[Engine-patches] Change in ovirt-engine[master]: packaging: setup: use ssh public key for allinone

Tue, 13 Aug 2013 06:05:51 -0700 

Yedidyah Bar David has posted comments on this change.

Change subject: packaging: setup: use ssh public key for allinone
......................................................................


Patch Set 3:

(6 comments)

....................................................
File packaging/setup/plugins/ovirt-engine-setup/pki/ssh.py
Line 51
Line 52
Line 53
Line 54
Line 55
Moved to allinone


Line 63
Line 64
Line 65
Line 66
Line 67
How? 'ssh-keygen -f file -i -m pkcs8' works on fedora 19, but does not work on 
EL6 (too old openssh).
The private key is readable directly by openssh, as it's pkcs1. openssh public 
keys are their own "private" format.


Line 89:         )
Line 90:         authorized_keys_line = pubkey[0] + ' ovirt-engine'
Line 91: 
Line 92:         authorized_keys_file = os.path.join(
Line 93:             os.path.expanduser('~'),
Done
Line 94:             '.ssh',
Line 95:             'authorized_keys'
Line 96:         )
Line 97: 


Line 96:         )
Line 97: 
Line 98:         already_in_file = False
Line 99:         content = []
Line 100:         try:
Why back door? I am just letting root ssh to localhost without a password. We'd 
actually not need this if the engine/vdsm could do 'sh -c' (do they?) instead 
of 'ssh'
Line 101:             with open(authorized_keys_file, 'r') as f:
Line 102:                 for line in f.read().splitlines():
Line 103:                     content.append(line)
Line 104:                     if line == authorized_keys_line:


Line 104:                     if line == authorized_keys_line:
Line 105:                         already_in_file = True
Line 106:                         break
Line 107:         except:
Line 108:             pass
If the file does not exist/not readable, I just try to create it (below) in a 
file transaction.
What exactly you want here? Check and Fail if exists and not readable?
Line 109: 
Line 110:         if not already_in_file:
Line 111:             self.environment[
Line 112:                 osetupcons.CoreEnv.UNINSTALL_UNREMOVABLE_FILES


Line 114: 
Line 115:             self.environment[
Line 116:                 osetupcons.CoreEnv.REGISTER_UNINSTALL_GROUPS
Line 117:             ].createGroup(
Line 118:                 group='authorized_keys',
Left what?
Not remove it on cleanup? I'd rather do.
Line 119:                 description='ssh authorized keys of root',
Line 120:                 optional=False
Line 121:             ).addLines(
Line 122:                 'authorized_keys',


-- 
To view, visit http://gerrit.ovirt.org/17996
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I885894bba4c998e5dd3e9b2fd4da61d833f7a3a1
Gerrit-PatchSet: 3
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yedidyah Bar David <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Michael Pasternak <[email protected]>
Gerrit-Reviewer: Moran Goldboim <[email protected]>
Gerrit-Reviewer: Sandro Bonazzola <[email protected]>
Gerrit-Reviewer: Yaniv Bronhaim <[email protected]>
Gerrit-Reviewer: Yedidyah Bar David <[email protected]>
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to