From 5b8666dbf67310738008207982bbd3a3668a35c2 Mon Sep 17 00:00:00 2001 From: Mukta Date: Mon, 22 Apr 2013 21:10:27 +0530 Subject: [PATCH 01/41] add the option --ssh-cert to accept the x509 certificate --- lib/chef/knife/azure_server_create.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/chef/knife/azure_server_create.rb b/lib/chef/knife/azure_server_create.rb index ac534a6..def1b42 100755 --- a/lib/chef/knife/azure_server_create.rb +++ b/lib/chef/knife/azure_server_create.rb @@ -157,6 +157,11 @@ class Chef :long => "--udp-endpoints PORT_LIST", :description => "Comma separated list of UDP local and public ports to open i.e. '80:80,433:5000'" + option :ssh_cert, + :long => "--ssh-cert FILENAME", + :description => "SSH Certificate in X509 format", + :proc => Proc.new { |key| Chef::Config[:knife][:ssh_cert] = key } + def strip_non_ascii(string) string.gsub(/[^0-9a-z ]/i, '') From 9255db78de5f2c64be90dc2fe95a53cf6863c541 Mon Sep 17 00:00:00 2001 From: Mukta Date: Tue, 23 Apr 2013 02:11:25 +0530 Subject: [PATCH 02/41] ssh key support for linux --- lib/azure/role.rb | 16 ++++++++++++++++ lib/chef/knife/azure_server_create.rb | 8 +++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/lib/azure/role.rb b/lib/azure/role.rb index f6638fe..e48541e 100755 --- a/lib/azure/role.rb +++ b/lib/azure/role.rb @@ -144,6 +144,22 @@ class Azure xml.UserName params[:ssh_user] xml.UserPassword params[:ssh_password] xml.DisableSshPasswordAuthentication 'false' + #if params[:ssh_cert_fingerprint] != nil + xml.SSH { + xml.PublicKeys { + xml.PublicKey { + xml.FingerPrint params[:ssh_cert_fingerprint] + xml.Path '/home/user/.ssh/authorized_keys' + } + } + xml.KeyPairs { + xml.KeyPair { + xml.FingerPrint params[:ssh_cert_fingerprint] + xml.Path '/home/user/.ssh/authorized_keys' + } + } + } + } elsif params[:os_type] == 'Windows' xml.ConfigurationSet('i:type' => 'WindowsProvisioningConfigurationSet') { diff --git a/lib/chef/knife/azure_server_create.rb b/lib/chef/knife/azure_server_create.rb index def1b42..abdd483 100755 --- a/lib/chef/knife/azure_server_create.rb +++ b/lib/chef/knife/azure_server_create.rb @@ -162,6 +162,11 @@ class Chef :description => "SSH Certificate in X509 format", :proc => Proc.new { |key| Chef::Config[:knife][:ssh_cert] = key } + option :ssh_cert_fingerprint, + :long => "--ssh-cert-fingerprint FILENAME", + :description => "SSH Certificate fingerprint", + :proc => Proc.new { |key| Chef::Config[:knife][:ssh_cert] = key } + def strip_non_ascii(string) string.gsub(/[^0-9a-z ]/i, '') @@ -422,7 +427,8 @@ class Chef :role_size => locate_config_value(:role_size), :tcp_endpoints => locate_config_value(:tcp_endpoints), :udp_endpoints => locate_config_value(:udp_endpoints), - :bootstrap_proto => locate_config_value(:bootstrap_protocol) + :bootstrap_proto => locate_config_value(:bootstrap_protocol), + :ssh_cert_fingerprint => locate_config_value(:ssh_cert_fingerprint) } if is_image_windows? From 0db9a5b8dbbefae1c6679803f279bf832f6be7f6 Mon Sep 17 00:00:00 2001 From: Mukta Date: Tue, 23 Apr 2013 07:27:51 +0530 Subject: [PATCH 03/41] ssh key support for linux: intermediate code --- lib/azure/role.rb | 22 +++++++++++++++++----- lib/chef/knife/azure_server_create.rb | 8 +------- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/lib/azure/role.rb b/lib/azure/role.rb index e48541e..44e7eaa 100755 --- a/lib/azure/role.rb +++ b/lib/azure/role.rb @@ -144,18 +144,20 @@ class Azure xml.UserName params[:ssh_user] xml.UserPassword params[:ssh_password] xml.DisableSshPasswordAuthentication 'false' - #if params[:ssh_cert_fingerprint] != nil + #if params[:ssh_cert] != nil xml.SSH { xml.PublicKeys { xml.PublicKey { - xml.FingerPrint params[:ssh_cert_fingerprint] - xml.Path '/home/user/.ssh/authorized_keys' + xml.FingerPrint generateFingerPrint params[:ssh_cert] + #xml.FingerPrint '512ddff04123ea907db8c5e7442dde0161e090f9' + xml.Path '/home/' + params[:ssh_user] + '/.ssh/authorized_keys' } } xml.KeyPairs { xml.KeyPair { - xml.FingerPrint params[:ssh_cert_fingerprint] - xml.Path '/home/user/.ssh/authorized_keys' + xml.FingerPrint generateFingerPrint params[:ssh_cert] + #xml.FingerPrint '512ddff04123ea907db8c5e7442dde0161e090f9' + xml.Path '/home/' + params[:ssh_user] + '/.ssh/authorized_keys' } } } @@ -239,5 +241,15 @@ class Azure "/#{params['deploy_name']}/roles" @connection.query_azure(servicecall, "post", roleXML.to_xml) end + def generateFingerPrint ssh_cert + # TODO + puts ssh_cert + newcert = File.read('azureCert.pem') + puts newcert + newcert["-----BEGIN CERTIFICATE-----\n"] = "" + newcert["-----END CERTIFICATE-----\n"] = "" + sha1 = OpenSSL::Digest::SHA1.new(newcert) + sha1 + end end end diff --git a/lib/chef/knife/azure_server_create.rb b/lib/chef/knife/azure_server_create.rb index abdd483..a801d1a 100755 --- a/lib/chef/knife/azure_server_create.rb +++ b/lib/chef/knife/azure_server_create.rb @@ -162,12 +162,6 @@ class Chef :description => "SSH Certificate in X509 format", :proc => Proc.new { |key| Chef::Config[:knife][:ssh_cert] = key } - option :ssh_cert_fingerprint, - :long => "--ssh-cert-fingerprint FILENAME", - :description => "SSH Certificate fingerprint", - :proc => Proc.new { |key| Chef::Config[:knife][:ssh_cert] = key } - - def strip_non_ascii(string) string.gsub(/[^0-9a-z ]/i, '') end @@ -428,7 +422,7 @@ class Chef :tcp_endpoints => locate_config_value(:tcp_endpoints), :udp_endpoints => locate_config_value(:udp_endpoints), :bootstrap_proto => locate_config_value(:bootstrap_protocol), - :ssh_cert_fingerprint => locate_config_value(:ssh_cert_fingerprint) + :ssh_cert => locate_config_value(:ssh_cert) } if is_image_windows? From 3522d65cf55285c9108d31a52af8b04df1581af1 Mon Sep 17 00:00:00 2001 From: Mukta Date: Fri, 26 Apr 2013 11:56:12 +0530 Subject: [PATCH 04/41] clean up hosted service while deleting server --- lib/chef/knife/azure_server_delete.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/chef/knife/azure_server_delete.rb b/lib/chef/knife/azure_server_delete.rb index 1f1c109..cb24020 100755 --- a/lib/chef/knife/azure_server_delete.rb +++ b/lib/chef/knife/azure_server_delete.rb @@ -88,6 +88,7 @@ class Chef puts "\n" confirm("Do you really want to delete this server") + connection.hosts.delete(server.hostedservicename) connection.roles.delete(name, params = { :purge_os_disk => locate_config_value(:purge_os_disk) }) puts "\n" From 1065c404f5bb20e4438e6dc0f9fcba15a23ac78f Mon Sep 17 00:00:00 2001 From: Mukta Date: Fri, 26 Apr 2013 12:38:22 +0530 Subject: [PATCH 05/41] added rspec tests for server delete --- spec/unit/azure_server_delete_spec.rb | 46 +++++++++++++++++++++++++++ spec/unit/query_azure_mock.rb | 18 ++++++++--- 2 files changed, 60 insertions(+), 4 deletions(-) create mode 100644 spec/unit/azure_server_delete_spec.rb diff --git a/spec/unit/azure_server_delete_spec.rb b/spec/unit/azure_server_delete_spec.rb new file mode 100644 index 0000000..aed596a --- /dev/null +++ b/spec/unit/azure_server_delete_spec.rb @@ -0,0 +1,46 @@ +require File.expand_path(File.dirname(__FILE__) + '/../spec_helper') +require File.expand_path(File.dirname(__FILE__) + '/../unit/query_azure_mock') + +describe Chef::Knife::AzureServerDelete do +include AzureSpecHelper +include QueryAzureMock + +before do + @server_instance = Chef::Knife::AzureServerDelete.new + + { + :azure_subscription_id => 'azure_subscription_id', + :azure_mgmt_cert => 'AzureLinuxCert.pem', + :azure_host_name => 'preview.core.windows-int.net', + :role_name => 'vm01', + :service_location => 'service_location', + :source_image => 'source_image', + :role_size => 'role_size', + :hosted_service_name => 'service001', + :storage_account => 'ka001testeurope' + }.each do |key, value| + Chef::Config[:knife][key] = value + end + + stub_query_azure (@server_instance.connection) + @server_instance.name_args = ['vm01'] + @server_instance.stub(:confirm).and_return(:true) + + @server_instance.stub(:puts) + @server_instance.stub(:print) + @server_instance.ui.stub(:warn) +end + +it "server delete test" do + @server_instance.ui.should_receive(:warn).twice + @server_instance.connection.roles.should_receive(:delete) + @server_instance.ui.should_not_receive(:error) + @server_instance.run +end + +it "hosted service clean up test" do + @server_instance.connection.hosts.should_receive(:delete) + @server_instance.run +end + +end \ No newline at end of file diff --git a/spec/unit/query_azure_mock.rb b/spec/unit/query_azure_mock.rb index 72c9280..d35be13 100755 --- a/spec/unit/query_azure_mock.rb +++ b/spec/unit/query_azure_mock.rb @@ -1,6 +1,14 @@ - module QueryAzureMock def setup_query_azure_mock + create_connection + stub_query_azure (@connection) + end + + def create_connection + @connection = Azure::Connection.new(TEST_PARAMS) + end + + def stub_query_azure (connection) @getname = '' @getverb = '' @getbody = '' @@ -15,8 +23,7 @@ module QueryAzureMock @deletecount = 0 @receivedXML = Nokogiri::XML '' - @connection = Azure::Connection.new(TEST_PARAMS) - @connection.stub(:query_azure) do |name, verb, body| + connection.stub(:query_azure) do |name, verb, body| Chef::Log.info 'calling web service:' + name if verb == 'get' || verb == nil retval = '' @@ -50,6 +57,9 @@ module QueryAzureMock elsif name == 'hostedservices/service001/deployments/deployment001/roles' retval = Nokogiri::XML readFile('post_success.xml') @receivedXML = body + elsif name =~ /hostedservices\/vm01.*\/deployments/ + retval = Nokogiri::XML readFile('post_success.xml') + @receivedXML = body else Chef::Log.warn 'unknown post value:' + name end @@ -68,4 +78,4 @@ module QueryAzureMock end end -end +end \ No newline at end of file From 385ab13c2d9bef690dbd1d8b2b89c2dbab249f75 Mon Sep 17 00:00:00 2001 From: Mukta Date: Mon, 29 Apr 2013 14:57:33 +0530 Subject: [PATCH 06/41] hosted service cleanup while deleting server --- lib/azure/role.rb | 12 ++++++++++++ lib/chef/knife/azure_server_delete.rb | 6 +++++- spec/unit/azure_server_delete_spec.rb | 10 +++++++++- 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/lib/azure/role.rb b/lib/azure/role.rb index f6638fe..3b9c338 100755 --- a/lib/azure/role.rb +++ b/lib/azure/role.rb @@ -82,6 +82,18 @@ class Azure end end end + def find_roles_with_hostedservice(hostedservicename) + if @roles == nil + all + end + return_roles = Array.new + @roles.each do |role| + if(role.hostedservicename == hostedservicename) + return_roles << role + end + end + return_roles + end end class Role include AzureUtility diff --git a/lib/chef/knife/azure_server_delete.rb b/lib/chef/knife/azure_server_delete.rb index cb24020..2ecf650 100755 --- a/lib/chef/knife/azure_server_delete.rb +++ b/lib/chef/knife/azure_server_delete.rb @@ -88,7 +88,11 @@ class Chef puts "\n" confirm("Do you really want to delete this server") - connection.hosts.delete(server.hostedservicename) + roles_using_same_service = connection.roles.find_roles_with_hostedservice(server.hostedservicename) + if roles_using_same_service.size <= 1 + ui.warn("Deleting service #{server.hostedservicename}") + connection.hosts.delete(server.hostedservicename) + end connection.roles.delete(name, params = { :purge_os_disk => locate_config_value(:purge_os_disk) }) puts "\n" diff --git a/spec/unit/azure_server_delete_spec.rb b/spec/unit/azure_server_delete_spec.rb index aed596a..dcbf58d 100644 --- a/spec/unit/azure_server_delete_spec.rb +++ b/spec/unit/azure_server_delete_spec.rb @@ -32,15 +32,23 @@ before do end it "server delete test" do - @server_instance.ui.should_receive(:warn).twice + @server_instance.ui.should_receive(:warn).exactly(3).times @server_instance.connection.roles.should_receive(:delete) @server_instance.ui.should_not_receive(:error) @server_instance.run end it "hosted service clean up test" do + @server_instance.ui.should_receive(:warn).exactly(3).times @server_instance.connection.hosts.should_receive(:delete) @server_instance.run end +it "test hosted service cleanup with shared service" do + @server_instance.name_args = ['role001'] + @server_instance.ui.should_receive(:warn).twice + @server_instance.connection.hosts.should_not_receive(:delete) + @server_instance.run +end + end \ No newline at end of file From c87762e796e21c1cfb3c276d1074ed594de223f8 Mon Sep 17 00:00:00 2001 From: Mukta Date: Mon, 6 May 2013 22:12:59 +0530 Subject: [PATCH 07/41] adding support for linux ssh keys --- azurePrivateKey.key | 28 ++++++++++++++ gensshkey.sh | 25 +++++++++++++ getfingerprint.rb | 18 +++++++++ key_play/passphrase | 1 + key_play/server.crt | 15 ++++++++ key_play/server.csr | 12 ++++++ key_play/server.key | 18 +++++++++ lib/azure/role.rb | 51 ++++++++++++++++++-------- lib/chef/knife/azure_server_create.rb | 16 +++++--- myCert.cer | Bin 0 -> 1017 bytes myPrivateKey.key | 28 ++++++++++++++ 11 files changed, 192 insertions(+), 20 deletions(-) create mode 100644 azurePrivateKey.key create mode 100755 gensshkey.sh create mode 100644 getfingerprint.rb create mode 100644 key_play/passphrase create mode 100644 key_play/server.crt create mode 100644 key_play/server.csr create mode 100644 key_play/server.key create mode 100644 myCert.cer create mode 100644 myPrivateKey.key diff --git a/azurePrivateKey.key b/azurePrivateKey.key new file mode 100644 index 0000000..dcbae67 --- /dev/null +++ b/azurePrivateKey.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDMkKCgtEt93GB6 +hgaPtA+Mz217BJuA2Z6unPt09tAwgy5zQtVDFrb4XWqMjvn033IEwB/nc8HjoDsp +c9CD2MwL3lI6refN8gPLJDg89858YdXw7O+o3FHyAFZWlkeKLvklOgn+TbYKoHQp +UeC7PnV+DjTuBtm3n4hDF0yTvXaK87eGhqXQPvesc8N0/lEvyy2f+1tkQAW39R+Z +NmQXKr1PFUcHrhsUG0ZAh/gO8MZHx0uwZM6tisQuD6aMe+oJRj9PqSykzKVmgn0G +TXkWxQKueoHu98q1N9UYccKx8VZG99zk2wnBC5sq64HeAlR3sPDAYLlk4/i5+QEd +58TXsLHRAgMBAAECggEAQ6fVqDDZAuBe/EbVZrOrrOtxjw0gDQZsZ929gJqckl7g +fvhspgqeKxhiQ+iJnMZF5HJSWu87AfideIE4RlLucUJvOb8IemF/hbEN9IQUw6hr +5InIXbW4WGxqIasEMByHBBvk8DltaqhUotHUnLj0jONP+CVF3mgh3eaXygkQarXG +gMJORgIHaFV3gEN7XXhbJbUQmAH9ZZfif7vxBvWyYteD0MVLvZWRpNF68bfLMRIu +cpLa+q3uvTgs2c1BewAZA82V91TBOIBkB4qTz4vbV0a8Na0yCXYfisX2dUd5iIoD +3DKPYLQVHt1RrghMELeJGlgjk/wqjNB4b6E5KIP40QKBgQD2v9IM6ZqEsAv5L75k +AUxJaea8HTG7+VgV9pA8m2LdKZTfndE/AXeCv+YKugs4Fz9dj0USrmNOX2gdTLOw +srhgYKRlLiXA2XPYb2flwyrhcRO/bAfu7ohSA7XWipKJL4cJJAQtNnVCGH41bWcy +gRL5cQWI4Iow9vrrpcNyemJGZQKBgQDUO/Evvs0DtjQJdjGs2TmE4pxfWDjNZKWc +eOR7nQIHL9BI5BR7kV3LJr0eUha8oaOVxn7sWA4uFwtKJ+lBbO3MXkIFZoiOVzRQ +MKGfocs0iYV5XLBLwj4p0NzuWQYdoSkVWSKY/fZED6Vt2T0O44ABCyVPMzmc8pcI +A/x8fCqg/QKBgBgS2vF7kSHE80YajF7Baan39RUBXCrUxu1NowDmwByHxAiVIycc +g4Z0JoOBZzrPudTs93Y9IV8yG7xQEW/539c3VpKwj+pizNSe+eoGwpZALAcPCS8c +gpxN1F3cIzPTOT+BDg9DMumB7j5UMC9TPICtsDaMga8JSa3X/Fuc6R2pAoGAMvCY +OS+Aoa1v2/2EespApgaGJdRU/ed0YJQbsxfCTttJENW9nNMNQh9wMQDe+DOLwf08 +pZmU/bcGPKxLrippAS52hjlP+Wow4jZp9Jiu31NKuBBpOCXNKdg5zvOLJj1yUO9u +AG6kVz2yJSWJJDOym42DTPkskOEhIwlh5rcevDkCgYA3/H4GGTqlu6RfwzlAqoGO +Kxm7DHWjXuaAwhfTs1MksfOQ1ptqXAXjigpv523UWbZ1eDj2c0jCJQf2KAyXSGUp +f2jOS9EcO/0D0Jf+hXvc0jH7qrijy7AcQrGykqdKCgpC7K74ULrfJomD3V8NDDle +otoRmoCKG59ibyYUNnzgpw== +-----END PRIVATE KEY----- diff --git a/gensshkey.sh b/gensshkey.sh new file mode 100755 index 0000000..36b1149 --- /dev/null +++ b/gensshkey.sh @@ -0,0 +1,25 @@ +#!