示例#1
0
def _setup_selinux_for_keys(fs, sshdir):
    """Get selinux guests to ensure correct context on injected keys."""

    if not fs.has_file(os.path.join("etc", "selinux")):
        return

    rclocal = os.path.join('etc', 'rc.local')
    rc_d = os.path.join('etc', 'rc.d')

    if not fs.has_file(rclocal) and fs.has_file(rc_d):
        rclocal = os.path.join(rc_d, 'rc.local')

    # Note some systems end rc.local with "exit 0"
    # and so to append there you'd need something like:
    #  utils.execute('sed', '-i', '${/^exit 0$/d}' rclocal, run_as_root=True)
    restorecon = [
        '\n',
        '# Added by Nova to ensure injected ssh keys have the right context\n',
        'restorecon -RF %s 2>/dev/null || :\n' % sshdir,
    ]

    if not fs.has_file(rclocal):
        restorecon.insert(0, '#!/bin/sh')

    _inject_file_into_fs(fs, rclocal, ''.join(restorecon), append=True)
    fs.set_permissions(rclocal, 0o700)
示例#2
0
def _inject_key_into_fs(key, fs):
    """Add the given public ssh key to root's authorized_keys.

    key is an ssh key string.
    fs is the path to the base of the filesystem into which to inject the key.
    """

    LOG.debug("Inject key fs=%(fs)s key=%(key)s", {'fs': fs, 'key': key})
    sshdir = os.path.join('root', '.ssh')
    fs.make_path(sshdir)
    fs.set_ownership(sshdir, "root", "root")
    fs.set_permissions(sshdir, 0o700)

    keyfile = os.path.join(sshdir, 'authorized_keys')

    key_data = ''.join([
        '\n',
        '# The following ssh key was injected by Nova',
        '\n',
        key.strip(),
        '\n',
    ])

    _inject_file_into_fs(fs, keyfile, key_data, append=True)
    fs.set_permissions(keyfile, 0o600)

    _setup_selinux_for_keys(fs, sshdir)
示例#3
0
文件: api.py 项目: mahak/nova
def _inject_key_into_fs(key, fs):
    """Add the given public ssh key to root's authorized_keys.

    key is an ssh key string.
    fs is the path to the base of the filesystem into which to inject the key.
    """

    LOG.debug("Inject key fs=%(fs)s key=%(key)s", {'fs': fs, 'key': key})
    sshdir = os.path.join('root', '.ssh')
    fs.make_path(sshdir)
    fs.set_ownership(sshdir, "root", "root")
    fs.set_permissions(sshdir, 0o700)

    keyfile = os.path.join(sshdir, 'authorized_keys')

    key_data = ''.join([
        '\n',
        '# The following ssh key was injected by Nova',
        '\n',
        key.strip(),
        '\n',
    ])

    _inject_file_into_fs(fs, keyfile, key_data, append=True)
    fs.set_permissions(keyfile, 0o600)

    _setup_selinux_for_keys(fs, sshdir)
示例#4
0
文件: api.py 项目: mahak/nova
def _setup_selinux_for_keys(fs, sshdir):
    """Get selinux guests to ensure correct context on injected keys."""

    if not fs.has_file(os.path.join("etc", "selinux")):
        return

    rclocal = os.path.join('etc', 'rc.local')
    rc_d = os.path.join('etc', 'rc.d')

    if not fs.has_file(rclocal) and fs.has_file(rc_d):
        rclocal = os.path.join(rc_d, 'rc.local')

    # Note some systems end rc.local with "exit 0"
    # and so to append there you'd need something like:
    #  utils.execute('sed', '-i', '${/^exit 0$/d}' rclocal, run_as_root=True)
    restorecon = [
        '\n',
        '# Added by Nova to ensure injected ssh keys have the right context\n',
        'restorecon -RF %s 2>/dev/null || :\n' % sshdir,
    ]

    if not fs.has_file(rclocal):
        restorecon.insert(0, '#!/bin/sh')

    _inject_file_into_fs(fs, rclocal, ''.join(restorecon), append=True)
    fs.set_permissions(rclocal, 0o700)
示例#5
0
def _inject_files_into_fs(files, fs):
    for (path, contents) in files:
        # NOTE(wangpan): Ensure the parent dir of injecting file exists
        parent_dir = os.path.dirname(path)
        if (len(parent_dir) > 0 and parent_dir != "/"
                and not fs.has_file(parent_dir)):
            fs.make_path(parent_dir)
            fs.set_ownership(parent_dir, "root", "root")
            fs.set_permissions(parent_dir, 0o744)
        _inject_file_into_fs(fs, path, contents)
示例#6
0
文件: api.py 项目: mahak/nova
def _inject_files_into_fs(files, fs):
    for (path, contents) in files:
        # NOTE(wangpan): Ensure the parent dir of injecting file exists
        parent_dir = os.path.dirname(path)
        if (len(parent_dir) > 0 and parent_dir != "/"
                and not fs.has_file(parent_dir)):
            fs.make_path(parent_dir)
            fs.set_ownership(parent_dir, "root", "root")
            fs.set_permissions(parent_dir, 0o744)
        _inject_file_into_fs(fs, path, contents)
示例#7
0
def _inject_net_into_fs(net, fs):
    """Inject /etc/network/interfaces into the filesystem rooted at fs.

    net is the contents of /etc/network/interfaces.
    """

    LOG.debug("Inject key fs=%(fs)s net=%(net)s", {'fs': fs, 'net': net})
    netdir = os.path.join('etc', 'network')
    fs.make_path(netdir)
    fs.set_ownership(netdir, "root", "root")
    fs.set_permissions(netdir, 0o744)

    netfile = os.path.join('etc', 'network', 'interfaces')
    _inject_file_into_fs(fs, netfile, net)
示例#8
0
文件: api.py 项目: mahak/nova
def _inject_net_into_fs(net, fs):
    """Inject /etc/network/interfaces into the filesystem rooted at fs.

    net is the contents of /etc/network/interfaces.
    """

    LOG.debug("Inject key fs=%(fs)s net=%(net)s", {'fs': fs, 'net': net})
    netdir = os.path.join('etc', 'network')
    fs.make_path(netdir)
    fs.set_ownership(netdir, "root", "root")
    fs.set_permissions(netdir, 0o744)

    netfile = os.path.join('etc', 'network', 'interfaces')
    _inject_file_into_fs(fs, netfile, net)