Complete removal of SSH data in Ranger
Ranger has not used SSH since the project finished conversions to python 3.6. The data below is to be removed, barring user_home and retry_limit as they are values which have been co-opted by other parts of the ranger/ranger-agent codebase. Change-Id: If7cd18ddd6f266d58a10bfabd202f9daa4a518bf
This commit is contained in:
parent
3c07f7465c
commit
c7816d8397
@ -15,7 +15,7 @@ appVersion: v1.0.0
|
||||
description: OpenStack-Helm Ranger Agent
|
||||
home: https://opendev.org/x/ranger-agent
|
||||
name: ranger-agent
|
||||
version: 0.1.6
|
||||
version: 0.1.7
|
||||
sources:
|
||||
- https://opendev.org/openstack/ranger-agent
|
||||
- https://opendev.org/openstack/openstack-helm-addons
|
||||
|
@ -20,21 +20,6 @@ COMMAND="${@:-start}"
|
||||
|
||||
function start () {
|
||||
|
||||
if [ -n "${SSH_KEY}" ] && [ -n "${SSH_KEY_CONFIGURATION}" ];then
|
||||
if [[ $(stat -c %F ${USER_HOME}/.ssh) = "directory" ]]; then
|
||||
rm -fr ${USER_HOME}/.ssh
|
||||
fi
|
||||
|
||||
mkdir -p ${USER_HOME}/.ssh
|
||||
echo -e "${SSH_KEY}" >>${USER_HOME}/.ssh/${SSH_KEY_FILE}
|
||||
echo -e "${SSH_KEY_CONFIGURATION}" >>${USER_HOME}/.ssh/config
|
||||
|
||||
chown ${USER}: ${USER_HOME}/.ssh
|
||||
chmod 0700 -R ${USER_HOME}/.ssh
|
||||
chmod 0644 ${USER_HOME}/.ssh/config
|
||||
chmod 0600 ${USER_HOME}/.ssh/${SSH_KEY_FILE}
|
||||
fi
|
||||
|
||||
exec ranger-agent-engine \
|
||||
--config-file /etc/ranger-agent/ranger-agent.conf
|
||||
}
|
||||
|
@ -83,34 +83,6 @@ spec:
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
{{ dict "envAll" $envAll "application" "ranger_agent" "container" "ranger_agent_engine" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
{{- if .Values.manifests.secret_ssh_key }}
|
||||
env:
|
||||
- name: USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-agent-ssh-secret
|
||||
key: USER
|
||||
- name: USER_HOME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-agent-ssh-secret
|
||||
key: USER_HOME
|
||||
- name: SSH_KEY_FILE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-agent-ssh-secret
|
||||
key: SSH_KEY_FILE
|
||||
- name: SSH_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-agent-ssh-secret
|
||||
key: RANGER_AGENT_PRIVATE_KEY
|
||||
- name: SSH_KEY_CONFIGURATION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-agent-ssh-secret
|
||||
key: RANGER_AGENT_SSH_CONFIG
|
||||
{{- end }}
|
||||
command:
|
||||
- /tmp/ranger-agent-engine.sh
|
||||
- start
|
||||
|
@ -1,31 +0,0 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.secret_ssh_key }}
|
||||
{{- $envAll := . }}
|
||||
{{- $key_location := .Values.conf.ssh.key_location }}
|
||||
{{- $secretName := "ranger-agent-ssh-secret" }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
USER: {{ .Values.conf.ssh.user | b64enc }}
|
||||
USER_HOME: {{ .Values.conf.ssh.user_home | b64enc }}
|
||||
SSH_KEY_FILE: {{ .Values.conf.ssh.ssh_key_file | b64enc }}
|
||||
RANGER_AGENT_PRIVATE_KEY: {{ .Values.conf.ssh.ssh_key | default "" | b64enc }}
|
||||
RANGER_AGENT_SSH_CONFIG: {{ .Values.conf.ssh.ssh_config | default "" | b64enc }}
|
||||
{{- end }}
|
@ -566,7 +566,6 @@ manifests:
|
||||