/bin/bash +REQUIRED_ARGS=1 +E_NOT_ENOUGH_ARGS=65 + +#first argument will be used as the key prefix +#second argument is optional and if given will be used as a pass #phrase for DES3 protection of the private key +case $# in + 1) + openssl req -x509 -days 365 -newkey rsa:2048 -keyout $1sshpvt.pem -out $1pub.pem -nodes + openssl rsa -in $1sshpvt.pem -out $1pvt.pem + ;; + 2) + openssl req -x509 -days 365 -newkey rsa:2048 -keyout $1sshpvt.pem -out $1pub.pem -passout pass:$2 + openssl rsa -in $1sshpvt.pem -passin pass:$2 -out $1pvt.pem -des3 -passout pass:$2 + ;; + + *) + echo "Usage for unprotected private key: gensshkey.sh " + echo "Example: gensshkey.sh \"db\"" + echo "Usage for password protected private key: gensshkey.sh " + echo "Example: gensshkey.sh db pass@word1" + exit $E_NOT_ENOUGH_ARGS + ;; +esac +echo "generated $1sshpvt.pem, $1pub.pem and $1pvt.pem" diff --git a/getfingerprint.rb b/getfingerprint.rb new file mode 100644 index 0000000..e0b203e --- /dev/null +++ b/getfingerprint.rb @@ -0,0 +1,18 @@ +require 'openssl' + +certificate = +OpenSSL::X509::Certificate.new(File.read('myCert.cer')) +mycert = certificate.to_pem + + + +mycert["-----BEGIN CERTIFICATE-----\n"] = "" +mycert["-----END CERTIFICATE-----\n"] = "" + + +newcert = File.read('azureCert.pem') +puts newcert +newcert["-----BEGIN CERTIFICATE-----\n"] = "" +newcert["-----END CERTIFICATE-----\n"] = "" +sha1 = OpenSSL::Digest::SHA1.new(newcert) +puts sha1 diff --git a/key_play/passphrase b/key_play/passphrase new file mode 100644 index 0000000..5271a52 --- /dev/null +++ b/key_play/passphrase @@ -0,0 +1 @@ +test123 diff --git a/key_play/server.crt b/key_play/server.crt new file mode 100644 index 0000000..4ddf703 --- /dev/null +++ b/key_play/server.crt @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICSTCCAbICCQDcSjX6siOCkjANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJJ +TjEMMAoGA1UECAwDTWFoMQ0wCwYDVQQHDARQdW5lMQwwCgYDVQQKDANDbG8xDDAK +BgNVBAsMA0RldjENMAsGA1UEAwwEVGVzdDESMBAGCSqGSIb3DQEJARYDbXVrMB4X +DTEzMDQzMDAwNTY0NloXDTE0MDQzMDAwNTY0NlowaTELMAkGA1UEBhMCSU4xDDAK +BgNVBAgMA01haDENMAsGA1UEBwwEUHVuZTEMMAoGA1UECgwDQ2xvMQwwCgYDVQQL +DANEZXYxDTALBgNVBAMMBFRlc3QxEjAQBgkqhkiG9w0BCQEWA211azCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAs3P69EikFbMEzfUanju3SP6v5aTY7GrOQb2a +P7f3C8o2KJsJSCoUWLnHjyRmqSgNNGn9kWli+2ZUYKrlWxuU1BIRE3BbWYkBddSw +CBAAEF1gMGohf2+9kXo7hMYI/1b5CWcdiFGwNDenDj0fQxluddzu5HB19tvexUJa +Oa8Mhh8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCCxeNQy/H7SOVjf8OchWKKlTFJ +Ws+lb2w1zdN8z9HXVuHuY6thYHsqd5nye8ceKLhU3ccTH+4aXGsSOb8yiIZOdoFZ +jDFBpBB4ZryT0uDfmMs46NkQupWER4xIPO6v9/Ve0zuDO41Cw+jy6rK02m5YTx50 +x4NLIUmt/tDDLYu7UQ== +-----END CERTIFICATE----- diff --git a/key_play/server.csr b/key_play/server.csr new file mode 100644 index 0000000..cab9da4 --- /dev/null +++ b/key_play/server.csr @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBwTCCASoCAQAwaTELMAkGA1UEBhMCSU4xDDAKBgNVBAgMA01haDENMAsGA1UE +BwwEUHVuZTEMMAoGA1UECgwDQ2xvMQwwCgYDVQQLDANEZXYxDTALBgNVBAMMBFRl +c3QxEjAQBgkqhkiG9w0BCQEWA211azCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAs3P69EikFbMEzfUanju3SP6v5aTY7GrOQb2aP7f3C8o2KJsJSCoUWLnHjyRm +qSgNNGn9kWli+2ZUYKrlWxuU1BIRE3BbWYkBddSwCBAAEF1gMGohf2+9kXo7hMYI +/1b5CWcdiFGwNDenDj0fQxluddzu5HB19tvexUJaOa8Mhh8CAwEAAaAYMBYGCSqG +SIb3DQEJBzEJDAd0ZXN0MTIzMA0GCSqGSIb3DQEBBQUAA4GBAGnUcLFiXEXHwXJe +E0nmJNBrl09Iu3uUNnavjTuVcy49hQOCcUKgw3S3yy4Rlc90xbgsyIvLF8/uor47 +IbDMFbZMlO5YW40KtD9dSlTCGmzMyoCLqSEoFuO2ynQ9EwuHFe6yCzYCrN3Z8W7i +CX5lwF8GCBObjNNOeTdP8AzpnMTZ +-----END CERTIFICATE REQUEST----- diff --git a/key_play/server.key b/key_play/server.key new file mode 100644 index 0000000..82b418b --- /dev/null +++ b/key_play/server.key @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,02BF23AF80F95373 + +bB/LJj+5nd9E12ZoswZoIT5DXDvFzCAsk+fk3GAgDHV/7BwEdRZQyqsu9CIKw++C +XNIh9P5qjZzgq5Rv/rmQ6MJU8mz9jjr4DSQawEElXbQrlHURAUGL6rfZXhEKcI/r ++JPqo8Mm9h67AHRmREpqxv0AumVg+ReKQjxrfaPlgPfLM/fGu96aIl7jEaXhFqTd +awRjmMcNsJw5bquWmlEQzIgmBan6jcqLa6eXSZTvKwk9cH9hHLJTkmlZgXVEifUQ +8TKhagJcB9NtfF3WIEFwh+2n4yKI25vYXpJIyxwCLdmZSbCCSiRPQ+ayECG5ATXz +yPdyzNcyKlZuuOye8wf5qdmVQOwIDkM8xp3UziV5slupniOuEFF4uPHwBjW0moKA +O0jfmRrIX2VboOK2s26BrRsFqQZnZSbcqKs1Khprj9Nb5D10kS2dgdGo7XT5ytOq +vZA9YqDo7W/7ksDxT2sR1ysOfrozTacCxL3sQ8Gbf8ByTW+IoeQjeq/21NmLV4c4 +g8HsWpXX8PDhrbrno11+BnQcBAlpIYU96qGGSVQOcuZUEUNQk8vi6dnDT681LPAm +y9c8i8O0QqpNNY+qID+5EEVxoQVgA+VauD3LPcfaTV/62gQMwWrnbVc3vVRSE02F ++4mjj+KtIztnmkkE1dnX2IhCk/lxWd2BVLd7LQe9SPM8adGcIP/8C0+CoscnHYoG +mYp4TPoXtHgFhQOHPkiYv0EPDFKOi3jdzSfoTvTfSkwhZAmUPaap8VyAZ4eYq+9b +hSMavTmnA0pvMhfr4fSCvbeNuq4UokxI7Rzr7D8tOVSzap68mybxVg== +-----END RSA PRIVATE KEY----- diff --git a/lib/azure/role.rb b/lib/azure/role.rb index 44e7eaa..f4c1b8a 100755 --- a/lib/azure/role.rb +++ b/lib/azure/role.rb @@ -143,25 +143,29 @@ class Azure xml.HostName params[:host_name] xml.UserName params[:ssh_user] xml.UserPassword params[:ssh_password] - xml.DisableSshPasswordAuthentication 'false' - #if params[:ssh_cert] != nil + if params[:ssh_key].nil? + xml.DisableSshPasswordAuthentication 'false' + else + xml.DisableSshPasswordAuthentication 'true' + end + if !params[:ssh_key].nil? xml.SSH { xml.PublicKeys { xml.PublicKey { - xml.FingerPrint generateFingerPrint params[:ssh_cert] - #xml.FingerPrint '512ddff04123ea907db8c5e7442dde0161e090f9' + xml.FingerPrint generateFingerPrint (params[:ssh_key]) + #xml.FingerPrint 'a4a7af56c1d71fb45c8968f78e3ee90a2639260e' xml.Path '/home/' + params[:ssh_user] + '/.ssh/authorized_keys' } } xml.KeyPairs { xml.KeyPair { - xml.FingerPrint generateFingerPrint params[:ssh_cert] - #xml.FingerPrint '512ddff04123ea907db8c5e7442dde0161e090f9' + xml.FingerPrint generateFingerPrint (params[:ssh_key]) + #xml.FingerPrint 'a4a7af56c1d71fb45c8968f78e3ee90a2639260e' xml.Path '/home/' + params[:ssh_user] + '/.ssh/authorized_keys' } } } - + end } elsif params[:os_type] == 'Windows' xml.ConfigurationSet('i:type' => 'WindowsProvisioningConfigurationSet') { @@ -241,15 +245,32 @@ class Azure "/#{params['deploy_name']}/roles" @connection.query_azure(servicecall, "post", roleXML.to_xml) end - def generateFingerPrint ssh_cert - # TODO - puts ssh_cert - newcert = File.read('azureCert.pem') - puts newcert - newcert["-----BEGIN CERTIFICATE-----\n"] = "" - newcert["-----END CERTIFICATE-----\n"] = "" - sha1 = OpenSSL::Digest::SHA1.new(newcert) + def generateFingerPrint (params) + key = OpenSSL::PKey::RSA.new(File.read(params[:ssh_key]), params[:ssh_key_passphrase]) + ca = OpenSSL::X509::Certificate.new + ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate + ca.serial = Random.rand(100) + ca.subject = OpenSSL::X509::Name.parse "/DC=org/DC=ruby-lang/CN=Ruby CA" + ca.issuer = ca.subject # root CA's are "self-signed" + ca.public_key = key.public_key + ca.not_before = Time.now + ca.not_after = ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity + ef = OpenSSL::X509::ExtensionFactory.new + ef.subject_certificate = ca + ef.issuer_certificate = ca + ca.add_extension(ef.create_extension("basicConstraints","CA:TRUE",true)) + ca.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true)) + ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false)) + ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false)) + ca.sign(key, OpenSSL::Digest::SHA256.new) + + cert = ca.to_pem + cert["-----BEGIN CERTIFICATE-----\n"] = "" + cert["-----END CERTIFICATE-----\n"] = "" + + sha1 = OpenSSL::Digest::SHA1.new(Base64.encode64(cert)) sha1 + end end end diff --git a/lib/chef/knife/azure_server_create.rb b/lib/chef/knife/azure_server_create.rb index a801d1a..011afe0 100755 --- a/lib/chef/knife/azure_server_create.rb +++ b/lib/chef/knife/azure_server_create.rb @@ -157,10 +157,15 @@ class Chef :long => "--udp-endpoints PORT_LIST", :description => "Comma separated list of UDP local and public ports to open i.e. '80:80,433:5000'" - option :ssh_cert, - :long => "--ssh-cert FILENAME", - :description => "SSH Certificate in X509 format", - :proc => Proc.new { |key| Chef::Config[:knife][:ssh_cert] = key } + option :ssh_key, + :long => "--ssh-key FILENAME", + :description => "SSH key", + :proc => Proc.new { |key| Chef::Config[:knife][:ssh_key] = key } + + option :ssh_key_passphrase, + :long => "--ssh-key-passphrase PASSWORD", + :description => "SSH key passphrase", + :proc => Proc.new { |pp| Chef::Config[:knife][:ssh_key_passphrase] = pp } def strip_non_ascii(string) string.gsub(/[^0-9a-z ]/i, '') @@ -422,7 +427,8 @@ class Chef :tcp_endpoints => locate_config_value(:tcp_endpoints), :udp_endpoints => locate_config_value(:udp_endpoints), :bootstrap_proto => locate_config_value(:bootstrap_protocol), - :ssh_cert => locate_config_value(:ssh_cert) + :ssh_key => locate_config_value(:ssh_key), + :ssh_key_passphrase => locate_config_value(:ssh_key_passphrase) } if is_image_windows? diff --git a/myCert.cer b/myCert.cer new file mode 100644 index 0000000000000000000000000000000000000000..b97e70a9677b9e67c8ab47792118103471cdfb63 GIT binary patch literal 1017 zcmXqLV*YB-#B_H7GZP~d6DLE*mcSsZ@~nCTUN%mxHjlRNyo`*jtPBQ?6AZZxIN6v( zS=fY`JpBws41_=&4jyjb#EitE#Nv#SqC`Vp18$HgI}b}hXNi8!JHV_2yn0dH-OS4N79ji)0GKxv$f~52k3o;UO zQXP^Z=IABo=Nia~^BNi(m>3xu85@`xn??b-CP>`D=;S6wCFFo*WMyD(V&rEqXkz4I zYGPz$xSq$s>>=Iq?8BS=cT=BCnb6F*|HyMeoeAv?E<9PzJz@seyt4c?e%;Q9D%lhw zTl?NOK``mliO4HK0(RS#^7c)fd9UZ5$(s%4^FDX-vGzt}ef=r)e1d+&6o-8AUo*d) zGgnz%7kgLwg33ic>7?pMy^;^sO*DMcz$@RSd`=-KVAol_2T>=Um!*2-oaSM&Juf-+ zlIPdDyUS;b+s{+C-*V`xHAD2;Wxamlps%^8aU-9(MWr zeD)+Y^_xrfu`jl;_X zjR)KAebK4DcJHv|_X+U~JphoHbJqX> literal 0 HcmV?d00001 diff --git a/myPrivateKey.key b/myPrivateKey.key new file mode 100644 index 0000000..99179ed --- /dev/null +++ b/myPrivateKey.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDXbggDSBuE5vDs +v91l5JSQgwG/xOcRLJCHgEQMakOMFjDWSmpPKPrbaFp0slQdfe9NYBFi8shZ1FIQ +Prcibr6Rmd6M3jTssDee84kOBY1YavX5EueQL1iUQG8X+pn0zjckq35d3RvQJNEO +G2J74o0Z4K6RMeSADR+KI84gUlC6zS7gWsjndmVIbMsMAj3PGZXSSfV+3aebFz+e +Jz+0wtU7AFutpo1OF1UKofo55af0W5tLLPxY1K12Tlxv/2t1w0T955uSJifZpL4H +p9SV50djc7kLYmMWZzSfZyRopOLIbrYqdrFpUtB1b5o/K8X6LycyVIGdFuCNNc7c +UkWDVPQ3AgMBAAECggEBAKaLGMS4tRWcl/rfJSDFgpjpvqtrZJshUaZ/YZwbdpbQ +/PZdVyxVaQG//dYjmuWl2x99OlO9j2fqvXpzkY6cANV9F9DdZBrq7EUEzxq47hnB +ruDcXYpZH+iUm431HZpk5bqCndGgwwS5wahfQVa2wRCVYz86TAU2oABiR9My79hI +pkvfDTdT0EYk6w7lD2SZr9AAckAy9fouUB/1iEU0mav8jJZh+pLSofJRnRRTgbHY +wUhtF5qK4RC5JFJVZSTlrW4MXLUpF7FWMwIZf9ccwXTvwYtY67LddPDp8qbVF/6i +SluAKkHR1N+8fNpXDaMNpoV7fqtAQor6MXF4YXMkG3kCgYEA8WP9iqUJO50vNRQl +Q4TUW1BVzCSp4r6NYRVodHRg/2RVmOe9n0JB+rYos4ht3/9yeas3PgHj1epVtQ1L +TJGXdcxseMbEs01a5Pjw0+x3164tiVJWBnxYPwtSt6p5DuLD5t+uUyUpY8YAIdws +xVQlqGJgYCKEA97FGHMuV/uvGmMCgYEA5HfQoOIUW1facFSz5FZhrw6aJQi0XzVl +RTNZhQJCOHdYSo1dwDK5R9ol0Sum1SceOG6oa59CULW2H5ltRJa3utJg16bTH63V +pFMxXx2i86nZRVvARsZYbY4kr9cOuXei1NdVbvdAswRyab6b3ePNEOiCmURKtYlD +XI76AVRDXR0CgYEA00xaiL1UKqm5w/WhdMvV8ySMJclGKGPyb7QEnkOtEIGsZ88a +7khaZvKDCDx5KWV6uEQGdDHFVN/uLDC55Alhkkzh+orLbcRdtyat8GQCt3oRBC5d +fQnlWTI5Mup3U29uWi8cck2KQHr2bK1FR2oUGKQchqpP8u9SicdxHrUCHs8CgYEA +hLZInTvWYVz+CWRaftfitGKCDeMpi2ij4/e5F3dBajWBNwU5IS0VzXQdpYx6w7SO +bG9zK9j+F44GNgLUoxP9s+sC0CIa33sF8AdXVY4MmwfdqtlqLnKG6VS5YN9GsVua +XZKcEPJVRefeYiiTt+fcteap/kfaMeuDEqAG/4CoBM0CgYBXn63zTq8/KqVb5jOa +wjEL7Kq+BID8o25bY47Ia1W4lXo1OF8WjLx40QF10yAVCrTV9cRStOZX7rTnmJq0 +ckhYIBnOCq8x1FD7FNGg19onP9X1CkHiIlGihM/FjC9+3yhInacjJvbrDMhiu8hB +d1VeyMHfQ4J+mn4TQ8NZIhCX5A== +-----END PRIVATE KEY----- From d5e8ca582c1572d31caf42e65dad68221f8b0b6a Mon Sep 17 00:00:00 2001 From: Mukta Date: Mon, 6 May 2013 22:23:25 +0530 Subject: [PATCH 08/41] add support in linux for ssh keys --- azurePrivateKey.key | 28 ---------------------------- getfingerprint.rb | 18 ------------------ key_play/passphrase | 1 - key_play/server.crt | 15 --------------- key_play/server.csr | 12 ------------ key_play/server.key | 18 ------------------ myCert.cer | Bin 1017 -> 0 bytes myPrivateKey.key | 28 ---------------------------- 8 files changed, 120 deletions(-) delete mode 100644 azurePrivateKey.key delete mode 100644 getfingerprint.rb delete mode 100644 key_play/passphrase delete mode 100644 key_play/server.crt delete mode 100644 key_play/server.csr delete mode 100644 key_play/server.key delete mode 100644 myCert.cer delete mode 100644 myPrivateKey.key diff --git a/azurePrivateKey.key b/azurePrivateKey.key deleted file mode 100644 index dcbae67..0000000 --- a/azurePrivateKey.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDMkKCgtEt93GB6 -hgaPtA+Mz217BJuA2Z6unPt09tAwgy5zQtVDFrb4XWqMjvn033IEwB/nc8HjoDsp -c9CD2MwL3lI6refN8gPLJDg89858YdXw7O+o3FHyAFZWlkeKLvklOgn+TbYKoHQp -UeC7PnV+DjTuBtm3n4hDF0yTvXaK87eGhqXQPvesc8N0/lEvyy2f+1tkQAW39R+Z -NmQXKr1PFUcHrhsUG0ZAh/gO8MZHx0uwZM6tisQuD6aMe+oJRj9PqSykzKVmgn0G -TXkWxQKueoHu98q1N9UYccKx8VZG99zk2wnBC5sq64HeAlR3sPDAYLlk4/i5+QEd -58TXsLHRAgMBAAECggEAQ6fVqDDZAuBe/EbVZrOrrOtxjw0gDQZsZ929gJqckl7g -fvhspgqeKxhiQ+iJnMZF5HJSWu87AfideIE4RlLucUJvOb8IemF/hbEN9IQUw6hr -5InIXbW4WGxqIasEMByHBBvk8DltaqhUotHUnLj0jONP+CVF3mgh3eaXygkQarXG -gMJORgIHaFV3gEN7XXhbJbUQmAH9ZZfif7vxBvWyYteD0MVLvZWRpNF68bfLMRIu -cpLa+q3uvTgs2c1BewAZA82V91TBOIBkB4qTz4vbV0a8Na0yCXYfisX2dUd5iIoD -3DKPYLQVHt1RrghMELeJGlgjk/wqjNB4b6E5KIP40QKBgQD2v9IM6ZqEsAv5L75k -AUxJaea8HTG7+VgV9pA8m2LdKZTfndE/AXeCv+YKugs4Fz9dj0USrmNOX2gdTLOw -srhgYKRlLiXA2XPYb2flwyrhcRO/bAfu7ohSA7XWipKJL4cJJAQtNnVCGH41bWcy -gRL5cQWI4Iow9vrrpcNyemJGZQKBgQDUO/Evvs0DtjQJdjGs2TmE4pxfWDjNZKWc -eOR7nQIHL9BI5BR7kV3LJr0eUha8oaOVxn7sWA4uFwtKJ+lBbO3MXkIFZoiOVzRQ -MKGfocs0iYV5XLBLwj4p0NzuWQYdoSkVWSKY/fZED6Vt2T0O44ABCyVPMzmc8pcI -A/x8fCqg/QKBgBgS2vF7kSHE80YajF7Baan39RUBXCrUxu1NowDmwByHxAiVIycc -g4Z0JoOBZzrPudTs93Y9IV8yG7xQEW/539c3VpKwj+pizNSe+eoGwpZALAcPCS8c -gpxN1F3cIzPTOT+BDg9DMumB7j5UMC9TPICtsDaMga8JSa3X/Fuc6R2pAoGAMvCY -OS+Aoa1v2/2EespApgaGJdRU/ed0YJQbsxfCTttJENW9nNMNQh9wMQDe+DOLwf08 -pZmU/bcGPKxLrippAS52hjlP+Wow4jZp9Jiu31NKuBBpOCXNKdg5zvOLJj1yUO9u -AG6kVz2yJSWJJDOym42DTPkskOEhIwlh5rcevDkCgYA3/H4GGTqlu6RfwzlAqoGO -Kxm7DHWjXuaAwhfTs1MksfOQ1ptqXAXjigpv523UWbZ1eDj2c0jCJQf2KAyXSGUp -f2jOS9EcO/0D0Jf+hXvc0jH7qrijy7AcQrGykqdKCgpC7K74ULrfJomD3V8NDDle -otoRmoCKG59ibyYUNnzgpw== ------END PRIVATE KEY----- diff --git a/getfingerprint.rb b/getfingerprint.rb deleted file mode 100644 index e0b203e..0000000 --- a/getfingerprint.rb +++ /dev/null @@ -1,18 +0,0 @@ -require 'openssl' - -certificate = -OpenSSL::X509::Certificate.new(File.read('myCert.cer')) -mycert = certificate.to_pem - - - -mycert["-----BEGIN CERTIFICATE-----\n"] = "" -mycert["-----END CERTIFICATE-----\n"] = "" - - -newcert = File.read('azureCert.pem') -puts newcert -newcert["-----BEGIN CERTIFICATE-----\n"] = "" -newcert["-----END CERTIFICATE-----\n"] = "" -sha1 = OpenSSL::Digest::SHA1.new(newcert) -puts sha1 diff --git a/key_play/passphrase b/key_play/passphrase deleted file mode 100644 index 5271a52..0000000 --- a/key_play/passphrase +++ /dev/null @@ -1 +0,0 @@ -test123 diff --git a/key_play/server.crt b/key_play/server.crt deleted file mode 100644 index 4ddf703..0000000 --- a/key_play/server.crt +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICSTCCAbICCQDcSjX6siOCkjANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJJ -TjEMMAoGA1UECAwDTWFoMQ0wCwYDVQQHDARQdW5lMQwwCgYDVQQKDANDbG8xDDAK -BgNVBAsMA0RldjENMAsGA1UEAwwEVGVzdDESMBAGCSqGSIb3DQEJARYDbXVrMB4X -DTEzMDQzMDAwNTY0NloXDTE0MDQzMDAwNTY0NlowaTELMAkGA1UEBhMCSU4xDDAK -BgNVBAgMA01haDENMAsGA1UEBwwEUHVuZTEMMAoGA1UECgwDQ2xvMQwwCgYDVQQL -DANEZXYxDTALBgNVBAMMBFRlc3QxEjAQBgkqhkiG9w0BCQEWA211azCBnzANBgkq -hkiG9w0BAQEFAAOBjQAwgYkCgYEAs3P69EikFbMEzfUanju3SP6v5aTY7GrOQb2a -P7f3C8o2KJsJSCoUWLnHjyRmqSgNNGn9kWli+2ZUYKrlWxuU1BIRE3BbWYkBddSw -CBAAEF1gMGohf2+9kXo7hMYI/1b5CWcdiFGwNDenDj0fQxluddzu5HB19tvexUJa -Oa8Mhh8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCCxeNQy/H7SOVjf8OchWKKlTFJ -Ws+lb2w1zdN8z9HXVuHuY6thYHsqd5nye8ceKLhU3ccTH+4aXGsSOb8yiIZOdoFZ -jDFBpBB4ZryT0uDfmMs46NkQupWER4xIPO6v9/Ve0zuDO41Cw+jy6rK02m5YTx50 -x4NLIUmt/tDDLYu7UQ== ------END CERTIFICATE----- diff --git a/key_play/server.csr b/key_play/server.csr deleted file mode 100644 index cab9da4..0000000 --- a/key_play/server.csr +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBwTCCASoCAQAwaTELMAkGA1UEBhMCSU4xDDAKBgNVBAgMA01haDENMAsGA1UE -BwwEUHVuZTEMMAoGA1UECgwDQ2xvMQwwCgYDVQQLDANEZXYxDTALBgNVBAMMBFRl -c3QxEjAQBgkqhkiG9w0BCQEWA211azCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC -gYEAs3P69EikFbMEzfUanju3SP6v5aTY7GrOQb2aP7f3C8o2KJsJSCoUWLnHjyRm -qSgNNGn9kWli+2ZUYKrlWxuU1BIRE3BbWYkBddSwCBAAEF1gMGohf2+9kXo7hMYI -/1b5CWcdiFGwNDenDj0fQxluddzu5HB19tvexUJaOa8Mhh8CAwEAAaAYMBYGCSqG -SIb3DQEJBzEJDAd0ZXN0MTIzMA0GCSqGSIb3DQEBBQUAA4GBAGnUcLFiXEXHwXJe -E0nmJNBrl09Iu3uUNnavjTuVcy49hQOCcUKgw3S3yy4Rlc90xbgsyIvLF8/uor47 -IbDMFbZMlO5YW40KtD9dSlTCGmzMyoCLqSEoFuO2ynQ9EwuHFe6yCzYCrN3Z8W7i -CX5lwF8GCBObjNNOeTdP8AzpnMTZ ------END CERTIFICATE REQUEST----- diff --git a/key_play/server.key b/key_play/server.key deleted file mode 100644 index 82b418b..0000000 --- a/key_play/server.key +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,02BF23AF80F95373 - -bB/LJj+5nd9E12ZoswZoIT5DXDvFzCAsk+fk3GAgDHV/7BwEdRZQyqsu9CIKw++C -XNIh9P5qjZzgq5Rv/rmQ6MJU8mz9jjr4DSQawEElXbQrlHURAUGL6rfZXhEKcI/r -+JPqo8Mm9h67AHRmREpqxv0AumVg+ReKQjxrfaPlgPfLM/fGu96aIl7jEaXhFqTd -awRjmMcNsJw5bquWmlEQzIgmBan6jcqLa6eXSZTvKwk9cH9hHLJTkmlZgXVEifUQ -8TKhagJcB9NtfF3WIEFwh+2n4yKI25vYXpJIyxwCLdmZSbCCSiRPQ+ayECG5ATXz -yPdyzNcyKlZuuOye8wf5qdmVQOwIDkM8xp3UziV5slupniOuEFF4uPHwBjW0moKA -O0jfmRrIX2VboOK2s26BrRsFqQZnZSbcqKs1Khprj9Nb5D10kS2dgdGo7XT5ytOq -vZA9YqDo7W/7ksDxT2sR1ysOfrozTacCxL3sQ8Gbf8ByTW+IoeQjeq/21NmLV4c4 -g8HsWpXX8PDhrbrno11+BnQcBAlpIYU96qGGSVQOcuZUEUNQk8vi6dnDT681LPAm -y9c8i8O0QqpNNY+qID+5EEVxoQVgA+VauD3LPcfaTV/62gQMwWrnbVc3vVRSE02F -+4mjj+KtIztnmkkE1dnX2IhCk/lxWd2BVLd7LQe9SPM8adGcIP/8C0+CoscnHYoG -mYp4TPoXtHgFhQOHPkiYv0EPDFKOi3jdzSfoTvTfSkwhZAmUPaap8VyAZ4eYq+9b -hSMavTmnA0pvMhfr4fSCvbeNuq4UokxI7Rzr7D8tOVSzap68mybxVg== ------END RSA PRIVATE KEY----- diff --git a/myCert.cer b/myCert.cer deleted file mode 100644 index b97e70a9677b9e67c8ab47792118103471cdfb63..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1017 zcmXqLV*YB-#B_H7GZP~d6DLE*mcSsZ@~nCTUN%mxHjlRNyo`*jtPBQ?6AZZxIN6v( zS=fY`JpBws41_=&4jyjb#EitE#Nv#SqC`Vp18$HgI}b}hXNi8!JHV_2yn0dH-OS4N79ji)0GKxv$f~52k3o;UO zQXP^Z=IABo=Nia~^BNi(m>3xu85@`xn??b-CP>`D=;S6wCFFo*WMyD(V&rEqXkz4I zYGPz$xSq$s>>=Iq?8BS=cT=BCnb6F*|HyMeoeAv?E<9PzJz@seyt4c?e%;Q9D%lhw zTl?NOK``mliO4HK0(RS#^7c)fd9UZ5$(s%4^FDX-vGzt}ef=r)e1d+&6o-8AUo*d) zGgnz%7kgLwg33ic>7?pMy^;^sO*DMcz$@RSd`=-KVAol_2T>=Um!*2-oaSM&Juf-+ zlIPdDyUS;b+s{+C-*V`xHAD2;Wxamlps%^8aU-9(MWr zeD)+Y^_xrfu`jl;_X zjR)KAebK4DcJHv|_X+U~JphoHbJqX> diff --git a/myPrivateKey.key b/myPrivateKey.key deleted file mode 100644 index 99179ed..0000000 --- a/myPrivateKey.