Merge pull request #109 from fschulze/ed25519

 Add ed25519 support in bootstrap needed for paramiko>=2.

CHANGES.rst

@@ -2,8 +2,7 @@
 ==================
 
 - [fix] fix pf round-robin lockups. thanks to @igalic for reporting and fixing this issue
-
-
+- [feature] add ed25519 support in bootstrap needed for paramiko>=2. you should check whether you have ``ssh_host_ed25519_key*`` files on your host which you might want to copy to your bootstrap files directory alongside the other ``ssh_host_*_key*`` files
 
 
 2.2.0 - 2016-11-08

bsdploy/__init__.py

@@ -1,3 +1,4 @@
+from glob import glob
 from os import path
 import argparse
 import logging
@@ -82,6 +83,25 @@ def __call__(self, argv, help):
         instance.hooks.after_bsdploy_bootstrap(instance)
 
 
+def get_bootstrap_path(instance):
+    host_defined_path = instance.config.get('bootstrap-files')
+    ploy_conf_path = instance.master.main_config.path
+    if host_defined_path is None:
+        bootstrap_path = path.join(ploy_conf_path, '..', 'bootstrap-files')
+    else:
+        bootstrap_path = path.join(ploy_conf_path, host_defined_path)
+    return bootstrap_path
+
+
+def get_ssh_key_paths(instance):
+    bootstrap_path = get_bootstrap_path(instance)
+    key_paths = []
+    for ssh_key in glob(path.join(bootstrap_path, 'ssh_host*_key.pub')):
+        ssh_key = path.abspath(ssh_key)
+        key_paths.append(ssh_key)
+    return key_paths
+
+
 def augment_instance(instance):
     from ploy_ansible import get_ansible_version, get_playbooks_directory
     from ploy_ansible import has_playbook
@@ -143,16 +163,9 @@ def augment_instance(instance):
             sys.exit(1)
         if not has_playbook(instance):
             instance.config['roles'] = 'jails_host'
-        if 'fingerprint' not in instance.config:
-            host_defined_path = instance.config.get('bootstrap-files')
-            ploy_conf_path = main_config.path
-            if host_defined_path is None:
-                bootstrap_path = path.join(ploy_conf_path, '..', 'bootstrap-files')
-            else:
-                bootstrap_path = path.join(ploy_conf_path, host_defined_path)
-            ssh_key = path.abspath(path.join(bootstrap_path, 'ssh_host_rsa_key.pub'))
-            if path.exists(ssh_key):
-                instance.config['fingerprint'] = ssh_key
+        if 'ssh-host-keys' not in instance.config:
+            key_paths = get_ssh_key_paths(instance)
+            instance.config['ssh-host-keys'] = "\n".join(key_paths)
     else:
         # for jails
         instance.config.setdefault('startup_script', path.join(

bsdploy/bootstrap_utils.py

@@ -97,7 +97,8 @@ class BootstrapUtils:
         ('ssh_host_key', '-t rsa1 -b 1024'),
         ('ssh_host_rsa_key', '-t rsa'),
         ('ssh_host_dsa_key', '-t dsa'),
-        ('ssh_host_ecdsa_key', '-t ecdsa')])
+        ('ssh_host_ecdsa_key', '-t ecdsa'),
+        ('ssh_host_ed25519_key', '-t ed25519')])
     upload_authorized_keys = True
     bootstrap_files_yaml = 'files.yml'
 
@@ -141,6 +142,8 @@ def generate_ssh_keys(self):
                     "ssh-keygen %s -f %s -N ''" % (ssh_keygen_args, ssh_key),
                     capture=True)
                 if result.failed:
+                    print("Generation of %s with '%s' failed." % (
+                        ssh_key_name, ssh_keygen_args))
                     continue
             with settings(quiet()):
                 fingerprint = local(

bsdploy/fabfile_mfsbsd.py

@@ -18,11 +18,14 @@ def _mfsbsd(env, kwargs={}):
     try:
         env.shell = '/bin/sh -c'
 
