diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-10-09 10:25:09 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-10-09 10:25:09 +0300 |
commit | 44a141ce47a922ddbb89f4c64226e577204f0f58 (patch) | |
tree | 05beca8fe80d19ec7e7529389702048eee2ab631 /src | |
parent | 46b0a777caa8496df4b0d0906d9b22907df27466 (diff) | |
download | vmadm-44a141ce47a922ddbb89f4c64226e577204f0f58.tar.gz |
Revert "refactor and more: move Python script for cloud-init out of Rust"
This reverts commit 36b2ebd1643833700e57c51523d8c9c66f3d0034.
Diffstat (limited to 'src')
-rw-r--r-- | src/cloudinit.rs | 93 |
1 files changed, 92 insertions, 1 deletions
diff --git a/src/cloudinit.rs b/src/cloudinit.rs index 0cbd2f0..9d14538 100644 --- a/src/cloudinit.rs +++ b/src/cloudinit.rs @@ -17,7 +17,98 @@ use std::path::{Path, PathBuf}; use std::process::Command; use tempfile::tempdir; -const SCRIPT: &str = include_str!("../script.py"); +const SCRIPT: &str = r#" +import os +import yaml + + +def log(msg): + logfile.write(msg) + logfile.write("\n") + logfile.flush() + + +logfile = open("/tmp/vmadm.script", "w") +log("vmadm cloud-init script starting") + +if os.environ.get("VMADM_TESTING"): + filename = "smoke/user-data" + etc = "x" +else: + filename = "/var/lib/cloud/instance/user-data.txt" + etc = "/etc/ssh" + +key_types = ("rsa", "dsa", "ecdsa", "ed25519") + +log(f"loading user-data from {filename}") +obj = yaml.safe_load(open(filename)) + +ssh_keys = obj.get("ssh_keys", {}) +user_ca_pubkey = obj.get("user_ca_pubkey", {}) +allow_authorized_keys = obj.get("allow_authorized_keys", True) + +keys = [] +certs = [] + +for key_type in key_types: + filename = os.path.join(etc, f"ssh_host_{key_type}_key.pub") + if os.path.exists(filename): + log(f"removing {filename}") + os.remove(filename) + else: + log(f"file {filename} does not exist") + +for key_type in key_types: + key = ssh_keys.get(f"{key_type}_private") + cert = ssh_keys.get(f"{key_type}_certificate") + log(f"key {key_type} {key}") + log(f"cert {key_type} {cert }") + + if key: + filename = os.path.join(etc, f"ssh_host_{key_type}_key") + log(f"writing key {filename}") + keys.append(filename) + with open(filename, "w") as f: + f.write(key) + + if cert: + filename = os.path.join(etc, f"ssh_host_{key_type}_key-cert.pub") + log(f"writing cert {filename}") + certs.append(filename) + with open(filename, "w") as f: + f.write(cert) + +user_ca_filename = os.path.join(etc, "user-ca-keys") +if user_ca_pubkey: + with open(user_ca_filename, "w") as f: + f.write(user_ca_pubkey) + +config = os.path.join(etc, "sshd_config") +data = "" +if os.path.exists(config): + data = open(config).read() + +log(f"configuring sshd {config}") +log(f"keys {keys}") +log(f"certs {certs}") + +with open(config, "w") as f: + for filename in keys: + log(f"hostkey {filename}") + f.write(f"hostkey {filename}\n") + for filename in certs: + log(f"hostcert {filename}") + f.write(f"hostcertificate {filename}\n") + if user_ca_pubkey: + log(f"trustedusercakeys {user_ca_filename}") + f.write(f"trustedusercakeys {user_ca_filename}\n") + if not allow_authorized_keys: + f.write("authorizedkeysfile none\n") + f.write(data) + +log("vmadm cloud-init script ending") +logfile.close() +"#; /// Errors from this module. #[derive(Debug, thiserror::Error)] |