def run(args):
k8s = Kubernetes(args.kubernetes_url, namespace='noel')
wait_for_kubernetes(k8s)
keys = get_host_keys(k8s)
if keys:
logger.info('Existing ssh host keys found.')
write_ssh_host_keys(args.destination, keys)
return
logger.warning('No existing ssh host keys. Generating keys.')
keys = generate_ssh_host_keys(args.destination)
try:
put_host_keys(k8s, keys)
logger.info('Host keys saved to Kubernetes.')
except KubernetesError as e:
if e.httperror.response.status_code == 409:
logger.error(
'Conflict while writing ssh keys to Kubernetes, retrying...')
return run(args)
else:
logger.exception('Unexpected error while writing ssh host keys.')
raise
def main():
setup_logging()
try:
if post_receive_hook_command() is False:
sys.exit(1)
except Exception:
logger.exception('Deploy failed')
sys.exit(1)
def run_command(parser):
setup_logging()
args = parser.parse_args()
try:
result = args.func(args)
if result is False:
sys.exit(1)
except Exception:
logger.exception('Command failed')
sys.exit(1)
def run(args):
k8s = Kubernetes(args.kubernetes_url, namespace='noel')
resource_version = None
try:
secret = k8s.get_secret('ssh-keys')
keys = secret['data']
resource_version = secret['metadata']['resourceVersion']
write_authorized_keys_file(keys, args.destination)
logger.info('Wrote authorized keys. {} known keys.'.format(
len(keys)))
except KubernetesError as e:
if e.httperror.response.status_code == 404:
logger.warning('No ssh keys found, will watch for more.')
else:
logger.exception(
'Unexpected error while retrieving initial ssh keys.')
while True:
try:
params = {
'labelSelector': 'type=ssh-keys',
'resourceVersion': resource_version
}
for change in k8s.watch_secrets(params=params):
if change['type'] not in ['CREATED', 'ADDED', 'MODIFIED']:
continue
secret = change['object']
if secret['metadata']['name'] != 'ssh-keys':
continue
keys = k8s.decode_secret_data(secret['data'])
write_authorized_keys_file(keys, args.destination)
logger.info('Updated authorized keys. {} known keys.'.format(
len(keys)))
# Set the resource version param, so that any exception occurs
# we only get the changes since the last one we saw.
resource_version = secret['metadata']['resourceVersion']
except Exception:
logger.exception(
'Error while refreshing ssh keys, waiting 30 seconds.')
time.sleep(30)
