def callback(self, args):
file_prefix = os.path.splitext(args.private_key_file)[0]
try:
if args.vault_password_file is None:
vault_password = generate_random_password()
args.vault_password_file = "{}.vault_password".format(
file_prefix)
with open(args.vault_password_file, "w") as f:
f.write(vault_password)
elif os.path.exists(args.vault_password_file):
with open(args.vault_password_file, "r") as f:
vault_password = f.read().strip()
if vault_password is None:
raise YBOpsRuntimeError("Unable to read {}".format(
args.vault_password_file))
else:
raise YBOpsRuntimeError("Vault password file doesn't exist.")
if args.vault_file is None:
args.vault_file = "{}.vault".format(file_prefix)
rsa_key = validated_key_file(args.private_key_file)
except Exception:
self._cleanup_dir(os.path.dirname(args.private_key_file))
raise
# TODO: validate if the file provided is actually a private key file or not.
public_key = format_rsa_key(rsa_key, public_key=True)
private_key = format_rsa_key(rsa_key, public_key=False)
self.cluster_vault.update(id_rsa=private_key,
id_rsa_pub=public_key,
authorized_keys=public_key)
# These are saved for itest specific improvements.
aws_access_key = os.environ.get('AWS_ACCESS_KEY_ID', "")
aws_secret = os.environ.get('AWS_SECRET_ACCESS_KEY', "")
if aws_access_key and aws_secret:
self.cluster_vault.update(
AWS_ACCESS_KEY_ID=os.environ['AWS_ACCESS_KEY_ID'],
AWS_SECRET_ACCESS_KEY=os.environ['AWS_SECRET_ACCESS_KEY'])
vault_data = dict(cluster_server_vault=self.cluster_vault)
if args.has_sudo_password:
sudo_password = getpass.getpass("SUDO Password: "******"ansible_become_pass": sudo_password})
vault = Vault(vault_password)
vault.dump(vault_data, open(args.vault_file, 'w'))
print(
json.dumps({
"vault_file": args.vault_file,
"vault_password": args.vault_password_file
}))
def callback(self, args):
file_prefix = os.path.splitext(args.private_key_file)[0]
if args.vault_password is None:
vault_password = generate_random_password()
args.vault_password = "******".format(file_prefix)
with file(args.vault_password, "w") as f:
f.write(vault_password)
elif os.path.exists(args.vault_password):
with file(args.vault_password) as f:
vault_password = f.read().strip()
if vault_password is None:
raise YBOpsRuntimeError("Unable to read {}".format(
args.vault_password))
else:
raise YBOpsRuntimeError("Vault password file doesn't exists.")
if args.vault_file is None:
args.vault_file = "{}.vault".format(file_prefix)
rsa_key = validated_key_file(args.private_key_file)
# TODO: validate if the file provided is actually a private key file or not.
public_key = format_rsa_key(rsa_key, public_key=True)
private_key = format_rsa_key(rsa_key, public_key=False)
self.cluster_vault.update(id_rsa=private_key,
id_rsa_pub=public_key,
authorized_keys=public_key)
vault_data = dict(cluster_server_vault=self.cluster_vault)
if args.has_sudo_password:
sudo_password = getpass.getpass("SUDO Password: "******"ansible_become_pass": sudo_password})
vault = Vault(vault_password)
vault.dump(vault_data, open(args.vault_file, 'w'))
print json.dumps({
"vault_file": args.vault_file,
"vault_password": args.vault_password
})