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDXbggDSBuE5vDs -v91l5JSQgwG/xOcRLJCHgEQMakOMFjDWSmpPKPrbaFp0slQdfe9NYBFi8shZ1FIQ -Prcibr6Rmd6M3jTssDee84kOBY1YavX5EueQL1iUQG8X+pn0zjckq35d3RvQJNEO -G2J74o0Z4K6RMeSADR+KI84gUlC6zS7gWsjndmVIbMsMAj3PGZXSSfV+3aebFz+e -Jz+0wtU7AFutpo1OF1UKofo55af0W5tLLPxY1K12Tlxv/2t1w0T955uSJifZpL4H -p9SV50djc7kLYmMWZzSfZyRopOLIbrYqdrFpUtB1b5o/K8X6LycyVIGdFuCNNc7c -UkWDVPQ3AgMBAAECggEBAKaLGMS4tRWcl/rfJSDFgpjpvqtrZJshUaZ/YZwbdpbQ -/PZdVyxVaQG//dYjmuWl2x99OlO9j2fqvXpzkY6cANV9F9DdZBrq7EUEzxq47hnB -ruDcXYpZH+iUm431HZpk5bqCndGgwwS5wahfQVa2wRCVYz86TAU2oABiR9My79hI -pkvfDTdT0EYk6w7lD2SZr9AAckAy9fouUB/1iEU0mav8jJZh+pLSofJRnRRTgbHY -wUhtF5qK4RC5JFJVZSTlrW4MXLUpF7FWMwIZf9ccwXTvwYtY67LddPDp8qbVF/6i -SluAKkHR1N+8fNpXDaMNpoV7fqtAQor6MXF4YXMkG3kCgYEA8WP9iqUJO50vNRQl -Q4TUW1BVzCSp4r6NYRVodHRg/2RVmOe9n0JB+rYos4ht3/9yeas3PgHj1epVtQ1L -TJGXdcxseMbEs01a5Pjw0+x3164tiVJWBnxYPwtSt6p5DuLD5t+uUyUpY8YAIdws -xVQlqGJgYCKEA97FGHMuV/uvGmMCgYEA5HfQoOIUW1facFSz5FZhrw6aJQi0XzVl -RTNZhQJCOHdYSo1dwDK5R9ol0Sum1SceOG6oa59CULW2H5ltRJa3utJg16bTH63V -pFMxXx2i86nZRVvARsZYbY4kr9cOuXei1NdVbvdAswRyab6b3ePNEOiCmURKtYlD -XI76AVRDXR0CgYEA00xaiL1UKqm5w/WhdMvV8ySMJclGKGPyb7QEnkOtEIGsZ88a -7khaZvKDCDx5KWV6uEQGdDHFVN/uLDC55Alhkkzh+orLbcRdtyat8GQCt3oRBC5d -fQnlWTI5Mup3U29uWi8cck2KQHr2bK1FR2oUGKQchqpP8u9SicdxHrUCHs8CgYEA -hLZInTvWYVz+CWRaftfitGKCDeMpi2ij4/e5F3dBajWBNwU5IS0VzXQdpYx6w7SO -bG9zK9j+F44GNgLUoxP9s+sC0CIa33sF8AdXVY4MmwfdqtlqLnKG6VS5YN9GsVua -XZKcEPJVRefeYiiTt+fcteap/kfaMeuDEqAG/4CoBM0CgYBXn63zTq8/KqVb5jOa -wjEL7Kq+BID8o25bY47Ia1W4lXo1OF8WjLx40QF10yAVCrTV9cRStOZX7rTnmJq0 -ckhYIBnOCq8x1FD7FNGg19onP9X1CkHiIlGihM/FjC9+3yhInacjJvbrDMhiu8hB -d1VeyMHfQ4J+mn4TQ8NZIhCX5A== ------END PRIVATE KEY----- From a7491cdb54d0295e132999e015dff1e6dcde9317 Mon Sep 17 00:00:00 2001 From: Mukta Date: Wed, 8 May 2013 23:46:48 +0530 Subject: [PATCH 09/41] cleanup hosted service on server destroy --- lib/azure/role.rb | 8 ++++++++ lib/chef/knife/azure_server_delete.rb | 15 ++++++++------- spec/unit/azure_server_delete_spec.rb | 25 +++++++++++++++---------- 3 files changed, 31 insertions(+), 17 deletions(-) diff --git a/lib/azure/role.rb b/lib/azure/role.rb index 3b9c338..2cda83f 100755 --- a/lib/azure/role.rb +++ b/lib/azure/role.rb @@ -74,6 +74,14 @@ class Azure end @connection.query_azure(servicecall, "delete") + if !params[:dont_purge_hosted_service] + roles_using_same_service = connection.roles.find_roles_with_hostedservice(params[:hostedservicename]) + if roles_using_same_service.size <= 1 + servicecall = "hostedservices/" + params[:hostedservicename] + @connection.query_azure(servicecall, "delete") + end + end + if params[:purge_os_disk] osdisk = roleXML.css(roleXML, 'OSVirtualHardDisk') disk_name = xml_content(osdisk, 'DiskName') diff --git a/lib/chef/knife/azure_server_delete.rb b/lib/chef/knife/azure_server_delete.rb index 2ecf650..a1b7c5b 100755 --- a/lib/chef/knife/azure_server_delete.rb +++ b/lib/chef/knife/azure_server_delete.rb @@ -50,6 +50,11 @@ class Chef :long => "--node-name NAME", :description => "The name of the node and client to delete, if it differs from the server name. Only has meaning when used with the '--purge' option." + option :dont_purge_hosted_service, + :long => "--dont-purge-hosted-service", + :boolean => true, + :default => false, + :description => "Dont destroy corresponding hosted service. If the option is not set, it deletes the service not used by any VMs." # Extracted from Chef::Knife.delete_object, because it has a # confirmation step built in... By specifying the '--purge' # flag (and also explicitly confirming the server destruction!) @@ -87,13 +92,9 @@ class Chef puts "\n" confirm("Do you really want to delete this server") - - roles_using_same_service = connection.roles.find_roles_with_hostedservice(server.hostedservicename) - if roles_using_same_service.size <= 1 - ui.warn("Deleting service #{server.hostedservicename}") - connection.hosts.delete(server.hostedservicename) - end - connection.roles.delete(name, params = { :purge_os_disk => locate_config_value(:purge_os_disk) }) + connection.roles.delete(name, params = { :purge_os_disk => locate_config_value(:purge_os_disk), + :dont_purge_hosted_service => locate_config_value(:purge_hosted_service), + :hostedservicename => server.hostedservicename }) puts "\n" ui.warn("Deleted server #{server.name}") diff --git a/spec/unit/azure_server_delete_spec.rb b/spec/unit/azure_server_delete_spec.rb index dcbf58d..a83e3fb 100644 --- a/spec/unit/azure_server_delete_spec.rb +++ b/spec/unit/azure_server_delete_spec.rb @@ -23,30 +23,35 @@ before do end stub_query_azure (@server_instance.connection) - @server_instance.name_args = ['vm01'] + @server_instance.stub(:confirm).and_return(:true) @server_instance.stub(:puts) @server_instance.stub(:print) @server_instance.ui.stub(:warn) + @server_instance.ui.should_not_receive(:error).and_call_original end it "server delete test" do - @server_instance.ui.should_receive(:warn).exactly(3).times - @server_instance.connection.roles.should_receive(:delete) - @server_instance.ui.should_not_receive(:error) - @server_instance.run -end - -it "hosted service clean up test" do - @server_instance.ui.should_receive(:warn).exactly(3).times - @server_instance.connection.hosts.should_receive(:delete) + @server_instance.name_args = ['vm01'] + @server_instance.ui.should_receive(:warn).twice + @server_instance.connection.roles.should_receive(:delete).and_call_original @server_instance.run end it "test hosted service cleanup with shared service" do @server_instance.name_args = ['role001'] @server_instance.ui.should_receive(:warn).twice + @server_instance.connection.roles.should_receive(:delete).and_call_original + @server_instance.connection.hosts.should_not_receive(:delete) + @server_instance.run +end + +it "dont cleanup hosted service when --dont-purge-hosted-service param set" do + @server_instance.name_args = ['vm01'] + Chef::Config[:knife][:dont_purge_hosted_service] = true + @server_instance.ui.should_receive(:warn).twice + @server_instance.connection.roles.should_receive(:delete).and_call_original @server_instance.connection.hosts.should_not_receive(:delete) @server_instance.run end From 1234bdadd9d5662b51adb7b7c6975265c43c3837 Mon Sep 17 00:00:00 2001 From: Mukta Date: Wed, 8 May 2013 23:54:31 +0530 Subject: [PATCH 10/41] cleanup hosted service after server destroy --- lib/azure/role.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/azure/role.rb b/lib/azure/role.rb index 2cda83f..1c61c7a 100755 --- a/lib/azure/role.rb +++ b/lib/azure/role.rb @@ -75,10 +75,12 @@ class Azure @connection.query_azure(servicecall, "delete") if !params[:dont_purge_hosted_service] - roles_using_same_service = connection.roles.find_roles_with_hostedservice(params[:hostedservicename]) - if roles_using_same_service.size <= 1 - servicecall = "hostedservices/" + params[:hostedservicename] - @connection.query_azure(servicecall, "delete") + if !params[:hostedservicename].nil? + roles_using_same_service = connection.roles.find_roles_with_hostedservice(params[:hostedservicename]) + if roles_using_same_service.size <= 1 + servicecall = "hostedservices/" + params[:hostedservicename] + @connection.query_azure(servicecall, "delete") + end end end From 70baa51cde9d3e54637361184b9a71229c72ff25 Mon Sep 17 00:00:00 2001 From: Mukta Date: Fri, 10 May 2013 13:15:47 +0530 Subject: [PATCH 11/41] rake file changes to create dummy pem certificate --- Gemfile | 1 + Rakefile | 1 + 2 files changed, 2 insertions(+) diff --git a/Gemfile b/Gemfile index a1f07c8..4c03d1a 100755 --- a/Gemfile +++ b/Gemfile @@ -6,4 +6,5 @@ group :development do gem 'rspec', '>= 2.7.0' gem 'guard-rspec' gem 'rspec_junit_formatter' + gem 'rake' end diff --git a/Rakefile b/Rakefile index bf93d85..ab9cd17 100755 --- a/Rakefile +++ b/Rakefile @@ -24,6 +24,7 @@ require 'rspec/core' require 'rspec/core/rake_task' RSpec::Core::RakeTask.new(:spec) do |spec| spec.pattern = FileList['spec/unit/**/*_spec.rb'] + touch "AzureLinuxCert.pem" end RSpec::Core::RakeTask.new(:functional) do |spec| From a34f606d9caa1cb090a5733c241b5508cdfefdef Mon Sep 17 00:00:00 2001 From: Mukta Date: Sat, 11 May 2013 00:14:35 +0530 Subject: [PATCH 12/41] add support for ssh keys in linux --- lib/azure/certificate.rb | 107 +++++++++++++++++++++++++++++++++++++++ lib/azure/connection.rb | 4 +- lib/azure/deploy.rb | 3 ++ lib/azure/role.rb | 56 ++++---------------- 4 files changed, 123 insertions(+), 47 deletions(-) create mode 100755 lib/azure/certificate.rb diff --git a/lib/azure/certificate.rb b/lib/azure/certificate.rb new file mode 100755 index 0000000..f6528d8 --- /dev/null +++ b/lib/azure/certificate.rb @@ -0,0 +1,107 @@ +# +# Author:: Mukta Aphale (mukta.aphale@clogeny.com) +# Copyright:: Copyright (c) 2010-2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class Azure + class Certificates + def initialize(connection) + @connection=connection + end + def all + #TODO + nil + end + def exists(name) + #TODO + nil + end + def create(params) + certificate = Certificate.new(@connection) + certificate.create(params) + end + def delete(name) + #TODO + end + end +end + +class Azure + class Certificate + #include AzureUtility + attr_accessor :connection, :certificate_name, :hosted_service_name + attr_accessor :cert_data, :cert_data_pem + def initialize(connection) + @connection = connection + end + def parse(serviceXML) + #TODO + self + end + def create(params) + @cert_data = generateCertificateData ({:ssh_key => params[:ssh_key], + :ssh_key_passphrase => params[:ssh_key_passphrase]}) + builder = Nokogiri::XML::Builder.new do |xml| + xml.CertificateFile('xmlns'=>'http://schemas.microsoft.com/windowsazure') { + xml.Data @cert_data + xml.CertificateFormat 'pfx' + xml.Password 'knifeazure' + } + end + @connection.query_azure("hostedservices/#{params[:hosted_service_name]}/certificates", "post", builder.to_xml) + generateFingerPrint(@cert_data) + end + def details + #TODO + end + + def generateCertificateData (params) + key = OpenSSL::PKey::RSA.new(File.read(params[:ssh_key]), params[:ssh_key_passphrase]) + ca = OpenSSL::X509::Certificate.new + ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate + ca.serial = Random.rand(100) + ca.subject = OpenSSL::X509::Name.parse "/DC=org/DC=knife-plugin/CN=Opscode CA" + ca.issuer = ca.subject # root CA's are "self-signed" + ca.public_key = key.public_key + ca.not_before = Time.now + ca.not_after = ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity + ef = OpenSSL::X509::ExtensionFactory.new + ef.subject_certificate = ca + ef.issuer_certificate = ca + ca.add_extension(ef.create_extension("basicConstraints","CA:TRUE",true)) + ca.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true)) + ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false)) + ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false)) + ca.sign(key, OpenSSL::Digest::SHA256.new) + @cert_data_pem = ca.to_pem + pfx = OpenSSL::PKCS12.create('knifeazure', 'knife-azure-pfx', key, ca) + File.write('1', ca.to_pem) + File.write('2', Base64.strict_encode64(pfx.to_der)) + Base64.strict_encode64(pfx.to_der) + end + def generateFingerPrint(data) + fingerprint = OpenSSL::Digest::SHA1.new(File.read('1')) + puts fingerprint + puts OpenSSL::Digest::SHA1.new(File.read('2')) + a =File.read('1') + a["-----BEGIN CERTIFICATE-----\n"]="" + a["-----END CERTIFICATE-----\n"]="" + fingerprint= OpenSSL::Digest::SHA1.new(Base64.encode64(a)) + puts fingerprint + fingerprint + end + end +end diff --git a/lib/azure/connection.rb b/lib/azure/connection.rb index 060636a..e77a9dc 100755 --- a/lib/azure/connection.rb +++ b/lib/azure/connection.rb @@ -23,11 +23,12 @@ require File.expand_path('../deploy', __FILE__) require File.expand_path('../role', __FILE__) require File.expand_path('../disk', __FILE__) require File.expand_path('../image', __FILE__) +require File.expand_path('../certificate', __FILE__) class Azure class Connection include AzureAPI - attr_accessor :hosts, :rest, :images, :deploys, :roles, :disks, :storageaccounts + attr_accessor :hosts, :rest, :images, :deploys, :roles, :disks, :storageaccounts, :certificates def initialize(params={}) @rest = Rest.new(params) @hosts = Hosts.new(self) @@ -36,6 +37,7 @@ class Azure @deploys = Deploys.new(self) @roles = Roles.new(self) @disks = Disks.new(self) + @certificates = Certificates.new(self) end def query_azure(service_name, verb = 'get', body = '') Chef::Log.info 'calling ' + verb + ' ' + service_name diff --git a/lib/azure/deploy.rb b/lib/azure/deploy.rb index cd645be..587881f 100755 --- a/lib/azure/deploy.rb +++ b/lib/azure/deploy.rb @@ -48,6 +48,9 @@ class Azure unless @connection.storageaccounts.exists(params[:storage_account]) @connection.storageaccounts.create(params) end + if params[:ssh_key] + params[:fingerprint] = @connection.certificates.create(params) + end params['deploy_name'] = find(params[:hosted_service_name]) if params['deploy_name'] != nil role = Role.new(@connection) diff --git a/lib/azure/role.rb b/lib/azure/role.rb index f4c1b8a..4307ab3 100755 --- a/lib/azure/role.rb +++ b/lib/azure/role.rb @@ -143,28 +143,19 @@ class Azure xml.HostName params[:host_name] xml.UserName params[:ssh_user] xml.UserPassword params[:ssh_password] - if params[:ssh_key].nil? - xml.DisableSshPasswordAuthentication 'false' - else - xml.DisableSshPasswordAuthentication 'true' - end if !params[:ssh_key].nil? + xml.DisableSshPasswordAuthentication 'true' xml.SSH { - xml.PublicKeys { - xml.PublicKey { - xml.FingerPrint generateFingerPrint (params[:ssh_key]) - #xml.FingerPrint 'a4a7af56c1d71fb45c8968f78e3ee90a2639260e' - xml.Path '/home/' + params[:ssh_user] + '/.ssh/authorized_keys' - } - } - xml.KeyPairs { - xml.KeyPair { - xml.FingerPrint generateFingerPrint (params[:ssh_key]) - #xml.FingerPrint 'a4a7af56c1d71fb45c8968f78e3ee90a2639260e' - xml.Path '/home/' + params[:ssh_user] + '/.ssh/authorized_keys' - } - } + xml.PublicKeys { + xml.PublicKey { + #xml.Fingerprint fingerprint + xml.Fingerprint params[:fingerprint] + xml.Path '/home/' + params[:ssh_user] + '/.ssh/authorized_keys' + } + } } + else + xml.DisableSshPasswordAuthentication 'false' end } elsif params[:os_type] == 'Windows' @@ -245,32 +236,5 @@ class Azure "/#{params['deploy_name']}/roles" @connection.query_azure(servicecall, "post", roleXML.to_xml) end - def generateFingerPrint (params) - key = OpenSSL::PKey::RSA.new(File.read(params[:ssh_key]), params[:ssh_key_passphrase]) - ca = OpenSSL::X509::Certificate.new - ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate - ca.serial = Random.rand(100) - ca.subject = OpenSSL::X509::Name.parse "/DC=org/DC=ruby-lang/CN=Ruby CA" - ca.issuer = ca.subject # root CA's are "self-signed" - ca.public_key = key.public_key - ca.not_before = Time.now - ca.not_after = ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity - ef = OpenSSL::X509::ExtensionFactory.new - ef.subject_certificate = ca - ef.issuer_certificate = ca - ca.add_extension(ef.create_extension("basicConstraints","CA:TRUE",true)) - ca.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true)) - ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false)) - ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false)) - ca.sign(key, OpenSSL::Digest::SHA256.new) - - cert = ca.to_pem - cert["-----BEGIN CERTIFICATE-----\n"] = "" - cert["-----END CERTIFICATE-----\n"] = "" - - sha1 = OpenSSL::Digest::SHA1.new(Base64.encode64(cert)) - sha1 - - end end end From b8cac671d83335012c05befcaf8c4e783ffd7669 Mon Sep 17 00:00:00 2001 From: Mukta Date: Mon, 13 May 2013 15:11:32 +0530 Subject: [PATCH 13/41] support for ssh keys in linux --- lib/azure/certificate.rb | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/lib/azure/certificate.rb b/lib/azure/certificate.rb index f6528d8..42f735e 100755 --- a/lib/azure/certificate.rb +++ b/lib/azure/certificate.rb @@ -43,7 +43,7 @@ class Azure class Certificate #include AzureUtility attr_accessor :connection, :certificate_name, :hosted_service_name - attr_accessor :cert_data, :cert_data_pem + attr_accessor :cert_data, :fingerprint def initialize(connection) @connection = connection end @@ -62,7 +62,7 @@ class Azure } end @connection.query_azure("hostedservices/#{params[:hosted_service_name]}/certificates", "post", builder.to_xml) - generateFingerPrint(@cert_data) + @fingerprint end def details #TODO @@ -86,22 +86,9 @@ class Azure ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false)) ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false)) ca.sign(key, OpenSSL::Digest::SHA256.new) - @cert_data_pem = ca.to_pem + @fingerprint = OpenSSL::Digest::SHA1.new(ca.to_der) pfx = OpenSSL::PKCS12.create('knifeazure', 'knife-azure-pfx', key, ca) - File.write('1', ca.to_pem) - File.write('2', Base64.strict_encode64(pfx.to_der)) Base64.strict_encode64(pfx.to_der) end - def generateFingerPrint(data) - fingerprint = OpenSSL::Digest::SHA1.new(File.read('1')) - puts fingerprint - puts OpenSSL::Digest::SHA1.new(File.read('2')) - a =File.read('1') - a["-----BEGIN CERTIFICATE-----\n"]="" - a["-----END CERTIFICATE-----\n"]="" - fingerprint= OpenSSL::Digest::SHA1.new(Base64.encode64(a)) - puts fingerprint - fingerprint - end end end From 7ae21754066fad31ff2175c52583c3d56e26abde Mon Sep 17 00:00:00 2001 From: Mukta Date: Mon, 22 Apr 2013 21:10:27 +0530 Subject: [PATCH 14/41] add the option --ssh-cert to accept the x509 certificate --- lib/chef/knife/azure_server_create.