cloudmesh-cloud.cloudmesh.key.command.key¶
Module Contents¶
Classes¶
-
class
cloudmesh-cloud.cloudmesh.key.command.key.KeyCommand¶ Bases:
cloudmesh.shell.command.PluginCommand-
do_key(self, args, arguments)¶ - Usage:
key -h | –help key init key list –cloud=CLOUDS [–output=FORMAT] key list –source=ssh [–dir=DIR] [–output=FORMAT] key list –source=git [–output=FORMAT] [–username=USERNAME] key list [–group=GROUP] [–output=FORMAT] key export [–group=GROUPS] [–filename=FILENAME] key add [NAME] [–group=GROUPS] [–source=FILENAME] key add [NAME] [–source=git] key add [NAME] [–source=ssh] key delete NAMES [–cloud=CLOUDS] [–dryrun] key upload [NAMES] [–cloud=CLOUDS] [–dryrun] key group delete [NAMES] [–group=GROUPS] [–dryrun] key group add [NAMES] [–group=GROUPS] [–dryrun] key group upload [–group=GROUPS] –vm=VM [–cloud=CLOUDS] [–dryrun] key gen (ssh | pem) [–filename=FILENAME] [–nopass] [–set_path] [–force] key reformat (ssh | pem) [–filename=FILENAME] [–format=FORMAT]
[–nopass] [–pub]
key verify (ssh | pem) [–filename=FILENAME] [–pub] [–check_pass]
- Arguments:
NAME The name of the key NAMES Parameterized list of keys
- Options:
- --cloud=CLOUDS
the cloud providers
- --dir=DIR
the directory with keys [default: ~/.ssh]
- --filename=FILENAME
the name and full path to the file
- --force
force the execution
- --format=FORMAT
Desired key format (SubjectInfo, SSH, OpenSSL, PKCS8)
- --group=GROUP
key group names
- --output=FORMAT
The format of the output (table, json, yaml) [default: table]
- --source=SOURCE
The source for the keys, ssh, git, a filename
- --username=USERNAME
the source for the keys [default: none]
- --vm=VM
The name of the VM
- --nopass
Flag indicating if the key has no password
- --pub
Indicates that the public key is passed in
- --set_path
Sets the cloudmesh encryption key path to the full path of the generated keys
- --check_pass
Flag where program query user for password
Description:
Please note that some values are read from the cloudmesh.yaml file. One such value is cloudmesh.profile.user
Management of public keys is an essential component of accessing virtual machines in the cloud. There are a number of sources where you can find public keys. This includes the ~/.ssh directory and for example github. If you do not already have a public-private key pair they can be generated using cloudmesh
- key gen ssh
This will create the public-private keypair of ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub in OpenSSH format
- key gen pem
This will create the public-private keypair of ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub in PEM format
- key gen (ssh | pem) –filename=~/.cloudmesh/foobar
This will generate the public-private key pair of ~/.cloudmesh/foobar and ~/.cloudmesh/foobar.pub
- key gen (ssh | pem) –filename=~/.cloudmesh/foobar –set_path
This will generate the keys as stated above, but it will also set cloudmesh to use these keys for encryption.
Keys can also be verified for their formatting and passwords. By default cloudmesh checks ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub If the key is password protected the formatting can only be verified if the password is provided (–check_pass argument)
- key verify pem
Verifies that ~/.ssh/id_rsa has PEM format
- key verify ssh –pub
Verifies that ~/.ssh/id_rsa.pub has OpenSSH format
- key verify pem –filename=~/.cloudmesh/foobar
Verifies if the private key located at ~/.cloudmesh/foobar is password protected
- key verify pem –filenam=~/.cloudmesh/foobar –check_pass
Request the password to the file, then checks if the key is in proper PEM format
You may find the need to keep the values of your keys but different encodings or formats. These aspects of your key can also be changed using cloudmesh.
- key reformat pem
Will reformat the ~/.id_rsa.pub key from PEM to OpenSSH
- key reformat ssh
Will reformat the ~/.id_rsa.pub key from OpenSSH to PEM
- key reformat –filename=~/.id_rsa –format=PKCS8
Will reformat the private key to PKCS8 format
Keys will be uploaded into cloudmesh database with the add command under the given NAME. If the name is not specified the name cloudmesh.profile.user is assumed.
- key add NAME –source=ssh
adds the default key in ~/.ssh/id_rsa.pub
- key add NAME –source=FILENAME
adds the key specified by the filename with the given name
- key add NAME –git –username=username
adds a named github key from a user with the given github username.
- key set
adds the ~/.ssh/id_rsa.pub key with the name specified in cloudmesh.profile.user. It also sets the variable key to that user.
Once the keys are uploaded to github, they can be listed To list these keys the following list functions are provided.
- key list –source=git [–username=USERNAME]
lists all keys in git for the specified user. If the name is not specified it is read from cloudmesh.yaml
- key list –source=ssh [–dir=DIR] [–output=OUTPUT]
lists all keys in the directory. If the directory is not specified the default will be ~/.ssh
- key list NAMES
lists all keys in the named virtual machines.
List command can use the [–output=OUTPUT] option
list the keys loaded to cloudmesh in the given format: json, yaml, table. table is default. The NAME can be specified and if omitted the name cloudmesh.profile.user is assumed.
To get keys from the cloudmesh database the following commands are available:
- key delete NAMES
deletes the Named keys. This may also have an impact on groups
- key rename NAME NEW
renames the key from NAME to NEW in the cloudmesh database.
Group management of keys is an important concept in cloudmesh, allowing multiple users to be added to virtual machines while managing the keys associated with them. The keys must be uploaded to cloudmesh database with a name so they can be used in a group. The –dryrun option executes the command without uploading the information to the clouds. If no group name is specified the group name default is assumed. If no cloudnamesh are specified, all active clouds are assumed. active clouds can be set in the cloudmesh.yaml file.
- key list [–group=GROUP] [–output=FORMAT]
list the key taht are in the specified group.
- key group delete [NAMES] [–group=GROUPS] [–dryrun]
deletes the named keys from the named groups.
In some cases you may want to store the public keys in files. For this reason we support the following commands.
- key add [NAME] [–group=GROUPS] [–source=FILENAME]
adds the named file with the keys in the file to the groups.
- key export [–group=GROUPS] [–filename=FILENAME]
the command exports the keys to the given group. The keys are written in the files in yaml format.
Examples for keygroup commands:
cms key add example –source=~/.ssh/id_rsa.pub cms key add –group=abc –name=”laszewsk_git_[0-2]” cms key list cms key list –gropu=abc cms key export –file=~/authorized_keys –group=abc,klm
-