-#!/usr/bin/python
+#
#
# Copyright (C) 2006, 2007 Google Inc.
import os
+import logging
-from ganeti import logger
from ganeti import utils
from ganeti import errors
+from ganeti import constants
+
-def SSHCall(hostname, user, command, batch=True, ask_key=False):
- """Execute a command on a remote node.
+def GetUserFiles(user, mkdir=False):
+ """Return the paths of a user's ssh files.
- This method has the same return value as `utils.RunCmd()`, which it
- uses to launch ssh.
+ The function will return a triplet (priv_key_path, pub_key_path,
+ auth_key_path) that are used for ssh authentication. Currently, the
+ keys used are DSA keys, so this function will return:
+ (~user/.ssh/id_dsa, ~user/.ssh/id_dsa.pub,
+ ~user/.ssh/authorized_keys).
- Args:
- hostname: the target host, string
- user: user to auth as
- command: the command
+ If the optional parameter mkdir is True, the ssh directory will be
+ created if it doesn't exist.
- Returns:
- `utils.RunResult` as for `utils.RunCmd()`
+ Regardless of the mkdir parameters, the script will raise an error
+ if ~user/.ssh is not a directory.
"""
- argv = ["ssh", "-q", "-oEscapeChar=none"]
- if batch:
- argv.append("-oBatchMode=yes")
- # if we are in batch mode, we can't ask the key
- if ask_key:
- raise errors.ProgrammerError, ("SSH call requested conflicting options")
- if ask_key:
- argv.append("-oStrictHostKeyChecking=ask")
- else:
- argv.append("-oStrictHostKeyChecking=yes")
- argv.extend(["%s@%s" % (user, hostname), command])
- return utils.RunCmd(argv)
-
-
-def CopyFileToNode(node, filename):
- """Copy a file to another node with scp.
-
- Args:
- node: node in the cluster
- filename: absolute pathname of a local file
-
- Returns:
- success: True/False
+ user_dir = utils.GetHomeDir(user)
+ if not user_dir:
+ raise errors.OpExecError("Cannot resolve home of user %s" % user)
+
+ ssh_dir = os.path.join(user_dir, ".ssh")
+ if not os.path.lexists(ssh_dir):
+ if mkdir:
+ try:
+ os.mkdir(ssh_dir, 0700)
+ except EnvironmentError, err:
+ raise errors.OpExecError("Can't create .ssh dir for user %s: %s" %
+ (user, str(err)))
+ elif not os.path.isdir(ssh_dir):
+ raise errors.OpExecError("path ~%s/.ssh is not a directory" % user)
+
+ return [os.path.join(ssh_dir, base)
+ for base in ["id_dsa", "id_dsa.pub", "authorized_keys"]]
+
+
+class SshRunner:
+ """Wrapper for SSH commands.
"""
- if not os.path.isfile(filename):
- logger.Error("file %s does not exist" % (filename))
- return False
+ def __init__(self, cluster_name):
+ self.cluster_name = cluster_name
+
+ def _BuildSshOptions(self, batch, ask_key, use_cluster_key,
+ strict_host_check):
+ """Builds a list with needed SSH options.
+
+ @param batch: same as ssh's batch option
+ @param ask_key: allows ssh to ask for key confirmation; this
+ parameter conflicts with the batch one
+ @param use_cluster_key: if True, use the cluster name as the
+ HostKeyAlias name
+ @param strict_host_check: this makes the host key checking strict
+
+ @rtype: list
+ @return: the list of options ready to use in L{utils.RunCmd}
+
+ """
+ options = [
+ "-oEscapeChar=none",
+ "-oHashKnownHosts=no",
+ "-oGlobalKnownHostsFile=%s" % constants.SSH_KNOWN_HOSTS_FILE,
+ "-oUserKnownHostsFile=/dev/null",
+ ]
- if not os.path.isabs(filename):
- logger.Error("file %s must be an absolute path" % (filename))
- return False
+ if use_cluster_key:
+ options.append("-oHostKeyAlias=%s" % self.cluster_name)
+
+ # TODO: Too many boolean options, maybe convert them to more descriptive
+ # constants.
- command = ["scp", "-q", "-p", "-oStrictHostKeyChecking=yes",
- "-oBatchMode=yes", filename, "%s:%s" % (node, filename)]
+ # Note: ask_key conflicts with batch mode
+ if batch:
+ if ask_key:
+ raise errors.ProgrammerError("SSH call requested conflicting options")
- result = utils.RunCmd(command)
+ options.append("-oBatchMode=yes")
- if result.failed:
- logger.Error("copy to node %s failed (%s) error %s,"
- " command was %s" %
- (node, result.fail_reason, result.output, result.cmd))
+ if strict_host_check:
+ options.append("-oStrictHostKeyChecking=yes")
+ else:
+ options.append("-oStrictHostKeyChecking=no")
- return not result.failed
+ elif ask_key:
+ options.extend([
+ "-oStrictHostKeyChecking=ask",
+ ])
+
+ return options
+
+ def BuildCmd(self, hostname, user, command, batch=True, ask_key=False,
+ tty=False, use_cluster_key=True, strict_host_check=True):
+ """Build an ssh command to execute a command on a remote node.