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/chef/knife/azure_server_create.rb b/lib/chef/knife/azure_server_create.rb index 4ea9eb7..b73a5da 100755 --- a/lib/chef/knife/azure_server_create.rb +++ b/lib/chef/knife/azure_server_create.rb @@ -157,6 +157,11 @@ class Chef :long => "--udp-endpoints PORT_LIST", :description => "Comma separated list of UDP local and public ports to open i.e. '80:80,433:5000'" + option :ssh_cert, + :long => "--ssh-cert FILENAME", + :description => "SSH Certificate in X509 format", + :proc => Proc.new { |key| Chef::Config[:knife][:ssh_cert] = key } + def strip_non_ascii(string) string.gsub(/[^0-9a-z ]/i, '') From 9c75756c0fac7931c767954c25317e40f019e810 Mon Sep 17 00:00:00 2001 From: Mukta Date: Tue, 23 Apr 2013 02:11:25 +0530 Subject: [PATCH 15/41] ssh key support for linux --- lib/azure/role.rb | 16 ++++++++++++++++ lib/chef/knife/azure_server_create.rb | 8 +++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/lib/azure/role.rb b/lib/azure/role.rb index f6638fe..e48541e 100755 --- a/lib/azure/role.rb +++ b/lib/azure/role.rb @@ -144,6 +144,22 @@ class Azure xml.UserName params[:ssh_user] xml.UserPassword params[:ssh_password] xml.DisableSshPasswordAuthentication 'false' + #if params[:ssh_cert_fingerprint] != nil + xml.SSH { + xml.PublicKeys { + xml.PublicKey { + xml.FingerPrint params[:ssh_cert_fingerprint] + xml.Path '/home/user/.ssh/authorized_keys' + } + } + xml.KeyPairs { + xml.KeyPair { + xml.FingerPrint params[:ssh_cert_fingerprint] + xml.Path '/home/user/.ssh/authorized_keys' + } + } + } + } elsif params[:os_type] == 'Windows' xml.ConfigurationSet('i:type' => 'WindowsProvisioningConfigurationSet') { diff --git a/lib/chef/knife/azure_server_create.rb b/lib/chef/knife/azure_server_create.rb index b73a5da..e62bfbe 100755 --- a/lib/chef/knife/azure_server_create.rb +++ b/lib/chef/knife/azure_server_create.rb @@ -162,6 +162,11 @@ class Chef :description => "SSH Certificate in X509 format", :proc => Proc.new { |key| Chef::Config[:knife][:ssh_cert] = key } + option :ssh_cert_fingerprint, + :long => "--ssh-cert-fingerprint FILENAME", + :description => "SSH Certificate fingerprint", + :proc => Proc.new { |key| Chef::Config[:knife][:ssh_cert] = key } + def strip_non_ascii(string) string.gsub(/[^0-9a-z ]/i, '') @@ -422,7 +427,8 @@ class Chef :role_size => locate_config_value(:role_size), :tcp_endpoints => locate_config_value(:tcp_endpoints), :udp_endpoints => locate_config_value(:udp_endpoints), - :bootstrap_proto => locate_config_value(:bootstrap_protocol) + :bootstrap_proto => locate_config_value(:bootstrap_protocol), + :ssh_cert_fingerprint => locate_config_value(:ssh_cert_fingerprint) } if is_image_windows? From 4cb2ae97e81925697cc61270609527ab28477faa Mon Sep 17 00:00:00 2001 From: Mukta Date: Tue, 23 Apr 2013 07:27:51 +0530 Subject: [PATCH 16/41] ssh key support for linux: intermediate code --- lib/azure/role.rb | 22 +++++++++++++++++----- lib/chef/knife/azure_server_create.rb | 8 +------- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/lib/azure/role.rb b/lib/azure/role.rb index e48541e..44e7eaa 100755 --- a/lib/azure/role.rb +++ b/lib/azure/role.rb @@ -144,18 +144,20 @@ class Azure xml.UserName params[:ssh_user] xml.UserPassword params[:ssh_password] xml.DisableSshPasswordAuthentication 'false' - #if params[:ssh_cert_fingerprint] != nil + #if params[:ssh_cert] != nil xml.SSH { xml.PublicKeys { xml.PublicKey { - xml.FingerPrint params[:ssh_cert_fingerprint] - xml.Path '/home/user/.ssh/authorized_keys' + xml.FingerPrint generateFingerPrint params[:ssh_cert] + #xml.FingerPrint '512ddff04123ea907db8c5e7442dde0161e090f9' + xml.Path '/home/' + params[:ssh_user] + '/.ssh/authorized_keys' } } xml.KeyPairs { xml.KeyPair { - xml.FingerPrint params[:ssh_cert_fingerprint] - xml.Path '/home/user/.ssh/authorized_keys' + xml.FingerPrint generateFingerPrint params[:ssh_cert] + #xml.FingerPrint '512ddff04123ea907db8c5e7442dde0161e090f9' + xml.Path '/home/' + params[:ssh_user] + '/.ssh/authorized_keys' } } } @@ -239,5 +241,15 @@ class Azure "/#{params['deploy_name']}/roles" @connection.query_azure(servicecall, "post", roleXML.to_xml) end + def generateFingerPrint ssh_cert + # TODO + puts ssh_cert + newcert = File.read('azureCert.pem') + puts newcert + newcert["-----BEGIN CERTIFICATE-----\n"] = "" + newcert["-----END CERTIFICATE-----\n"] = "" + sha1 = OpenSSL::Digest::SHA1.new(newcert) + sha1 + end end end diff --git a/lib/chef/knife/azure_server_create.rb b/lib/chef/knife/azure_server_create.rb index e62bfbe..68329f1 100755 --- a/lib/chef/knife/azure_server_create.rb +++ b/lib/chef/knife/azure_server_create.rb @@ -162,12 +162,6 @@ class Chef :description => "SSH Certificate in X509 format", :proc => Proc.new { |key| Chef::Config[:knife][:ssh_cert] = key } - option :ssh_cert_fingerprint, - :long => "--ssh-cert-fingerprint FILENAME", - :description => "SSH Certificate fingerprint", - :proc => Proc.new { |key| Chef::Config[:knife][:ssh_cert] = key } - - def strip_non_ascii(string) string.gsub(/[^0-9a-z ]/i, '') end @@ -428,7 +422,7 @@ class Chef :tcp_endpoints => locate_config_value(:tcp_endpoints), :udp_endpoints => locate_config_value(:udp_endpoints), :bootstrap_proto => locate_config_value(:bootstrap_protocol), - :ssh_cert_fingerprint => locate_config_value(:ssh_cert_fingerprint) + :ssh_cert => locate_config_value(:ssh_cert) } if is_image_windows? From a04f20aac7bb93f541927351108ba5ddd8b98f66 Mon Sep 17 00:00:00 2001 From: Mukta Date: Mon, 6 May 2013 22:12:59 +0530 Subject: [PATCH 17/41] adding support for linux ssh keys --- azurePrivateKey.key | 28 ++++++++++++++ gensshkey.sh | 25 +++++++++++++ getfingerprint.rb | 18 +++++++++ key_play/passphrase | 1 + key_play/server.crt | 15 ++++++++ key_play/server.csr | 12 ++++++ key_play/server.key | 18 +++++++++ lib/azure/role.rb | 51 ++++++++++++++++++-------- lib/chef/knife/azure_server_create.rb | 16 +++++--- myCert.cer | Bin 0 -> 1017 bytes myPrivateKey.key | 28 ++++++++++++++ 11 files changed, 192 insertions(+), 20 deletions(-) create mode 100644 azurePrivateKey.key create mode 100755 gensshkey.sh create mode 100644 getfingerprint.rb create mode 100644 key_play/passphrase create mode 100644 key_play/server.crt create mode 100644 key_play/server.csr create mode 100644 key_play/server.key create mode 100644 myCert.cer create mode 100644 myPrivateKey.key diff --git a/azurePrivateKey.key b/azurePrivateKey.key new file mode 100644 index 0000000..dcbae67 --- /dev/null +++ b/azurePrivateKey.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDMkKCgtEt93GB6 +hgaPtA+Mz217BJuA2Z6unPt09tAwgy5zQtVDFrb4XWqMjvn033IEwB/nc8HjoDsp +c9CD2MwL3lI6refN8gPLJDg89858YdXw7O+o3FHyAFZWlkeKLvklOgn+TbYKoHQp +UeC7PnV+DjTuBtm3n4hDF0yTvXaK87eGhqXQPvesc8N0/lEvyy2f+1tkQAW39R+Z +NmQXKr1PFUcHrhsUG0ZAh/gO8MZHx0uwZM6tisQuD6aMe+oJRj9PqSykzKVmgn0G +TXkWxQKueoHu98q1N9UYccKx8VZG99zk2wnBC5sq64HeAlR3sPDAYLlk4/i5+QEd +58TXsLHRAgMBAAECggEAQ6fVqDDZAuBe/EbVZrOrrOtxjw0gDQZsZ929gJqckl7g +fvhspgqeKxhiQ+iJnMZF5HJSWu87AfideIE4RlLucUJvOb8IemF/hbEN9IQUw6hr +5InIXbW4WGxqIasEMByHBBvk8DltaqhUotHUnLj0jONP+CVF3mgh3eaXygkQarXG +gMJORgIHaFV3gEN7XXhbJbUQmAH9ZZfif7vxBvWyYteD0MVLvZWRpNF68bfLMRIu +cpLa+q3uvTgs2c1BewAZA82V91TBOIBkB4qTz4vbV0a8Na0yCXYfisX2dUd5iIoD +3DKPYLQVHt1RrghMELeJGlgjk/wqjNB4b6E5KIP40QKBgQD2v9IM6ZqEsAv5L75k +AUxJaea8HTG7+VgV9pA8m2LdKZTfndE/AXeCv+YKugs4Fz9dj0USrmNOX2gdTLOw +srhgYKRlLiXA2XPYb2flwyrhcRO/bAfu7ohSA7XWipKJL4cJJAQtNnVCGH41bWcy +gRL5cQWI4Iow9vrrpcNyemJGZQKBgQDUO/Evvs0DtjQJdjGs2TmE4pxfWDjNZKWc +eOR7nQIHL9BI5BR7kV3LJr0eUha8oaOVxn7sWA4uFwtKJ+lBbO3MXkIFZoiOVzRQ +MKGfocs0iYV5XLBLwj4p0NzuWQYdoSkVWSKY/fZED6Vt2T0O44ABCyVPMzmc8pcI +A/x8fCqg/QKBgBgS2vF7kSHE80YajF7Baan39RUBXCrUxu1NowDmwByHxAiVIycc +g4Z0JoOBZzrPudTs93Y9IV8yG7xQEW/539c3VpKwj+pizNSe+eoGwpZALAcPCS8c +gpxN1F3cIzPTOT+BDg9DMumB7j5UMC9TPICtsDaMga8JSa3X/Fuc6R2pAoGAMvCY +OS+Aoa1v2/2EespApgaGJdRU/ed0YJQbsxfCTttJENW9nNMNQh9wMQDe+DOLwf08 +pZmU/bcGPKxLrippAS52hjlP+Wow4jZp9Jiu31NKuBBpOCXNKdg5zvOLJj1yUO9u +AG6kVz2yJSWJJDOym42DTPkskOEhIwlh5rcevDkCgYA3/H4GGTqlu6RfwzlAqoGO +Kxm7DHWjXuaAwhfTs1MksfOQ1ptqXAXjigpv523UWbZ1eDj2c0jCJQf2KAyXSGUp +f2jOS9EcO/0D0Jf+hXvc0jH7qrijy7AcQrGykqdKCgpC7K74ULrfJomD3V8NDDle +otoRmoCKG59ibyYUNnzgpw== +-----END PRIVATE KEY----- diff --git a/gensshkey.sh b/gensshkey.sh new file mode 100755 index 0000000..36b1149 --- /dev/null +++ b/gensshkey.sh @@ -0,0 +1,25 @@ +#!/bin/bash +REQUIRED_ARGS=1 +E_NOT_ENOUGH_ARGS=65 + +#first argument will be used as the key prefix +#second argument is optional and if given will be used as a pass #phrase for DES3 protection of the private key +case $# in + 1) + openssl req -x509 -days 365 -newkey rsa:2048 -keyout $1sshpvt.pem -out $1pub.pem -nodes + openssl rsa -in $1sshpvt.pem -out $1pvt.pem + ;; + 2) + openssl req -x509 -days 365 -newkey rsa:2048 -keyout $1sshpvt.pem -out $1pub.pem -passout pass:$2 + openssl rsa -in $1sshpvt.pem -passin pass:$2 -out $1pvt.pem -des3 -passout pass:$2 + ;; + + *) + echo "Usage for unprotected private key: gensshkey.sh " + echo "Example: gensshkey.sh \"db\"" + echo "Usage for password protected private key: gensshkey.sh " + echo "Example: gensshkey.sh db pass@word1" + exit $E_NOT_ENOUGH_ARGS + ;; +esac +echo "generated $1sshpvt.pem, $1pub.pem and $1pvt.pem" diff --git a/getfingerprint.rb b/getfingerprint.rb new file mode 100644 index 0000000..e0b203e --- /dev/null +++ b/getfingerprint.rb @@ -0,0 +1,18 @@ +require 'openssl' + +certificate = +OpenSSL::X509::Certificate.new(File.read('myCert.cer')) +mycert = certificate.to_pem + + + +mycert["-----BEGIN CERTIFICATE-----\n"] = "" +mycert["-----END CERTIFICATE-----\n"] = "" + + +newcert = File.read('azureCert.pem') +puts newcert +newcert["-----BEGIN CERTIFICATE-----\n"] = "" +newcert["-----END CERTIFICATE-----\n"] = "" +sha1 = OpenSSL::Digest::SHA1.new(newcert) +puts sha1 diff --git a/key_play/passphrase b/key_play/passphrase new file mode 100644 index 0000000..5271a52 --- /dev/null +++ b/key_play/passphrase @@ -0,0 +1 @@ +test123 diff --git a/key_play/server.crt b/key_play/server.crt new file mode 100644 index 0000000..4ddf703 --- /dev/null +++ b/key_play/server.crt @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICSTCCAbICCQDcSjX6siOCkjANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJJ +TjEMMAoGA1UECAwDTWFoMQ0wCwYDVQQHDARQdW5lMQwwCgYDVQQKDANDbG8xDDAK +BgNVBAsMA0RldjENMAsGA1UEAwwEVGVzdDESMBAGCSqGSIb3DQEJARYDbXVrMB4X +DTEzMDQzMDAwNTY0NloXDTE0MDQzMDAwNTY0NlowaTELMAkGA1UEBhMCSU4xDDAK +BgNVBAgMA01haDENMAsGA1UEBwwEUHVuZTEMMAoGA1UECgwDQ2xvMQwwCgYDVQQL +DANEZXYxDTALBgNVBAMMBFRlc3QxEjAQBgkqhkiG9w0BCQEWA211azCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAs3P69EikFbMEzfUanju3SP6v5aTY7GrOQb2a +P7f3C8o2KJsJSCoUWLnHjyRmqSgNNGn9kWli+2ZUYKrlWxuU1BIRE3BbWYkBddSw +CBAAEF1gMGohf2+9kXo7hMYI/1b5CWcdiFGwNDenDj0fQxluddzu5HB19tvexUJa +Oa8Mhh8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCCxeNQy/H7SOVjf8OchWKKlTFJ +Ws+lb2w1zdN8z9HXVuHuY6thYHsqd5nye8ceKLhU3ccTH+4aXGsSOb8yiIZOdoFZ +jDFBpBB4ZryT0uDfmMs46NkQupWER4xIPO6v9/Ve0zuDO41Cw+jy6rK02m5YTx50 +x4NLIUmt/tDDLYu7UQ== +-----END CERTIFICATE----- diff --git a/key_play/server.csr b/key_play/server.csr new file mode 100644 index 0000000..cab9da4 --- /dev/null +++ b/key_play/server.csr @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBwTCCASoCAQAwaTELMAkGA1UEBhMCSU4xDDAKBgNVBAgMA01haDENMAsGA1UE +BwwEUHVuZTEMMAoGA1UECgwDQ2xvMQwwCgYDVQQLDANEZXYxDTALBgNVBAMMBFRl +c3QxEjAQBgkqhkiG9w0BCQEWA211azCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAs3P69EikFbMEzfUanju3SP6v5aTY7GrOQb2aP7f3C8o2KJsJSCoUWLnHjyRm +qSgNNGn9kWli+2ZUYKrlWxuU1BIRE3BbWYkBddSwCBAAEF1gMGohf2+9kXo7hMYI +/1b5CWcdiFGwNDenDj0fQxluddzu5HB19tvexUJaOa8Mhh8CAwEAAaAYMBYGCSqG +SIb3DQEJBzEJDAd0ZXN0MTIzMA0GCSqGSIb3DQEBBQUAA4GBAGnUcLFiXEXHwXJe +E0nmJNBrl09Iu3uUNnavjTuVcy49hQOCcUKgw3S3yy4Rlc90xbgsyIvLF8/uor47 +IbDMFbZMlO5YW40KtD9dSlTCGmzMyoCLqSEoFuO2ynQ9EwuHFe6yCzYCrN3Z8W7i +CX5lwF8GCBObjNNOeTdP8AzpnMTZ +-----END CERTIFICATE REQUEST----- diff --git a/key_play/server.key b/key_play/server.key new file mode 100644 index 0000000..82b418b --- /dev/null +++ b/key_play/server.key @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,02BF23AF80F95373 + +bB/LJj+5nd9E12ZoswZoIT5DXDvFzCAsk+fk3GAgDHV/7BwEdRZQyqsu9CIKw++C +XNIh9P5qjZzgq5Rv/rmQ6MJU8mz9jjr4DSQawEElXbQrlHURAUGL6rfZXhEKcI/r ++JPqo8Mm9h67AHRmREpqxv0AumVg+ReKQjxrfaPlgPfLM/fGu96aIl7jEaXhFqTd +awRjmMcNsJw5bquWmlEQzIgmBan6jcqLa6eXSZTvKwk9cH9hHLJTkmlZgXVEifUQ +8TKhagJcB9NtfF3WIEFwh+2n4yKI25vYXpJIyxwCLdmZSbCCSiRPQ+ayECG5ATXz +yPdyzNcyKlZuuOye8wf5qdmVQOwIDkM8xp3UziV5slupniOuEFF4uPHwBjW0moKA +O0jfmRrIX2VboOK2s26BrRsFqQZnZSbcqKs1Khprj9Nb5D10kS2dgdGo7XT5ytOq +vZA9YqDo7W/7ksDxT2sR1ysOfrozTacCxL3sQ8Gbf8ByTW+IoeQjeq/21NmLV4c4 +g8HsWpXX8PDhrbrno11+BnQcBAlpIYU96qGGSVQOcuZUEUNQk8vi6dnDT681LPAm +y9c8i8O0QqpNNY+qID+5EEVxoQVgA+VauD3LPcfaTV/62gQMwWrnbVc3vVRSE02F ++4mjj+KtIztnmkkE1dnX2IhCk/lxWd2BVLd7LQe9SPM8adGcIP/8C0+CoscnHYoG +mYp4TPoXtHgFhQOHPkiYv0EPDFKOi3jdzSfoTvTfSkwhZAmUPaap8VyAZ4eYq+9b +hSMavTmnA0pvMhfr4fSCvbeNuq4UokxI7Rzr7D8tOVSzap68mybxVg== +-----END RSA PRIVATE KEY----- diff --git a/lib/azure/role.rb b/lib/azure/role.rb index 44e7eaa..f4c1b8a 100755 --- a/lib/azure/role.rb +++ b/lib/azure/role.rb @@ -143,25 +143,29 @@ class Azure xml.HostName params[:host_name] xml.UserName params[:ssh_user] xml.UserPassword params[:ssh_password] - xml.DisableSshPasswordAuthentication 'false' - #if params[:ssh_cert] != nil + if params[:ssh_key].nil? + xml.DisableSshPasswordAuthentication 'false' + else + xml.DisableSshPasswordAuthentication 'true' + end + if !params[:ssh_key].nil? xml.SSH { xml.PublicKeys { xml.PublicKey { - xml.FingerPrint generateFingerPrint params[:ssh_cert] - #xml.FingerPrint '512ddff04123ea907db8c5e7442dde0161e090f9' + xml.FingerPrint generateFingerPrint (params[:ssh_key]) + #xml.FingerPrint 'a4a7af56c1d71fb45c8968f78e3ee90a2639260e' xml.Path '/home/' + params[:ssh_user] + '/.ssh/authorized_keys' } } xml.KeyPairs { xml.KeyPair { - xml.FingerPrint generateFingerPrint params[:ssh_cert] - #xml.FingerPrint '512ddff04123ea907db8c5e7442dde0161e090f9' + xml.FingerPrint generateFingerPrint (params[:ssh_key]) + #xml.FingerPrint 'a4a7af56c1d71fb45c8968f78e3ee90a2639260e' xml.Path '/home/' + params[:ssh_user] + '/.ssh/authorized_keys' } } } - + end } elsif params[:os_type] == 'Windows' xml.ConfigurationSet('i:type' => 'WindowsProvisioningConfigurationSet') { @@ -241,15 +245,32 @@ class Azure "/#{params['deploy_name']}/roles" @connection.query_azure(servicecall, "post", roleXML.to_xml) end - def generateFingerPrint ssh_cert - # TODO - puts ssh_cert - newcert = File.read('azureCert.pem') - puts newcert - newcert["-----BEGIN CERTIFICATE-----\n"] = "" - newcert["-----END CERTIFICATE-----\n"] = "" - sha1 = OpenSSL::Digest::SHA1.new(newcert) + def generateFingerPrint (params) + key = OpenSSL::PKey::RSA.new(File.read(params[:ssh_key]), params[:ssh_key_passphrase]) + ca = OpenSSL::X509::Certificate.new + ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate + ca.serial = Random.rand(100) + ca.subject = OpenSSL::X509::Name.parse "/DC=org/DC=ruby-lang/CN=Ruby CA" + ca.issuer = ca.subject # root CA's are "self-signed" + ca.public_key = key.public_key + ca.not_before = Time.now + ca.not_after = ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity + ef = OpenSSL::X509::ExtensionFactory.new + ef.subject_certificate = ca + ef.issuer_certificate = ca + ca.add_extension(ef.create_extension("basicConstraints","CA:TRUE",true)) + ca.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true)) + ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false)) + ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false)) + ca.sign(key, OpenSSL::Digest::SHA256.new) + + cert = ca.to_pem + cert["-----BEGIN CERTIFICATE-----\n"] = "" + cert["-----END CERTIFICATE-----\n"] = "" + + sha1 = OpenSSL::Digest::SHA1.new(Base64.encode64(cert)) sha1 + end end end diff --git a/lib/chef/knife/azure_server_create.rb b/lib/chef/knife/azure_server_create.rb index 68329f1..cf75531 100755 --- a/lib/chef/knife/azure_server_create.rb +++ b/lib/chef/knife/azure_server_create.rb @@ -157,10 +157,15 @@ class Chef :long => "--udp-endpoints PORT_LIST", :description => "Comma separated list of UDP local and public ports to open i.e. '80:80,433:5000'" - option :ssh_cert, - :long => "--ssh-cert FILENAME", - :description => "SSH Certificate in X509 format", - :proc => Proc.new { |key| Chef::Config[:knife][:ssh_cert] = key } + option :ssh_key, + :long => "--ssh-key FILENAME", + :description => "SSH key", + :proc => Proc.new { |key| Chef::Config[:knife][:ssh_key] = key } + + option :ssh_key_passphrase, + :long => "--ssh-key-passphrase PASSWORD", + :description => "SSH key passphrase", + :proc => Proc.new { |pp| Chef::Config[:knife][:ssh_key_passphrase] = pp } def strip_non_ascii(string) string.gsub(/[^0-9a-z ]/i, '') @@ -422,7 +427,8 @@ class Chef :tcp_endpoints => locate_config_value(:tcp_endpoints), :udp_endpoints => locate_config_value(:udp_endpoints), :bootstrap_proto => locate_config_value(:bootstrap_protocol), - :ssh_cert => locate_config_value(:ssh_cert) + :ssh_key => locate_config_value(:ssh_key), + :ssh_key_passphrase => locate_config_value(:ssh_key_passphrase) } if is_image_windows? diff --git a/myCert.cer b/myCert.cer new file mode 100644 index 0000000000000000000000000000000000000000..b97e70a9677b9e67c8ab47792118103471cdfb63 GIT binary patch literal 1017 zcmXqLV*YB-#B_H7GZP~d6DLE*mcSsZ@~nCTUN%mxHjlRNyo`*jtPBQ?6AZZxIN6v( zS=fY`JpBws41_=&4jyjb#EitE#Nv#SqC`Vp18$HgI}b}hXNi8!JHV_2yn0dH-OS4N79ji)0GKxv$f~52k3o;UO zQXP^Z=IABo=Nia~^BNi(m>3xu85@`xn??b-CP>`D=;S6wCFFo*WMyD(V&rEqXkz4I zYGPz$xSq$s>>=Iq?8BS=cT=BCnb6F*|HyMeoeAv?E<9PzJz@seyt4c?e%;Q9D%lhw zTl?NOK``mliO4HK0(RS#^7c)fd9UZ5$(s%4^FDX-vGzt}ef=r)e1d+&6o-8AUo*d) zGgnz%7kgLwg33ic>7?pMy^;^sO*DMcz$@RSd`=-KVAol_2T>=Um!