openstack/openstack-helm-addons
Code Issues Proposed changes

Complete removal of SSH data in Ranger

Browse Source 
Ranger has not used SSH since the
project finished conversions to
python 3.6. The data below is to be
removed, barring user_home and
retry_limit as they are values
which have been co-opted by other
parts of the ranger/ranger-agent
codebase.

Change-Id: If7cd18ddd6f266d58a10bfabd202f9daa4a518bf
This commit is contained in:
jh629g 2021-01-22 18:05:28 -06:00 committed by Jeremy Houser
parent 3c07f7465c
commit c7816d8397
15 changed files with 18 additions and 231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ranger-agent/Chart.yaml
View File

@ -15,7 +15,7 @@ appVersion: v1.0.0
description: OpenStack-Helm Ranger Agent
home: https://opendev.org/x/ranger-agent
name: ranger-agent
version: 0.1.6
version: 0.1.7
sources:
- https://opendev.org/openstack/ranger-agent
- https://opendev.org/openstack/openstack-helm-addons

15
ranger-agent/templates/bin/_ranger-agent-engine.sh.tpl
View File

@ -20,21 +20,6 @@ COMMAND="${@:-start}"
function start () {
if [ -n "${SSH_KEY}" ] && [ -n "${SSH_KEY_CONFIGURATION}" ];then
if [[ $(stat -c %F ${USER_HOME}/.ssh) = "directory" ]]; then
rm -fr ${USER_HOME}/.ssh
fi
mkdir -p ${USER_HOME}/.ssh
echo -e "${SSH_KEY}" >>${USER_HOME}/.ssh/${SSH_KEY_FILE}
echo -e "${SSH_KEY_CONFIGURATION}" >>${USER_HOME}/.ssh/config
chown ${USER}: ${USER_HOME}/.ssh
chmod 0700 -R ${USER_HOME}/.ssh
chmod 0644 ${USER_HOME}/.ssh/config
chmod 0600 ${USER_HOME}/.ssh/${SSH_KEY_FILE}
fi
exec ranger-agent-engine \
--config-file /etc/ranger-agent/ranger-agent.conf
}

28
ranger-agent/templates/deployment-ranger-agent-engine.yaml
View File

@ -83,34 +83,6 @@ spec:
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ranger_agent" "container" "ranger_agent_engine" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{- if .Values.manifests.secret_ssh_key }}
env:
- name: USER
valueFrom:
secretKeyRef:
name: ranger-agent-ssh-secret
key: USER
- name: USER_HOME
valueFrom:
secretKeyRef:
name: ranger-agent-ssh-secret
key: USER_HOME
- name: SSH_KEY_FILE
valueFrom:
secretKeyRef:
name: ranger-agent-ssh-secret
key: SSH_KEY_FILE
- name: SSH_KEY
valueFrom:
secretKeyRef:
name: ranger-agent-ssh-secret
key: RANGER_AGENT_PRIVATE_KEY
- name: SSH_KEY_CONFIGURATION
valueFrom:
secretKeyRef:
name: ranger-agent-ssh-secret
key: RANGER_AGENT_SSH_CONFIG
{{- end }}
command:
- /tmp/ranger-agent-engine.sh
- start

31
ranger-agent/templates/secret-ssh-key.yaml
View File

@ -1,31 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_ssh_key }}
{{- $envAll := . }}
{{- $key_location := .Values.conf.ssh.key_location }}
{{- $secretName := "ranger-agent-ssh-secret" }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
USER: {{ .Values.conf.ssh.user | b64enc }}
USER_HOME: {{ .Values.conf.ssh.user_home | b64enc }}
SSH_KEY_FILE: {{ .Values.conf.ssh.ssh_key_file | b64enc }}
RANGER_AGENT_PRIVATE_KEY: {{ .Values.conf.ssh.ssh_key | default "" | b64enc }}
RANGER_AGENT_SSH_CONFIG: {{ .Values.conf.ssh.ssh_config | default "" | b64enc }}
{{- end }}

