class ManageIQ::ApplianceConsole::KeyConfiguration

Attributes

action[RW]
force[RW]
host[RW]
key_path[RW]
login[RW]
password[RW]

Public Class Methods

new(options = {}) click to toggle source
# File lib/manageiq/appliance_console/key_configuration.rb, line 20
def initialize(options = {})
  options.each { |k, v| public_send("#{k}=", v) }
  @action ||= :create
  @login ||= "root"
  @key_path ||= KEY_FILE
end

Public Instance Methods

activate() click to toggle source
# File lib/manageiq/appliance_console/key_configuration.rb, line 53
def activate
  if !key_exist? || force
    if get_new_key
      save_new_key
    else
      remove_new_key_if_any
      false
    end
  else
    # probably only got here via the cli
    $stderr.puts
    $stderr.puts "Only generate one encryption key (v2_key) per installation."
    $stderr.puts "Chances are you did not want to overwrite this file."
    $stderr.puts "If you do this all encrypted secrets in the database will not be readable."
    $stderr.puts "Please backup your key and run this command again with --force-key."
    $stderr.puts
    false
  end
end
ask_question_loop() click to toggle source
# File lib/manageiq/appliance_console/key_configuration.rb, line 45
def ask_question_loop
  loop do
    return false unless ask_questions
    return true if activate
    return false unless agree("Try again? (Y/N) ")
  end
end
ask_questions() click to toggle source
# File lib/manageiq/appliance_console/key_configuration.rb, line 27
def ask_questions
  if key_exist?
    @force = agree("Overwrite existing encryption key (v2_key)? (Y/N): ")
    return false unless @force
  end

  @action = ask_for_action(@action)

  if fetch_key?
    say("")
    @host      = ask_for_ip_or_hostname("hostname for appliance with encryption key", @host)
    @login     = ask_for_string("appliance SSH login", @login)
    @password  = ask_for_password("appliance SSH password", @password)
    @key_path  = ask_for_string("path of remote encryption key", @key_path)
  end
  @action
end
create_key() click to toggle source
# File lib/manageiq/appliance_console/key_configuration.rb, line 95
def create_key
  return unless !!ManageIQ::Password.generate_symmetric(NEW_KEY_FILE)

  File.chown(manageiq_uid, manageiq_gid, NEW_KEY_FILE)
end
fetch_key() click to toggle source
# File lib/manageiq/appliance_console/key_configuration.rb, line 101
def fetch_key
  # use :verbose => 1 (or :debug for later versions) to see actual errors
  Net::SCP.start(host, login, :password => password) do |scp|
    scp.download!(key_path, NEW_KEY_FILE)
  end
  File.chown(manageiq_uid, manageiq_gid, NEW_KEY_FILE)
  File.exist?(NEW_KEY_FILE)
rescue => e
  say("Failed to fetch key: #{e.message}")
  false
end
fetch_key?() click to toggle source
# File lib/manageiq/appliance_console/key_configuration.rb, line 91
def fetch_key?
  @action == :fetch
end
key_exist?() click to toggle source
# File lib/manageiq/appliance_console/key_configuration.rb, line 87
def key_exist?
  File.exist?(KEY_FILE)
end
remove_new_key_if_any() click to toggle source
# File lib/manageiq/appliance_console/key_configuration.rb, line 83
def remove_new_key_if_any
  FileUtils.rm(NEW_KEY_FILE) if File.exist?(NEW_KEY_FILE)
end
save_new_key() click to toggle source
# File lib/manageiq/appliance_console/key_configuration.rb, line 73
def save_new_key
  begin
    FileUtils.mv(NEW_KEY_FILE, KEY_FILE, :force => true)
  rescue => e
    say("Failed to overwrite original key, original key kept. #{e.message}")
    return false
  end
  FileUtils.chmod(0o400, KEY_FILE)
end

Private Instance Methods

ask_for_action(default_action) click to toggle source
# File lib/manageiq/appliance_console/key_configuration.rb, line 115
def ask_for_action(default_action)
  options = {'Create key' => :create, 'Fetch key from remote machine' => :fetch}
  ask_with_menu("Encryption Key", options, default_action, false)
end
get_new_key() click to toggle source
# File lib/manageiq/appliance_console/key_configuration.rb, line 120
def get_new_key
  fetch_key? ? fetch_key : create_key
end