secret_ingress_tls: true
|
||||
secret_keystone: true
|
||||
secret_rabbitmq: true
|
||||
secret_ssh_key: true
|
||||
service_ingress_ranger_agent_api: true
|
||||
service_ranger_agent_api: true
|
||||
|
||||
@ -604,19 +603,11 @@ conf:
|
||||
auth_version: v3
|
||||
orm:
|
||||
rds_listener_endpoint: http://localhost:8777/v1/rds/status
|
||||
orm_template_repo_url: git@github.com:ranger-agent/templates.git
|
||||
repo_pull_check_wait: 2
|
||||
retry_limits: 5
|
||||
oslo_messaging_notifications:
|
||||
driver: messagingv2
|
||||
oslo_messaging_rabbit:
|
||||
rabbit_ha_queues: true
|
||||
ssh:
|
||||
user: ranger_agent
|
||||
user_home: /home/ranger_agent
|
||||
ssh_key_file: ranger_agent
|
||||
ssh_key:
|
||||
ssh_config:
|
||||
test:
|
||||
expected_end_status_key: "ORD_000"
|
||||
region:
|
||||
|
@ -15,7 +15,7 @@ appVersion: v1.0.0
|
||||
description: OpenStack-Helm Ranger
|
||||
home: https://opendev.org/x/ranger
|
||||
name: ranger
|
||||
version: 0.1.3
|
||||
version: 0.1.4
|
||||
icon: https://opendev.org/x/ranger/raw/branch/master/public/images/logo.png
|
||||
sources:
|
||||
- https://opendev.org/openstack/ranger
|
||||
|
@ -1,54 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
|
||||
COMMAND="${@:-start}"
|
||||
|
||||
function start () {
|
||||
|
||||
if [ -n "${SSH_KEY}" ] && [ -n "${SSH_KEY_CONFIGURATION}" ];then
|
||||
if [[ $(stat -c %F ${USER_HOME}/.ssh) = "directory" ]]; then
|
||||
rm -fr ${USER_HOME}/.ssh
|
||||
fi
|
||||
|
||||
mkdir -p ${USER_HOME}/.ssh
|
||||
echo -e "${SSH_KEY}" >>${USER_HOME}/.ssh/${SSH_KEY_FILE}
|
||||
echo -e "${SSH_KEY_CONFIGURATION}" >>${USER_HOME}/.ssh/config
|
||||
|
||||
chown ${USER}: ${USER_HOME}/.ssh
|
||||
chmod 0700 -R ${USER_HOME}/.ssh
|
||||
chmod 0644 ${USER_HOME}/.ssh/config
|
||||
chmod 0600 ${USER_HOME}/.ssh/${SSH_KEY_FILE}
|
||||
|
||||
git config --global user.name ${REPO_USER}
|
||||
git config --global user.email ${REPO_ACCOUNT}
|
||||
git clone ${REMOTE_REPO} ${LOCAL_REPO}
|
||||
fi
|
||||
|
||||
if [ -n "${CERT_LOCATION}" ];then
|
||||
echo -e "${CERT_FILE}" >>${CERT_LOCATION}
|
||||
chmod 0644 ${CERT_LOCATION}
|
||||
fi
|
||||
|
||||
exec ranger-rds
|
||||
}
|
||||
|
||||
function stop() {
|
||||
kill -TERM 1
|
||||
}
|
||||
|
||||
$COMMAND
|
@ -38,6 +38,13 @@ function start () {
|
||||
if [[ ${SERVICE_TYPE} = "fms" ]]; then
|
||||
exec ranger-fms
|
||||
fi
|
||||
if [[ ${SERVICE_TYPE} = "rds" ]]; then
|
||||
if [ -n "${CERT_LOCATION}" ];then
|
||||
echo -e "${CERT_FILE}" >>${CERT_LOCATION}
|
||||
chmod 0644 ${CERT_LOCATION}
|
||||
fi
|
||||
exec ranger-rds
|
||||
fi
|
||||
}
|
||||
|
||||
function stop() {
|
||||
|
@ -28,8 +28,6 @@ data:
|
||||
{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
|
||||
ranger-services.sh: |+
|
||||
{{ tuple "bin/_ranger-services.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
ranger-rds-service.sh: |+
|
||||
{{ tuple "bin/_ranger-rds-service.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
health-probe.py: |+
|
||||
{{ tuple "bin/_health-probe.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
ranger-test.py: |+
|
||||
|
@ -30,7 +30,7 @@ limitations under the License.
