Script to create an includable SSH config

Unidata · Oct 15, 2024 · 87d959d · 87d959d
1 parent 821ab4f
commit 87d959d
Show file tree

Hide file tree

Showing 3 changed files with 137 additions and 0 deletions.
diff --git a/openstack/create_ssh_config/README.md b/openstack/create_ssh_config/README.md
@@ -0,0 +1,84 @@
+# Create SSH Config
+
+This script will create a seperate SSH config file at
+`$HOME/.ssh/openstack-config` that can be included in the standard SSH config
+file.
+
+## How it works
+
+The script uses the `openstacksdk` to query JS2 for a list of all servers and
+parse the result for any servers that have the `interface_ip` attribute, i.e. a
+public ip.
+
+Other server attributes are parsed and the `sshconf` python package applied to
+create the `openstack-config` file. In addition to "normal" config entries, it
+also creates entries that tunnel through the "gate" server, as well as the local
+forwards.
+
+***IMPORTANT***
+One big assumption of this script is which user is used to log in to each
+server. When Jetstream_Kubespray/Terraform creates servers, it actually attaches
+some meta data that specifies the SSH user. This meta data is parsed to
+determine the SSH user, if it exists, otherwise `rocky` is used as the SSH user.
+If some mistake is made, you can always specify the login user on the CLI when
+issuing the SSH command: `$ ssh user@host`.
+
+## clouds.yaml
+
+The script needs a valid `clouds.yaml` file in the standard location,
+`$HOME/.config/openstack/clouds.yaml`. You may already have one, but you can
+create a new one from [Jetstream2's Horizon
+Dashboard](https://js2.jetstream-cloud.org/project/).
+
+1) Log in
+2) Use the side bar to navigate to "Identity --> Application Credentials"
+3) Click "+ Create New Appllication Credential"
+4) Fill out the required fields
+5) Download the `clouds.yaml` file; *it's only available for download at this
+point*!
+
+## Conda Environment
+
+Create the conda environment with `mamba`:
+
+`mamba env update -f environment.yaml`
+
+The new environment is created as `create_ssh_config`.
+
+## Usage
+
+Edit the script to specify the gate user (i.e. your UCAR username), the forward
+port (which will be incremented to create a forward for each entry), and a key
+file name.
+
+Optionally, copy this script to your local bin directory:
+
+`mkdir -p $HOME/.local/bin && cp create_ssh_config.py $HOME/.local/bin`
+
+Make it executable:
+
+`chmod u+x create_ssh_config.py`
+
+Run from the command line. Note the hashbang `#!` at the start of the script
+specifies that the script should be ran within the `conda` environment we
+created.
+
+`./create_ssh_config.py`
+
+Verify the output
+
+`cat $HOME/.ssh/openstack-config`
+
+Ensure that this file is included in the standard SSH config file:
+
+```
+$ cat ~/.ssh/config
+AddKeysToAgent yes
+
+Include ~/.ssh/openstack-config
+
+# ...
+
+# Other non-openstack hosts
+```
+
diff --git a/openstack/create_ssh_config/create_ssh_config.py b/openstack/create_ssh_config/create_ssh_config.py
@@ -0,0 +1,45 @@
+#! /usr/bin/env conda run -n create_ssh_config python
+
+import openstack
+import sshconf
+
+from os.path import expanduser
+home = expanduser('~')
+
+# gate setup
+gate_host = 'gate.unidata.ucar.edu'
+gate_user = '<gate-user>' # Change me :)
+forward_port = 7824 # Will be incremented for each LocalForward gate entry
+LocalForward=[]
+
+# sshconf setup
+key_file = home+'/.ssh/<key-file-name>' # Change me :)
+ssh_port = 22
+output_file = home+'/.ssh/openstack-config'
+
+c = sshconf.empty_ssh_config_file()
+
+# fetch openstack server list
+conn = openstack.connect(cloud='openstack')
+servers = conn.list_servers()
+
+# Add openstack servers to ssh config file
+for server in servers:
+    s = server.to_dict()
+    if s['interface_ip']:
+        if 'ssh_user' in s['metadata']:
+            user = s['metadata']['ssh_user']
+        else:
+            user = 'rocky'
+        # Prepare to add gate tunnel
+        LocalForward.append('{} {}:{}'.format(forward_port,s['interface_ip'],ssh_port))
+        # Add "regular" entry
+        c.add(s['hostname'], Hostname=s['interface_ip'], User=user, Port=ssh_port, IdentityFile=key_file)
+        # Add "tunnel" entry
+        c.add(s['hostname']+"-tun", Hostname='localhost', User=user, Port=forward_port, IdentityFile=key_file)
+        # Increment
+        forward_port += 1
+
+c.add('gate', Hostname=gate_host, User=gate_user, LocalForward=LocalForward)
+
+c.write(output_file)
diff --git a/openstack/create_ssh_config/environment.yaml b/openstack/create_ssh_config/environment.yaml
@@ -0,0 +1,8 @@
+name: create_ssh_config
+channels:
+        - conda-forge
+dependencies:
+        - openstacksdk
+        - pip
+        - pip:
+                - sshconf