opendev/system-config
Code Issues Proposed changes

launch-node : add sshfp records

Browse Source 
Add a tool to scan a host and generate the sshfp records to go into
dns.  Hook this into the DNS print out from the node launcher.

Change-Id: I686287c3c081debeb6a230e2a3e7b48e5720c65a
This commit is contained in:
Ian Wienand 2020-07-28 16:21:34 +10:00
parent fea231676a
commit 3cbb877d43
2 changed files with 50 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
launch/dns.py
View File

@ -19,7 +19,7 @@
# limitations under the License. # limitations under the License.
import argparse import argparse
from sshfp import sshfp_print_records
def get_href(server): def get_href(server):
if not hasattr(server, 'links'): if not hasattr(server, 'links'):
@ -50,7 +50,7 @@ def print_dns_opendev(name, ip4, ip6):
print("{name} IN A {ip4}".format(name=name, ip4=ip4)) print("{name} IN A {ip4}".format(name=name, ip4=ip4))
if ip6: if ip6:
print("{name} IN AAAA {ip6}".format(name=name, ip6=ip6)) print("{name} IN AAAA {ip6}".format(name=name, ip6=ip6))
sshfp_print_records(name, ip4)
def print_reverse_dns(cloud, server, ip4, ip6): def print_reverse_dns(cloud, server, ip4, ip6):
# Get the server object from the sdk layer so that we can pull the # Get the server object from the sdk layer so that we can pull the

48
launch/sshfp.py Executable file
View File

@ -0,0 +1,48 @@
#!/usr/bin/env python3
import argparse
import subprocess
def generate_sshfp_records(hostname, ip):
'''Given a hostname and and IP address, scan the IP address (hostname
not in dns yet) and return a bind string with sshfp records'''
s = subprocess.run(['ssh-keyscan', '-D', ip],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE).stdout.decode('utf-8')
fingerprints = []
for line in s.split('\n'):
if not line:
continue
_, _, _, algo, key_type, fingerprint = line.split(' ')
fingerprints.append(
(algo, key_type, fingerprint))
# sort by algo and key_type to keep it consistent
fingerprints = sorted(fingerprints,
key=lambda x: (x[0], x[1]))
ret = ''
first = True
for f in fingerprints:
ret += '%s%s\t\tIN\tSSHFP\t%s %s %s' % \
("\n" if not first else '', hostname, f[0], f[1], f[2])
first = False
return ret
def sshfp_print_records(hostname, ip):
print(generate_sshfp_records(hostname, ip))
def main():
parser = argparse.ArgumentParser()
parser.add_argument("hostname", help="hostname")
parser.add_argument("ip", help="address to scan")
args = parser.parse_args()
sshfp_print_records(args.hostname, args.ip)
if __name__ == '__main__':
main()