9
ranger-agent/values.yaml
View File

@ -566,7 +566,6 @@ manifests:
secret_ingress_tls: true
secret_keystone: true
secret_rabbitmq: true
secret_ssh_key: true
service_ingress_ranger_agent_api: true
service_ranger_agent_api: true
@ -604,19 +603,11 @@ conf:
auth_version: v3
orm:
rds_listener_endpoint: http://localhost:8777/v1/rds/status
orm_template_repo_url: git@github.com:ranger-agent/templates.git
repo_pull_check_wait: 2
retry_limits: 5
oslo_messaging_notifications:
driver: messagingv2
oslo_messaging_rabbit:
rabbit_ha_queues: true
ssh:
user: ranger_agent
user_home: /home/ranger_agent
ssh_key_file: ranger_agent
ssh_key:
ssh_config:
test:
expected_end_status_key: "ORD_000"
region:

2
ranger/Chart.yaml
View File

@ -15,7 +15,7 @@ appVersion: v1.0.0
description: OpenStack-Helm Ranger
home: https://opendev.org/x/ranger
name: ranger
version: 0.1.3
version: 0.1.4
icon: https://opendev.org/x/ranger/raw/branch/master/public/images/logo.png
sources:
- https://opendev.org/openstack/ranger

54
ranger/templates/bin/_ranger-rds-service.sh.tpl
View File

@ -1,54 +0,0 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
COMMAND="${@:-start}"
function start () {
if [ -n "${SSH_KEY}" ] && [ -n "${SSH_KEY_CONFIGURATION}" ];then
if [[ $(stat -c %F ${USER_HOME}/.ssh) = "directory" ]]; then
rm -fr ${USER_HOME}/.ssh
fi
mkdir -p ${USER_HOME}/.ssh
echo -e "${SSH_KEY}" >>${USER_HOME}/.ssh/${SSH_KEY_FILE}
echo -e "${SSH_KEY_CONFIGURATION}" >>${USER_HOME}/.ssh/config
chown ${USER}: ${USER_HOME}/.ssh
chmod 0700 -R ${USER_HOME}/.ssh
chmod 0644 ${USER_HOME}/.ssh/config
chmod 0600 ${USER_HOME}/.ssh/${SSH_KEY_FILE}
git config --global user.name ${REPO_USER}
git config --global user.email ${REPO_ACCOUNT}
git clone ${REMOTE_REPO} ${LOCAL_REPO}
fi
if [ -n "${CERT_LOCATION}" ];then
echo -e "${CERT_FILE}" >>${CERT_LOCATION}
chmod 0644 ${CERT_LOCATION}
fi
exec ranger-rds
}
function stop() {
kill -TERM 1
}
$COMMAND

7
ranger/templates/bin/_ranger-services.sh.tpl
View File

@ -38,6 +38,13 @@ function start () {
if [[ ${SERVICE_TYPE} = "fms" ]]; then
exec ranger-fms
fi
if [[ ${SERVICE_TYPE} = "rds" ]]; then
if [ -n "${CERT_LOCATION}" ];then
echo -e "${CERT_FILE}" >>${CERT_LOCATION}
chmod 0644 ${CERT_LOCATION}
fi
exec ranger-rds
fi
}
function stop() {

2
ranger/templates/configmap-bin.yaml
View File

@ -28,8 +28,6 @@ data:
{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
ranger-services.sh: |+
{{ tuple "bin/_ranger-services.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ranger-rds-service.sh: |+
{{ tuple "bin/_ranger-rds-service.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
health-probe.py: |+
{{ tuple "bin/_health-probe.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ranger-test.py: |+

2
ranger/templates/configmap-etc.yaml
View File

@ -30,7 +30,7 @@ limitations under the License.
{{- $_ := set .Values.conf.ranger.keystone_authtoken "password" .Values.endpoints.identity.auth.ranger.password -}}
{{- end -}}
{{- if empty .Values.conf.ranger.DEFAULT.ranger_base -}}
{{- $_ := set .Values.conf.ranger.DEFAULT "ranger_base" (print .Values.conf.ssh.user_home "/ranger" ) -}}
{{- $_ := set .Values.conf.ranger.DEFAULT "ranger_base" (print .Values.conf.ranger_base "/ranger" ) -}}
{{- end -}}
{{- if empty .Values.conf.ranger.keystone_authtoken.project_name -}}
{{- $_ := set .Values.conf.ranger.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ranger.project_name -}}

