Python fetch_secrets Exemples

Exemple #1

Fichier : puppetmaster.py Projet : hcs/hcs-cloud

    def post_create_hooks(self):
        ip = self.get_public_ip_address()

        password = fetch_secrets('secrets/hcs-root')

        ssh_conn = SSHable(ip)

        while True:
            try:
                ssh_conn.connect()
                break
            except:
                print "Waiting to connect to: " + ip
                sleep(30) # Wait 30 seconds before polling again.

        ssh_conn.ssh("echo {0} | sudo -S mkdir -p /etc/puppet/secure/keys".format(password))

        sftp = ssh_conn.sftp()

        print "Transferring puppetmaster keys."
        for key in ['private', 'public']:
            key_string = fetch_secrets('secrets/puppetmaster_%s_key.pkcs7.pem' % key)
            
            key_file = sftp.file('%s_key.pkcs7.pem' % key, 'w')
            key_file.write(key_string)
            key_file.close()
            
            ssh_conn.ssh("echo {0} | sudo -S mv {1}_key.pkcs7.pem /etc/puppet/secure/keys/{1}_key.pkcs7.pem".format(password, key))

        ssh_conn.ssh("echo {0} | sudo -S chmod 0400 /etc/puppet/secure/keys/*.pem".format(password))
        ssh_conn.ssh("echo {0} | sudo -S chmod 0500 /etc/puppet/secure/keys".format(password))
        ssh_conn.ssh("echo {0} | sudo -S chown -R puppet:puppet /etc/puppet/secure/keys".format(password))

Exemple #2

Fichier : cloudrunner.py Projet : hcs/hcs-cloud

def deactivate_nodes(cf_conn, stackname):
    ec2_conn = AWS.get_ec2_connection()

    pm_instance = utils.get_puppetmaster_instance(ec2_conn)

    if pm_instance is None:
        return

    puppetmaster_ip = pm_instance.ip_address
    print "Deactivating nodes on puppetmaster (%s)" % puppetmaster_ip

    instance_ids = set()
    resources = cf_conn.list_stack_resources(stack_name_or_id=stackname)
    for r in resources:
        if r.resource_type == "AWS::EC2::Instance":
            instance_ids.add(r.physical_resource_id)

    password = fetch_secrets("secrets/hcs-root")

    ssh_conn = SSHable(puppetmaster_ip)
    ssh_conn.connect()

    for i in ec2_conn.get_only_instances():
        if i.id in instance_ids:
            hostname = i.tags["Name"]
            print "Deactivating node: " + hostname
            streams = ssh_conn.ssh(
                "echo {0} | sudo -S puppet node clean {1}; echo {0} | sudo -S puppet node deactivate {1}".format(
                    password, hostname
                )
            )
            print streams[1].read()

    ssh_conn.disconnect()

Exemple #3

Fichier : ssh.py Projet : hcs/hcs-cloud

 def __init__(self, host):
     self._host = host
     
     key_str = fetch_secrets('secrets/{0}.pem'.format(self._key_name))
     key_io = StringIO(key_str)
     self._pkey = paramiko.RSAKey.from_private_key(key_io)
     key_io.close()

Exemple #4

Fichier : aws.py Projet : hcs/hcs-cloud

    def get_connection(fun, name):
        config = json.loads(secrets.fetch_secrets("secrets/config.json"))
        # run the function now
        conn = fun(**config)
        if conn is None:
            raise "Couldn't connect to " + name

        return conn