-        # default ssh settings for mfsbsd with possible overwrite by bootstrap-fingerprint
-        fingerprint = env.instance.config.get(
-            'bootstrap-fingerprint',
-            '9e:5a:5d:3f:52:a3:bf:2b:6e:a0:34:f7:e5:20:11:af')
-        env.instance.config['fingerprint'] = fingerprint
+        # default ssh settings for mfsbsd with possible overwrite by bootstrap-host-keys
+        env.instance.config['ssh-host-keys'] = env.instance.config.get(
+            'bootstrap-host-keys',
+            '\n'.join([
+                # mfsbsd 10.3
+                'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnxIsRrqK2Zj73DPB3doYO8eDue2mVcae9oQNAwGz1o7VBmOpAZiscxOz1kg/M/CD3VRchgT5OcbciqJGaWeNyZHzHbVpIzUCycSI28WVpG7B4jXZTcq6vGGBpD22Ms6rTczigEJmshVR3rNxHmswwImmEwR6o1KVRCOAY2gL8Ik6OOKAqWqY8mstx059MsY9usDl2FDn57T8fZ4QMd+DQBEKwhkhqHs8n2WSlJlZqCuWDBNDH0RskDizrZRz+g4ciRwAM5e2dzgaOvtlfT42WD1kxwJIVFJi/1R0O+Xw2/kGyRweJXCqdUbfynFaTm1yen+IUPzNH/jBMtxUiL25r',
+                # mfsbsd 10.3 se
+                'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqSVYJPcXOqPEv/RYV5WiDbr9K/Bz5OeU2Hayo+oBMkxwFuv9KSZGHmZ/EbJOVKhdjDtRDgenxluLU6d5F/vWyGK1M1rdzEFuWfUdfe5Htvz1KEgj/nY5x8OC1h5xme1OwCcFF7oAf7GV6YQtsKF0CZoGwSJEuGb988r8le0VqKy/u4nRiTH+pLHcZzgx6khIl1ty+mBTLgAC7tTgXhB7l83lr/HqU+ZLWZbNohbdEdDWJYVdWHWVMdETc6PG8/DISNfdKuq3YfDyQ/0uZ/uGMJKr7y/J/cabi5VRdVZvdqqbEPLW2zjDtXtRh6+yE4NZETSYx+Wu/DZcn8OsR9pr/']))
         env.instance.config['password-fallback'] = True
         env.instance.config['password'] = 'mfsroot'
         # allow overwrites from the commandline
@@ -46,7 +49,7 @@ def _bootstrap():
     bu.print_bootstrap_files()
     # gather infos
     if not bu.bsd_url:
-        print("Found no FreeBSD system to install, please specify bootstrap-bsd-url and make sure mfsbsd is running")
+        print("Found no FreeBSD system to install, please use 'special edition' or specify bootstrap-bsd-url and make sure mfsbsd is running")
         return
     # get realmem here, because it may fail and we don't want that to happen
     # in the middle of the bootstrap

