openstack/charm-nova-cloud-controller
Code Issues Proposed changes

Add compute departed hook, ensure proper scrubbing of authorized_keys on compute depart.

Browse Source
This commit is contained in:
Adam Gandelman 2013-09-05 17:28:22 -07:00
parent bdc78c53ec
commit d76a287200
5 changed files with 37 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hooks/cloud-compute-relation-departed Symbolic link
View File

@ -0,0 +1 @@
nova_cc_hooks.py

22
hooks/misc_utils.py.moved Normal file
View File

@ -0,0 +1,22 @@
# This stuff can be promoted to charm-helpers.
def get_host_ip():
# we used to have a charm-helper to do this, but its disappeared?
# taken from quantum-gateway
try:
import dns.resolver
except ImportError:
apt_install('python-dnspython')
import dns.resolver
hostname = unit_get('private-address')
try:
# Test to see if already an IPv4 address
socket.inet_aton(hostname)
return hostname
except socket.error:
answers = dns.resolver.query(hostname, 'A')
if answers:
return answers[0].address
return None

3
hooks/nova_cc_hooks.py
View File

@ -263,8 +263,9 @@ def compute_changed():
authorized_keys=ssh_authorized_keys_b64()) authorized_keys=ssh_authorized_keys_b64())
@hooks.hook('cloud-compute-relation-departed')
def compute_departed(): def compute_departed():
ssh_compute_remove() ssh_compute_remove(public_key=relation_get('ssh_public_key'))
@hooks.hook('neutron-network-service-relation-joined', @hooks.hook('neutron-network-service-relation-joined',

16
hooks/nova_cc_utils.py
View File

@ -379,17 +379,19 @@ def ssh_authorized_keys_b64():
return b64encode(keys.read()) return b64encode(keys.read())
def ssh_compute_remove(): def ssh_compute_remove(public_key):
if not (os.path.isfile(authorized_keys()) or if not (os.path.isfile(authorized_keys()) or
os.path.isfile(known_hosts())): os.path.isfile(known_hosts())):
return return
# NOTE: compute names its ssh key as ${service}-{$unit_num}. we dont
# have access to relation settings from departed hooks, so
# we need to remove key based on keyname only.
key_name = remote_unit().replace('/', '-')
with open(authorized_keys()) as _keys: with open(authorized_keys()) as _keys:
keys = _keys.readlines() keys = [k.strip() for k in _keys.readlines()]
[keys.remove(key) for key in keys if key_name in key]
if public_key not in keys:
return
[keys.remove(key) for key in keys if key == public_key]
with open(authorized_keys(), 'w') as _keys: with open(authorized_keys(), 'w') as _keys:
_keys.write('\n'.join(keys)) _keys.write('\n'.join(keys))

6
unit_tests/test_nova_cc_utils.py
View File

@ -325,8 +325,8 @@ class NovaCCUtilsTests(CharmTestCase):
@patch('os.path.isfile') @patch('os.path.isfile')
def test_ssh_compute_remove(self, isfile, auth_key, known_host): def test_ssh_compute_remove(self, isfile, auth_key, known_host):
isfile.return_value = False isfile.return_value = False
utils.ssh_compute_remove()
self.assertFalse(self.remote_unit.called) removed_key = AUTHORIZED_KEYS.split('\n')[2]
keys_removed = ( keys_removed = (
"\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC27Us7lSjCpa7bumXAgc " "\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC27Us7lSjCpa7bumXAgc "
@ -340,7 +340,7 @@ class NovaCCUtilsTests(CharmTestCase):
_file.readlines = MagicMock() _file.readlines = MagicMock()
_file.write = MagicMock() _file.write = MagicMock()
_file.readlines.return_value = AUTHORIZED_KEYS.split('\n') _file.readlines.return_value = AUTHORIZED_KEYS.split('\n')
utils.ssh_compute_remove() utils.ssh_compute_remove(removed_key)
_file.write.assert_called_with(keys_removed) _file.write.assert_called_with(keys_removed)
def test_network_manager_untranslated(self): def test_network_manager_untranslated(self):