import os
+import logging
from ganeti import utils
from ganeti import errors
self.cluster_name = cluster_name
def _BuildSshOptions(self, batch, ask_key, use_cluster_key,
- strict_host_check):
+ strict_host_check, private_key=None):
+ """Builds a list with needed SSH options.
+
+ @param batch: same as ssh's batch option
+ @param ask_key: allows ssh to ask for key confirmation; this
+ parameter conflicts with the batch one
+ @param use_cluster_key: if True, use the cluster name as the
+ HostKeyAlias name
+ @param strict_host_check: this makes the host key checking strict
+ @param private_key: use this private key instead of the default
+
+ @rtype: list
+ @return: the list of options ready to use in L{utils.RunCmd}
+
+ """
options = [
"-oEscapeChar=none",
"-oHashKnownHosts=no",
if use_cluster_key:
options.append("-oHostKeyAlias=%s" % self.cluster_name)
+ if private_key:
+ options.append("-i%s" % private_key)
+
# TODO: Too many boolean options, maybe convert them to more descriptive
# constants.
else:
options.append("-oStrictHostKeyChecking=no")
- elif ask_key:
- options.extend([
- "-oStrictHostKeyChecking=ask",
- ])
+ else:
+ # non-batch mode
+
+ if ask_key:
+ options.append("-oStrictHostKeyChecking=ask")
+ elif strict_host_check:
+ options.append("-oStrictHostKeyChecking=yes")
+ else:
+ options.append("-oStrictHostKeyChecking=no")
return options
def BuildCmd(self, hostname, user, command, batch=True, ask_key=False,
- tty=False, use_cluster_key=True, strict_host_check=True):
+ tty=False, use_cluster_key=True, strict_host_check=True,
+ private_key=None):
"""Build an ssh command to execute a command on a remote node.
@param hostname: the target host, string
@param use_cluster_key: whether to expect and use the
cluster-global SSH key
@param strict_host_check: whether to check the host's SSH key at all
+ @param private_key: use this private key instead of the default
@return: the ssh call to run 'command' on the remote host.
"""
argv = [constants.SSH, "-q"]
argv.extend(self._BuildSshOptions(batch, ask_key, use_cluster_key,
- strict_host_check))
+ strict_host_check, private_key))
if tty:
argv.append("-t")
argv.extend(["%s@%s" % (user, hostname), command])
connected to).
This is used to detect problems in ssh known_hosts files
- (conflicting known hosts) and incosistencies between dns/hosts
+ (conflicting known hosts) and inconsistencies between dns/hosts
entries and local machine names
@param node: nodename of a host to check; can be short or
- detail: string with details
"""
- retval = self.Run(node, 'root', 'hostname')
+ retval = self.Run(node, 'root', 'hostname --fqdn')
if retval.failed:
msg = "ssh problem"
output = retval.output
if output:
msg += ": %s" % output
+ else:
+ msg += ": %s (no output)" % retval.fail_reason
+ logging.error("Command %s failed: %s", retval.cmd, msg)
return False, msg
remotehostname = retval.stdout.strip()
if not remotehostname or remotehostname != node:
- return False, "hostname mismatch, got %s" % remotehostname
+ if node.startswith(remotehostname + "."):
+ msg = "hostname not FQDN"
+ else:
+ msg = "hostname mistmatch"
+ return False, ("%s: expected %s but got %s" %
+ (msg, node, remotehostname))
return True, "host matches"
"""Writes the cluster-wide equally known_hosts file.
"""
- utils.WriteFile(file_name, mode=0700,
+ utils.WriteFile(file_name, mode=0600,
data="%s ssh-rsa %s\n" % (cfg.GetClusterName(),
cfg.GetHostKey()))