From 080e04538cbaff52dc46c0b3208b9f60f3479ba7 Mon Sep 17 00:00:00 2001 From: ebo Date: Sun, 1 Mar 2020 23:41:37 +0000 Subject: Fixed the SSH configuration of user 'netconf' The actual SSH configuration is stored in Sysrepo and not as ordinary ~netconf/.ssh files. Issue-ID: INT-1124 Change-Id: I7e16e09a20ac6f2d52c8958550603935b6790283 Signed-off-by: ebo --- .../docs/examples/mynetconf/docker-compose.yml | 2 +- test/mocks/netconf-pnp-simulator/engine/Dockerfile | 8 ------- .../netconf-pnp-simulator/engine/config/ssh/id_rsa | 27 ++++++++++++++++++++++ .../engine/config/ssh/id_rsa.pub | 1 + .../engine/config/ssh/load_auth_pubkey.xml | 12 ++++++++++ .../engine/container-tag.yaml | 2 +- .../netconf-pnp-simulator/engine/entrypoint.sh | 7 ++++++ .../modules/docker-compose.yml | 2 +- 8 files changed, 50 insertions(+), 11 deletions(-) create mode 100644 test/mocks/netconf-pnp-simulator/engine/config/ssh/id_rsa create mode 100644 test/mocks/netconf-pnp-simulator/engine/config/ssh/id_rsa.pub create mode 100644 test/mocks/netconf-pnp-simulator/engine/config/ssh/load_auth_pubkey.xml (limited to 'test/mocks/netconf-pnp-simulator') diff --git a/test/mocks/netconf-pnp-simulator/docs/examples/mynetconf/docker-compose.yml b/test/mocks/netconf-pnp-simulator/docs/examples/mynetconf/docker-compose.yml index ee70c4fd9..5d8ba5acc 100644 --- a/test/mocks/netconf-pnp-simulator/docs/examples/mynetconf/docker-compose.yml +++ b/test/mocks/netconf-pnp-simulator/docs/examples/mynetconf/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: netopeer2: - image: nexus3.onap.org:10001/onap/integration/simulators/netconf-pnp-simulator:2.6.0 + image: nexus3.onap.org:10001/onap/integration/simulators/netconf-pnp-simulator:2.6.1 container_name: mynetconf restart: always ports: diff --git a/test/mocks/netconf-pnp-simulator/engine/Dockerfile b/test/mocks/netconf-pnp-simulator/engine/Dockerfile index 5432b646a..426606953 100644 --- a/test/mocks/netconf-pnp-simulator/engine/Dockerfile +++ b/test/mocks/netconf-pnp-simulator/engine/Dockerfile @@ -142,7 +142,6 @@ RUN set -eux \ && apk add \ libcurl \ libev \ - openssh-keygen \ pcre \ protobuf-c \ # v0.9.3 has somes bugs as warned in libnetconf2/CMakeLists.txt:237 @@ -162,13 +161,6 @@ RUN adduser --system --disabled-password --gecos 'Netconf User' netconf ENV HOME=/home/netconf VOLUME $HOME/.local/share/virtualenvs -# generate ssh keys for netconf user -RUN set -eux \ - && mkdir -p $HOME/.cache \ - && mkdir -p $HOME/.ssh \ - && ssh-keygen -t dsa -P '' -f $HOME/.ssh/id_dsa \ - && cat $HOME/.ssh/id_dsa.pub > $HOME/.ssh/authorized_keys - EXPOSE 830 COPY supervisord.conf /etc/supervisord.conf diff --git a/test/mocks/netconf-pnp-simulator/engine/config/ssh/id_rsa b/test/mocks/netconf-pnp-simulator/engine/config/ssh/id_rsa new file mode 100644 index 000000000..bef767251 --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/config/ssh/id_rsa @@ -0,0 +1,27 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAQEA+KQmP43rUq7Dd06EMEiKKRMAxBabO5d9u2646qfGtL15hrjc7b5z +Q7kMhg+ZSiw3ivnRks/mh3Qpw/9dKyFUlcZ8P0wshlhh7GB6V6itGXYieh11/BahspUyWV +k4ki0g61MJPDKvLiJN0ncuRPchoCnJgORiJwULqjIWW87dSoS4cqeu/nSCfg92/yc0sj0R +7fVzAaRk2DBLoYwTNmh+QvaZba5katjSBf3Ek9XonYU1dsDEqhpvY8AxuwsMQHmL2p9XGs +2SKyH2O2v6w97G8Uj5cx/dp1IcPJtKp3iow1jvpMwiVZVkP6vXOoYOvTdrQXLWHpd1kxcN +brG2xv2QhQAAA8A9tQcJPbUHCQAAAAdzc2gtcnNhAAABAQD4pCY/jetSrsN3ToQwSIopEw +DEFps7l327brjqp8a0vXmGuNztvnNDuQyGD5lKLDeK+dGSz+aHdCnD/10rIVSVxnw/TCyG +WGHsYHpXqK0ZdiJ6HXX8FqGylTJZWTiSLSDrUwk8Mq8uIk3Sdy5E9yGgKcmA5GInBQuqMh +Zbzt1KhLhyp67+dIJ+D3b/JzSyPRHt9XMBpGTYMEuhjBM2aH5C9pltrmRq2NIF/cST1eid +hTV2wMSqGm9jwDG7CwxAeYvan1cazZIrIfY7a/rD3sbxSPlzH92nUhw8m0qneKjDWO+kzC +JVlWQ/q9c6hg69N2tBctYel3WTFw1usbbG/ZCFAAAAAwEAAQAAAQEA5a3kcxLrDV7Iyx3p +eByaG6UlMP3c+ahQCeMWyBShtnXMm8mKs8cY/LckvXYNWPoNeMCaem63+eoxZo8vBldspk +pKncIE4zkjg9H/UZhMBlgdMwah5XMWfTva3bRQUJ+FaDw1LLl5Hzmq/77+K9DJ7ASN0hWm +IXtEsjxAcSBfRKQRDJbDJcniUOgmeeU6CwAv9IyLkGVJ77U8rTV6dq1LoqqTgFxPre/Uej +AXUBPycwqH3eY+1sbF6+B5JrE3iwGBR1HFSJTqvPlGLYyQuwI/9IB6Lb6sNpYSLWMPsE6F +4UasjHixgm+dggQcUF5FyA2d+FQ4fPTvkXNjhcelEOAWRQAAAIEA3hgaO/1j4A2fB02mho +Nfc6XfGA24Z1MlFDGy2R+X9T73QGpLI24ruQ87V7tbNJapo1eMbiVZBzSN01oL2JILzQxJ +ZFvjCKeNyTCEtpOqvB4kaU77H5T10qT81WkzlUwI/K5k5/rtur8VBioZo/2HsUrRNX/QBO +/tKE4/xg6jl/AAAACBAP0R3HxL3xWBRi81+nF/g/WUcos0AwElOYXU1Ua1coBKXYr5Zh85 +pMrcjbInAtKD2QVPSzpvU8krpWSKCr8o4yTO/QtwTk6eIATRGjgJSPwxsFuvG4T6/gDOI7 +6ib6syomWm91rK4NTRcpSkgJzh4/OwiMRvWXbrcdvW6tk0ekHbAAAAgQD7hSlDCxgTFixb +U40Zu5zn19/2GK+Vbr3wBWlaGsngjnpwq3ek3XGSBwJ7z7/J5B3RPEJxE8sdtd5APp7FF7 +fozImitj1D+WFP0Sy0HLLy6djn/rdFOoVZ4x00g5k9B7fqAd5YRaRaG8Uwnt18wcQnHZ1G +7EBzCxu08G0XYEv1HwAAAAduZXRjb25mAQI= +-----END OPENSSH PRIVATE KEY----- diff --git a/test/mocks/netconf-pnp-simulator/engine/config/ssh/id_rsa.pub b/test/mocks/netconf-pnp-simulator/engine/config/ssh/id_rsa.pub new file mode 100644 index 000000000..8c5994e17 --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/config/ssh/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD4pCY/jetSrsN3ToQwSIopEwDEFps7l327brjqp8a0vXmGuNztvnNDuQyGD5lKLDeK+dGSz+aHdCnD/10rIVSVxnw/TCyGWGHsYHpXqK0ZdiJ6HXX8FqGylTJZWTiSLSDrUwk8Mq8uIk3Sdy5E9yGgKcmA5GInBQuqMhZbzt1KhLhyp67+dIJ+D3b/JzSyPRHt9XMBpGTYMEuhjBM2aH5C9pltrmRq2NIF/cST1eidhTV2wMSqGm9jwDG7CwxAeYvan1cazZIrIfY7a/rD3sbxSPlzH92nUhw8m0qneKjDWO+kzCJVlWQ/q9c6hg69N2tBctYel3WTFw1usbbG/ZCF