*2-oaSM&Juf-+ zlIPdDyUS;b+s{+C-*V`xHAD2;Wxamlps%^8aU-9(MWr zeD)+Y^_xrfu`jl;_X zjR)KAebK4DcJHv|_X+U~JphoHbJqX> literal 0 HcmV?d00001 diff --git a/myPrivateKey.key b/myPrivateKey.key new file mode 100644 index 0000000..99179ed --- /dev/null +++ b/myPrivateKey.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDXbggDSBuE5vDs +v91l5JSQgwG/xOcRLJCHgEQMakOMFjDWSmpPKPrbaFp0slQdfe9NYBFi8shZ1FIQ +Prcibr6Rmd6M3jTssDee84kOBY1YavX5EueQL1iUQG8X+pn0zjckq35d3RvQJNEO +G2J74o0Z4K6RMeSADR+KI84gUlC6zS7gWsjndmVIbMsMAj3PGZXSSfV+3aebFz+e +Jz+0wtU7AFutpo1OF1UKofo55af0W5tLLPxY1K12Tlxv/2t1w0T955uSJifZpL4H +p9SV50djc7kLYmMWZzSfZyRopOLIbrYqdrFpUtB1b5o/K8X6LycyVIGdFuCNNc7c +UkWDVPQ3AgMBAAECggEBAKaLGMS4tRWcl/rfJSDFgpjpvqtrZJshUaZ/YZwbdpbQ +/PZdVyxVaQG//dYjmuWl2x99OlO9j2fqvXpzkY6cANV9F9DdZBrq7EUEzxq47hnB +ruDcXYpZH+iUm431HZpk5bqCndGgwwS5wahfQVa2wRCVYz86TAU2oABiR9My79hI +pkvfDTdT0EYk6w7lD2SZr9AAckAy9fouUB/1iEU0mav8jJZh+pLSofJRnRRTgbHY +wUhtF5qK4RC5JFJVZSTlrW4MXLUpF7FWMwIZf9ccwXTvwYtY67LddPDp8qbVF/6i +SluAKkHR1N+8fNpXDaMNpoV7fqtAQor6MXF4YXMkG3kCgYEA8WP9iqUJO50vNRQl +Q4TUW1BVzCSp4r6NYRVodHRg/2RVmOe9n0JB+rYos4ht3/9yeas3PgHj1epVtQ1L +TJGXdcxseMbEs01a5Pjw0+x3164tiVJWBnxYPwtSt6p5DuLD5t+uUyUpY8YAIdws +xVQlqGJgYCKEA97FGHMuV/uvGmMCgYEA5HfQoOIUW1facFSz5FZhrw6aJQi0XzVl +RTNZhQJCOHdYSo1dwDK5R9ol0Sum1SceOG6oa59CULW2H5ltRJa3utJg16bTH63V +pFMxXx2i86nZRVvARsZYbY4kr9cOuXei1NdVbvdAswRyab6b3ePNEOiCmURKtYlD +XI76AVRDXR0CgYEA00xaiL1UKqm5w/WhdMvV8ySMJclGKGPyb7QEnkOtEIGsZ88a +7khaZvKDCDx5KWV6uEQGdDHFVN/uLDC55Alhkkzh+orLbcRdtyat8GQCt3oRBC5d +fQnlWTI5Mup3U29uWi8cck2KQHr2bK1FR2oUGKQchqpP8u9SicdxHrUCHs8CgYEA +hLZInTvWYVz+CWRaftfitGKCDeMpi2ij4/e5F3dBajWBNwU5IS0VzXQdpYx6w7SO +bG9zK9j+F44GNgLUoxP9s+sC0CIa33sF8AdXVY4MmwfdqtlqLnKG6VS5YN9GsVua +XZKcEPJVRefeYiiTt+fcteap/kfaMeuDEqAG/4CoBM0CgYBXn63zTq8/KqVb5jOa +wjEL7Kq+BID8o25bY47Ia1W4lXo1OF8WjLx40QF10yAVCrTV9cRStOZX7rTnmJq0 +ckhYIBnOCq8x1FD7FNGg19onP9X1CkHiIlGihM/FjC9+3yhInacjJvbrDMhiu8hB +d1VeyMHfQ4J+mn4TQ8NZIhCX5A== +-----END PRIVATE KEY----- From 588201f507e2fdf806f56db5a9dd7edcc2de6a0b Mon Sep 17 00:00:00 2001 From: Mukta Date: Mon, 6 May 2013 22:23:25 +0530 Subject: [PATCH 18/41] add support in linux for ssh keys --- azurePrivateKey.key | 28 ---------------------------- getfingerprint.rb | 18 ------------------ key_play/passphrase | 1 - key_play/server.crt | 15 --------------- key_play/server.csr | 12 ------------ key_play/server.key | 18 ------------------ myCert.cer | Bin 1017 -> 0 bytes myPrivateKey.key | 28 ---------------------------- 8 files changed, 120 deletions(-) delete mode 100644 azurePrivateKey.key delete mode 100644 getfingerprint.rb delete mode 100644 key_play/passphrase delete mode 100644 key_play/server.crt delete mode 100644 key_play/server.csr delete mode 100644 key_play/server.key delete mode 100644 myCert.cer delete mode 100644 myPrivateKey.key diff --git a/azurePrivateKey.key b/azurePrivateKey.key deleted file mode 100644 index dcbae67..0000000 --- a/azurePrivateKey.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDMkKCgtEt93GB6 -hgaPtA+Mz217BJuA2Z6unPt09tAwgy5zQtVDFrb4XWqMjvn033IEwB/nc8HjoDsp -c9CD2MwL3lI6refN8gPLJDg89858YdXw7O+o3FHyAFZWlkeKLvklOgn+TbYKoHQp -UeC7PnV+DjTuBtm3n4hDF0yTvXaK87eGhqXQPvesc8N0/lEvyy2f+1tkQAW39R+Z -NmQXKr1PFUcHrhsUG0ZAh/gO8MZHx0uwZM6tisQuD6aMe+oJRj9PqSykzKVmgn0G -TXkWxQKueoHu98q1N9UYccKx8VZG99zk2wnBC5sq64HeAlR3sPDAYLlk4/i5+QEd -58TXsLHRAgMBAAECggEAQ6fVqDDZAuBe/EbVZrOrrOtxjw0gDQZsZ929gJqckl7g -fvhspgqeKxhiQ+iJnMZF5HJSWu87AfideIE4RlLucUJvOb8IemF/hbEN9IQUw6hr -5InIXbW4WGxqIasEMByHBBvk8DltaqhUotHUnLj0jONP+CVF3mgh3eaXygkQarXG -gMJORgIHaFV3gEN7XXhbJbUQmAH9ZZfif7vxBvWyYteD0MVLvZWRpNF68bfLMRIu -cpLa+q3uvTgs2c1BewAZA82V91TBOIBkB4qTz4vbV0a8Na0yCXYfisX2dUd5iIoD -3DKPYLQVHt1RrghMELeJGlgjk/wqjNB4b6E5KIP40QKBgQD2v9IM6ZqEsAv5L75k -AUxJaea8HTG7+VgV9pA8m2LdKZTfndE/AXeCv+YKugs4Fz9dj0USrmNOX2gdTLOw -srhgYKRlLiXA2XPYb2flwyrhcRO/bAfu7ohSA7XWipKJL4cJJAQtNnVCGH41bWcy -gRL5cQWI4Iow9vrrpcNyemJGZQKBgQDUO/Evvs0DtjQJdjGs2TmE4pxfWDjNZKWc -eOR7nQIHL9BI5BR7kV3LJr0eUha8oaOVxn7sWA4uFwtKJ+lBbO3MXkIFZoiOVzRQ -MKGfocs0iYV5XLBLwj4p0NzuWQYdoSkVWSKY/fZED6Vt2T0O44ABCyVPMzmc8pcI -A/x8fCqg/QKBgBgS2vF7kSHE80YajF7Baan39RUBXCrUxu1NowDmwByHxAiVIycc -g4Z0JoOBZzrPudTs93Y9IV8yG7xQEW/539c3VpKwj+pizNSe+eoGwpZALAcPCS8c -gpxN1F3cIzPTOT+BDg9DMumB7j5UMC9TPICtsDaMga8JSa3X/Fuc6R2pAoGAMvCY -OS+Aoa1v2/2EespApgaGJdRU/ed0YJQbsxfCTttJENW9nNMNQh9wMQDe+DOLwf08 -pZmU/bcGPKxLrippAS52hjlP+Wow4jZp9Jiu31NKuBBpOCXNKdg5zvOLJj1yUO9u -AG6kVz2yJSWJJDOym42DTPkskOEhIwlh5rcevDkCgYA3/H4GGTqlu6RfwzlAqoGO -Kxm7DHWjXuaAwhfTs1MksfOQ1ptqXAXjigpv523UWbZ1eDj2c0jCJQf2KAyXSGUp -f2jOS9EcO/0D0Jf+hXvc0jH7qrijy7AcQrGykqdKCgpC7K74ULrfJomD3V8NDDle -otoRmoCKG59ibyYUNnzgpw== ------END PRIVATE KEY----- diff --git a/getfingerprint.rb b/getfingerprint.rb deleted file mode 100644 index e0b203e..0000000 --- a/getfingerprint.rb +++ /dev/null @@ -1,18 +0,0 @@ -require 'openssl' - -certificate = -OpenSSL::X509::Certificate.new(File.read('myCert.cer')) -mycert = certificate.to_pem - - - -mycert["-----BEGIN CERTIFICATE-----\n"] = "" -mycert["-----END CERTIFICATE-----\n"] = "" - - -newcert = File.read('azureCert.pem') -puts newcert -newcert["-----BEGIN CERTIFICATE-----\n"] = "" -newcert["-----END CERTIFICATE-----\n"] = "" -sha1 = OpenSSL::Digest::SHA1.new(newcert) -puts sha1 diff --git a/key_play/passphrase b/key_play/passphrase deleted file mode 100644 index 5271a52..0000000 --- a/key_play/passphrase +++ /dev/null @@ -1 +0,0 @@ -test123 diff --git a/key_play/server.crt b/key_play/server.crt deleted file mode 100644 index 4ddf703..0000000 --- a/key_play/server.crt +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICSTCCAbICCQDcSjX6siOCkjANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJJ -TjEMMAoGA1UECAwDTWFoMQ0wCwYDVQQHDARQdW5lMQwwCgYDVQQKDANDbG8xDDAK -BgNVBAsMA0RldjENMAsGA1UEAwwEVGVzdDESMBAGCSqGSIb3DQEJARYDbXVrMB4X -DTEzMDQzMDAwNTY0NloXDTE0MDQzMDAwNTY0NlowaTELMAkGA1UEBhMCSU4xDDAK -BgNVBAgMA01haDENMAsGA1UEBwwEUHVuZTEMMAoGA1UECgwDQ2xvMQwwCgYDVQQL -DANEZXYxDTALBgNVBAMMBFRlc3QxEjAQBgkqhkiG9w0BCQEWA211azCBnzANBgkq -hkiG9w0BAQEFAAOBjQAwgYkCgYEAs3P69EikFbMEzfUanju3SP6v5aTY7GrOQb2a -P7f3C8o2KJsJSCoUWLnHjyRmqSgNNGn9kWli+2ZUYKrlWxuU1BIRE3BbWYkBddSw -CBAAEF1gMGohf2+9kXo7hMYI/1b5CWcdiFGwNDenDj0fQxluddzu5HB19tvexUJa -Oa8Mhh8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCCxeNQy/H7SOVjf8OchWKKlTFJ -Ws+lb2w1zdN8z9HXVuHuY6thYHsqd5nye8ceKLhU3ccTH+4aXGsSOb8yiIZOdoFZ -jDFBpBB4ZryT0uDfmMs46NkQupWER4xIPO6v9/Ve0zuDO41Cw+jy6rK02m5YTx50 -x4NLIUmt/tDDLYu7UQ== ------END CERTIFICATE----- diff --git a/key_play/server.csr b/key_play/server.csr deleted file mode 100644 index cab9da4..0000000 --- a/key_play/server.csr +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBwTCCASoCAQAwaTELMAkGA1UEBhMCSU4xDDAKBgNVBAgMA01haDENMAsGA1UE -BwwEUHVuZTEMMAoGA1UECgwDQ2xvMQwwCgYDVQQLDANEZXYxDTALBgNVBAMMBFRl -c3QxEjAQBgkqhkiG9w0BCQEWA211azCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC -gYEAs3P69EikFbMEzfUanju3SP6v5aTY7GrOQb2aP7f3C8o2KJsJSCoUWLnHjyRm -qSgNNGn9kWli+2ZUYKrlWxuU1BIRE3BbWYkBddSwCBAAEF1gMGohf2+9kXo7hMYI -/1b5CWcdiFGwNDenDj0fQxluddzu5HB19tvexUJaOa8Mhh8CAwEAAaAYMBYGCSqG -SIb3DQEJBzEJDAd0ZXN0MTIzMA0GCSqGSIb3DQEBBQUAA4GBAGnUcLFiXEXHwXJe -E0nmJNBrl09Iu3uUNnavjTuVcy49hQOCcUKgw3S3yy4Rlc90xbgsyIvLF8/uor47 -IbDMFbZMlO5YW40KtD9dSlTCGmzMyoCLqSEoFuO2ynQ9EwuHFe6yCzYCrN3Z8W7i -CX5lwF8GCBObjNNOeTdP8AzpnMTZ ------END CERTIFICATE REQUEST----- diff --git a/key_play/server.key b/key_play/server.key deleted file mode 100644 index 82b418b..0000000 --- a/key_play/server.key +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,02BF23AF80F95373 - -bB/LJj+5nd9E12ZoswZoIT5DXDvFzCAsk+fk3GAgDHV/7BwEdRZQyqsu9CIKw++C -XNIh9P5qjZzgq5Rv/rmQ6MJU8mz9jjr4DSQawEElXbQrlHURAUGL6rfZXhEKcI/r -+JPqo8Mm9h67AHRmREpqxv0AumVg+ReKQjxrfaPlgPfLM/fGu96aIl7jEaXhFqTd -awRjmMcNsJw5bquWmlEQzIgmBan6jcqLa6eXSZTvKwk9cH9hHLJTkmlZgXVEifUQ -8TKhagJcB9NtfF3WIEFwh+2n4yKI25vYXpJIyxwCLdmZSbCCSiRPQ+ayECG5ATXz -yPdyzNcyKlZuuOye8wf5qdmVQOwIDkM8xp3UziV5slupniOuEFF4uPHwBjW0moKA -O0jfmRrIX2VboOK2s26BrRsFqQZnZSbcqKs1Khprj9Nb5D10kS2dgdGo7XT5ytOq -vZA9YqDo7W/7ksDxT2sR1ysOfrozTacCxL3sQ8Gbf8ByTW+IoeQjeq/21NmLV4c4 -g8HsWpXX8PDhrbrno11+BnQcBAlpIYU96qGGSVQOcuZUEUNQk8vi6dnDT681LPAm -y9c8i8O0QqpNNY+qID+5EEVxoQVgA+VauD3LPcfaTV/62gQMwWrnbVc3vVRSE02F -+4mjj+KtIztnmkkE1dnX2IhCk/lxWd2BVLd7LQe9SPM8adGcIP/8C0+CoscnHYoG -mYp4TPoXtHgFhQOHPkiYv0EPDFKOi3jdzSfoTvTfSkwhZAmUPaap8VyAZ4eYq+9b -hSMavTmnA0pvMhfr4fSCvbeNuq4UokxI7Rzr7D8tOVSzap68mybxVg== ------END RSA PRIVATE KEY----- diff --git a/myCert.cer b/myCert.cer deleted file mode 100644 index b97e70a9677b9e67c8ab47792118103471cdfb63..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1017 zcmXqLV*YB-#B_H7GZP~d6DLE*mcSsZ@~nCTUN%mxHjlRNyo`*jtPBQ?6AZZxIN6v( zS=fY`JpBws41_=&4jyjb#EitE#Nv#SqC`Vp18$HgI}b}hXNi8!JHV_2yn0dH-OS4N79ji)0GKxv$f~52k3o;UO zQXP^Z=IABo=Nia~^BNi(m>3xu85@`xn??b-CP>`D=;S6wCFFo*WMyD(V&rEqXkz4I zYGPz$xSq$s>>=Iq?8BS=cT=BCnb6F*|HyMeoeAv?E<9PzJz@seyt4c?e%;Q9D%lhw zTl?NOK``mliO4HK0(RS#^7c)fd9UZ5$(s%4^FDX-vGzt}ef=r)e1d+&6o-8AUo*d) zGgnz%7kgLwg33ic>7?pMy^;^sO*DMcz$@RSd`=-KVAol_2T>=Um!*2-oaSM&Juf-+ zlIPdDyUS;b+s{+C-*V`xHAD2;Wxamlps%^8aU-9(MWr zeD)+Y^_xrfu`jl;_X zjR)KAebK4DcJHv|_X+U~JphoHbJqX> diff --git a/myPrivateKey.key b/myPrivateKey.key deleted file mode 100644 index 99179ed..0000000 --- a/myPrivateKey.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDXbggDSBuE5vDs -v91l5JSQgwG/xOcRLJCHgEQMakOMFjDWSmpPKPrbaFp0slQdfe9NYBFi8shZ1FIQ -Prcibr6Rmd6M3jTssDee84kOBY1YavX5EueQL1iUQG8X+pn0zjckq35d3RvQJNEO -G2J74o0Z4K6RMeSADR+KI84gUlC6zS7gWsjndmVIbMsMAj3PGZXSSfV+3aebFz+e -Jz+0wtU7AFutpo1OF1UKofo55af0W5tLLPxY1K12Tlxv/2t1w0T955uSJifZpL4H -p9SV50djc7kLYmMWZzSfZyRopOLIbrYqdrFpUtB1b5o/K8X6LycyVIGdFuCNNc7c -UkWDVPQ3AgMBAAECggEBAKaLGMS4tRWcl/rfJSDFgpjpvqtrZJshUaZ/YZwbdpbQ -/PZdVyxVaQG//dYjmuWl2x99OlO9j2fqvXpzkY6cANV9F9DdZBrq7EUEzxq47hnB -ruDcXYpZH+iUm431HZpk5bqCndGgwwS5wahfQVa2wRCVYz86TAU2oABiR9My79hI -pkvfDTdT0EYk6w7lD2SZr9AAckAy9fouUB/1iEU0mav8jJZh+pLSofJRnRRTgbHY -wUhtF5qK4RC5JFJVZSTlrW4MXLUpF7FWMwIZf9ccwXTvwYtY67LddPDp8qbVF/6i -SluAKkHR1N+8fNpXDaMNpoV7fqtAQor6MXF4YXMkG3kCgYEA8WP9iqUJO50vNRQl -Q4TUW1BVzCSp4r6NYRVodHRg/2RVmOe9n0JB+rYos4ht3/9yeas3PgHj1epVtQ1L -TJGXdcxseMbEs01a5Pjw0+x3164tiVJWBnxYPwtSt6p5DuLD5t+uUyUpY8YAIdws -xVQlqGJgYCKEA97FGHMuV/uvGmMCgYEA5HfQoOIUW1facFSz5FZhrw6aJQi0XzVl -RTNZhQJCOHdYSo1dwDK5R9ol0Sum1SceOG6oa59CULW2H5ltRJa3utJg16bTH63V -pFMxXx2i86nZRVvARsZYbY4kr9cOuXei1NdVbvdAswRyab6b3ePNEOiCmURKtYlD -XI76AVRDXR0CgYEA00xaiL1UKqm5w/WhdMvV8ySMJclGKGPyb7QEnkOtEIGsZ88a -7khaZvKDCDx5KWV6uEQGdDHFVN/uLDC55Alhkkzh+orLbcRdtyat8GQCt3oRBC5d -fQnlWTI5Mup3U29uWi8cck2KQHr2bK1FR2oUGKQchqpP8u9SicdxHrUCHs8CgYEA -hLZInTvWYVz+CWRaftfitGKCDeMpi2ij4/e5F3dBajWBNwU5IS0VzXQdpYx6w7SO -bG9zK9j+F44GNgLUoxP9s+sC0CIa33sF8AdXVY4MmwfdqtlqLnKG6VS5YN9GsVua -XZKcEPJVRefeYiiTt+fcteap/kfaMeuDEqAG/4CoBM0CgYBXn63zTq8/KqVb5jOa -wjEL7Kq+BID8o25bY47Ia1W4lXo1OF8WjLx40QF10yAVCrTV9cRStOZX7rTnmJq0 -ckhYIBnOCq8x1FD7FNGg19onP9X1CkHiIlGihM/FjC9+3yhInacjJvbrDMhiu8hB -d1VeyMHfQ4J+mn4TQ8NZIhCX5A== ------END PRIVATE KEY----- From 5ab35ff8b4437c6849735b0143d709582926f72e Mon Sep 17 00:00:00 2001 From: Mukta Date: Sat, 11 May 2013 00:14:35 +0530 Subject: [PATCH 19/41] add support for ssh keys in linux --- lib/azure/certificate.rb | 107 +++++++++++++++++++++++++++++++++++++++ lib/azure/connection.rb | 4 +- lib/azure/deploy.rb | 3 ++ lib/azure/role.rb | 56 ++++---------------- 4 files changed, 123 insertions(+), 47 deletions(-) create mode 100755 lib/azure/certificate.rb diff --git a/lib/azure/certificate.rb b/lib/azure/certificate.rb new file mode 100755 index 0000000..f6528d8 --- /dev/null +++ b/lib/azure/certificate.rb @@ -0,0 +1,107 @@ +# +# Author:: Mukta Aphale (mukta.aphale@clogeny.com) +# Copyright:: Copyright (c) 2010-2011 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class Azure + class Certificates + def initialize(connection) + @connection=connection + end + def all + #TODO + nil + end + def exists(name) + #TODO + nil + end + def create(params) + certificate = Certificate.new(@connection) + certificate.create(params) + end + def delete(name) + #TODO + end + end +end + +class Azure + class Certificate + #include AzureUtility + attr_accessor :connection, :certificate_name, :hosted_service_name + attr_accessor :cert_data, :cert_data_pem + def initialize(connection) + @connection = connection + end + def parse(serviceXML) + #TODO + self + end + def create(params) + @cert_data = generateCertificateData ({:ssh_key => params[:ssh_key], + :ssh_key_passphrase => params[:ssh_key_passphrase]}) + builder = Nokogiri::XML::Builder.new do |xml| + xml.CertificateFile('xmlns'=>'http://schemas.microsoft.com/windowsazure') { + xml.Data @cert_data + xml.CertificateFormat 'pfx' + xml.Password 'knifeazure' + } + end + @connection.query_azure("hostedservices/#{params[:hosted_service_name]}/certificates", "post", builder.to_xml) + generateFingerPrint(@cert_data) + end + def details + #TODO + end + + def generateCertificateData (params) + key = OpenSSL::PKey::RSA.new(File.read(params[:ssh_key]), params[:ssh_key_passphrase]) + ca = OpenSSL::X509::Certificate.new + ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate + ca.serial = Random.rand(100) + ca.subject = OpenSSL::X509::Name.parse "/DC=org/DC=knife-plugin/CN=Opscode CA" + ca.issuer = ca.subject # root CA's are "self-signed" + ca.public_key = key.public_key + ca.not_before = Time.now + ca.not_after = ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity + ef = OpenSSL::X509::ExtensionFactory.new + ef.subject_certificate = ca + ef.issuer_certificate = ca + ca.add_extension(ef.create_extension("basicConstraints","CA:TRUE",true)) + ca.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true)) + ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false)) + ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false)) + ca.sign(key, OpenSSL::Digest::SHA256.new) + @cert_data_pem = ca.to_pem + pfx = OpenSSL::PKCS12.create('knifeazure', 'knife-azure-pfx', key, ca) + File.write('1', ca.to_pem) + File.write('2', Base64.strict_encode64(pfx.to_der)) + Base64.strict_encode64(pfx.to_der) + end + def generateFingerPrint(data) + fingerprint = OpenSSL::Digest::SHA1.new(File.read('1')) + puts fingerprint + puts OpenSSL::Digest::SHA1.new(File.read('2')) + a =File.read('1') + a["-----BEGIN CERTIFICATE-----\n"]="" + a["-----END CERTIFICATE-----\n"]="" + fingerprint= OpenSSL::Digest::SHA1.new(Base64.encode64(a)) + puts fingerprint + fingerprint + end + end +end diff --git a/lib/azure/connection.rb b/lib/azure/connection.rb index 060636a..e77a9dc 100755 --- a/lib/azure/connection.rb +++ b/lib/azure/connection.rb @@ -23,11 +23,12 @@ require File.expand_path('../deploy', __FILE__) require File.expand_path('../role', __FILE__) require File.expand_path('../disk', __FILE__) require File.expand_path('../image', __FILE__) +require File.expand_path('../certificate', __FILE__) class Azure class Connection include AzureAPI - attr_accessor :hosts, :rest, :images, :deploys, :roles, :disks, :storageaccounts + attr_accessor :hosts, :rest, :images, :deploys, :roles, :disks, :storageaccounts, :certificates def initialize(params={}) @rest = Rest.new(params) @hosts = Hosts.new(self) @@ -36,6 +37,7 @@ class Azure @deploys = Deploys.new(self) @roles = Roles.new(self) @disks = Disks.new(self) + @certificates = Certificates.new(self) end def query_azure(service_name, verb = 'get', body = '') Chef::Log.info 'calling ' + verb + ' ' + service_name diff --git a/lib/azure/deploy.rb b/lib/azure/deploy.rb index cd645be..587881f 100755 --- a/lib/azure/deploy.rb +++ b/lib/azure/deploy.rb @@ -48,6 +48,9 @@ class Azure unless @connection.storageaccounts.exists(params[:storage_account]) @connection.storageaccounts.create(params) end + if params[:ssh_key] + params[:fingerprint] = @connection.certificates.create(params) + end params['deploy_name'] = find(params[:hosted_service_name]) if params['deploy_name'] != nil role = Role.new(@connection) diff --git a/lib/azure/role.rb b/lib/azure/role.rb index f4c1b8a..4307ab3 100755 --- a/lib/azure/role.rb +++ b/lib/azure/role.rb @@ -143,28 +143,19 @@ class Azure xml.HostName params[:host_name] xml.UserName params[:ssh_user] xml.UserPassword params[:ssh_password] - if params[:ssh_key].nil? - xml.DisableSshPasswordAuthentication 'false' - else - xml.DisableSshPasswordAuthentication 'true' - end if !params[:ssh_key].nil? + xml.DisableSshPasswordAuthentication 'true' xml.SSH { - xml.PublicKeys { - xml.PublicKey { - xml.FingerPrint generateFingerPrint (params[:ssh_key]) - #xml.FingerPrint 'a4a7af56c1d71fb45c8968f78e3ee90a2639260e' - xml.Path '/home/' + params[:ssh_user] + '/.ssh/authorized_keys' - } - } - xml.KeyPairs { - xml.KeyPair { - xml.FingerPrint generateFingerPrint (params[:ssh_key]) - #xml.FingerPrint 'a4a7af56c1d71fb45c8968f78e3ee90a2639260e' - xml.Path '/home/' + params[:ssh_user] + '/.ssh/authorized_keys' - } - } + xml.PublicKeys { + xml.PublicKey { + #xml.Fingerprint fingerprint + xml.Fingerprint params[:fingerprint] + xml.Path '/home/' + params[:ssh_user] + '/.ssh/authorized_keys' + } + } } + else + xml.DisableSshPasswordAuthentication 'false' end } elsif params[:os_type] == 'Windows' @@ -245,32 +236,5 @@ class Azure "/#{params['deploy_name']}/roles" @connection.query_azure(servicecall, "post", roleXML.to_xml) end - def generateFingerPrint (params) - key = OpenSSL::PKey::RSA.new(File.read(params[:ssh_key]), params[:ssh_key_passphrase]) - ca = OpenSSL::X509::Certificate.new - ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate - ca.serial = Random.rand(100) - ca.subject = OpenSSL::X509::Name.parse "/DC=org/DC=ruby-lang/CN=Ruby CA" - ca.issuer = ca.subject # root CA's are "self-signed" - ca.public_key = key.public_key - ca.not_before = Time.now - ca.not_after = ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity - ef = OpenSSL::X509::ExtensionFactory.new - ef.subject_certificate = ca - ef.issuer_certificate = ca - ca.add_extension(ef.create_extension("basicConstraints","CA:TRUE",true)) - ca.