ keyfile="/home/%s/.ssh/id_rsa"%(sliver['name'])
+ pubfile="%s.pub"%keyfile
+ dotssh=os.path.dirname(keyfile)
+ # create dir if needed
+ if not os.path.isdir (dotssh):
+ os.mkdir (dotssh, 0700)
+ logger.log_call ( [ 'chown', "%s:slices"%(sliver['name']), dotssh ] )
+ if not os.path.isfile (pubfile):
+ comment="%s@%s"%(sliver['name'],socket.gethostname())
+ logger.log_call( [ 'ssh-keygen', '-t', 'rsa', '-N', '', '-f', keyfile , '-C', comment] )
+ os.chmod (keyfile, 0400)
+ logger.log_call ( [ 'chown', "%s:slices"%(sliver['name']), keyfile, pubfile ] )
+ return file(pubfile).read().strip()