[pve-devel] [PATCH RFC 06/21] gen_pve_ssh_cert: new helper
Dietmar Maurer
dietmar at proxmox.com
Mon Nov 28 08:08:58 CET 2016
Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
---
data/PVE/Cluster.pm | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 4f26cc3..e7b00d4 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -271,6 +271,35 @@ sub gen_pve_ssh_ca {
return $ssh_ca_changes;
}
+sub gen_pve_ssh_cert {
+ my ($pubkey, $name, $identity, $isHost) = @_;
+
+ my $data;
+ my $tmpdir = "/tmp/.pve-ssh-keygen-$$";
+ eval {
+ mkdir $tmpdir;
+ my $tmpname = "$tmpdir/pubkey";
+ PVE::Tools::file_set_contents("$tmpname.pub", $pubkey);
+
+ my $cmd = ['ssh-keygen', '-s', $ssh_cluster_ca_priv,
+ '-I', $identity,'-n', $name];
+ push @$cmd, '-h' if $isHost;
+ push @$cmd, "$tmpname.pub";
+
+ PVE::Tools::run_command($cmd);
+ my $cert = PVE::Tools::file_get_contents("$tmpname-cert.pub");
+ $cert =~ s/$tmpname.pub\s*$/$identity/;
+ $data = $cert;
+ };
+ my $err = $@;
+
+ rmtree $tmpdir;
+
+ die $err if $err;
+
+ return $data;
+}
+
sub update_serial {
my ($serial) = @_;
--
2.1.4
More information about the pve-devel
mailing list