From ce12a7f9ec14ab6ccc20e7ed45c0da2dc6e97599 Mon Sep 17 00:00:00 2001 From: Ritesh H Shukla Date: Thu, 27 Oct 2016 16:18:56 -0700 Subject: [PATCH] Adjust SSH credential management for a public CI SSH keys need to be encrypted and stored in .drone.sec --- .drone.sec | 2 +- .drone.yml | 6 ++++++ esx_service/Makefile | 4 ++-- misc/scripts/commands.sh | 4 ++-- vmdk_plugin/Makefile | 2 +- 5 files changed, 12 insertions(+), 6 deletions(-) diff --git a/.drone.sec b/.drone.sec index 6e50524be..f87372cb0 100644 --- a/.drone.sec +++ b/.drone.sec @@ -1 +1 @@ -eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkExMjhHQ00ifQ.IPbrMMex7Ccbz3_HGrGa0_lwt8AaQ_EzdPdcdjSwUd-zFv1tcJtvdqCNjSMJb1G_v9eM2EWJkVBqr0IKV5-N-P9KDakxKjBpQTrOf0CtMfffjRS7QBs-nmaZm_UHmItA66l37i3mqYvU9mZf7wdOWCgku1OddbThJGYzhxWnanIBKYYg0oW5z0aNxdHo_miX2PlPEFas0Wtm5PFLaMY1RIa-Xpwl2EqErtq1UhdB_9W13SQWiBPjnU6S4ZSDcWm88GRbPeg2xotseyw6O-nPFf5j8j7lHkGu8GNtPImCalh1OStmvaEFiU2fUeFW4VDKvSltkGmvH96xUNrDwCcz7g.Pcq2C10Cu6-1rbKA.qk2RF_FIUiVODEz7_54iw2px8jyVvtValsWq2Rrn0ek8Q2h2QmPwSUpxd21XXze1UTxSLnzhNf4UDhmf9sJKvR5-ARbIHv1w9Kb-4p1rAEinQbVFmVc8iapUICqAGUjr1kLSDgSIUG-G7bQW7OHj5YdQtDLkppj222N4yUzoM3-7peN7aaK8auz0l0sam-27VwR7ded9PJnPUeOQ9XuDS1c3RRFLc-p4AWZRZnnxPOit2dWGBm6aWI4HPYJeiMOXlbU1JFOHFCqbXrUEnCGA4RxnZ3NAixYGLnYt4dCQGOmU91X_9v9i0sCr9DukbBF-HZ27IQsuh0Zqyu7PzwFWaecM29hv1Rt06Sr98UhmiMauwpHl5PK9zS5PCdvd9-7530outn3SBT6CWlT5KoLnq4owCuNHoEYDWhZdKff7n_SK6lZJLbBI.aXVYGOpLuWSG1mzYfP0P9w \ No newline at end of file +eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkExMjhHQ00ifQ.tWB5EuFagy7psZkmB6_lOg3nhbIEaPqXnjeaH43EQSkXcFwowuUxzsZ9ng6J55KoTKBOtbWvmKUlYPalVOPSu102zI_ewi9XCzkM0KhKy8MsSbTmzD5u21PJLfBQqa03_Nd6Z5un1KKVtIPDDfh_oCEDLCbD_Y16QkVUgKV6QMUMdiu6UhoCELyQ_fGB99C5GtmVWa-unMuzgnyqum07trjZUA8Qj6Lbdbxx2m6ybvVCOnEiiaJqvuJWwZw-BjZs_p1JGdxmDsjzeR875xTx2UEUFOHwFsBdKi20I_r598j0r1AxnyLjdF1daqgrKFNpyAMv-ItzU8W6P24sHvnGew.8Uf4hMlsR4gWitSs.J_MYAOOhAOTxQ5bA7Y5HGnma3bujlypkYU1OVNIFxx33wy_Aoc5sc7oZSEzTaBNhOSy9uvgsJxJNQCnxYT-1EgzWJBaaBdm54_T4fw6qkg5nRXYwapbM3_pGm3Y_rWJyM5ulbQOITDexLLvKALIgjR33uRJsA47KSU6QZPcc9qIqkrjITYnJjZAm7ztLNTXqPudUs3DhjwrG77OmypMi9JB0GD9APVFfdb9P0YxPzM90pqHkeJ1jqpEwKUHT4-Oa7KUtvJSpeUL2eY7FPhy41Ulyobl425xTE2_efN03u9ADo-78xMpW0Tv-FXLOPWVwbNq_vZrujrTcFR8NV0jixpMJlBxXV-WA0qEa3acoJwhfWAE-XlfWa2gfNcAAxYNaW_kw68V7k4czL65a-RKG-xjYLkim2YkljKbSphjMBDtNCOfTNX49xf7F7FOpFrOMuAr_f89BQZnRP5Pg1AjYnHolJsY9FiqC8R8bIJFkdOCv89ujiNL1wmCzPNW8r0NzdO0NxOSDHHYgS_53yvfd8OGcudUV5NwS6PCajbkxPe-AtT9CreUq0_4ENg01rLwh4Pkk6yNVz6AIlrHqmkM21bvoOCuLT7sF6o5Uqb1HkO3Y7Nkw-mMArkLDbOK5Y1zFOXopJtJYfOYMx4MNwwBqMj1kojtPUHzJu_HJyyRgLbdTA_AAHjH5Wdw3Itndf_rsP3aq-PGNaf-g2WCDk45xU77IKuGNpXYJUCh60lok5flsC60bBPDQF7oH3hKcwh_Nto-UCW9l0QuCP3a6TVyNs5607ekZcbyLBDhEliDkN3H5GboJbTmX9yjDZyp_aUht_lhTiZ7MQz3FuDZbiw__ikrx8nGOKdCwcuVCLM3W-UvLmMEHr-KrI6R2fI8ecLbgdQ2kim58r3T0MiOhwGmI7A3YfO_kuVab2qb_Lt0GUAMdIB87MauuXnqM6AUXwCpSnCK14tmqOpxmgUbRCNIM10-hwcIxeL-DQRhqBkk0pY9ouhmcX-Bpd6dGKilyynLoQ-K3meBuffXZSo-t7_OVjRrL-XIS8-WKx5CyNSe7XVF6o_7lAjcKvADfxIiubD57KRwkI2MGzH9D1C1qaLXNDyLyXHjibamTOBv_nKmxZ0z_Vp5Xg0p8SDlKt2HaamZofWq8V2sZkHllUzWQCkiV45EgcrC6rntIhKgkhqDnwa2nR_OtMetxldFoMaPBsZX5v59P5e6z5wltNlsylkf56gt3reA-IuELcIJqqIDb7Dlwm-IGlbZdNH9sudaPbWR24cq8J4WkwVnDv2K98Q8J2alHejTekR9UMXTvm42jXwUtebn9Ek_IdDUlEMVtP3zkygSEU7cXF_Tc7uMT8xB8v0pTxM4tWCvyD_t8jZChIZJJoS_nPx8V2dHEFNBPWd57ch0wFiIG-2mCCo347ako2wTq28-nIk6JvrfrbRzNYfwt662kvVC39njmLW9RIZuZc5fhCssHLqG90GGFF82U_nViydUx0C9joxCWWhNJ9GO7C2iN2aNCWJrmmrPbGxitw9A5wwHiJY2vUdZeyJWvyyoQRaoINHeLRXNLo_4GbxcFoABgHurSOPLDELLJnc03XalA2hWtkqqA--q6Hg7WaK-b4JDRuiSFK99Jpt_8WvJSnhwbb8U40HLU4UcniY1WwyvtGqxthQomn5lYuty4UtWrij0Ek-qBR9eLAZ-VSsNJgrOrxytMNTp1KGv0LacqDE7t12Bt96x14Z6d-Y1zoukRDiiRgBcnA0ufypLU-M0rpDN2_qs7YQCJjHk-sMpBBsaa8YH281WqW0fYAVtAvzsilPidMt2wu_JcjEuNdAGIA6Gd98lrTG2pAEQvHIY6URSGmJjYGSyWi1o5aB6YF2EZ46t6odcLqPIvq3Q1UkD2bq_fOAxS0Uei-lix3BuSyUQO0cW2ZrJnZkWSmjP9HpXC85U155TogNfVTBJg3JOXyCACdPzgQkTQThIlygDKYYPeMdOaqoFpyMYBj5cmGYhJ9ePMkkUaps6bj4Hn_-L5qpDtH068-IXb-ar0fugliuxIYCzZKgPd5SgxxhHD29Z3zd7EDm06opW6qso7JfMoJUKTNvB8CCMg6mEi-o678w9KZBUfIIA8uapL6aWyxK3zD6QLAy8ocfpU0FeL7U_sbXwuyASyTZWaUNOZu2K0wfY_bAZa-sNhZq81aTPdDhjH4PJbvMMhqqElNzMiJJPZ89K2B5TDRmIkyPA7rSW6zKW_5yoEcp6FuttBhyKXUNAjTWASu7aEyUJ5hcEtoS-3mRKl12mHYdifKkMOqdF5AdvI06nxhUHRyJcbiXzXnIN-LwYYd4_7QBw1VgdBD9SeNvYZmzAKsTq2QdCEkjQ-xtObLKh-zUMya5FCbJKGu4EjmM25W2pZW86dYx96D45yUEjnqX_RxUs-Apy4fwLAA4BSL3hoOKJtbheBp3ZQ1WxhNG5Qaacwz06GWwQZyiUgS4wZgjqop4jr7LXo5ky1t5QCcCqhXEfFVvpMoY6LlhuUMWcQyvjieZUn7Lrjr2KxweI5-UVGas1g5bgoJVjuOMhj1rRMjx3DjrnCroJ-yU1L2hx5QWbjvI1y25JQm2YZjiOcwI-_XHJ__kzpRPwpVMQgGOcHOXTeDVr1l6relA0AZkus0ztDNqubEK2ttqlsL1d8FcipnyrIo50syD-FFR-kOT1xzclh-6ix4NJa7AAp_b2DauQ4gldE29qFEyViSufIzdH5Sr3HTGI2EsqwPnTyQZQ1A8OBfXC7Iu0dspChhFitcOgaHxyhPgHQdfcTyBai2N1676eLnyrpE-R92FiIupQrITUoIiR9TMObm0JlMeAjCUPE_Qb9jvnryo7syGu3nh8YAtX7FnK0j0kQVmvg0MvBsuJowHjn3C6yoG1gD5MmCF1zOPdT7W9DkOrAX8rY89FvOj8-RW07rEI2Ct-CnNBIpapRJU3FM7bBpmlPP0lRrRRlfn8ZJNF1EAMjtYVp9XldpRXo0z7lec_GXOnSFsm-dtPCWgfBsV8QG8eilYM_5q85ifEpGiiFZ7bE8P9iv6_CK1la5tSqQvphW7OvoJ02icQWxUwpxDpHa9NTxqwJvMNATyYbmaybP3NRPGuXb21db4THc2fztVuxodsL8U1Zy_a7mSuuU3CblEhu3SMyHtSBuxPmrIs9Ti5NpAL9VIYsulvYiAn8UmaK4_kpQGypUxXfGsAdmqGd2P_9Mny1DJAlmd3DOnml991y07CGmq4Xhr3b3EvWAqWrsEUZatRTXHBToDyCYnL0gmv6GeuBh4g64G2ARkxefaWYGrQZMhcj_711e-QxIz-X5QBBNZ5V5m39UMlXyMfIiJ4yMFjFG3Qq65n1rMEsMijlhJ7blRAm3-MsP1raEeEtA29PzR4qHfTHqxzNEeBi9A1fpSMudrwjSLmlyjZ0fftpHWcrGS-lvIjFTpTEzVPy7lpaiA1ld3TCb4lOxsLrALTKN6LWxbk562ks9tKpIZWpid7wZo9tL0dRelHGRoUnlY47E5OTKPAPXll-xYBbznEiFWAj6UsGRVe5t2r4_TDkUMsyDwf8h0GQVEflw_vlqlcvyLLbSUP9GDc7YO0w7lU5KtGDavSCvOD_5A93fAHanpa0I9jYD8Hn-LF8UJsUiCPngnnEcQ3yQsRiLq0y4SfOttsUTZ_SRg3-oVPbVOoY95Ws_LGab4t6PnipVUZ779SodU5VE_dHv7unOFatLK73Nxf3Hc4aTcrdW5UljQCAQhmAKnVIJ62bVbgDmMl92iY0veH5QOJzQxGiUMfFb7-EZoF18bHuJmRfSYU7v5nsyNVBuwiFQxlLLJ0FmV5EgfMn_pneZv9-XJNecfPuM7NCDDQT2U6lHkUBLIn86o740lSf-mdib_qGt2Vqwn-dRUnp2JoADzzTnt6B5lgdf9P324w3ZWwd22THv4PAXu77H6yWqPiU4UovIMPkX5ubP2bbMSs8cV8aWAv8EWFA.0RAVXfy33wLAoJlRBW8M1A \ No newline at end of file diff --git a/.drone.yml b/.drone.yml index 22896c228..2f54388ce 100644 --- a/.drone.yml +++ b/.drone.yml @@ -5,9 +5,12 @@ clone: build: build_dev: image: cnastorage/vibauthor-and-go:0.6 + environment: + - KEY=$$KEY commands: - go get github.com/golang/lint/golint - make -s build + - echo $KEY | base64 -d > /tmp/key when: event: [push, pull_request] @@ -45,6 +48,7 @@ build: - GOVC_PASSWORD=$$CI_VMWARE_ESX_PASS - GOVC_INSECURE=1 - GOVC_URL=$$CI_ESX_IP + - SSH_KEY_OPT=-i /tmp/key commands: - export VM1=`govc vm.ip photon.ga.vmfs` - export VM2=`govc vm.ip Ubuntu.1404.vmfs` @@ -68,6 +72,7 @@ build: - GOVC_PASSWORD=$$CI_VMWARE_ESX_PASS - GOVC_INSECURE=1 - GOVC_URL=$$CI_ESX_IP + - SSH_KEY_OPT=-i /tmp/key commands: - export VM1=`govc vm.ip photon.ga.vmfs` - export VM2=`govc vm.ip Ubuntu.1404.vmfs` @@ -91,6 +96,7 @@ build: - GOVC_PASSWORD=$$CI_VMWARE_ESX_PASS - GOVC_INSECURE=1 - GOVC_URL=$$CI_ESX_IP + - SSH_KEY_OPT=-i /tmp/key commands: - export PKG_VERSION=$$TAG - export VM1=`govc vm.ip photon.ga.vmfs` diff --git a/esx_service/Makefile b/esx_service/Makefile index c770eef1c..8741a182b 100644 --- a/esx_service/Makefile +++ b/esx_service/Makefile @@ -152,8 +152,8 @@ test: test-esx build # test-esx is a quick unittest for ESX Python code. # Deploys, runs and clean unittests (i.e. all files *_test.py) on ESX -SSH := $(DEBUG) ssh -kTax -o StrictHostKeyChecking=no -SCP := $(DEBUG) scp -r -q -o StrictHostKeyChecking=no +SSH := $(DEBUG) ssh $(SSH_KEY_OPT) -kTax -o StrictHostKeyChecking=no +SCP := $(DEBUG) scp $(SSH_KEY_OPT) -r -q -o StrictHostKeyChecking=no TMP_LOC := $(shell echo /tmp/vmdk_ops_unittest$$RANDOM) TEST_FILES := $(shell find . -name '*_test.py') diff --git a/misc/scripts/commands.sh b/misc/scripts/commands.sh index 8b0b61a2c..bd698de17 100755 --- a/misc/scripts/commands.sh +++ b/misc/scripts/commands.sh @@ -36,8 +36,8 @@ RPM_ERASE="rpm -e" RPM_INSTALL="rpm -ivh" RPM_QUERY="rpm -q" SCHED_GRP="localcli --plugin-dir=/usr/lib/vmware/esxcli/int sched group" -SCP="$DEBUG scp -r -q -o StrictHostKeyChecking=no" -SSH="$DEBUG ssh -kTax -q -o StrictHostKeyChecking=no" +SCP="$DEBUG scp $SSH_KEY_OPT -r -q -o StrictHostKeyChecking=no" +SSH="$DEBUG ssh $SSH_KEY_OPT -kTax -q -o StrictHostKeyChecking=no" VIB_INSTALL="localcli software vib install" VIB_REMOVE="localcli software vib remove" VIB_LIST="localcli software vib list" diff --git a/vmdk_plugin/Makefile b/vmdk_plugin/Makefile index 38fa39f97..1be285900 100644 --- a/vmdk_plugin/Makefile +++ b/vmdk_plugin/Makefile @@ -243,7 +243,7 @@ TEST_VM = root@$(VM1) VM1_DOCKER = tcp://$(VM1):2375 VM2_DOCKER = tcp://$(VM2):2375 -SSH := $(DEBUG) ssh -kTax -o StrictHostKeyChecking=no +SSH := $(DEBUG) ssh $(SSH_KEY_OPT) -kTax -o StrictHostKeyChecking=no # bin locations on target guest TMP_LOC := /tmp/$(PLUGNAME)