bsdploy/tests/test_bootstrap_mfsbsd.py

@@ -19,6 +19,8 @@ def create_ssh_host_keys(tempdir):
     tempdir['bootstrap-files/ssh_host_dsa_key.pub'].fill('dsa.pub')
     tempdir['bootstrap-files/ssh_host_ecdsa_key'].fill('ecdsa')
     tempdir['bootstrap-files/ssh_host_ecdsa_key.pub'].fill('ecdsa.pub')
+    tempdir['bootstrap-files/ssh_host_ed25519_key'].fill('ed25519')
+    tempdir['bootstrap-files/ssh_host_ed25519_key.pub'].fill('ed25519.pub')
     tempdir['bootstrap-files/ssh_host_key'].fill('rsa1')
     tempdir['bootstrap-files/ssh_host_key.pub'].fill('rsa1.pub')
     tempdir['bootstrap-files/ssh_host_rsa_key'].fill('rsa')
@@ -57,6 +59,8 @@ def test_bootstrap_ask_to_continue(bootstrap, capsys, run_mock, tempdir, yesno_m
         "%(tempdir)s/bootstrap-files/ssh_host_dsa_key.pub -(template:False)-> /mnt/etc/ssh/ssh_host_dsa_key.pub" % format_info,
         "%(tempdir)s/bootstrap-files/ssh_host_ecdsa_key -(template:False)-> /mnt/etc/ssh/ssh_host_ecdsa_key" % format_info,
         "%(tempdir)s/bootstrap-files/ssh_host_ecdsa_key.pub -(template:False)-> /mnt/etc/ssh/ssh_host_ecdsa_key.pub" % format_info,
+        "%(tempdir)s/bootstrap-files/ssh_host_ed25519_key -(template:False)-> /mnt/etc/ssh/ssh_host_ed25519_key" % format_info,
+        "%(tempdir)s/bootstrap-files/ssh_host_ed25519_key.pub -(template:False)-> /mnt/etc/ssh/ssh_host_ed25519_key.pub" % format_info,
         "%(tempdir)s/bootstrap-files/ssh_host_key -(template:False)-> /mnt/etc/ssh/ssh_host_key" % format_info,
         "%(tempdir)s/bootstrap-files/ssh_host_key.pub -(template:False)-> /mnt/etc/ssh/ssh_host_key.pub" % format_info,
         "%(tempdir)s/bootstrap-files/ssh_host_rsa_key -(template:False)-> /mnt/etc/ssh/ssh_host_rsa_key" % format_info,
@@ -118,6 +122,8 @@ def test_bootstrap(bootstrap, put_mock, run_mock, tempdir, yesno_mock):
         (("%(tempdir)s/bootstrap-files/ssh_host_dsa_key.pub" % format_info, '/mnt/etc/ssh/ssh_host_dsa_key.pub'), {'mode': 0644}),
         (("%(tempdir)s/bootstrap-files/ssh_host_ecdsa_key" % format_info, '/mnt/etc/ssh/ssh_host_ecdsa_key'), {'mode': 0600}),
         (("%(tempdir)s/bootstrap-files/ssh_host_ecdsa_key.pub" % format_info, '/mnt/etc/ssh/ssh_host_ecdsa_key.pub'), {'mode': 0644}),
+        (("%(tempdir)s/bootstrap-files/ssh_host_ed25519_key" % format_info, '/mnt/etc/ssh/ssh_host_ed25519_key'), {'mode': 0600}),
+        (("%(tempdir)s/bootstrap-files/ssh_host_ed25519_key.pub" % format_info, '/mnt/etc/ssh/ssh_host_ed25519_key.pub'), {'mode': 0644}),
         (("%(tempdir)s/bootstrap-files/ssh_host_key" % format_info, '/mnt/etc/ssh/ssh_host_key'), {'mode': 0600}),
         (("%(tempdir)s/bootstrap-files/ssh_host_key.pub" % format_info, '/mnt/etc/ssh/ssh_host_key.pub'), {'mode': 0644}),
         (("%(tempdir)s/bootstrap-files/ssh_host_rsa_key" % format_info, '/mnt/etc/ssh/ssh_host_rsa_key'), {'mode': 0600}),

bsdploy/tests/test_bsdploy.py

@@ -38,12 +38,12 @@ def test_augment_ezjail_master(ctrl, ployconf, tempdir):
     tempdir['bootstrap-files/ssh_host_rsa_key.pub'].fill('rsa')
     config = dict(ctrl.instances['jailhost'].config)
     assert sorted(config.keys()) == [
-        'ansible_python_interpreter', 'fabfile', 'fabric-shell', 'fingerprint',
-        'roles']
+        'ansible_python_interpreter', 'fabfile', 'fabric-shell',
+        'roles', 'ssh-host-keys']
     assert config['ansible_python_interpreter'] == '/usr/local/bin/python2.7'
     assert config['fabfile'].endswith('fabfile_mfsbsd.py')
     assert config['fabric-shell'] == '/bin/sh -c'
-    assert config['fingerprint'].endswith('bootstrap-files/ssh_host_rsa_key.pub')
+    assert config['ssh-host-keys'].endswith('bootstrap-files/ssh_host_rsa_key.pub')
     assert os.path.exists(config['fabfile']), "The fabfile '%s' doesn't exist." % config['fabfile']
     assert config['roles'] == 'jails_host'
 

bsdploy/tests/test_quickstart.py

@@ -150,7 +150,7 @@ def test_quickstart_calls(qs_path, tempdir):
         'vm-natpf2 = ssh,tcp,,44003,,22',
         'storage =',
         '    --medium vb-disk:defaultdisk',
-        '    --type dvddrive --medium http://mfsbsd.vx.sk/files/iso/10/amd64/mfsbsd-se-10.1-RELEASE-amd64.iso --medium_sha1 03af247c1058a78a251c46ad5a13dc7b84a7ee7d',
+        '    --type dvddrive --medium http://mfsbsd.vx.sk/files/iso/10/amd64/mfsbsd-se-10.3-RELEASE-amd64.iso --medium_sha1 564758b0dfebcabfa407491c9b7c4b6a09d9603e',
         '',
         '[ez-master:jailhost]',
         'instance = ploy-demo',

docs/advanced/customizing-bootstrap.rst

@@ -39,7 +39,7 @@ For the ezjail initialization you have to add the following setting with a FreeB
 
     ansible-ploy_ezjail_install_host = http://ftp4.de.freebsd.org
 
-The ``_mfsbsd`` context manager takes care of setting the ``bootstrap-fingerprint`` etc for mfsBSD.
+The ``_mfsbsd`` context manager takes care of setting the ``bootstrap-host-keys`` etc for mfsBSD.
 The ``_bootstrap`` function then runs the regular bootstrapping.
 
 For the jails you can use a startup script like this:

docs/installation.rst

@@ -23,7 +23,7 @@ Strictly speaking, BSDploy only needs Python for the initial configuration of th
 
 Normally, BSDploy will take care of these requirements for you during  :doc:`bootstrapping </setup/bootstrapping>` but in situations where this is not possible, manually providing the abovementioned requirements should allow you to :doc:`apply BSDploy's host configuration </setup/configuration>` anyway.
 
-BSDploy supports FreeBSD >= 9.2, including 10.1.
+BSDploy supports FreeBSD >= 9.2, including 10.3.
 
 
 Client Installation

docs/quickstart.rst

@@ -49,7 +49,7 @@ Inside it create a file named ``ploy.conf`` with the following contents::
     vm-natpf2 = ssh,tcp,,44003,,22
     storage =
         --medium vb-disk:defaultdisk
-        --type dvddrive --medium http://mfsbsd.vx.sk/files/iso/10/amd64/mfsbsd-se-10.1-RELEASE-amd64.iso --medium_sha1 03af247c1058a78a251c46ad5a13dc7b84a7ee7d
+        --type dvddrive --medium http://mfsbsd.vx.sk/files/iso/10/amd64/mfsbsd-se-10.3-RELEASE-amd64.iso --medium_sha1 564758b0dfebcabfa407491c9b7c4b6a09d9603e
 
 
 This creates a VirtualBox instance named ``ploy-demo``. By default BSDploy provides it with a so-called "host only interface" but since that cannot be used to connect to the internet we explicitly configure a second one using NAT (mfsBSD will configure it via DHCP) and in addtion we create a port forwarding from ``localhost`` port ``44003`` to port ``22`` on the box - in essence allowing us to SSH into it via localhost.
@@ -86,7 +86,7 @@ Next it will give you one last chance to abort before it commences to wipe the t
 To make sure that everything has worked so far, let's take a look at the host by logging into it via SSH. ``bsdploy`` provides a command for that, too::
 
     % ploy ssh jailhost
-    FreeBSD 10.1-RELEASE (GENERIC) #0 r274401: Tue Nov 11 21:02:49 UTC 2014
+    FreeBSD 10.3-RELEASE (GENERIC) #0 r297264: Fri Mar 25 02:10:02 UTC 2016
 
     Welcome to FreeBSD!
     [...]
@@ -212,7 +212,7 @@ Rather conveniently `ploy_ezjail <https://github.com/ployground/ploy_ezjail>`_ h
 Log out from the jailhost and run this::
 
     # ploy ssh demo_jail
-    FreeBSD 10.1-RELEASE (GENERIC) #0 r274401: Tue Nov 11 21:02:49 UTC 2014
+    FreeBSD 10.3-RELEASE (GENERIC) #0 r297264: Fri Mar 25 02:10:02 UTC 2016
 
     Gehe nicht über Los.
     root@demo_jail:~ # 

docs/setup/bootstrapping.rst

@@ -9,15 +9,15 @@ The Bootstrapping process assumes that the target host has been booted into an i
 Bootstrapping FreeBSD 9.x
 -------------------------
 
-The default version that BSDploy assumes is 10.1.
+The default version that BSDploy assumes is 10.3.
 If you want to install different versions, i.e. 9.2 you must:
 
 - use the iso image for that version::
 
