[node-patches] Change in ovirt-node[master]: Allow users to choose the SSH port
rbarry at redhat.com
rbarry at redhat.com
Wed Apr 9 16:32:25 UTC 2014
Ryan Barry has uploaded a new change for review.
Change subject: Allow users to choose the SSH port
......................................................................
Allow users to choose the SSH port
Expose fields to set the SSH port to something other than 22
to support engine.
Change-Id: Ifb63ca2e2c59bd435c102c635a97ba3c9d4280af
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1085901
Signed-off-by: Ryan Barry <rbarry at redhat.com>
---
M src/ovirt/node/config/defaults.py
M src/ovirt/node/setup/core/security_page.py
M src/ovirt/node/utils/security.py
3 files changed, 47 insertions(+), 6 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/31/26631/1
diff --git a/src/ovirt/node/config/defaults.py b/src/ovirt/node/config/defaults.py
index 1fc06c2..525abdb 100644
--- a/src/ovirt/node/config/defaults.py
+++ b/src/ovirt/node/config/defaults.py
@@ -1399,20 +1399,25 @@
>>> pwauth = True
>>> num_bytes = "24"
>>> disable_aesni = True
- >>> n.update(pwauth, num_bytes, disable_aesni)
+ >>> port = '2222'
+ >>> n.update(pwauth, port, num_bytes, disable_aesni)
>>> sorted(n.retrieve().items())
- [('disable_aesni', True), ('num_bytes', '24'), ('pwauth', True)]
+ [('disable_aesni', True), ('num_bytes', '24'),\
+ ('port', '2222'), ('pwauth', True)]
"""
keys = ("OVIRT_SSH_PWAUTH",
+ "OVIRT_SSH_PORT",
"OVIRT_USE_STRONG_RNG",
"OVIRT_DISABLE_AES_NI")
@NodeConfigFileSection.map_and_update_defaults_decorator
- def update(self, pwauth, num_bytes, disable_aesni):
+ def update(self, pwauth, port, num_bytes, disable_aesni):
valid.Boolean()(pwauth)
+ (valid.Number() | valid.Empty(or_none=True))(port)
(valid.Number() | valid.Empty(or_none=True))(num_bytes)
(valid.Boolean() | valid.Empty(or_none=True))(disable_aesni)
return {"OVIRT_SSH_PWAUTH": "yes" if pwauth else None,
+ "OVIRT_SSH_PORT": port if port else "22",
"OVIRT_DISABLE_AES_NI": "true" if disable_aesni else None
}
@@ -1426,8 +1431,10 @@
def transaction(self):
cfg = dict(self.retrieve())
- pwauth, num_bytes, disable_aesni = (cfg["pwauth"], cfg["num_bytes"],
- cfg["disable_aesni"])
+ pwauth, port, num_bytes, disable_aesni = (cfg["pwauth"],
+ cfg["port"],
+ cfg["num_bytes"],
+ cfg["disable_aesni"])
ssh = utils.security.Ssh()
@@ -1436,6 +1443,12 @@
def commit(self):
ssh.password_authentication(pwauth)
+
+ class ConfigureSSHPort(utils.Transaction.Element):
+ title = "Configuring SSH port"
+
+ def commit(self):
+ ssh.port(port)
class ConfigureStrongRNG(utils.Transaction.Element):
title = "Configuring SSH strong RNG"
@@ -1451,6 +1464,7 @@
tx = utils.Transaction("Configuring SSH")
tx.append(ConfigurePasswordAuthentication())
+ tx.append(ConfigureSSHPort())
tx.append(ConfigureStrongRNG())
tx.append(ConfigureAESNI())
return tx
diff --git a/src/ovirt/node/setup/core/security_page.py b/src/ovirt/node/setup/core/security_page.py
index e1d7f1c..26c5bab 100644
--- a/src/ovirt/node/setup/core/security_page.py
+++ b/src/ovirt/node/setup/core/security_page.py
@@ -59,6 +59,7 @@
ws = [ui.Header("header[0]", _("Remote Access")),
ui.Checkbox("ssh.pwauth",
_("Enable SSH password authentication")),
+ ui.Entry("ssh.port", _("SSH Daemon Port:")),
ui.Header("header[1]", _("Strong Random Number Generator")),
ui.Checkbox("strongrng.disable_aesni", _("Disable AES-NI")),
ui.Entry("strongrng.num_bytes", _("Bytes Used:")),
@@ -94,7 +95,7 @@
self.logger.debug("Changes: %s" % changes)
self.logger.debug("Effective Model: %s" % effective_model)
- ssh_keys = ["ssh.pwauth", "strongrng.num_bytes",
+ ssh_keys = ["ssh.pwauth", "ssh.port", "strongrng.num_bytes",
"strongrng.disable_aesni"]
txs = utils.Transaction(_("Updating security configuration"))
diff --git a/src/ovirt/node/utils/security.py b/src/ovirt/node/utils/security.py
index 5fea49c..87d0cad 100755
--- a/src/ovirt/node/utils/security.py
+++ b/src/ovirt/node/utils/security.py
@@ -182,6 +182,32 @@
"(%s)" % state)
return state == "yes"
+ def port(self, port=None):
+ augpath = "/files/etc/ssh/sshd_config/Port"
+ aug = utils.AugeasWrapper()
+
+ if port is not None and not isinstance(port, int):
+ try:
+ int(port)
+ except ValueError:
+ raise RuntimeError("Port must be an integer")
+ if port is not None:
+ if int(port) in range(1, 65535):
+ import ovirtnode.ovirtfunctions as ofunc
+ self.logger.debug("Setting SSH port to %s" % port)
+
+ aug.set(augpath, port)
+ ofunc.ovirt_store_config("/etc/ssh/sshd_config")
+ #self.restart()
+
+ else:
+ raise RuntimeError("Port must be in the range [1-65535]")
+
+ state = str(aug.get(augpath)).lower()
+ if state != "none" and int(state) not in range(1, 65535):
+ raise RuntimeError("Failed to set SSH port: value is %s" % state)
+ return state
+
def get_hostkey(self, variant="rsa"):
fn_hostkey = "/etc/ssh/ssh_host_%s_key.pub" % variant
if not os.path.exists(fn_hostkey):
--
To view, visit http://gerrit.ovirt.org/26631
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifb63ca2e2c59bd435c102c635a97ba3c9d4280af
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Ryan Barry <rbarry at redhat.com>
More information about the node-patches
mailing list