Commit 15584bd9 authored by Bryton Lacquement's avatar Bryton Lacquement 🚪

slaprunner: drop collective.recipe.shelloutput and use slapos.recipe.build

collective.recipe.shelloutput does not work well with Python 3: it
outputs values as bytes, which are printed in the format "!py!b'XXX'".

The new "init" option is used as a replacement.
parent 0417d0cd
......@@ -18,7 +18,7 @@ md5sum = 8b78e32b877d591400746ec7fd68ed4c
[template-runner]
filename = instance-runner.cfg
md5sum = be6d9d1c770a1ca63fce40093ffc25b4
md5sum = 99f2c1e0ff1668e57a242a77a33b4d23
[template-runner-import-script]
filename = template/runner-import.sh.jinja2
......
......@@ -287,35 +287,29 @@ extra-args=-t rsa
<=runner-sshd-ssh-keygen-base
extra-args=-t ecdsa -b 521
[runner-sshd-publickey-fingerprint-shelloutput]
recipe = collective.recipe.shelloutput
# XXX because collective.recipe.shelloutput ignore errors, we run the same
# command in a plone.recipe.command so that if fails if something goes wrong.
commands =
fingerprint = bash -o pipefail -c "${openssh-output:keygen} -lf $${runner-sshd-ssh-host-ecdsa-key:output} | cut -f 2 -d\ | sed 's/+/%2B/g' | sed 's/\//%2F/g' | sed 's/SHA256://'"
[runner-sshd-publickey-fingerprint]
# fingerprint for ssh url, see
# https://tools.ietf.org/id/draft-salowey-secsh-uri-00.html#connparam
# https://winscp.net/eng/docs/session_url#hostkey
_fingerprint = $${runner-sshd-publickey-fingerprint-shelloutput:fingerprint}
# format is host-key-alg-fingerprint, but we know that
# $${runner-sshkeys-sshd:public-key} is rsa so for host-key-alg
# we just use use rsa.
fingerprint = ssh-rsa-$${:_fingerprint}
# XXX because collective.recipe.shelloutput ignore errors and capture output
# "Error ...", we use a plone.recipe.command to check that this command did
# not fail.
# This command will always fail on first buildout run, because
# collective.recipe.shelloutput is evaluated at buildout recipes __init__ step,
# but the key file is created later at install step.
recipe = plone.recipe.command
stop-on-error = true
command = echo "$${:_fingerprint}" | ( grep ^Error || exit 0 && exit 1 )
recipe = slapos.recipe.build
init =
import os
import subprocess
from six.moves.urllib.parse import quote
keyfile = self.buildout['runner-sshd-ssh-host-ecdsa-key']['output']
if os.path.isfile(keyfile):
x = subprocess.check_output(('${openssh-output:keygen}', '-lf', keyfile))
x = x.split()[1]
assert x.startswith(b'SHA256:'), x
# format is host-key-alg-fingerprint, but we know that
# $${runner-sshd-ssh-host-ecdsa-key:output} is rsa so for host-key-alg
# we just use use rsa.
options['fingerprint'] = "ssh-rsa-" + quote(x[7:], safe='')
else:
# This command will always fail on first buildout run, because it is
# evaluated at buildout recipes __init__ step, but the key file is created
# later at install step.
options['fingerprint'] = "NotReady"
#---------------------------
#--
......
......@@ -150,7 +150,6 @@ eggs =
erp5.util
lock-file
plone.recipe.command
collective.recipe.shelloutput
slapos.recipe.build
slapos.toolbox[flask_auth]
gunicorn
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment