From 74dda4851363ed3f2f661376f0608d3d0e0ce23c Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Mon, 23 Feb 2026 10:15:55 -0500 Subject: [PATCH 1/2] Provide helper script for setting up nokia switches --- confluent_server/confluent/certutil.py | 21 +++++++++++++ misc/setupnokia.sh | 42 ++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 misc/setupnokia.sh diff --git a/confluent_server/confluent/certutil.py b/confluent_server/confluent/certutil.py index b87a3818..3d7b5671 100644 --- a/confluent_server/confluent/certutil.py +++ b/confluent_server/confluent/certutil.py @@ -1,4 +1,10 @@ import os +if __name__ == '__main__': + import sys + path = os.path.dirname(os.path.realpath(__file__)) + path = os.path.realpath(os.path.join(path, '..')) + if path.startswith('/opt'): + sys.path.append(path) import confluent.collective.manager as collective import confluent.util as util from os.path import exists @@ -444,6 +450,7 @@ def create_certificate(keyout=None, certout=None, csrfile=None, subj=None, san=N if __name__ == '__main__': import sys + import ipaddress outdir = os.getcwd() keyout = os.path.join(outdir, 'key.pem') certout = os.path.join(outdir, 'cert.pem') @@ -458,6 +465,20 @@ if __name__ == '__main__': subj, san = util.get_bmc_subject_san(c, bmcnode) except ValueError: bindex = None + if subj is None: + try: + sans = set() + sindex = sys.argv.index('-s') + subj = sys.argv.pop(sindex + 1) # Remove subject argument + sys.argv.pop(sindex) # Remove -s flag + try: + ipaddress.ip_address(subj) + sans.add('IP:{0}'.format(subj)) + except ValueError: + sans.add('DNS:{0}'.format(subj)) + san = ','.join(sans) if sans else None + except ValueError: + pass try: csrout = sys.argv[1] except IndexError: diff --git a/misc/setupnokia.sh b/misc/setupnokia.sh new file mode 100644 index 00000000..0e4e84a0 --- /dev/null +++ b/misc/setupnokia.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +if [[ -z "$SWITCHUSER" || -z "$SWITCHPASS" ]]; then + echo "Error: SWITCHUSER and SWITCHPASS environment variables must be set" + exit 1 +fi + +if [[ $# -eq 0 ]]; then + echo "Error: At least one argument is required" + exit 1 +fi + +SWITCHNAME="$1" + +# Create temporary SSH ASKPASS script +ASKPASS_SCRIPT=$(mktemp) +trap "rm -f $ASKPASS_SCRIPT" EXIT + +cat > "$ASKPASS_SCRIPT" << 'EOF' +#!/bin/bash +echo "$SWITCHPASS" +EOF + +chmod 700 "$ASKPASS_SCRIPT" + +# Set SSH_ASKPASS environment variable +export SSH_ASKPASS="$ASKPASS_SCRIPT" +export SSH_ASKPASS_REQUIRE=force + +CERTDIR=$(mktemp -d) +trap "rm -rf $CERTDIR" EXIT +cd "$CERTDIR" +python3 /opt/confluent/lib/python/confluent/certutil.py -s "$SWITCHNAME" +ssh $SWITCHUSER@"$SWITCHNAME" < Date: Mon, 23 Feb 2026 15:07:19 -0500 Subject: [PATCH 2/2] Induce more versions of openssh to do the proper thing --- misc/setupnokia.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/misc/setupnokia.sh b/misc/setupnokia.sh index 0e4e84a0..5b3d0ca0 100644 --- a/misc/setupnokia.sh +++ b/misc/setupnokia.sh @@ -26,12 +26,13 @@ chmod 700 "$ASKPASS_SCRIPT" # Set SSH_ASKPASS environment variable export SSH_ASKPASS="$ASKPASS_SCRIPT" export SSH_ASKPASS_REQUIRE=force +export DISPLAY=none CERTDIR=$(mktemp -d) trap "rm -rf $CERTDIR" EXIT cd "$CERTDIR" python3 /opt/confluent/lib/python/confluent/certutil.py -s "$SWITCHNAME" -ssh $SWITCHUSER@"$SWITCHNAME" <