Colin Watson has proposed merging ~cjwatson/lp-codeimport:charm-puller-ssh into lp-codeimport:master.
Commit message: charm: Allow SSH access to codehosting puller Requested reviews: Launchpad code reviewers (launchpad-reviewers) For more details, see: https://code.launchpad.net/~cjwatson/lp-codeimport/+git/lp-codeimport/+merge/440243 The Bazaar codehosting puller script (https://git.launchpad.net/launchpad/tree/cronscripts/supermirror-pull.py) needs SSH access to the code import storage unit so that it can pull the output of Bazaar code imports. Allow configuring an SSH key for this. -- Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/lp-codeimport:charm-puller-ssh into lp-codeimport:master.
diff --git a/charm/lp-codeimport-storage/config.yaml b/charm/lp-codeimport-storage/config.yaml index 4f9deac..3ff84ed 100644 --- a/charm/lp-codeimport-storage/config.yaml +++ b/charm/lp-codeimport-storage/config.yaml @@ -3,3 +3,11 @@ options: type: string default: "" description: Base64-encoded public SSH key of the code import workers. + puller_ip_address: + type: string + default: "" + description: IP address of the codehosting puller. + puller_public_ssh_key: + type: string + default: "" + description: Base64-encoded public SSH key of the codehosting puller. diff --git a/charm/lp-codeimport-storage/reactive/lp-codeimport-storage.py b/charm/lp-codeimport-storage/reactive/lp-codeimport-storage.py index 99ceb26..13e48d8 100644 --- a/charm/lp-codeimport-storage/reactive/lp-codeimport-storage.py +++ b/charm/lp-codeimport-storage/reactive/lp-codeimport-storage.py @@ -56,6 +56,10 @@ def configure(): config["public_ssh_key"] = base64.b64decode( config["public_ssh_key"].encode("ASCII") ).decode("ASCII") + if config["puller_public_ssh_key"]: + config["puller_public_ssh_key"] = base64.b64decode( + config["puller_public_ssh_key"].encode("ASCII") + ).decode("ASCII") templating.render( "authorized_keys.j2", os.path.join(ssh_dir, "authorized_keys"), diff --git a/charm/lp-codeimport-storage/templates/authorized_keys.j2 b/charm/lp-codeimport-storage/templates/authorized_keys.j2 index 77d398e..7ecdd63 100644 --- a/charm/lp-codeimport-storage/templates/authorized_keys.j2 +++ b/charm/lp-codeimport-storage/templates/authorized_keys.j2 @@ -1,2 +1,5 @@ restrict,from="{{ codeimport_subnets|join(",") }}" {{ public_ssh_key }} +{%- if puller_ip_address and puller_public_ssh_key %} +restrict,from="{{ puller_ip_address }}" {{ puller_public_ssh_key }} +{%- endif %}
_______________________________________________ Mailing list: https://launchpad.net/~launchpad-reviewers Post to : launchpad-reviewers@lists.launchpad.net Unsubscribe : https://launchpad.net/~launchpad-reviewers More help : https://help.launchpad.net/ListHelp