diff options
author | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2013-09-02 21:59:07 +0300 |
---|---|---|
committer | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2013-09-02 21:59:07 +0300 |
commit | 3c4dcd611265cf31a7fb185d4fe1689b615a0dc7 (patch) | |
tree | ede84a975daec2b8e14444755df934c3eb6403f4 | |
parent | 3be69abea242e106e24b5326f6f3757680f80aa3 (diff) |
lp:1163979 Upgrade Jenkins config handling to 1.480.2 and higher.
-rwxr-xr-x | monitor_ec2_build_slaves.py | 47 |
1 files changed, 39 insertions, 8 deletions
diff --git a/monitor_ec2_build_slaves.py b/monitor_ec2_build_slaves.py index 5d97a89..a75df89 100755 --- a/monitor_ec2_build_slaves.py +++ b/monitor_ec2_build_slaves.py @@ -61,6 +61,8 @@ BUILD_RUN_TIMES = [ ACTIVE_REGION = "us-east-1" JENKINS_HOME = "/var/lib/jenkins/" +JENKINS_HOME = "/home/pfalcon/devel/linaro/jenkins-config-android-build.linaro.org/" +#JENKINS_HOME = "/home/pfalcon/devel/linaro/jenkins-config-ci.linaro.org/" # This maps EC2 key name used to start a slave to the owning master instance KEY_NAME_TO_MASTER = { @@ -71,19 +73,48 @@ KEY_NAME_TO_MASTER = { log = logging.getLogger("monitor") -def get_cleartext(s): - import base64 - import hashlib - from Crypto.Cipher import AES - key = open(JENKINS_HOME + "secret.key").read() +import base64 +import hashlib +from Crypto.Cipher import AES + +MAGIC = "::::MAGIC::::" + + +def get_master_aes(): + key = open(JENKINS_HOME + "secrets/master.key").read() digest = hashlib.sha256(key) aes = AES.new(digest.digest()[0:128 / 8]) + return aes + + +def decrypt(aes, s): + clear = aes.decrypt(s) + clear = clear.rstrip() + i = clear.rindex("::::MAGIC::::") + # clear text may still have non-zero padding, that's + # why weird handling below + tailer = clear[i:] + clear = clear[:i] + assert len(tailer) <= len(MAGIC) + 3 + return clear + + +def get_subkey_aes(name): + aes = get_master_aes() + s = open(JENKINS_HOME + "secrets/" + name).read() + util_key = decrypt(aes, s) + aes = AES.new(util_key[0:128 / 8]) + return aes + + +def get_config_val(key_name, s): + aes = get_subkey_aes(key_name) clear = aes.decrypt(base64.b64decode(s)) clear = clear.rstrip() - if not clear.endswith("::::MAGIC::::"): + if not clear.endswith(MAGIC): return None - clear = clear[:-len("::::MAGIC::::")] + clear = clear[:-len(MAGIC)] return clear @@ -92,7 +123,7 @@ def get_credentials(): nodes = tree.xpath("//hudson.plugins.ec2.EC2Cloud/accessId") access_id = nodes[0].text nodes = tree.xpath("//hudson.plugins.ec2.EC2Cloud/secretKey") - secret_key = get_cleartext(nodes[0].text) + secret_key = get_config_val("hudson.util.Secret", nodes[0].text) return access_id, secret_key |