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true)) - ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false)) - ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false)) - ca.sign(key, OpenSSL::Digest::SHA256.new) - - cert = ca.to_pem - cert["-----BEGIN CERTIFICATE-----\n"] = "" - cert["-----END CERTIFICATE-----\n"] = "" - - sha1 = OpenSSL::Digest::SHA1.new(Base64.encode64(cert)) - sha1 - - end end end From 31b0a11cf2bbd6ea948616144e27d00092c50ca1 Mon Sep 17 00:00:00 2001 From: Mukta Date: Mon, 13 May 2013 15:11:32 +0530 Subject: [PATCH 20/41] support for ssh keys in linux --- lib/azure/certificate.rb | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/lib/azure/certificate.rb b/lib/azure/certificate.rb index f6528d8..42f735e 100755 --- a/lib/azure/certificate.rb +++ b/lib/azure/certificate.rb @@ -43,7 +43,7 @@ class Azure class Certificate #include AzureUtility attr_accessor :connection, :certificate_name, :hosted_service_name - attr_accessor :cert_data, :cert_data_pem + attr_accessor :cert_data, :fingerprint def initialize(connection) @connection = connection end @@ -62,7 +62,7 @@ class Azure } end @connection.query_azure("hostedservices/#{params[:hosted_service_name]}/certificates", "post", builder.to_xml) - generateFingerPrint(@cert_data) + @fingerprint end def details #TODO @@ -86,22 +86,9 @@ class Azure ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false)) ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false)) ca.sign(key, OpenSSL::Digest::SHA256.new) - @cert_data_pem = ca.to_pem + @fingerprint = OpenSSL::Digest::SHA1.new(ca.to_der) pfx = OpenSSL::PKCS12.create('knifeazure', 'knife-azure-pfx', key, ca) - File.write('1', ca.to_pem) - File.write('2', Base64.strict_encode64(pfx.to_der)) Base64.strict_encode64(pfx.to_der) end - def generateFingerPrint(data) - fingerprint = OpenSSL::Digest::SHA1.new(File.read('1')) - puts fingerprint - puts OpenSSL::Digest::SHA1.new(File.read('2')) - a =File.read('1') - a["-----BEGIN CERTIFICATE-----\n"]="" - a["-----END CERTIFICATE-----\n"]="" - fingerprint= OpenSSL::Digest::SHA1.new(Base64.encode64(a)) - puts fingerprint - fingerprint - end end end From 79864e65526382fc5e5040cc79cae749a538a5be Mon Sep 17 00:00:00 2001 From: Mukta Date: Mon, 13 May 2013 20:46:33 +0530 Subject: [PATCH 21/41] support for ssh keys in linux --- lib/azure/certificate.rb | 15 +++++++++++++-- lib/chef/knife/azure_server_create.rb | 16 +++++++++------- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/lib/azure/certificate.rb b/lib/azure/certificate.rb index 42f735e..17c53d1 100755 --- a/lib/azure/certificate.rb +++ b/lib/azure/certificate.rb @@ -52,8 +52,12 @@ class Azure self end def create(params) + # If ssh-key has been specified, then generate an x 509 certificate from the + # given RSA private key @cert_data = generateCertificateData ({:ssh_key => params[:ssh_key], :ssh_key_passphrase => params[:ssh_key_passphrase]}) + # Generate XML to call the API + # Add certificate to the hosted service builder = Nokogiri::XML::Builder.new do |xml| xml.CertificateFile('xmlns'=>'http://schemas.microsoft.com/windowsazure') { xml.Data @cert_data @@ -61,7 +65,9 @@ class Azure xml.Password 'knifeazure' } end + # Windows Azure API call @connection.query_azure("hostedservices/#{params[:hosted_service_name]}/certificates", "post", builder.to_xml) + # Return the fingerprint to be used while adding role @fingerprint end def details @@ -69,13 +75,15 @@ class Azure end def generateCertificateData (params) + # Generate OpenSSL RSA key from the mentioned ssh key path (and passphrase) key = OpenSSL::PKey::RSA.new(File.read(params[:ssh_key]), params[:ssh_key_passphrase]) + # Generate X 509 certificate ca = OpenSSL::X509::Certificate.new ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate - ca.serial = Random.rand(100) + ca.serial = Random.rand(100) # 2 digit random number for better security aspect ca.subject = OpenSSL::X509::Name.parse "/DC=org/DC=knife-plugin/CN=Opscode CA" ca.issuer = ca.subject # root CA's are "self-signed" - ca.public_key = key.public_key + ca.public_key = key.public_key # Assign the ssh-key's public part to the certificate ca.not_before = Time.now ca.not_after = ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity ef = OpenSSL::X509::ExtensionFactory.new @@ -86,8 +94,11 @@ class Azure ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false)) ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false)) ca.sign(key, OpenSSL::Digest::SHA256.new) + # Generate the SHA1 fingerprint of the der format of the X 509 certificate @fingerprint = OpenSSL::Digest::SHA1.new(ca.to_der) + # Create the pfx format of the certificate pfx = OpenSSL::PKCS12.create('knifeazure', 'knife-azure-pfx', key, ca) + # Encode the pfx format - upload this certificate Base64.strict_encode64(pfx.to_der) end end diff --git a/lib/chef/knife/azure_server_create.rb b/lib/chef/knife/azure_server_create.rb index cf75531..f84334b 100755 --- a/lib/chef/knife/azure_server_create.rb +++ b/lib/chef/knife/azure_server_create.rb @@ -159,12 +159,12 @@ class Chef option :ssh_key, :long => "--ssh-key FILENAME", - :description => "SSH key", + :description => "SSH key, optional. It is the RSA private key. Specify either ssh-password or ssh_key", :proc => Proc.new { |key| Chef::Config[:knife][:ssh_key] = key } option :ssh_key_passphrase, :long => "--ssh-key-passphrase PASSWORD", - :description => "SSH key passphrase", + :description => "SSH key passphrase. Optional, specify if passphrase for ssh-key exists", :proc => Proc.new { |pp| Chef::Config[:knife][:ssh_key_passphrase] = pp } def strip_non_ascii(string) @@ -426,9 +426,7 @@ class Chef :role_size => locate_config_value(:role_size), :tcp_endpoints => locate_config_value(:tcp_endpoints), :udp_endpoints => locate_config_value(:udp_endpoints), - :bootstrap_proto => locate_config_value(:bootstrap_protocol), - :ssh_key => locate_config_value(:ssh_key), - :ssh_key_passphrase => locate_config_value(:ssh_key_passphrase) + :bootstrap_proto => locate_config_value(:bootstrap_protocol) } if is_image_windows? @@ -442,11 +440,15 @@ class Chef server_def[:os_type] = 'Linux' server_def[:bootstrap_proto] = 'ssh' if not locate_config_value(:ssh_user) or not locate_config_value(:ssh_password) - ui.error("SSH User and SSH Password are compulsory parameters") - exit 1 + if not locate_config_value(:ssh_key) + ui.error("Specify either (SSH Key) OR (SSH User and SSH Password)") + exit 1 + end end server_def[:ssh_user] = locate_config_value(:ssh_user) server_def[:ssh_password] = locate_config_value(:ssh_password) + server_def[:ssh_key] = locate_config_value(:ssh_key), + server_def[:ssh_key_passphrase] = locate_config_value(:ssh_key_passphrase) end server_def end From fb6bb1ac7496bf7425173c15028d57f5a0ea3594 Mon Sep 17 00:00:00 2001 From: Mukta Date: Mon, 13 May 2013 22:13:34 +0530 Subject: [PATCH 22/41] support linux ssh keys --- lib/azure/certificate.rb | 2 +- lib/azure/deploy.rb | 2 +- lib/chef/knife/azure_server_create.rb | 17 ++++++++++------- spec/unit/azure_server_create_spec.rb | 20 ++++++++++++++++++++ 4 files changed, 32 insertions(+), 9 deletions(-) diff --git a/lib/azure/certificate.rb b/lib/azure/certificate.rb index 17c53d1..d463f06 100755 --- a/lib/azure/certificate.rb +++ b/lib/azure/certificate.rb @@ -54,7 +54,7 @@ class Azure def create(params) # If ssh-key has been specified, then generate an x 509 certificate from the # given RSA private key - @cert_data = generateCertificateData ({:ssh_key => params[:ssh_key], + @cert_data = generateCertificateData({:ssh_key => params[:ssh_key], :ssh_key_passphrase => params[:ssh_key_passphrase]}) # Generate XML to call the API # Add certificate to the hosted service diff --git a/lib/azure/deploy.rb b/lib/azure/deploy.rb index 587881f..3c10b97 100755 --- a/lib/azure/deploy.rb +++ b/lib/azure/deploy.rb @@ -48,7 +48,7 @@ class Azure unless @connection.storageaccounts.exists(params[:storage_account]) @connection.storageaccounts.create(params) end - if params[:ssh_key] + if params[:ssh_key] params[:fingerprint] = @connection.certificates.create(params) end params['deploy_name'] = find(params[:hosted_service_name]) diff --git a/lib/chef/knife/azure_server_create.rb b/lib/chef/knife/azure_server_create.rb index f84334b..f927d23 100755 --- a/lib/chef/knife/azure_server_create.rb +++ b/lib/chef/knife/azure_server_create.rb @@ -159,13 +159,11 @@ class Chef option :ssh_key, :long => "--ssh-key FILENAME", - :description => "SSH key, optional. It is the RSA private key. Specify either ssh-password or ssh_key", - :proc => Proc.new { |key| Chef::Config[:knife][:ssh_key] = key } + :description => "SSH key path, optional. It is the RSA private key. Specify either ssh-password or ssh-key" option :ssh_key_passphrase, :long => "--ssh-key-passphrase PASSWORD", - :description => "SSH key passphrase. Optional, specify if passphrase for ssh-key exists", - :proc => Proc.new { |pp| Chef::Config[:knife][:ssh_key_passphrase] = pp } + :description => "SSH key passphrase. Optional, specify if passphrase for ssh-key exists" def strip_non_ascii(string) string.gsub(/[^0-9a-z ]/i, '') @@ -439,15 +437,20 @@ class Chef else server_def[:os_type] = 'Linux' server_def[:bootstrap_proto] = 'ssh' - if not locate_config_value(:ssh_user) or not locate_config_value(:ssh_password) + if not locate_config_value(:ssh_user) + ui.error("SSH User is compalsory parameter") + exit 1 + end + if not locate_config_value(:ssh_password) if not locate_config_value(:ssh_key) - ui.error("Specify either (SSH Key) OR (SSH User and SSH Password)") + ui.error("Specify either SSH Key or SSH Password") exit 1 end end + server_def[:ssh_user] = locate_config_value(:ssh_user) server_def[:ssh_password] = locate_config_value(:ssh_password) - server_def[:ssh_key] = locate_config_value(:ssh_key), + server_def[:ssh_key] = locate_config_value(:ssh_key) server_def[:ssh_key_passphrase] = locate_config_value(:ssh_key_passphrase) end server_def diff --git a/spec/unit/azure_server_create_spec.rb b/spec/unit/azure_server_create_spec.rb index 5dff486..7bcd662 100644 --- a/spec/unit/azure_server_create_spec.rb +++ b/spec/unit/azure_server_create_spec.rb @@ -168,6 +168,26 @@ describe "for bootstrap protocol ssh:" do @bootstrap.should_receive(:run) @server_instance.run end + it "check if ssh-key set correctly" do + Chef::Config[:knife][:ssh_password] = '' + Chef::Config[:knife][:ssh_key] = 'ssh_key' + @server_instance.should_receive(:is_image_windows?).and_return(false) + @server_params = @server_instance.create_server_def + @server_params[:os_type].should == 'Linux' + @server_params[:ssh_key].should == 'ssh_key' + @server_params[:ssh_user].should == 'ssh_user' + @server_params[:bootstrap_proto].should == 'ssh' + @server_params[:hosted_service_name].should == 'service001' + end + it "successful bootstrap with ssh key" do + @server_instance.should_receive(:is_image_windows?).exactly(3).times.and_return(false) + @bootstrap = Chef::Knife::Bootstrap.new + Chef::Knife::Bootstrap.stub(:new).and_return(@bootstrap) + @bootstrap.should_receive(:run) + @server_instance.connection.certificates.stub(:generateCertificateData).and_return("cert_data") + @server_instance.connection.certificates.should_receive(:create) + @server_instance.run + end end end From 0a65253ddc2bd774a70398f2ab67d154a739c1cb Mon Sep 17 00:00:00 2001 From: kaustubh-d Date: Wed, 15 May 2013 15:16:25 +0530 Subject: [PATCH 23/41] Fixed: azure_host_name option in Azure as azure-host-name --- lib/chef/knife/azure_base.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/chef/knife/azure_base.rb b/lib/chef/knife/azure_base.rb index 642547e..5d923f8 100755 --- a/lib/chef/knife/azure_base.rb +++ b/lib/chef/knife/azure_base.rb @@ -49,7 +49,7 @@ class Chef option :azure_host_name, :short => "-H HOSTNAME", - :long => "--azure_host_name HOSTNAME", + :long => "--azure-host-name HOSTNAME", :description => "Your Azure host name", :proc => Proc.new { |key| Chef::Config[:knife][:azure_host_name] = key } From 5efe903f5406f90eee3cf1488f98dcfe9e4897c6 Mon Sep 17 00:00:00 2001 From: siddheshwar-more Date: Wed, 15 May 2013 16:08:22 +0530 Subject: [PATCH 24/41] Implemented changes to display IP address field for Windows VM on knife azure server list run --- lib/azure/role.rb | 9 ++++----- lib/chef/knife/azure_server_create.rb | 6 ++---- lib/chef/knife/azure_server_delete.rb | 3 +-- lib/chef/knife/azure_server_list.rb | 2 +- spec/unit/deploys_list_spec.rb | 4 ++-- spec/unit/roles_list_spec.rb | 2 +- 6 files changed, 11 insertions(+), 15 deletions(-) diff --git a/lib/azure/role.rb b/lib/azure/role.rb index 334628d..6fa667e 100755 --- a/lib/azure/role.rb +++ b/lib/azure/role.rb @@ -107,9 +107,9 @@ class Azure end class Role include AzureUtility - attr_accessor :connection, :name, :status, :size, :ipaddress - attr_accessor :sshport, :sshipaddress, :hostedservicename, :deployname - attr_accessor :winrmport, :winrmipaddress + attr_accessor :connection, :name, :status, :size, :ipaddress, :publicipaddress + attr_accessor :sshport, :hostedservicename, :deployname + attr_accessor :winrmport attr_accessor :hostname, :tcpports, :udpports def initialize(connection) @@ -127,13 +127,12 @@ class Azure @udpports = Array.new endpoints = roleXML.css('InstanceEndpoint') + @publicipaddress = xml_content(endpoints[0], 'Vip') if !endpoints.empty? endpoints.each do |endpoint| if xml_content(endpoint, 'Name').downcase == 'ssh' @sshport = xml_content(endpoint, 'PublicPort') - @sshipaddress = xml_content(endpoint, 'Vip') elsif xml_content(endpoint, 'Name').downcase == 'winrm' @winrmport = xml_content(endpoint, 'PublicPort') - @winrmipaddress = xml_content(endpoint, 'Vip') else hash = Hash.new hash['Name'] = xml_content(endpoint, 'Name') diff --git a/lib/chef/knife/azure_server_create.rb b/lib/chef/knife/azure_server_create.rb index aa299da..8f0cc5c 100755 --- a/lib/chef/knife/azure_server_create.rb +++ b/lib/chef/knife/azure_server_create.rb @@ -279,11 +279,11 @@ class Chef end server = connection.deploys.create(create_server_def) + fqdn = server.publicipaddress puts("\n") if is_image_windows? if locate_config_value(:bootstrap_protocol) == 'ssh' - fqdn = server.sshipaddress port = server.sshport print "\n#{ui.color("Waiting for sshd on #{fqdn}:#{port}", :magenta)}" @@ -293,7 +293,6 @@ class Chef } elsif locate_config_value(:bootstrap_protocol) == 'winrm' - fqdn = server.winrmipaddress port = server.winrmport print "\n#{ui.color("Waiting for winrm on #{fqdn}:#{port}", :magenta)}" @@ -307,12 +306,11 @@ class Chef sleep 15 bootstrap_for_windows_node(server,fqdn).run else - unless server && server.sshipaddress && server.sshport + unless server && server.publicipaddress && server.sshport Chef::Log.fatal("server not created") exit 1 end - fqdn = server.sshipaddress port = server.sshport print "\n#{ui.color("Waiting for sshd on #{fqdn}:#{port}", :magenta)}" diff --git a/lib/chef/knife/azure_server_delete.rb b/lib/chef/knife/azure_server_delete.rb index 4654084..ce3df73 100755 --- a/lib/chef/knife/azure_server_delete.rb +++ b/lib/chef/knife/azure_server_delete.rb @@ -87,8 +87,7 @@ class Chef msg_pair('Deployment', server.deployname) msg_pair('Role', server.name) msg_pair('Size', server.size) - msg_pair('SSH Ip Address', server.sshipaddress) - msg_pair('SSH Port', server.sshport) + msg_pair('Public Ip Address', server.publicipaddress) puts "\n" confirm("Do you really want to delete this server") diff --git a/lib/chef/knife/azure_server_list.rb b/lib/chef/knife/azure_server_list.rb index bea1aac..7a8193b 100755 --- a/lib/chef/knife/azure_server_list.rb +++ b/lib/chef/knife/azure_server_list.rb @@ -60,7 +60,7 @@ class Chef server_list << server.deployname.to_s server_list << server.name.to_s server_list << server.hostname.to_s - server_list << server.sshipaddress.to_s + server_list << server.publicipaddress.to_s server_list << server.sshport.to_s server_list << server.winrmport.to_s end diff --git a/spec/unit/deploys_list_spec.rb b/spec/unit/deploys_list_spec.rb index 0f81181..348f466 100755 --- a/spec/unit/deploys_list_spec.rb +++ b/spec/unit/deploys_list_spec.rb @@ -27,7 +27,7 @@ include AzureSpecHelper role.size.should_not be_nil role.ipaddress.should_not be_nil role.sshport.should_not be_nil - role.sshipaddress.should_not be_nil + role.publicipaddress.should_not be_nil end end end @@ -41,7 +41,7 @@ include AzureSpecHelper puts 'size: ' + role.size puts 'ip address: ' + role.ipaddress puts 'ssh port: ' + role.sshport - puts 'ssh ip address: ' + role.sshipaddress + puts 'ssh ip address: ' + role.publicipaddress role.tcpports.each do |port| puts ' tcp: ' + port['Name'] + ' ' + port['Vip'] + ' ' + port['PublicPort'] + ' ' + port['LocalPort'] diff --git a/spec/unit/roles_list_spec.rb b/spec/unit/roles_list_spec.rb index 9bbe057..29228d3 100755 --- a/spec/unit/roles_list_spec.rb +++ b/spec/unit/roles_list_spec.rb @@ -27,6 +27,6 @@ describe "roles" do role.size.should_not be_nil role.ipaddress.should_not be_nil role.sshport.should_not be_nil - role.sshipaddress.should_not be_nil + role.publicipaddress.should_not be_nil end end From 43c081be0c00ffab805371df5997d6fce201c541 Mon Sep 17 00:00:00 2001 From: kaustubh-d Date: Wed, 15 May 2013 16:49:04 +0530 Subject: [PATCH 25/41] add support to delete vm from specific hosted-service (dns). --- lib/azure/role.rb | 14 +++++++++++++- lib/chef/knife/azure_server_delete.rb | 7 ++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/lib/azure/role.rb b/lib/azure/role.rb index 334628d..98543f3 100755 --- a/lib/azure/role.rb +++ b/lib/azure/role.rb @@ -33,7 +33,19 @@ class Azure end @roles end - def find(name) + + def find_in_hosted_service(name, hostedservicename) + find_roles_with_hostedservice(hostedservicename).each do | role | + if (role.name == name) + return role + end + end + end + + def find(name, params= nil) + if params && params[:azure_hosted_service_name] + return find_in_hosted_service(name, params[:azure_hosted_service_name]) + end if @roles == nil all end diff --git a/lib/chef/knife/azure_server_delete.rb b/lib/chef/knife/azure_server_delete.rb index 4654084..0709a74 100755 --- a/lib/chef/knife/azure_server_delete.rb +++ b/lib/chef/knife/azure_server_delete.rb @@ -55,6 +55,11 @@ class Chef :boolean => true, :default => false, :description => "Dont destroy corresponding hosted service. If the option is not set, it deletes the service not used by any VMs." + + option :azure_hosted_service_name, + :long => "--azure-dns-name NAME", + :description => "specifies the DNS name (also known as hosted service name)" + # Extracted from Chef::Knife.delete_object, because it has a # confirmation step built in... By specifying the '--purge' # flag (and also explicitly confirming the server destruction!) @@ -77,7 +82,7 @@ class Chef @name_args.each do |name| begin - server = connection.roles.find(name) + server = connection.roles.find(name, params = { :azure_hosted_service_name => locate_config_value(:azure_hosted_service_name) }) if not server ui.warn("Server #{name} does not exist") return From 2b71f2eff2f33bab44db3f0ac1d172c3bd3d1ea4 Mon Sep 17 00:00:00 2001 From: kaustubh-d Date: Wed, 15 May 2013 17:23:35 +0530 Subject: [PATCH 26/41] method on same object no need to lookup. --- lib/azure/role.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/azure/role.rb b/lib/azure/role.rb index 98543f3..90eb50c 100755 --- a/lib/azure/role.rb +++ b/lib/azure/role.rb @@ -88,7 +88,7 @@ class Azure unless params[:preserve_hosted_service] unless params[:hostedservicename].nil? - roles_using_same_service = connection.roles.find_roles_with_hostedservice(params[:hostedservicename]) + roles_using_same_service = find_roles_with_hostedservice(params[:hostedservicename]) if roles_using_same_service.size <= 1 servicecall = "hostedservices/" + params[:hostedservicename] @connection.query_azure(servicecall, "delete") From 2d2a3d0f9ec60fcafcf0efbb1b337fd918c5bbac Mon Sep 17 00:00:00 2001 From: Prabhu Das Date: Wed, 15 May 2013 17:59:16 +0530 Subject: [PATCH 27/41] Set the azure server list fields with code optimization --- lib/chef/knife/azure_server_list.rb | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/lib/chef/knife/azure_server_list.rb b/lib/chef/knife/azure_server_list.rb index bea1aac..b3353e1 100755 --- a/lib/chef/knife/azure_server_list.rb +++ b/lib/chef/knife/azure_server_list.rb @@ -33,18 +33,13 @@ class Chef validate! - server_list = [ - ui.color('Status', :bold), - ui.color('Service', :bold), - ui.color('Deployment', :bold), - ui.color('Role', :bold), - ui.color('Host', :bold), - ui.color('IP Address', :bold), - ui.color('SSH Port', :bold), - ui.color('WinRM Port', :bold) - ] + server_labels = ['DNS Name', 'VM Name', 'Status', 'IP Address', 'SSH Port', 'WinRM Port' ] + server_list = server_labels.map {|label| ui.color(label, :bold)} items = connection.roles.all + items.each do |server| + server_list << server.hostedservicename.to_s+".cloudapp.net" # Info about the DNS name at http://msdn.microsoft.com/en-us/library/ee460806.aspx + server_list << server.name.to_s server_list << begin state = server.status.to_s.downcase case state @@ -55,17 +50,13 @@ class Chef else ui.color('ready', :green) end - end - server_list << server.hostedservicename.to_s - server_list << server.deployname.to_s - server_list << server.name.to_s - server_list << server.hostname.to_s + end server_list << server.sshipaddress.to_s server_list << server.sshport.to_s server_list << server.winrmport.to_s end puts '' - puts ui.list(server_list, :columns_across, 8) + puts ui.list(server_list, :columns_across, 6) end end end From aee3f0b372861ab92a67fab79c854ab579ae0b36 Mon Sep 17 00:00:00 2001 From: kaustubh-d Date: Thu, 16 May 2013 00:02:46 -0700 Subject: [PATCH 28/41] fix multiple role delete and avoid find in alone_on_host to optimize --- lib/azure/role.rb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/azure/role.rb b/lib/azure/role.rb index 90eb50c..45f046e 100755 --- a/lib/azure/role.rb +++ b/lib/azure/role.rb @@ -40,6 +40,7 @@ class Azure return role end end + return nil end def find(name, params= nil) @@ -56,8 +57,7 @@ class Azure end nil end - def alone_on_host(name) - found_role = find(name) + def alone_on_host(found_role) @roles.each do |role| if (role.name != found_role.name && role.deployname == found_role.deployname && @@ -73,7 +73,7 @@ class Azure def delete(name, params) role = find(name) if role != nil - if alone_on_host(name) + if alone_on_host(role) servicecall = "hostedservices/#{role.hostedservicename}/deployments" + "/#{role.deployname}" else @@ -85,6 +85,8 @@ class Azure roleXML = @connection.query_azure(servicecall, "get") end @connection.query_azure(servicecall, "delete") + # delete role from local cache as well. + @roles.delete(role) unless params[:preserve_hosted_service] unless params[:hostedservicename].nil? From 1e3d9a3136f19865f10bc8eccb1439bb90261c88 Mon Sep 17 00:00:00 2001 From: Chirag Jog Date: Thu, 16 May 2013 15:36:03 +0530 Subject: [PATCH 29/41] Move temporary certificate file creation into spec helper --- Rakefile | 1 - spec/spec_helper.rb | 4 ++++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index ab9cd17..bf93d85 100755 --- a/Rakefile +++ b/Rakefile @@ -24,7 +24,6 @@ require 'rspec/core' require 'rspec/core/rake_task' RSpec::Core::RakeTask.new(:spec) do |spec| spec.pattern = FileList['spec/unit/**/*_spec.rb'] - touch "AzureLinuxCert.pem" end RSpec::Core::RakeTask.new(:functional) do |spec| diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index e7291c7..2eb91af 100755 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -15,6 +15,10 @@ require 'chef/knife/azure_server_create' require 'chef/knife/azure_server_describe' require 'chef/knife/azure_image_list' +require 'fileutils' +#Create an empty mock certificate file +FileUtils.touch('AzureLinuxCert.pem') + def tmpFile filename tmpdir = 'tmp' Dir::mkdir tmpdir unless FileTest::directory?(tmpdir) From b88ce1e9f06e5ecbae5228199ecb3b9c6c5ab24d Mon Sep 17 00:00:00 2001 From: kaustubh-d Date: Thu, 16 May 2013 04:25:53 -0700 Subject: [PATCH 30/41] test case for deleting vm within a hosted service. --- spec/unit/azure_server_delete_spec.rb | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/spec/unit/azure_server_delete_spec.rb b/spec/unit/azure_server_delete_spec.rb index b137a05..878d11c 100644 --- a/spec/unit/azure_server_delete_spec.rb +++ b/spec/unit/azure_server_delete_spec.rb @@ -56,4 +56,19 @@ it "dont cleanup hosted service when --preserve-hosted-service param set" do @server_instance.run end +it "delete vm within a hosted service when --azure-dns-name param set" do + test_hostname = 'vm002' + @server_instance.name_args = [test_hostname] + + Chef::Config[:knife][:azure_hosted_service_name] = 'service001' + Chef::Config[:knife][:preserve_os_disk] = true + + @server_instance.connection.roles.should_receive(:delete).and_call_original + + # test correct params are passed to azure API. + @server_instance.connection.should_receive(:query_azure).with("hostedservices/#{Chef::Config[:knife][:azure_hosted_service_name]}/deployments/deployment001/roles/#{test_hostname}", "delete") + + @server_instance.run +end + end \ No newline at end of file From 1f8bb53dba390e252ba7481c7ee9e2c6f3d5cb7d Mon Sep 17 00:00:00 2001 From: Mukta Date: Thu, 16 May 2013 18:41:14 +0530 Subject: [PATCH 31/41] Renamed ssh-key to identity-file and fixed minor bugs --- gensshkey.sh | 25 ------------------------- lib/azure/certificate.rb | 4 ++-- lib/azure/deploy.rb | 2 +- lib/azure/role.rb | 9 ++++----- lib/chef/knife/azure_server_create.rb | 27 ++++++++++----------------- spec/unit/azure_server_create_spec.rb | 4 ++-- 6 files changed, 19 insertions(+), 52 deletions(-) delete mode 100755 gensshkey.sh diff --git a/gensshkey.sh b/gensshkey.sh deleted file mode 100755 index 36b1149..0000000 --- a/gensshkey.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -REQUIRED_ARGS=1 -E_NOT_ENOUGH_ARGS=65 - -#first argument will be used as the key prefix -#second argument is optional and if given will be used as a pass #phrase for DES3 protection of the private key -case $# in - 1) - openssl req -x509 -days 365 -newkey rsa:2048 -keyout $1sshpvt.pem -out $1pub.pem -nodes - openssl rsa -in $1sshpvt.pem -out $1pvt.pem - ;; - 2) - openssl req -x509 -days 365 -newkey rsa:2048 -keyout $1sshpvt.pem -out $1pub.pem -passout pass:$2 - openssl rsa -in $1sshpvt.pem -passin pass:$2 -out $1pvt.pem -des3 -passout pass:$2 - ;; - - *) - echo "Usage for unprotected private key: gensshkey.sh " - echo "Example: gensshkey.sh \"db\"" - echo "Usage for password protected private key: gensshkey.sh " - echo "Example: gensshkey.sh db pass@word1" - exit $E_NOT_ENOUGH_ARGS - ;; -esac -echo "generated $1sshpvt.pem, $1pub.pem and $1pvt.pem" diff --git a/lib/azure/certificate.rb b/lib/azure/certificate.rb index d463f06..73020a0 100755 --- a/lib/azure/certificate.rb +++ b/lib/azure/certificate.rb @@ -54,8 +54,8 @@ class Azure def create(params) # If ssh-key has been specified, then generate an x 509 certificate from the # given RSA private key - @cert_data = generateCertificateData({:ssh_key => params[:ssh_key], - :ssh_key_passphrase => params[:ssh_key_passphrase]}) + @cert_data = generateCertificateData({:ssh_key => params[:identity_file], + :ssh_key_passphrase => params[:identity_file_passphrase]}) # Generate XML to call the API # Add certificate to the hosted service builder = Nokogiri::XML::Builder.new do |xml| diff --git a/lib/azure/deploy.rb b/lib/azure/deploy.rb index 587881f..a2d0dce 100755 --- a/lib/azure/deploy.rb +++ b/lib/azure/deploy.rb @@ -48,7 +48,7 @@ class Azure unless @connection.storageaccounts.exists(params[:storage_account]) @connection.storageaccounts.create(params) end - if params[:ssh_key] + if params[:identity_file] params[:fingerprint] = @connection.certificates.create(params) end params['deploy_name'] = find(params[:hosted_service_name]) diff --git a/lib/azure/role.rb b/lib/azure/role.rb index a9ebf8f..fa2ec20 100755 --- a/lib/azure/role.rb +++ b/lib/azure/role.rb @@ -163,21 +163,20 @@ class Azure xml.ConfigurationSet('i:type' => 'LinuxProvisioningConfigurationSet') { xml.ConfigurationSetType 'LinuxProvisioningConfiguration' xml.HostName params[:host_name] - xml.UserName params[:ssh_user] - xml.UserPassword params[:ssh_password] - if !params[:ssh_key].nil? + xml.UserName params[:ssh_user] + unless params[:identity_file].nil? xml.DisableSshPasswordAuthentication 'true' xml.SSH { xml.PublicKeys { xml.PublicKey { - #xml.Fingerprint fingerprint xml.Fingerprint params[:fingerprint] xml.Path '/home/' + params[:ssh_user] + '/.ssh/authorized_keys' } } } else - xml.DisableSshPasswordAuthentication 'false' + xml.UserPassword params[:ssh_password] + xml.DisableSshPasswordAuthentication 'false' end } elsif params[:os_type] == 'Windows' diff --git a/lib/chef/knife/azure_server_create.rb b/lib/chef/knife/azure_server_create.rb index fbc750f..968cba7 100755 --- a/lib/chef/knife/azure_server_create.rb +++ b/lib/chef/knife/azure_server_create.rb @@ -62,11 +62,6 @@ class Chef :long => "--ssh-password PASSWORD", :description => "The ssh password" - option :identity_file, - :short => "-i IDENTITY_FILE", - :long => "--identity-file IDENTITY_FILE", - :description => "The SSH identity file used for authentication" - option :prerelease, :long => "--prerelease", :description => "Install the pre-release chef gems" @@ -157,13 +152,13 @@ class Chef :long => "--udp-endpoints PORT_LIST", :description => "Comma separated list of UDP local and public ports to open i.e. '80:80,433:5000'" - option :ssh_key, - :long => "--ssh-key FILENAME", - :description => "SSH key path, optional. It is the RSA private key. Specify either ssh-password or ssh-key" + option :identity_file, + :long => "--identity-file FILENAME", + :description => "SSH key path, optional. It is the RSA private key. Specify either ssh-password or identity-file" - option :ssh_key_passphrase, - :long => "--ssh-key-passphrase PASSWORD", - :description => "SSH key passphrase. Optional, specify if passphrase for ssh-key exists" + option :identity_file_passphrase, + :long => "--identity-file-passphrase PASSWORD", + :description => "SSH key passphrase. Optional, specify if passphrase for identity-file exists" def strip_non_ascii(string) string.gsub(/[^0-9a-z ]/i, '') @@ -442,17 +437,15 @@ class Chef ui.error("SSH User is compalsory parameter") exit 1 end - if not locate_config_value(:ssh_password) - if not locate_config_value(:ssh_key) + unless locate_config_value(:ssh_password) or locate_config_value(:identity_file) ui.error("Specify either SSH Key or SSH Password") exit 1 - end end - + server_def[:ssh_user] = locate_config_value(:ssh_user) server_def[:ssh_password] = locate_config_value(:ssh_password) - server_def[:ssh_key] = locate_config_value(:ssh_key) - server_def[:ssh_key_passphrase] = locate_config_value(:ssh_key_passphrase) + server_def[:identity_file] = locate_config_value(:identity_file) + server_def[:identity_file_passphrase] = locate_config_value(:identity_file_passphrase) end server_def end diff --git a/spec/unit/azure_server_create_spec.rb b/spec/unit/azure_server_create_spec.rb index 4ac574a..cb10588 100644 --- a/spec/unit/azure_server_create_spec.rb +++ b/spec/unit/azure_server_create_spec.rb @@ -170,11 +170,11 @@ describe "for bootstrap protocol ssh:" do end it "check if ssh-key set correctly" do Chef::Config[:knife][:ssh_password] = '' - Chef::Config[:knife][:ssh_key] = 'ssh_key' + Chef::Config[:knife][:identity_file] = 'ssh_key' @server_instance.should_receive(:is_image_windows?).and_return(false) @server_params = @server_instance.create_server_def @server_params[:os_type].should == 'Linux' - @server_params[:ssh_key].should == 'ssh_key' + @server_params[:identity_file].should == 'ssh_key' @server_params[:ssh_user].should == 'ssh_user' @server_params[:bootstrap_proto].should == 'ssh' @server_params[:hosted_service_name].should == 'service001' From d8c632cdd96648838eb98e78ae22d80b06cb04c5 Mon Sep 17 00:00:00 2001 From: Mukta Date: Thu, 16 May 2013 18:47:43 +0530 Subject: [PATCH 32/41] Updated the tests for ssh key support in linux --- spec/unit/azure_server_create_spec.rb | 43 +++++++++++++++------------ 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/spec/unit/azure_server_create_spec.rb b/spec/unit/azure_server_create_spec.rb index cb10588..becc156 100644 --- a/spec/unit/azure_server_create_spec.rb +++ b/spec/unit/azure_server_create_spec.rb @@ -168,25 +168,30 @@ describe "for bootstrap protocol ssh:" do @bootstrap.should_receive(:run) @server_instance.run end - it "check if ssh-key set correctly" do - Chef::Config[:knife][:ssh_password] = '' - Chef::Config[:knife][:identity_file] = 'ssh_key' - @server_instance.should_receive(:is_image_windows?).and_return(false) - @server_params = @server_instance.create_server_def - @server_params[:os_type].should == 'Linux' - @server_params[:identity_file].should == 'ssh_key' - @server_params[:ssh_user].should == 'ssh_user' - @server_params[:bootstrap_proto].should == 'ssh' - @server_params[:hosted_service_name].should == 'service001' - end - it "successful bootstrap with ssh key" do - @server_instance.should_receive(:is_image_windows?).exactly(3).times.and_return(false) - @bootstrap = Chef::Knife::Bootstrap.new - Chef::Knife::Bootstrap.stub(:new).and_return(@bootstrap) - @bootstrap.should_receive(:run) - @server_instance.connection.certificates.stub(:generateCertificateData).and_return("cert_data") - @server_instance.connection.certificates.should_receive(:create) - @server_instance.run + + context "ssh key" do + before do + Chef::Config[:knife][:ssh_password] = '' + Chef::Config[:knife][:identity_file] = 'ssh_key' + end + it "check if ssh-key set correctly" do + @server_instance.should_receive(:is_image_windows?).and_return(false) + @server_params = @server_instance.create_server_def + @server_params[:os_type].should == 'Linux' + @server_params[:identity_file].should == 'ssh_key' + @server_params[:ssh_user].should == 'ssh_user' + @server_params[:bootstrap_proto].should == 'ssh' + @server_params[:hosted_service_name].should == 'service001' + end + it "successful bootstrap with ssh key" do + @server_instance.should_receive(:is_image_windows?).exactly(3).times.and_return(false) + @bootstrap = Chef::Knife::Bootstrap.new + Chef::Knife::Bootstrap.stub(:new).and_return(@bootstrap) + @bootstrap.should_receive(:run) + @server_instance.connection.certificates.stub(:generateCertificateData).and_return("cert_data") + @server_instance.connection.certificates.should_receive(:create) + @server_instance.run + end end context "bootstrap" From b4ce5acad9f9d9433a62dfac517d93af587f0c7a Mon Sep 17 00:00:00 2001 From: kaustubh-d Date: Thu, 16 May 2013 20:00:30 +0530 Subject: [PATCH 33/41] require winrm and em-winrm for windows as well. --- lib/chef/knife/azure_server_create.rb | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/lib/chef/knife/azure_server_create.rb b/lib/chef/knife/azure_server_create.rb index aa299da..546eb53 100755 --- a/lib/chef/knife/azure_server_create.rb +++ b/lib/chef/knife/azure_server_create.rb @@ -241,9 +241,6 @@ class Chef end puts ui.list(details, :columns_across, 4) end - def is_platform_windows? - return RUBY_PLATFORM.scan('w32').size > 0 - end def run $stdout.sync = true @@ -268,15 +265,6 @@ class Chef config[:storage_account] = storage.name.to_s end end - if is_image_windows? - if is_platform_windows? - #require 'em-winrs' - else - require 'gssapi' - require 'winrm' - require 'em-winrm' - end - end server = connection.deploys.create(create_server_def) @@ -340,13 +328,13 @@ class Chef def bootstrap_for_windows_node(server, fqdn) if locate_config_value(:bootstrap_protocol) == 'winrm' - if is_platform_windows? - #require 'em-winrs' - else + + require 'winrm' + require 'em-winrm' + if not Chef::Platform.windows? require 'gssapi' - require 'winrm' - require 'em-winrm' end + bootstrap = Chef::Knife::BootstrapWindowsWinrm.new bootstrap.config[:winrm_user] = locate_config_value(:winrm_user) || 'Administrator' From 480c0237f26e2b57c3aa4f8b008581301e053fd4 Mon Sep 17 00:00:00 2001 From: kaustubh-d Date: Thu, 16 May 2013 21:28:11 +0530 Subject: [PATCH 34/41] test case for multiple vm deletion using hosted service name. --- spec/unit/azure_server_delete_spec.rb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/spec/unit/azure_server_delete_spec.rb b/spec/unit/azure_server_delete_spec.rb index 878d11c..ead90d9 100644 --- a/spec/unit/azure_server_delete_spec.rb +++ b/spec/unit/azure_server_delete_spec.rb @@ -71,4 +71,20 @@ it "delete vm within a hosted service when --azure-dns-name param set" do @server_instance.run end +it "delete multiple vm's within a hosted service when --azure-dns-name param set" do + test_hostnames = ['vm002', 'role002', 'role001'] + @server_instance.name_args = test_hostnames + + Chef::Config[:knife][:azure_hosted_service_name] = 'service001' + Chef::Config[:knife][:preserve_os_disk] = true + + @server_instance.connection.roles.should_receive(:delete).exactly(3).times.and_call_original + + # test correct calls are made to azure API. + @server_instance.connection.should_receive(:query_azure).with("hostedservices/#{Chef::Config[:knife][:azure_hosted_service_name]}/deployments/deployment001/roles/#{test_hostnames[0]}", "delete") + @server_instance.connection.should_receive(:query_azure).with("hostedservices/#{Chef::Config[:knife][:azure_hosted_service_name]}/deployments/deployment001/roles/#{test_hostnames[1]}", "delete") + @server_instance.connection.should_receive(:query_azure).with("hostedservices/#{Chef::Config[:knife][:azure_hosted_service_name]}/deployments/deployment001", "delete") + + @server_instance.run +end end \ No newline at end of file From c335168644231096d76ab3c5bb68eb22cce9ea61 Mon Sep 17 00:00:00 2001 From: Mukta Date: Fri, 17 May 2013 09:36:56 +0530 Subject: [PATCH 35/41] Corrected the spelling for compulsory --- lib/chef/knife/azure_server_create.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/chef/knife/azure_server_create.rb b/lib/chef/knife/azure_server_create.rb index 968cba7..16a5255 100755 --- a/lib/chef/knife/azure_server_create.rb +++ b/lib/chef/knife/azure_server_create.rb @@ -434,7 +434,7 @@ class Chef server_def[:os_type] = 'Linux' server_def[:bootstrap_proto] = 'ssh' if not locate_config_value(:ssh_user) - ui.error("SSH User is compalsory parameter") + ui.error("SSH User is compulsory parameter") exit 1 end unless locate_config_value(:ssh_password) or locate_config_value(:identity_file) From 744831b43edb487e874e8b2127b1ad27bf25c0e3 Mon Sep 17 00:00:00 2001 From: kaustubh-d Date: Fri, 17 May 2013 16:18:04 +0530 Subject: [PATCH 36/41] load winrm only when bootstrap protocol is winrm. --- lib/chef/knife/azure_server_create.rb | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/chef/knife/azure_server_create.rb b/lib/chef/knife/azure_server_create.rb index 546eb53..6e58c14 100755 --- a/lib/chef/knife/azure_server_create.rb +++ b/lib/chef/knife/azure_server_create.rb @@ -31,13 +31,18 @@ class Chef require 'readline' require 'chef/json_compat' require 'chef/knife/bootstrap' - require 'chef/knife/bootstrap_windows_winrm' require 'chef/knife/bootstrap_windows_ssh' require 'chef/knife/core/windows_bootstrap_context' - require 'chef/knife/winrm' Chef::Knife::Bootstrap.load_deps end + def load_winrm_deps + require 'winrm' + require 'em-winrm' + require 'chef/knife/winrm' + require 'chef/knife/bootstrap_windows_winrm' + end + banner "knife azure server create (options)" attr_accessor :initial_sleep_delay @@ -329,8 +334,7 @@ class Chef def bootstrap_for_windows_node(server, fqdn) if locate_config_value(:bootstrap_protocol) == 'winrm' - require 'winrm' - require 'em-winrm' + load_winrm_deps if not Chef::Platform.windows? require 'gssapi' end From 8e6110544a330a90ff78554dc205a1e31b41d514 Mon Sep 17 00:00:00 2001 From: Mukta Aphale Date: Wed, 22 May 2013 17:55:33 +0530 Subject: [PATCH 37/41] Removed TODO comments and unused stubs --- lib/azure/certificate.rb | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/lib/azure/certificate.rb b/lib/azure/certificate.rb index 73020a0..c21f95f 100755 --- a/lib/azure/certificate.rb +++ b/lib/azure/certificate.rb @@ -21,36 +21,20 @@ class Azure def initialize(connection) @connection=connection end - def all - #TODO - nil - end - def exists(name) - #TODO - nil - end def create(params) certificate = Certificate.new(@connection) certificate.create(params) end - def delete(name) - #TODO - end end end class Azure class Certificate - #include AzureUtility attr_accessor :connection, :certificate_name, :hosted_service_name attr_accessor :cert_data, :fingerprint def initialize(connection) @connection = connection end - def parse(serviceXML) - #TODO - self - end def create(params) # If ssh-key has been specified, then generate an x 509 certificate from the # given RSA private key @@ -70,9 +54,6 @@ class Azure # Return the fingerprint to be used while adding role @fingerprint end - def details - #TODO - end def generateCertificateData (params) # Generate OpenSSL RSA key from the mentioned ssh key path (and passphrase) From 71290f7dcb4d6c517298080399da63708a6669e9 Mon Sep 17 00:00:00 2001 From: Mukta Aphale Date: Wed, 22 May 2013 18:03:33 +0530 Subject: [PATCH 38/41] Updated comments and changed a function name --- lib/azure/certificate.rb | 15 ++++++++------- spec/unit/azure_server_create_spec.rb | 2 +- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/lib/azure/certificate.rb b/lib/azure/certificate.rb index c21f95f..1ca0abf 100755 --- a/lib/azure/certificate.rb +++ b/lib/azure/certificate.rb @@ -30,15 +30,16 @@ end class Azure class Certificate - attr_accessor :connection, :certificate_name, :hosted_service_name - attr_accessor :cert_data, :fingerprint + attr_accessor :connection + attr_accessor :cert_data, :fingerprint, :certificate_version def initialize(connection) @connection = connection + @certificate_version = 2 # cf. RFC 5280 - to make it a "v3" certificate end def create(params) - # If ssh-key has been specified, then generate an x 509 certificate from the - # given RSA private key - @cert_data = generateCertificateData({:ssh_key => params[:identity_file], + # If RSA private key has been specified, then generate an x 509 certificate from the + # public part of the key + @cert_data = generate_public_key_certificate_data({:ssh_key => params[:identity_file], :ssh_key_passphrase => params[:identity_file_passphrase]}) # Generate XML to call the API # Add certificate to the hosted service @@ -55,12 +56,12 @@ class Azure @fingerprint end - def generateCertificateData (params) + def generate_public_key_certificate_data (params) # Generate OpenSSL RSA key from the mentioned ssh key path (and passphrase) key = OpenSSL::PKey::RSA.new(File.read(params[:ssh_key]), params[:ssh_key_passphrase]) # Generate X 509 certificate ca = OpenSSL::X509::Certificate.new - ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate + ca.version = @certificate_version ca.serial = Random.rand(100) # 2 digit random number for better security aspect ca.subject = OpenSSL::X509::Name.parse "/DC=org/DC=knife-plugin/CN=Opscode CA" ca.issuer = ca.subject # root CA's are "self-signed" diff --git a/spec/unit/azure_server_create_spec.rb b/spec/unit/azure_server_create_spec.rb index becc156..f49b2bd 100644 --- a/spec/unit/azure_server_create_spec.rb +++ b/spec/unit/azure_server_create_spec.rb @@ -188,7 +188,7 @@ describe "for bootstrap protocol ssh:" do @bootstrap = Chef::Knife::Bootstrap.new Chef::Knife::Bootstrap.stub(:new).and_return(@bootstrap) @bootstrap.should_receive(:run) - @server_instance.connection.certificates.stub(:generateCertificateData).and_return("cert_data") + @server_instance.connection.certificates.stub(:generate_public_key_certificate_data).and_return("cert_data") @server_instance.connection.certificates.should_receive(:create) @server_instance.run end From 6a9f8b992002d829d0fcddebccd077c116b8d165 Mon Sep 17 00:00:00 2001 From: Mukta Aphale Date: Wed, 22 May 2013 18:13:26 +0530 Subject: [PATCH 39/41] Change the range of the random number --- lib/azure/certificate.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/azure/certificate.rb b/lib/azure/certificate.rb index 1ca0abf..6235cd8 100755 --- a/lib/azure/certificate.rb +++ b/lib/azure/certificate.rb @@ -62,7 +62,7 @@ class Azure # Generate X 509 certificate ca = OpenSSL::X509::Certificate.new ca.version = @certificate_version - ca.serial = Random.rand(100) # 2 digit random number for better security aspect + ca.serial = Random.rand(65534) + 1 # 2 digit byte range random number for better security aspect ca.subject = OpenSSL::X509::Name.parse "/DC=org/DC=knife-plugin/CN=Opscode CA" ca.issuer = ca.subject # root CA's are "self-signed" ca.public_key = key.public_key # Assign the ssh-key's public part to the certificate From cc1352b91227f57966e25d77b948d5e458f35686 Mon Sep 17 00:00:00 2001 From: Prabhu Das Date: Thu, 23 May 2013 13:19:23 +0530 Subject: [PATCH 40/41] Fixed the widening issue. Now it will show any column as wide as its own largest value. --- lib/chef/knife/azure_server_list.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/chef/knife/azure_server_list.rb b/lib/chef/knife/azure_server_list.rb index b3353e1..d224161 100755 --- a/lib/chef/knife/azure_server_list.rb +++ b/lib/chef/knife/azure_server_list.rb @@ -56,7 +56,7 @@ class Chef server_list << server.winrmport.to_s end puts '' - puts ui.list(server_list, :columns_across, 6) + puts ui.list(server_list, :uneven_columns_across, 6) end end end From c8d746dceca8694d1e4d24684c6e156e76b0fff3 Mon Sep 17 00:00:00 2001 From: Chirag Jog Date: Fri, 24 May 2013 15:52:14 +0530 Subject: [PATCH 41/41] Fix failing spec tests --- spec/unit/azure_server_create_spec.rb | 56 +++++++++++++-------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/spec/unit/azure_server_create_spec.rb b/spec/unit/azure_server_create_spec.rb index f49b2bd..322137f 100644 --- a/spec/unit/azure_server_create_spec.rb +++ b/spec/unit/azure_server_create_spec.rb @@ -13,7 +13,7 @@ describe Chef::Knife::AzureServerCreate do include AzureSpecHelper include QueryAzureMock -before do +before do @server_instance = Chef::Knife::AzureServerCreate.new { @@ -42,38 +42,38 @@ end describe "compulsory parameter test:" do - it "azure_subscription_id" do - Chef::Config[:knife].delete(:azure_subscription_id) - @server_instance.ui.should_receive(:error) - expect {@server_instance.run}.to raise_error - end - it "azure_mgmt_cert" do - Chef::Config[:knife].delete(:azure_mgmt_cert) + it "azure_subscription_id" do + Chef::Config[:knife].delete(:azure_subscription_id) @server_instance.ui.should_receive(:error) expect {@server_instance.run}.to raise_error end - it "azure_host_name" do - Chef::Config[:knife].delete(:azure_host_name) + it "azure_mgmt_cert" do + Chef::Config[:knife].delete(:azure_mgmt_cert) @server_instance.ui.should_receive(:error) expect {@server_instance.run}.to raise_error end - it "role_name" do - Chef::Config[:knife].delete(:role_name) + it "azure_host_name" do + Chef::Config[:knife].delete(:azure_host_name) @server_instance.ui.should_receive(:error) expect {@server_instance.run}.to raise_error end - it "service_location" do - Chef::Config[:knife].delete(:service_location) + it "role_name" do + Chef::Config[:knife].delete(:role_name) @server_instance.ui.should_receive(:error) expect {@server_instance.run}.to raise_error end - it "source_image" do - Chef::Config[:knife].delete(:source_image) + it "service_location" do + Chef::Config[:knife].delete(:service_location) @server_instance.ui.should_receive(:error) expect {@server_instance.run}.to raise_error end - it "role_size" do - Chef::Config[:knife].delete(:role_size) + it "source_image" do + Chef::Config[:knife].delete(:source_image) + @server_instance.ui.should_receive(:error) + expect {@server_instance.run}.to raise_error + end + it "role_size" do + Chef::Config[:knife].delete(:role_size) @server_instance.ui.should_receive(:error) expect {@server_instance.run}.to raise_error end @@ -124,8 +124,8 @@ describe "for bootstrap protocol winrm:" do @server_instance.config[:storage_account].should match(/storage-service-name/) end - it "successful bootstrap of windows instance" do - @server_instance.should_receive(:is_image_windows?).exactly(3).times.and_return(true) + it "successful bootstrap of windows instance" do + @server_instance.should_receive(:is_image_windows?).exactly(2).times.and_return(true) @server_instance.run end end @@ -138,10 +138,10 @@ describe "for bootstrap protocol ssh:" do context "windows instance:" do it "successful bootstrap" do - @server_instance.should_receive(:is_image_windows?).exactly(3).times.and_return(true) + @server_instance.should_receive(:is_image_windows?).exactly(2).times.and_return(true) @bootstrap = Chef::Knife::BootstrapWindowsSsh.new Chef::Knife::BootstrapWindowsSsh.stub(:new).and_return(@bootstrap) - @bootstrap.should_receive(:run) + @bootstrap.should_receive(:run) @server_instance.run end end @@ -152,7 +152,7 @@ describe "for bootstrap protocol ssh:" do Chef::Config[:knife][:ssh_user] = 'ssh_user' end it "check if all params are set correctly" do - @server_instance.should_receive(:is_image_windows?).and_return(false) + @server_instance.should_receive(:is_image_windows?).and_return(false) @server_params = @server_instance.create_server_def @server_params[:os_type].should == 'Linux' @server_params[:ssh_password].should == 'ssh_password' @@ -162,7 +162,7 @@ describe "for bootstrap protocol ssh:" do end it "successful bootstrap" do - @server_instance.should_receive(:is_image_windows?).exactly(3).times.and_return(false) + @server_instance.should_receive(:is_image_windows?).exactly(2).times.and_return(false) @bootstrap = Chef::Knife::Bootstrap.new Chef::Knife::Bootstrap.stub(:new).and_return(@bootstrap) @bootstrap.should_receive(:run) @@ -174,8 +174,8 @@ describe "for bootstrap protocol ssh:" do Chef::Config[:knife][:ssh_password] = '' Chef::Config[:knife][:identity_file] = 'ssh_key' end - it "check if ssh-key set correctly" do - @server_instance.should_receive(:is_image_windows?).and_return(false) + it "check if ssh-key set correctly" do + @server_instance.should_receive(:is_image_windows?).and_return(false) @server_params = @server_instance.create_server_def @server_params[:os_type].should == 'Linux' @server_params[:identity_file].should == 'ssh_key' @@ -184,7 +184,7 @@ describe "for bootstrap protocol ssh:" do @server_params[:hosted_service_name].should == 'service001' end it "successful bootstrap with ssh key" do - @server_instance.should_receive(:is_image_windows?).exactly(3).times.and_return(false) + @server_instance.should_receive(:is_image_windows?).exactly(2).times.and_return(false) @bootstrap = Chef::Knife::Bootstrap.new Chef::Knife::Bootstrap.stub(:new).and_return(@bootstrap) @bootstrap.should_receive(:run) @@ -218,4 +218,4 @@ describe "for bootstrap protocol ssh:" do end -end \ No newline at end of file +end