Merge lp:~ivoks/charm-helpers/ssh_ip into lp:charm-helpers

Proposed by Ante Karamatić
Status: Merged
Merged at revision: 634
Proposed branch: lp:~ivoks/charm-helpers/ssh_ip
Merge into: lp:charm-helpers
Diff against target: 61 lines (+36/-1)
1 file modified
charmhelpers/contrib/hardening/ssh/checks/config.py (+36/-1)
To merge this branch: bzr merge lp:~ivoks/charm-helpers/ssh_ip
Reviewer Review Type Date Requested Status
Liam Young (community) Needs Fixing
Review via email: mp+306451@code.launchpad.net

Description of the change

Pass an IP to ssh_ip instead of listen_to

Current 'listen_to' setting in hardening is not very useful in cloud environments. Each unit has its own IP and therefore it's impossible to configure the application with a single config file. This patch extends functionality and figures out an IP on every unit and passes it as ssh_ip variable in the template.

Supports interface names, IPs and CIDRs.

This depends on https://code.launchpad.net/~ivoks/charm-helpers/no_ip_valueerror/+merge/306445

To post a comment you must log in.
Revision history for this message
Liam Young (gnuoy) wrote :

Could you add a doc string to get_listening please

review: Needs Fixing
lp:~ivoks/charm-helpers/ssh_ip updated
633. By Ante Karamatić

Add doc string

634. By Ante Karamatić

Fix typo

Revision history for this message
Liam Young (gnuoy) wrote :

LGTM, thanks

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'charmhelpers/contrib/hardening/ssh/checks/config.py'
2--- charmhelpers/contrib/hardening/ssh/checks/config.py 2016-07-06 14:41:05 +0000
3+++ charmhelpers/contrib/hardening/ssh/checks/config.py 2016-09-22 13:26:59 +0000
4@@ -14,6 +14,11 @@
5
6 import os
7
8+from charmhelpers.contrib.network.ip import (
9+ get_address_in_network,
10+ get_iface_addr,
11+ is_ip,
12+)
13 from charmhelpers.core.hookenv import (
14 log,
15 DEBUG,
16@@ -121,6 +126,36 @@
17
18 return cipher[weak_ciphers]
19
20+ def get_listening(self, listen=['0.0.0.0']):
21+ """Returns a list of addresses SSH can list on
22+
23+ Turns input into a sensible list of IPs SSH can listen on. Input
24+ must be a python list of interface names, IPs and/or CIDRs.
25+
26+ :param listen: list of IPs, CIDRs, interface names
27+
28+ :returns: list of IPs available on the host
29+ """
30+ if listen == ['0.0.0.0']:
31+ return listen
32+
33+ value = []
34+ for network in listen:
35+ try:
36+ ip = get_address_in_network(network=network, fatal=True)
37+ except ValueError:
38+ if is_ip(network):
39+ ip = network
40+ else:
41+ try:
42+ ip = get_iface_addr(iface=network, fatal=False)[0]
43+ except IndexError:
44+ continue
45+ value.append(ip)
46+ if value == []:
47+ return ['0.0.0.0']
48+ return value
49+
50 def __call__(self):
51 settings = utils.get_settings('ssh')
52 if settings['common']['network_ipv6_enable']:
53@@ -180,7 +215,7 @@
54 addr_family = 'inet'
55
56 ctxt = {
57- 'ssh_ip': settings['server']['listen_to'],
58+ 'ssh_ip': self.get_listening(settings['server']['listen_to']),
59 'password_auth_allowed':
60 settings['server']['password_authentication'],
61 'ports': settings['common']['ports'],

Subscribers

People subscribed via source and target branches