50
ranger/templates/deployment-rds-service.yaml
View File

@ -81,56 +81,18 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.ranger | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "rds" "container" "ranger_rds_service" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
env:
{{- if .Values.manifests.secret_ssh_key }}
- name: USER
valueFrom:
secretKeyRef:
name: ranger-ssh-secret
key: USER
- name: USER_HOME
valueFrom:
secretKeyRef:
name: ranger-ssh-secret
key: USER_HOME
- name: SSH_KEY_FILE
valueFrom:
secretKeyRef:
name: ranger-ssh-secret
key: SSH_KEY_FILE
- name: SSH_KEY
valueFrom:
secretKeyRef:
name: ranger-ssh-secret
key: RANGER_PRIVATE_KEY
- name: SSH_KEY_CONFIGURATION
valueFrom:
secretKeyRef:
name: ranger-ssh-secret
key: RANGER_SSH_CONFIG
{{- end }}
{{- if .Values.conf.ranger.DEFAULT.ranger_agent_https_enabled }}
- name: CERT_LOCATION
value: {{ .Values.conf.ranger.DEFAULT.ranger_agent_client_cert_path }}
- name: CERT_FILE
{{ if .Values.manifests.secret_ssh_key }}
valueFrom:
secretKeyRef:
name: ranger-ssh-secret
key: CERT_FILE
{{ else }}
value: {{ .Values.conf.cert.ranger_agent_client_cert }}
{{ end }}
{{- end }}
- name: SERVICE_TYPE
value: "rds"
- name: RDS_SERVICE_URL
value: {{ tuple "rds" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
command:
- /tmp/ranger-rds-service.sh
- /tmp/ranger-services.sh
- start
lifecycle:
preStop:
exec:
command:
- /tmp/ranger-rds-service.sh
- /tmp/ranger-services.sh
- stop
ports:
- name: rds
@ -143,8 +105,8 @@ spec:
- name: pod-etc-ranger
mountPath: /etc/ranger
- name: ranger-bin
mountPath: /tmp/ranger-rds-service.sh
subPath: ranger-rds-service.sh
mountPath: /tmp/ranger-services.sh
subPath: ranger-services.sh
readOnly: true
- name: ranger-bin
mountPath: /tmp/health-probe.py

32
ranger/templates/secret-ssh-key.yaml
View File

@ -1,32 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_ssh_key }}
{{- $envAll := . }}
{{- $key_location := .Values.conf.ssh.key_location }}
{{- $secretName := "ranger-ssh-secret" }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
USER: {{ .Values.conf.ssh.user | b64enc }}
USER_HOME: {{ .Values.conf.ssh.user_home | b64enc }}
SSH_KEY_FILE: {{ .Values.conf.ssh.ssh_key_file | b64enc }}
RANGER_PRIVATE_KEY: {{ .Values.conf.ssh.ssh_key | default "" | b64enc }}
RANGER_SSH_CONFIG: {{ .Values.conf.ssh.ssh_config | default "" | b64enc }}
CERT_FILE: {{ .Values.conf.cert.ranger_agent_client_cert | default "" | b64enc }}
{{- end }}

7
ranger/values.yaml
View File

@ -791,12 +791,7 @@ conf:
log: null
uuid:
log: null
ssh:
user: ranger
user_home: /home/ranger
ssh_key_file: ranger
ssh_key:
ssh_config:
ranger_base: '/home/ranger'
cert:
ranger_agent_client_cert:
...

3
tools/deployment/component/ranger/ranger-agent.sh
View File

@ -22,9 +22,6 @@ conf:
DEFAULT:
enable_rds_callback_check: false
enable_heat_health_check: false
ssh:
ssh_key:
ssh_config:
dependencies:
static:
api:

5
tools/deployment/component/ranger/ranger.sh
View File

@ -21,10 +21,7 @@ conf:
ranger:
DEFAULT:
ranger_agent_https_enable: true
ranger_agent_client_cert_path: '/home/ranger/ord.cert'
ssh:
ssh_key:
ssh_config:
ranger_agent_client_cert_path: '/home/ranger'
cert:
ranger_agent_client_cert:
EOF