|
||||
{{- $_ := set .Values.conf.ranger.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger.password -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger.DEFAULT.ranger_base -}}
|
||||
{{- $_ := set .Values.conf.ranger.DEFAULT "ranger_base" (print .Values.conf.ssh.user_home "/ranger" ) -}}
|
||||
{{- $_ := set .Values.conf.ranger.DEFAULT "ranger_base" (print .Values.conf.ranger_base "/ranger" ) -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ranger.keystone_authtoken.project_name -}}
|
||||
{{- $_ := set .Values.conf.ranger.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger.project_name -}}
|
||||
|
@ -81,56 +81,18 @@ spec:
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.ranger | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
{{ dict "envAll" $envAll "application" "rds" "container" "ranger_rds_service" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
env:
|
||||
{{- if .Values.manifests.secret_ssh_key }}
|
||||
- name: USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-ssh-secret
|
||||
key: USER
|
||||
- name: USER_HOME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-ssh-secret
|
||||
key: USER_HOME
|
||||
- name: SSH_KEY_FILE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-ssh-secret
|
||||
key: SSH_KEY_FILE
|
||||
- name: SSH_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-ssh-secret
|
||||
key: RANGER_PRIVATE_KEY
|
||||
- name: SSH_KEY_CONFIGURATION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-ssh-secret
|
||||
key: RANGER_SSH_CONFIG
|
||||
{{- end }}
|
||||
{{- if .Values.conf.ranger.DEFAULT.ranger_agent_https_enabled }}
|
||||
- name: CERT_LOCATION
|
||||
value: {{ .Values.conf.ranger.DEFAULT.ranger_agent_client_cert_path }}
|
||||
- name: CERT_FILE
|
||||
{{ if .Values.manifests.secret_ssh_key }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ranger-ssh-secret
|
||||
key: CERT_FILE
|
||||
{{ else }}
|
||||
value: {{ .Values.conf.cert.ranger_agent_client_cert }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
- name: SERVICE_TYPE
|
||||
value: "rds"
|
||||
- name: RDS_SERVICE_URL
|
||||
value: {{ tuple "rds" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
|
||||
command:
|
||||
- /tmp/ranger-rds-service.sh
|
||||
- /tmp/ranger-services.sh
|
||||
- start
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
- /tmp/ranger-rds-service.sh
|
||||
- /tmp/ranger-services.sh
|
||||
- stop
|
||||
ports:
|
||||
- name: rds
|
||||
@ -143,8 +105,8 @@ spec:
|
||||
- name: pod-etc-ranger
|
||||
mountPath: /etc/ranger
|
||||
- name: ranger-bin
|
||||
mountPath: /tmp/ranger-rds-service.sh
|
||||
subPath: ranger-rds-service.sh
|
||||
mountPath: /tmp/ranger-services.sh
|
||||
subPath: ranger-services.sh
|
||||
readOnly: true
|
||||
- name: ranger-bin
|
||||
mountPath: /tmp/health-probe.py
|
||||
|
@ -1,32 +0,0 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.secret_ssh_key }}
|
||||
{{- $envAll := . }}
|
||||
{{- $key_location := .Values.conf.ssh.key_location }}
|
||||
{{- $secretName := "ranger-ssh-secret" }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
USER: {{ .Values.conf.ssh.user | b64enc }}
|
||||
USER_HOME: {{ .Values.conf.ssh.user_home | b64enc }}
|
||||
SSH_KEY_FILE: {{ .Values.conf.ssh.ssh_key_file | b64enc }}
|
||||
RANGER_PRIVATE_KEY: {{ .Values.conf.ssh.ssh_key | default "" | b64enc }}
|
||||
RANGER_SSH_CONFIG: {{ .Values.conf.ssh.ssh_config | default "" | b64enc }}
|
||||
CERT_FILE: {{ .Values.conf.cert.ranger_agent_client_cert | default "" | b64enc }}
|
||||
{{- end }}
|
@ -791,12 +791,7 @@ conf:
|
||||
log: null
|
||||
uuid:
|
||||
log: null
|
||||
ssh:
|
||||
user: ranger
|
||||
user_home: /home/ranger
|
||||
ssh_key_file: ranger
|
||||
ssh_key:
|
||||
ssh_config:
|
||||
ranger_base: '/home/ranger'
|
||||
cert:
|
||||
ranger_agent_client_cert:
|
||||
...
|
||||
|
@ -22,9 +22,6 @@ conf:
|
||||
DEFAULT:
|
||||
enable_rds_callback_check: false
|
||||
enable_heat_health_check: false
|
||||
ssh:
|
||||
ssh_key:
|
||||
ssh_config:
|
||||
dependencies:
|
||||
static:
|
||||
api:
|
||||
|
@ -21,10 +21,7 @@ conf:
|
||||
ranger:
|
||||
DEFAULT:
|
||||
ranger_agent_https_enable: true
|
||||
ranger_agent_client_cert_path: '/home/ranger/ord.cert'
|
||||
ssh:
|
||||
ssh_key:
|
||||
ssh_config:
|
||||
ranger_agent_client_cert_path: '/home/ranger'
|
||||
cert:
|
||||
ranger_agent_client_cert:
|
||||
EOF
|
||||
|
Loading…
Reference in New Issue
Block a user