+
+ @param hostname: the target host, string
+ @param user: user to auth as
+ @param command: the command
+ @param batch: if true, ssh will run in batch mode with no prompting
+ @param ask_key: if true, ssh will run with
+ StrictHostKeyChecking=ask, so that we can connect to an
+ unknown host (not valid in batch mode)
+ @param use_cluster_key: whether to expect and use the
+ cluster-global SSH key
+ @param strict_host_check: whether to check the host's SSH key at all
+ @return: the ssh call to run 'command' on the remote host.
-def VerifyNodeHostname(node):
- """Verify hostname consistency via SSH.
+ """
+ argv = [constants.SSH, "-q"]
+ argv.extend(self._BuildSshOptions(batch, ask_key, use_cluster_key,
+ strict_host_check))
+ if tty:
+ argv.append("-t")
+ argv.extend(["%s@%s" % (user, hostname), command])
+ return argv
+ def Run(self, *args, **kwargs):
+ """Runs a command on a remote node.
- This functions connects via ssh to a node and compares the hostname
- reported by the node to the name with have (the one that we
- connected to).
+ This method has the same return value as `utils.RunCmd()`, which it
+ uses to launch ssh.
- This is used to detect problems in ssh known_hosts files
- (conflicting known hosts) and incosistencies between dns/hosts
- entries and local machine names
+ Args: see SshRunner.BuildCmd.
- Args:
- node: nodename of a host to check. can be short or full qualified hostname
+ @rtype: L{utils.RunResult}
+ @return: the result as from L{utils.RunCmd()}
- Returns:
- (success, detail)
- where
- success: True/False
- detail: String with details
+ """
+ return utils.RunCmd(self.BuildCmd(*args, **kwargs))
- """
- retval = SSHCall(node, 'root', 'hostname')
+ def CopyFileToNode(self, node, filename):
+ """Copy a file to another node with scp.
+
+ @param node: node in the cluster
+ @param filename: absolute pathname of a local file
+
+ @rtype: boolean
+ @return: the success of the operation
+
+ """
+ if not os.path.isabs(filename):
+ logging.error("File %s must be an absolute path", filename)
+ return False
+
+ if not os.path.isfile(filename):
+ logging.error("File %s does not exist", filename)
+ return False
+
+ command = [constants.SCP, "-q", "-p"]
+ command.extend(self._BuildSshOptions(True, False, True, True))
+ command.append(filename)
+ command.append("%s:%s" % (node, filename))
+
+ result = utils.RunCmd(command)
- if retval.failed:
- msg = "ssh problem"
- output = retval.output
- if output:
- msg += ": %s" % output
- return False, msg
+ if result.failed:
+ logging.error("Copy to node %s failed (%s) error %s,"
+ " command was %s",
+ node, result.fail_reason, result.output, result.cmd)
- remotehostname = retval.stdout.strip()
+ return not result.failed
- if not remotehostname or remotehostname != node:
- return False, "hostname mismatch, got %s" % remotehostname
+ def VerifyNodeHostname(self, node):
+ """Verify hostname consistency via SSH.
- return True, "host matches"
+ This functions connects via ssh to a node and compares the hostname
+ reported by the node to the name with have (the one that we
+ connected to).
+
+ This is used to detect problems in ssh known_hosts files
+ (conflicting known hosts) and incosistencies between dns/hosts
+ entries and local machine names
+
+ @param node: nodename of a host to check; can be short or
+ full qualified hostname
+
+ @return: (success, detail), where:
+ - success: True/False
+ - detail: string with details
+
+ """
+ retval = self.Run(node, 'root', 'hostname')
+
+ if retval.failed:
+ msg = "ssh problem"
+ output = retval.output
+ if output:
+ msg += ": %s" % output
+ else:
+ msg += ": %s (no output)" % retval.fail_reason
+ logging.error("Command %s failed: %s" % (retval.cmd, msg))
+ return False, msg
+
+ remotehostname = retval.stdout.strip()
+
+ if not remotehostname or remotehostname != node:
+ return False, "hostname mismatch, got %s" % remotehostname
+
+ return True, "host matches"
+
+
+def WriteKnownHostsFile(cfg, file_name):
+ """Writes the cluster-wide equally known_hosts file.
+
+ """
+ utils.WriteFile(file_name, mode=0600,
+ data="%s ssh-rsa %s\n" % (cfg.GetClusterName(),
+ cfg.GetHostKey()))