Project

General

Profile

Scénario #31712

Les scripts utilisants SSH doivent exclure l’usage de l’agent

Added by Daniel Dehennin over 2 years ago. Updated almost 2 years ago.

Status:
Terminé (Sprint)
Priority:
Normal
Assigned To:
Emmanuel GARETTE
Category:
-
Target version:
Prestation Cadoles MEN 2021 39-41
Start date:
04/06/2021
Due date:
10/15/2021
% Done:

100%

Estimated time:
0.00 h
Story points:
2.0
Remaining (hours):
0.00 hour
Velocity based estimate:
Release:
EOLE 2.7.2
Release relationship:
Auto

Description

Si un utilisateur se connecte à un serveur Scribe ou Amonecole avec le transfert d’agent actif, le reconfigure plante car les connexions SSH dans les conteneurs (addc et autres) ne peuvent se faire.

Il faudrait que les appels de la commande SSH se fasse :

- avec l’option -o IdentitiesOnly=yes pour n’utiliser que les fichiers /root/.ssh/id_*
- réinitialiser la variable SSH_AUTH_SOCK pour les appels à la commande SSH

Ce qui donnerait :

SSH_AUTH_SOCK= ssh -q -o IdentitiesOnly=yes -o LogLevel=ERROR -o StrictHostKeyChecking=no

À faire

  • Scribe >= 2.7.2 / AmonEcole 2.8.1
  • Modifier tous les appels ssh qui le nécessitent

Subtasks

Tâche #32040: Établir la liste de tous les projets EOLE devant être modifiéFerméEmmanuel GARETTE

Tâche #33199: Configurer ssh correctementFerméEmmanuel GARETTE

Related issues

Related to Distribution EOLE - Tâche #32585: Scribe : reconfigure plante sur postservice/40-password_management Fermé 05/31/2021
Related to Distribution EOLE - Tâche #33236: Valider le scénario Les scripts utilisants SSH doivent exclure l’usage de l’agent Fermé 10/04/2021

History

#1 Updated by Daniel Dehennin over 2 years ago

  • Description updated (diff)

#2 Updated by Joël Cuissinat over 2 years ago

  • Parent task changed from #31587 to #31903

#3 Updated by Gilles Grandgérard over 2 years ago

  • Parent task deleted (#31903)

#4 Updated by Gilles Grandgérard over 2 years ago

  • Tracker changed from Tâche to Scénario
  • Due date set to 04/06/2021

#5 Updated by Gilles Grandgérard over 2 years ago

  • Due date deleted (04/06/2021)
  • Target version deleted (sprint 2021 11-13 Equipe MENSR)
  • Start date deleted (04/06/2021)

#6 Updated by Daniel Dehennin over 2 years ago

  • Related to Tâche #32585: Scribe : reconfigure plante sur postservice/40-password_management added

#7 Updated by Joël Cuissinat about 2 years ago

  • Subject changed from Les scriptes utilisants SSH doivent exclure l’usage de l’agent to Les scripts utilisants SSH doivent exclure l’usage de l’agent
  • Due date set to 10/22/2021
  • Target version set to Prestation Cadoles MEN 2021 39-41
  • Start date set to 09/27/2021
  • Release set to EOLE 2.8.0.1
  • Story points set to 2.0

#8 Updated by Joël Cuissinat about 2 years ago

  • Release changed from EOLE 2.8.0.1 to EOLE 2.7.2

#9 Updated by Joël Cuissinat about 2 years ago

  • Description updated (diff)

#10 Updated by Matthieu Lamalle about 2 years ago

  • Assigned To set to Emmanuel GARETTE

#11 Updated by Gilles Grandgérard about 2 years ago

Vu en visio :

- modifier le template /etc/ssh/ssh_config (conf client maitre) eole-common
- creer un template /etc/ssh/ssh_config.d/seth.conf eole-ad-dc
- creer un template /etc/ssh/ssh_config.d/hapy.conf conf-hapy (?)

#12 Updated by Emmanuel GARETTE almost 2 years ago

  • Status changed from Nouveau to Résolu

#13 Updated by Daniel Dehennin almost 2 years ago

  • Related to Tâche #33236: Valider le scénario Les scripts utilisants SSH doivent exclure l’usage de l’agent added

#14 Updated by Daniel Dehennin almost 2 years ago

  • Status changed from Résolu to En cours

Le fichier /etc/ssh/ssh_config contient :

  • Sur un aca.amonecole-2.8.1-instance-default
    Host web
    Hostname 192.0.2.51
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host mail
    Hostname 192.0.2.51
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host dhcp
    Hostname 192.0.2.52
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host domaine
    Hostname 192.0.2.56
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host fichier
    Hostname 192.0.2.52
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host dns
    Hostname 192.0.2.56
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host mysql
    Hostname 192.0.2.50
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host postgresql
    Hostname 192.0.2.50
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host proxy
    Hostname 192.0.2.53
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host ftp
    Hostname 192.0.2.52
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host annuaire
    Hostname 192.0.2.56
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host reseau
    Hostname 192.0.2.51
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host jabber
    Hostname 192.0.2.51
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host internet
    Hostname 192.0.2.53
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host bdd
    Hostname 192.0.2.50
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host partage
    Hostname 192.0.2.52
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host addc
    Hostname 192.0.2.56
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no
  • Sur un aca.scribe-2.7.2-instance-default et aca.scribe-2.8.0-instance-default
    Host annuaire
    Hostname 127.0.0.1
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host mail
    Hostname 127.0.0.1
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host dhcp
    Hostname 127.0.0.1
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host fichier
    Hostname 127.0.0.1
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host web
    Hostname 127.0.0.1
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host mysql
    Hostname 127.0.0.1
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host ftp
    Hostname 127.0.0.1
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host bdd
    Hostname 127.0.0.1
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host reseau
    Hostname 127.0.0.1
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host partage
    Hostname 127.0.0.1
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host addc
    Hostname 192.0.2.2
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no
  • Sur aca.scribe-2.8.1-instance-default
    Host addc
    Hostname 192.0.2.2
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no
  • Sur un aca.dc1-2.7.2-instance-default et aca.dc1-2.8.0-instance-default
    Host mail
    Hostname 127.0.0.1
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no

Host dhcp
    Hostname 127.0.0.1
    IdentitiesOnly yes
    LogLevel ERROR
    StrictHostKeyChecking no
  • Sur un aca.dc1-2.8.1-instance-default, il n’y a aucune indication pour des conteneurs (#31004)

J’ai tester en me connectant avec l’agent sur les VMS (ssh -A) et en me connectant en ssh dans les conteneurs, cela fonctionne sans soucis.

En revanche, la commande Query-Auto ne fonctionne pas :-/

root@amonecole:~# Query-Auto
Mise à jour le mardi 26 octobre 2021 11:05:42
Exécution des scripts /usr/share/eole/majauto_pre
run-parts: executing /usr/share/eole/majauto_pre/mitm
*** amonecole 2.8.1 (00000003) ***

Action check pour le conteneur reseau                                                                                                                                                 
Maj-Auto - Exécution de apt-eole -o --container current --log-level info check pour le conteneur reseau impossible

#15 Updated by Daniel Dehennin almost 2 years ago

  • Status changed from En cours to Terminé (Sprint)

Also available in: Atom PDF