     % ploy-download http://mfsbsd.vx.sk/files/iso/9/amd64/mfsbsd-se-9.2-RELEASE-amd64.iso 4ef70dfd7b5255e36f2f7e1a5292c7a05019c8ce downloads/
 
-- set ``bootstrap-fingerprint`` to ``02:2e:b4:dd:c3:8a:b7:7b:ba:b2:4a:f0:ab:13:f4:2d`` in ``ploy.conf``
-  (each mfsbsd release has it's own hardcoded fingerprint)
+- set ``bootstrap-host-key`` in ``ploy.conf`` to content of ``/etc/ssh/ssh_host_rsa_key.pub`` in the mfsbsd image
+  (each mfsbsd release has it's own hardcoded ssh host key)
 - create a file named ``files.yml`` in ``bootstrap-files`` with the following contents:
 
   .. code-block:: yaml
@@ -81,7 +81,7 @@ You can use the following optional parameters to configure the bootstrapping pro
 
 - ``bootstrap-bsd-url``: If you don't want to use the installation files found on the installer image (or if your boot image doesn't contain any) you can provide an explicit alternative (i.e. ``http://ftp4.de.freebsd.org/pub/FreeBSD/releases/amd64/9.2-RELEASE/``) and this will be used to fetch the system from.
 
-- ``bootstrap-fingerprint``: Since the installer runs a different sshd configuration than the final installation, we need to provide its fingerprint explicitly. However, if you don't provide one, BSDploy will assume the (currently hardcoded) fingerprint of the 9.2 mfsBSD installer (``02:2e:b4:dd:c3:8a:b7:7b:ba:b2:4a:f0:ab:13:f4:2d``). If you are using newer versions you must update the value (for 10.0 i.e. ``1f:cb:78:20:b8:97:dd:dc:3d:23:75:f0:bb:ad:84:03``)
+- ``bootstrap-host-key``: Since the installer runs a different sshd configuration than the final installation, we need to provide its ssh host key explicitly. However, if you don't provide one, BSDploy will assume the (currently hardcoded) host key of the 10.3 mfsBSD installer . If you are using newer versions you must update the value to the content of ``/etc/ssh/ssh_host_rsa_key.pub`` in the mfsbsd image.
 
 - ``firstboot-update``: By default bootstrapping will install and enable the `firstboot-freebsd-update <http://www.freshports.org/sysutils/firstboot-freebsd-update/>`_ package. This will update the installed system automatically (meaning non-interactively) to the latest patchlevel upon first boot. If for some reason you do not wish this to happen, you can disable it by setting this value to ``false``.
 

docs/setup/provisioning-virtualbox.rst

@@ -13,7 +13,7 @@ Unlike with :doc:`plain instances <provisioning-plain>` the configuration doesn'
     vm-natpf1 = ssh,tcp,,44003,,22
     storage =
         --medium vb-disk:defaultdisk
-        --type dvddrive --medium http://mfsbsd.vx.sk/files/iso/10/amd64/mfsbsd-se-10.1-RELEASE-amd64.iso --medium_sha1 03af247c1058a78a251c46ad5a13dc7b84a7ee7d
+        --type dvddrive --medium http://mfsbsd.vx.sk/files/iso/10/amd64/mfsbsd-se-10.3-RELEASE-amd64.iso --medium_sha1 564758b0dfebcabfa407491c9b7c4b6a09d9603e
 
 
 VirtualBox instances are configured using the ``vb-instance`` prefix and you can set parameters of the virtual machine by prefixing them with ``vm-``. For additional details on which parameters are available and what they mean, refer to `the plugin's documentation <http://ploy.readthedocs.org/en/latest/ploy_virtualbox/README.html#instances>`_ and the documentation of the VirtualBox commandline tool `VBoxManage <http://www.virtualbox.org/manual/ch08.html>`_, in particualar for `VBoxManage createvm <http://www.virtualbox.org/manual/ch08.html#vboxmanage-createvm>`_ and `VBoxManage modifyvm <http://www.virtualbox.org/manual/ch08.html#vboxmanage-modifyvm>`_.

setup.py

@@ -11,7 +11,7 @@
     'PyYAML',
     'jinja2',
     'setuptools',
-    'ploy>=1.2.0',
+    'ploy>=1.5.0',
     'ploy_ansible>=1.3.0',
     'ploy_ezjail>=1.2.0',
     'ploy_fabric>=1.1.0',