mirror of
https://github.com/rancher/rke.git
synced 2025-09-17 23:49:06 +00:00
Add ssh key and path per host
This commit is contained in:
galal-hussein
@@ -2,43 +2,27 @@ package cluster
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"syscall"
|
||||
|
||||
"github.com/rancher/rke/hosts"
|
||||
"github.com/rancher/rke/pki"
|
||||
"github.com/rancher/rke/services"
|
||||
"github.com/sirupsen/logrus"
|
||||
"golang.org/x/crypto/ssh"
|
||||
"golang.org/x/crypto/ssh/terminal"
|
||||
)
|
||||
|
||||
const (
|
||||
DefaultSSHKeyPath = "/.ssh/id_rsa"
|
||||
)
|
||||
|
||||
func (c *Cluster) TunnelHosts() error {
|
||||
key, err := checkEncryptedKey(c.SSHKeyPath)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Failed to parse the private key: %v", err)
|
||||
}
|
||||
for i := range c.EtcdHosts {
|
||||
err := c.EtcdHosts[i].TunnelUp(key)
|
||||
if err != nil {
|
||||
if err := c.EtcdHosts[i].TunnelUp(); err != nil {
|
||||
return fmt.Errorf("Failed to set up SSH tunneling for Etcd hosts: %v", err)
|
||||
}
|
||||
}
|
||||
for i := range c.ControlPlaneHosts {
|
||||
err := c.ControlPlaneHosts[i].TunnelUp(key)
|
||||
err := c.ControlPlaneHosts[i].TunnelUp()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Failed to set up SSH tunneling for Control hosts: %v", err)
|
||||
}
|
||||
}
|
||||
for i := range c.WorkerHosts {
|
||||
err := c.WorkerHosts[i].TunnelUp(key)
|
||||
if err != nil {
|
||||
if err := c.WorkerHosts[i].TunnelUp(); err != nil {
|
||||
return fmt.Errorf("Failed to set up SSH tunneling for Worker hosts: %v", err)
|
||||
}
|
||||
}
|
||||
@@ -101,34 +85,3 @@ func CheckEtcdHostsChanged(kubeCluster, currentCluster *Cluster) error {
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func checkEncryptedKey(sshKeyPath string) (ssh.Signer, error) {
|
||||
logrus.Infof("[ssh] Checking private key")
|
||||
key, err := hosts.ParsePrivateKey(privateKeyPath(sshKeyPath))
|
||||
if err != nil {
|
||||
if strings.Contains(err.Error(), "decode encrypted private keys") {
|
||||
fmt.Printf("Passphrase for Private SSH Key: ")
|
||||
passphrase, err := terminal.ReadPassword(int(syscall.Stdin))
|
||||
fmt.Printf("\n")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
key, err = hosts.ParsePrivateKeyWithPassPhrase(privateKeyPath(sshKeyPath), passphrase)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
} else {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
return key, nil
|
||||
}
|
||||
|
||||
func privateKeyPath(sshKeyPath string) string {
|
||||
if len(sshKeyPath) == 0 {
|
||||
return os.Getenv("HOME") + DefaultSSHKeyPath
|
||||
} else if sshKeyPath[:2] == "~/" {
|
||||
return filepath.Join(os.Getenv("HOME"), sshKeyPath[2:])
|
||||
}
|
||||
return sshKeyPath
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user