netconf diff --git a/test/mocks/netconf-pnp-simulator/engine/config/ssh/load_auth_pubkey.xml b/test/mocks/netconf-pnp-simulator/engine/config/ssh/load_auth_pubkey.xml new file mode 100644 index 000000000..4f35c2fd2 --- /dev/null +++ b/test/mocks/netconf-pnp-simulator/engine/config/ssh/load_auth_pubkey.xml @@ -0,0 +1,12 @@ + + + + netconf + + id_rsa + ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQD4pCY/jetSrsN3ToQwSIopEwDEFps7l327brjqp8a0vXmGuNztvnNDuQyGD5lKLDeK+dGSz+aHdCnD/10rIVSVxnw/TCyGWGHsYHpXqK0ZdiJ6HXX8FqGylTJZWTiSLSDrUwk8Mq8uIk3Sdy5E9yGgKcmA5GInBQuqMhZbzt1KhLhyp67+dIJ+D3b/JzSyPRHt9XMBpGTYMEuhjBM2aH5C9pltrmRq2NIF/cST1eidhTV2wMSqGm9jwDG7CwxAeYvan1cazZIrIfY7a/rD3sbxSPlzH92nUhw8m0qneKjDWO+kzCJVlWQ/q9c6hg69N2tBctYel3WTFw1usbbG/ZCF + + + + diff --git a/test/mocks/netconf-pnp-simulator/engine/container-tag.yaml b/test/mocks/netconf-pnp-simulator/engine/container-tag.yaml index f705e1e02..cd982b9ac 100644 --- a/test/mocks/netconf-pnp-simulator/engine/container-tag.yaml +++ b/test/mocks/netconf-pnp-simulator/engine/container-tag.yaml @@ -1 +1 @@ -tag: "2.6.0" +tag: "2.6.1" diff --git a/test/mocks/netconf-pnp-simulator/engine/entrypoint.sh b/test/mocks/netconf-pnp-simulator/engine/entrypoint.sh index 951ca474b..48a5e5a40 100755 --- a/test/mocks/netconf-pnp-simulator/engine/entrypoint.sh +++ b/test/mocks/netconf-pnp-simulator/engine/entrypoint.sh @@ -28,6 +28,7 @@ set -o xtrace export PATH=/opt/bin:/usr/local/bin:/usr/bin:/bin CONFIG=/config +SSH_CONFIG=$CONFIG/ssh TLS_CONFIG=$CONFIG/tls MODELS_CONFIG=$CONFIG/modules KEY_PATH=/opt/etc/keystored/keys @@ -55,6 +56,11 @@ find_executable() { done } +configure_ssh() +{ + sysrepocfg --datastore=startup --format=xml ietf-system --import=$SSH_CONFIG/load_auth_pubkey.xml +} + configure_tls() { cp $TLS_CONFIG/server_key.pem $KEY_PATH @@ -126,6 +132,7 @@ create_python_venv() echo $env_dir } +configure_ssh configure_tls configure_modules diff --git a/test/mocks/netconf-pnp-simulator/modules/docker-compose.yml b/test/mocks/netconf-pnp-simulator/modules/docker-compose.yml index ac0304380..8176e3b95 100644 --- a/test/mocks/netconf-pnp-simulator/modules/docker-compose.yml +++ b/test/mocks/netconf-pnp-simulator/modules/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: netconf-pnp-simulator: - image: nexus3.onap.org:10001/onap/integration/simulators/netconf-pnp-simulator:2.6.0 + image: nexus3.onap.org:10001/onap/integration/simulators/netconf-pnp-simulator:2.6.1 container_name: netconf-pnp-simulator restart: always ports: -- cgit 1.2.3-korg