cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

SSHFP records are also generated for CNAMES of hosts.

This commit is contained in:
Joey Hess 2015-01-04 21:26:21 -04:00
parent 0794dfbd7c
commit 4c2c2785c8
2 changed files with 36 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
debian/changelog vendored
View File

@ -1,3 +1,9 @@
propellor (1.3.2) UNRELEASED; urgency=medium
* SSHFP records are also generated for CNAMES of hosts.
-- Joey Hess <id@joeyh.name> Sun, 04 Jan 2015 21:25:42 -0400
propellor (1.3.1) unstable; urgency=medium propellor (1.3.1) unstable; urgency=medium
* Fix bug that prevented deploying ssh host keys when the file for the * Fix bug that prevented deploying ssh host keys when the file for the

56
src/Propellor/Property/Dns.hs
View File

@ -80,7 +80,7 @@ setupPrimary zonefile mknamedconffile hosts domain soa rs =
baseprop = Property ("dns primary for " ++ domain) satisfy baseprop = Property ("dns primary for " ++ domain) satisfy
(addNamedConf conf) (addNamedConf conf)
satisfy = do satisfy = do
sshfps <- concat <$> mapM genSSHFP indomain sshfps <- concat <$> mapM (genSSHFP domain) (M.elems hostmap)
let zone = partialzone let zone = partialzone
{ zHosts = zHosts partialzone ++ rs ++ sshfps } { zHosts = zHosts partialzone ++ rs ++ sshfps }
ifM (liftIO $ needupdate zone) ifM (liftIO $ needupdate zone)
@ -417,31 +417,6 @@ com s = "; " ++ s
type WarningMessage = String type WarningMessage = String
-- | Generates SSHFP records for hosts that have configured
-- ssh public keys.
--
-- This is done using ssh-keygen, so sadly needs IO.
genSSHFP :: Host -> Propellor [(BindDomain, Record)]
genSSHFP h = map (\r -> (AbsDomain hostname, r)) . concat <$> (gen =<< get)
where
hostname = hostName h
get = fromHost [h] hostname Ssh.getPubKey
gen = liftIO . mapM genSSHFP' . M.elems . fromMaybe M.empty
genSSHFP' :: String -> IO [Record]
genSSHFP' pubkey = withTmpFile "sshfp" $ \tmp tmph -> do
hPutStrLn tmph pubkey
hClose tmph
s <- catchDefaultIO "" $
readProcess "ssh-keygen" ["-r", "dummy", "-f", tmp]
return $ mapMaybe (parse . words) $ lines s
where
parse ("dummy":"IN":"SSHFP":x:y:s:[]) = do
x' <- readish x
y' <- readish y
return $ SSHFP x' y' s
parse _ = Nothing
-- | Generates a Zone for a particular Domain from the DNS properies of all -- | Generates a Zone for a particular Domain from the DNS properies of all
-- hosts that propellor knows about that are in that Domain. -- hosts that propellor knows about that are in that Domain.
-- --
@ -534,3 +509,32 @@ addNamedConf conf = mempty { _namedconf = NamedConfMap (M.singleton domain conf)
getNamedConf :: Propellor (M.Map Domain NamedConf) getNamedConf :: Propellor (M.Map Domain NamedConf)
getNamedConf = asks $ fromNamedConfMap . _namedconf . hostInfo getNamedConf = asks $ fromNamedConfMap . _namedconf . hostInfo
-- | Generates SSHFP records for hosts in the domain (or with CNAMES
-- in the domain) that have configured ssh public keys.
--
-- This is done using ssh-keygen, so sadly needs IO.
genSSHFP :: Domain -> Host -> Propellor [(BindDomain, Record)]
genSSHFP domain h = concatMap mk . concat <$> (gen =<< get)
where
get = fromHost [h] hostname Ssh.getPubKey
gen = liftIO . mapM genSSHFP' . M.elems . fromMaybe M.empty
mk r = mapMaybe (\d -> if inDomain domain d then Just (d, r) else Nothing)
(AbsDomain hostname : cnames)
cnames = mapMaybe getCNAME $ S.toList $ _dns info
hostname = hostName h
info = hostInfo h
genSSHFP' :: String -> IO [Record]
genSSHFP' pubkey = withTmpFile "sshfp" $ \tmp tmph -> do
hPutStrLn tmph pubkey
hClose tmph
s <- catchDefaultIO "" $
readProcess "ssh-keygen" ["-r", "dummy", "-f", tmp]
return $ mapMaybe (parse . words) $ lines s
where
parse ("dummy":"IN":"SSHFP":x:y:s:[]) = do
x' <- readish x
y' <- readish y
return $ SSHFP x' y' s
parse _ = Nothing