|
|
|
|
@ -755,28 +755,34 @@ sub check_ssh_keys |
|
|
|
|
# and the key has changed, update the line with the new key. If it isn't found, add it. Once |
|
|
|
|
# we check the old body for this entry, change the "old" body to the new one, then repeat the |
|
|
|
|
# process. |
|
|
|
|
my $local_host_uuid = $anvil->Get->host_type; |
|
|
|
|
my $in_anvil = $anvil->data->{hosts}{host_uuid}{$local_host_uuid}{anvil_name}; |
|
|
|
|
my $trusted_host_uuids = []; |
|
|
|
|
foreach my $host_uuid (keys %{$anvil->data->{hosts}{host_uuid}}) |
|
|
|
|
{ |
|
|
|
|
# Skip ourselves. |
|
|
|
|
next if $host_uuid eq $anvil->Get->host_uuid; |
|
|
|
|
|
|
|
|
|
my $host_name = $anvil->data->{hosts}{host_uuid}{$host_uuid}{host_name}; |
|
|
|
|
my $host_type = $anvil->data->{hosts}{host_uuid}{$host_uuid}{host_type}; |
|
|
|
|
my $anvil_name = $anvil->data->{hosts}{host_uuid}{$host_uuid}{anvil_name}; |
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { |
|
|
|
|
host_name => $host_name, |
|
|
|
|
host_type => $host_type, |
|
|
|
|
anvil_name => $anvil_name, |
|
|
|
|
}}); |
|
|
|
|
if ($anvil->Get->host_type eq "striker") |
|
|
|
|
{ |
|
|
|
|
# Add all known machines |
|
|
|
|
push @{$trusted_host_uuids}, $host_uuid; |
|
|
|
|
} |
|
|
|
|
else |
|
|
|
|
{ |
|
|
|
|
# Add dashboard (using postgres connection info), the UUID is the host UUID. |
|
|
|
|
foreach my $uuid (sort {$a cmp $b} keys %{$anvil->data->{database}}) |
|
|
|
|
elsif ((($in_anvil) && ($anvil_name eq $in_anvil)) or (exists $anvil->data->{database}{$host_uuid})) |
|
|
|
|
{ |
|
|
|
|
# Periodically, autovivication causes and empty key to appear. |
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { uuid => $uuid }}); |
|
|
|
|
next if ((not $uuid) or (not $anvil->Validate->is_uuid({uuid => $uuid}))); |
|
|
|
|
|
|
|
|
|
push @{$trusted_host_uuids}, $uuid; |
|
|
|
|
# Add dashboards we use and peers |
|
|
|
|
push @{$trusted_host_uuids}, $host_uuid; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
# Now add our peers. |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
my $peers = []; |
|
|
|
|
|
|
|
|
|
# Look at all the hosts I know about (other than myself) and see if any of the machine or |
|
|
|
|
# user keys either don't exist or have changed. |
|
|
|
|
my $update_known_hosts = 0; |
|
|
|
|
@ -784,21 +790,22 @@ sub check_ssh_keys |
|
|
|
|
my $known_hosts_new_lines = ""; |
|
|
|
|
my $authorized_keys_new_lines = ""; |
|
|
|
|
|
|
|
|
|
### TODO: We need to handle all the IP addresses and host names with |
|
|
|
|
### <short_hostname>.<bc|s|ifnX>, while dealing with duplicates. |
|
|
|
|
# Check for changes to known_hosts |
|
|
|
|
foreach my $host_uuid (keys %{$anvil->data->{peers}{ssh_keys}}) |
|
|
|
|
foreach my $host_uuid (@{$trusted_host_uuids}) |
|
|
|
|
{ |
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { host_uuid => $host_uuid }}); |
|
|
|
|
foreach my $host_name (sort {$a cmp $b} keys %{$anvil->data->{peers}{ssh_keys}{$host_uuid}{host}}) |
|
|
|
|
{ |
|
|
|
|
my $key = $anvil->data->{peers}{ssh_keys}{$host_uuid}{host}{$host_name}; |
|
|
|
|
my $host_name = $anvil->data->{hosts}{host_uuid}{$host_uuid}{host_name}; |
|
|
|
|
my $host_key = $anvil->data->{hosts}{host_uuid}{$host_uuid}{host_key}; |
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { |
|
|
|
|
's1:host_name' => $host_name, |
|
|
|
|
's2:key' => $key, |
|
|
|
|
host_name => $host_name, |
|
|
|
|
host_uuid => $host_uuid, |
|
|
|
|
host_key => $host_key, |
|
|
|
|
}}); |
|
|
|
|
|
|
|
|
|
# Is this in the file and, if so, has it changed? |
|
|
|
|
my $found = 0; |
|
|
|
|
my $test_line = $host_name." ".$key; |
|
|
|
|
my $test_line = $host_name." ".$host_key; |
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { test_line => $test_line }}); |
|
|
|
|
foreach my $line (split/\n/, $known_hosts_old_body) |
|
|
|
|
{ |
|
|
|
|
@ -829,6 +836,7 @@ sub check_ssh_keys |
|
|
|
|
} |
|
|
|
|
$known_hosts_new_body .= $line."\n"; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
# If we didn't find the key, add it. |
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { found => $found }}); |
|
|
|
|
if (not $found) |
|
|
|
|
@ -846,7 +854,6 @@ sub check_ssh_keys |
|
|
|
|
$known_hosts_old_body = $known_hosts_new_body; |
|
|
|
|
$known_hosts_new_body = ""; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
# Lastly, copy the last version of the old body to the new body, |
|
|
|
|
$known_hosts_new_body = $known_hosts_old_body.$known_hosts_new_lines; |
|
|
|
|
@ -857,20 +864,23 @@ sub check_ssh_keys |
|
|
|
|
's4:difference' => diff \$known_hosts_file_body, \$known_hosts_new_body, { STYLE => 'Unified' }, |
|
|
|
|
}}); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### TODO: Change this to not use all hosts, but on dashboards we use, plus if we're in an Anvil!, those machines. |
|
|
|
|
|
|
|
|
|
=cut |
|
|
|
|
# Check for changes to authorized_keys |
|
|
|
|
foreach my $host_uuid (keys %{$anvil->data->{peers}{ssh_keys}}) |
|
|
|
|
foreach my $host_uuid (@{$trusted_host_uuids}) |
|
|
|
|
{ |
|
|
|
|
my $host_name = $anvil->data->{hosts}{host_uuid}{$host_uuid}{host_name}; |
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { |
|
|
|
|
host_uuid => $host_uuid, |
|
|
|
|
host_name => $host_name, |
|
|
|
|
}}); |
|
|
|
|
foreach my $user (sort {$a cmp $b} @{$users}) |
|
|
|
|
{ |
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { host_uuid => $host_uuid }}); |
|
|
|
|
foreach my $ssh_key_user_name (sort {$a cmp $b} keys %{$anvil->data->{peers}{ssh_keys}{$host_uuid}{user}}) |
|
|
|
|
if ((exists $anvil->data->{ssh_keys}{host_uuid}{$host_uuid}{ssh_key_user_name}{$user}) && ($anvil->data->{ssh_keys}{host_uuid}{$host_uuid}{ssh_key_user_name}{$user}{ssh_key_public_key})) |
|
|
|
|
{ |
|
|
|
|
my $ssh_key_public_key = $anvil->data->{peers}{ssh_keys}{$host_uuid}{user}{$ssh_key_user_name}; |
|
|
|
|
my $ssh_key_public_key = $anvil->data->{ssh_keys}{host_uuid}{$host_uuid}{ssh_key_user_name}{$user}{ssh_key_public_key}; |
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { |
|
|
|
|
's1:ssh_key_user_name' => $ssh_key_user_name, |
|
|
|
|
's2:ssh_key_public_key' => $ssh_key_public_key, |
|
|
|
|
's1:user' => $user, |
|
|
|
|
's2:host_name' => $host_name, |
|
|
|
|
's3:ssh_key_public_key' => $ssh_key_public_key, |
|
|
|
|
}}); |
|
|
|
|
|
|
|
|
|
# The key in the file might have a different trailing suffix (user@host_name) |
|
|
|
|
@ -890,10 +900,6 @@ sub check_ssh_keys |
|
|
|
|
$found = 1; |
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { found => $found }}); |
|
|
|
|
} |
|
|
|
|
# We don't look for changes (yet). Might be worth looking for stale |
|
|
|
|
# keys by ckecking of the host at the end matches an entry in the |
|
|
|
|
# database and then verifying the keys haven't changed, but that's |
|
|
|
|
# for another day. |
|
|
|
|
$authorized_keys_new_body .= $line."\n"; |
|
|
|
|
} |
|
|
|
|
# If we didn't find the key, add it. |
|
|
|
|
@ -914,6 +920,7 @@ sub check_ssh_keys |
|
|
|
|
$authorized_keys_new_body = ""; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
# Lastly, copy the last version of the old body to the new body, |
|
|
|
|
$authorized_keys_new_body = $authorized_keys_old_body.$authorized_keys_new_lines; |
|
|
|
|
@ -923,7 +930,6 @@ sub check_ssh_keys |
|
|
|
|
's3:authorized_keys_new_body' => $authorized_keys_new_body, |
|
|
|
|
's4:difference' => diff \$authorized_keys_file_body, \$authorized_keys_new_body, { STYLE => 'Unified' }, |
|
|
|
|
}}); |
|
|
|
|
=cut |
|
|
|
|
|
|
|
|
|
# Update the known_hosts files, if needed. |
|
|
|
|
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { update_known_hosts => $update_known_hosts }}); |
|
|
|
|
|
Digimer
5 years ago