github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-21 01:26:28 +00:00
Code Issues Projects Releases Wiki Activity

Rely on ssh-agent for key management

Browse Source
This commit is contained in:
Pieter Noordhuis 2014-10-12 16:25:14 -07:00
parent 1152471db7
commit a1c40922e0
2 changed files with 46 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cluster/vsphere/config-common.sh
View File

@ -14,22 +14,7 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
function public-key { SSH_OPTS="-oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oLogLevel=ERROR"
local dir=${HOME}/.ssh
for f in $HOME/.ssh/{id_{rsa,dsa},*}.pub; do
if [ -r $f ]; then
echo $f
return
fi
done
echo "Can't find public key file..." 1>&2
exit 1
}
PUBLIC_KEY_FILE=${PUBLIC_KEY_FILE-$(public-key)}
SSH_OPTS="-oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null"
# These need to be set # These need to be set
#export GOVC_URL= #export GOVC_URL=

49
cluster/vsphere/util.sh
View File

@ -64,8 +64,19 @@ function detect-minions {
fi fi
} }
function trap-add {
local handler="$1"
local signal="${2-EXIT}"
local cur
cur="$(eval "sh -c 'echo \$3' -- $(trap -p ${signal})")"
if [[ -n "${cur}" ]]; then
handler="${cur}; ${handler}"
fi
trap "${handler}" ${signal}
}
# Verify prereqs
function verify-prereqs { function verify-prereqs {
which "govc" >/dev/null || { which "govc" >/dev/null || {
echo "Can't find govc in PATH, please install and retry." echo "Can't find govc in PATH, please install and retry."
@ -76,6 +87,33 @@ function verify-prereqs {
} }
} }
function verify-ssh-prereqs {
local rc
rc=0
ssh-add -L 1> /dev/null 2> /dev/null || rc="$?"
# "Could not open a connection to your authentication agent."
if [[ "${rc}" -eq 2 ]]; then
eval "$(ssh-agent)" > /dev/null
trap-add "kill ${SSH_AGENT_PID}" EXIT
fi
rc=0
ssh-add -L 1> /dev/null 2> /dev/null || rc="$?"
# "The agent has no identities."
if [[ "${rc}" -eq 1 ]]; then
# Try adding one of the default identities, with or without passphrase.
ssh-add || true
fi
# Expect at least one identity to be available.
if ! ssh-add -L 1> /dev/null 2> /dev/null; then
echo "Could not find or add an SSH identity."
echo "Please start ssh-agent, add your identity, and retry."
exit 1
fi
}
# Create a temp dir that'll be deleted at the end of this bash session. # Create a temp dir that'll be deleted at the end of this bash session.
# #
# Vars set: # Vars set:
@ -83,7 +121,7 @@ function verify-prereqs {
function ensure-temp-dir { function ensure-temp-dir {
if [[ -z ${KUBE_TEMP-} ]]; then if [[ -z ${KUBE_TEMP-} ]]; then
KUBE_TEMP=$(mktemp -d -t kubernetes.XXXXXX) KUBE_TEMP=$(mktemp -d -t kubernetes.XXXXXX)
trap 'rm -rf "${KUBE_TEMP}"' EXIT trap-add 'rm -rf "${KUBE_TEMP}"' EXIT
fi fi
} }
@ -173,7 +211,6 @@ function kube-ssh {
# Assumed vars: # Assumed vars:
# DISK # DISK
# GUEST_ID # GUEST_ID
# PUBLIC_KEY_FILE
function kube-up-vm { function kube-up-vm {
local vm_name="$1" local vm_name="$1"
shift shift
@ -194,10 +231,12 @@ function kube-up-vm {
-p \ -p \
/home/kube/.ssh /home/kube/.ssh
ssh-add -L > "${KUBE_TEMP}/${vm_name}-authorized_keys"
govc guest.upload \ govc guest.upload \
-vm="${vm_name}" \ -vm="${vm_name}" \
-f \ -f \
"${PUBLIC_KEY_FILE}" \ "${KUBE_TEMP}/${vm_name}-authorized_keys" \
/home/kube/.ssh/authorized_keys /home/kube/.ssh/authorized_keys
} }
@ -222,6 +261,7 @@ function kube-run {
# KUBE_ROOT # KUBE_ROOT
# <Various vars set in config file> # <Various vars set in config file>
function kube-up { function kube-up {
verify-ssh-prereqs
find-release-tars find-release-tars
ensure-temp-dir ensure-temp-dir
@ -378,6 +418,7 @@ function kube-down {
# Update a kubernetes cluster with latest source # Update a kubernetes cluster with latest source
function kube-push { function kube-push {
verify-ssh-prereqs
find-release-tars find-release-tars
detect-master detect-master