4 # Copyright (C) 2006, 2007 Google Inc.
6 # This program is free software; you can redistribute it and/or modify
7 # it under the terms of the GNU General Public License as published by
8 # the Free Software Foundation; either version 2 of the License, or
9 # (at your option) any later version.
11 # This program is distributed in the hope that it will be useful, but
12 # WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 # General Public License for more details.
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
22 """Module encapsulating ssh functionality.
29 from ganeti import logger
30 from ganeti import utils
31 from ganeti import errors
32 from ganeti import constants
36 "-oGlobalKnownHostsFile=%s" % constants.SSH_KNOWN_HOSTS_FILE,
37 "-oUserKnownHostsFile=/dev/null",
40 # Note: BATCH_MODE conflicts with ASK_KEY
44 "-oStrictHostKeyChecking=yes",
48 "-oStrictHostKeyChecking=ask",
50 "-oHashKnownHosts=no",
54 def GetUserFiles(user, mkdir=False):
55 """Return the paths of a user's ssh files.
57 The function will return a triplet (priv_key_path, pub_key_path,
58 auth_key_path) that are used for ssh authentication. Currently, the
59 keys used are DSA keys, so this function will return:
60 (~user/.ssh/id_dsa, ~user/.ssh/id_dsa.pub,
61 ~user/.ssh/authorized_keys).
63 If the optional parameter mkdir is True, the ssh directory will be
64 created if it doesn't exist.
66 Regardless of the mkdir parameters, the script will raise an error
67 if ~user/.ssh is not a directory.
70 user_dir = utils.GetHomeDir(user)
72 raise errors.OpExecError("Cannot resolve home of user %s" % user)
74 ssh_dir = os.path.join(user_dir, ".ssh")
75 if not os.path.lexists(ssh_dir):
78 os.mkdir(ssh_dir, 0700)
79 except EnvironmentError, err:
80 raise errors.OpExecError("Can't create .ssh dir for user %s: %s" %
82 elif not os.path.isdir(ssh_dir):
83 raise errors.OpExecError("path ~%s/.ssh is not a directory" % user)
85 return [os.path.join(ssh_dir, base)
86 for base in ["id_dsa", "id_dsa.pub", "authorized_keys"]]
90 """Wrapper for SSH commands.
93 def BuildCmd(self, hostname, user, command, batch=True, ask_key=False):
94 """Build an ssh command to execute a command on a remote node.
97 hostname: the target host, string
100 batch: if true, ssh will run in batch mode with no prompting
101 ask_key: if true, ssh will run with StrictHostKeyChecking=ask, so that
102 we can connect to an unknown host (not valid in batch mode)
105 The ssh call to run 'command' on the remote host.
109 argv.extend(KNOWN_HOSTS_OPTS)
111 # if we are in batch mode, we can't ask the key
113 raise errors.ProgrammerError("SSH call requested conflicting options")
114 argv.extend(BATCH_MODE_OPTS)
116 argv.extend(ASK_KEY_OPTS)
117 argv.extend(["%s@%s" % (user, hostname), command])
120 def Run(self, hostname, user, command, batch=True, ask_key=False):
121 """Runs a command on a remote node.
123 This method has the same return value as `utils.RunCmd()`, which it
127 hostname: the target host, string
128 user: user to auth as
130 batch: if true, ssh will run in batch mode with no prompting
131 ask_key: if true, ssh will run with StrictHostKeyChecking=ask, so that
132 we can connect to an unknown host (not valid in batch mode)
135 `utils.RunResult` like `utils.RunCmd()`
138 return utils.RunCmd(self.BuildCmd(hostname, user, command, batch=batch,
141 def CopyFileToNode(self, node, filename):
142 """Copy a file to another node with scp.
145 node: node in the cluster
146 filename: absolute pathname of a local file
152 if not os.path.isfile(filename):
153 logger.Error("file %s does not exist" % (filename))
156 if not os.path.isabs(filename):
157 logger.Error("file %s must be an absolute path" % (filename))
160 command = ["scp", "-q", "-p"]
161 command.extend(KNOWN_HOSTS_OPTS)
162 command.extend(BATCH_MODE_OPTS)
163 command.append(filename)
164 command.append("%s:%s" % (node, filename))
166 result = utils.RunCmd(command)
169 logger.Error("copy to node %s failed (%s) error %s,"
171 (node, result.fail_reason, result.output, result.cmd))
173 return not result.failed
175 def VerifyNodeHostname(self, node):
176 """Verify hostname consistency via SSH.
178 This functions connects via ssh to a node and compares the hostname
179 reported by the node to the name with have (the one that we
182 This is used to detect problems in ssh known_hosts files
183 (conflicting known hosts) and incosistencies between dns/hosts
184 entries and local machine names
187 node: nodename of a host to check. can be short or full qualified hostname
193 detail: String with details
196 retval = self.Run(node, 'root', 'hostname')
200 output = retval.output
202 msg += ": %s" % output
205 remotehostname = retval.stdout.strip()
207 if not remotehostname or remotehostname != node:
208 return False, "hostname mismatch, got %s" % remotehostname
210 return True, "host matches"
213 def WriteKnownHostsFile(cfg, sstore, file_name):
214 """Writes the cluster-wide equally known_hosts file.
217 utils.WriteFile(file_name, mode=0700,
218 data="%s ssh-rsa %s\n" % (sstore.GetClusterName(),