- adds the ssh public key to the users' authorized_keys file
"""
- user_dir = utils.GetHomeDir(constants.GANETI_RUNAS)
- if not user_dir:
- logger.Error("Cannot find home of run-as user %s" % constants.GANETI_RUNAS)
- return False
-
- sshd_keys = [("ssh_host_rsa_key", rsa, 0600),
- ("ssh_host_rsa_key.pub", rsapub, 0644),
- ("ssh_host_dsa_key", dsa, 0600),
- ("ssh_host_dsa_key.pub", dsapub, 0644)]
+ sshd_keys = [(constants.SSH_HOST_RSA_PRIV, rsa, 0600),
+ (constants.SSH_HOST_RSA_PUB, rsapub, 0644),
+ (constants.SSH_HOST_DSA_PRIV, dsa, 0600),
+ (constants.SSH_HOST_DSA_PUB, dsapub, 0644)]
for name, content, mode in sshd_keys:
- utils.WriteFile(os.path.join(constants.SSH_CONFIG_DIR, name),
- data=content, mode=mode)
-
- user_ssh_dir = os.path.join(user_dir, ".ssh")
+ utils.WriteFile(name, data=content, mode=mode)
- if not os.path.isdir(user_ssh_dir):
- os.mkdir(user_ssh_dir)
+ try:
+ priv_key, pub_key, auth_keys = ssh.GetUserFiles(constants.GANETI_RUNAS,
+ mkdir=True)
+ except errors.OpExecError, err:
+ logger.Error("Error while processing user ssh files: %s" % err)
+ return False
- for name, content in [("id_dsa", sshkey), ("id_dsa.pub", sshpub)]:
- utils.WriteFile(os.path.join(user_ssh_dir, name), data=content, mode=0600)
+ for name, content in [(priv_key, sshkey), (pub_key, sshpub)]:
+ utils.WriteFile(name, data=content, mode=0600)
- utils.AddAuthorizedKey(os.path.join(user_ssh_dir, "authorized_keys"), sshpub)
+ utils.AddAuthorizedKey(auth_keys, sshpub)
utils.RunCmd([constants.SSH_INITD_SCRIPT, "restart"])
if os.path.isfile(full_name) and not os.path.islink(full_name):
utils.RemoveFile(full_name)
- user_dir = utils.GetHomeDir(constants.GANETI_RUNAS)
- if not user_dir:
- logger.Error("Cannot find home of run-as user %s" % constants.GANETI_RUNAS)
- return
-
- user_ssh_dir = os.path.join(user_dir, ".ssh")
- if not os.path.isdir(user_ssh_dir):
- logger.Error("User's ssh dir '%s' does not exist?!" % user_ssh_dir)
+ try:
+ priv_key, pub_key, auth_keys = ssh.GetUserFiles(constants.GANETI_RUNAS)
+ except errors.OpExecError, err:
+ logger.Error("Error while processing ssh files: %s" % err)
return
- f = open(os.path.join(user_ssh_dir, "id_dsa.pub"), 'r')
+ f = open(pub_key, 'r')
try:
- utils.RemoveAuthorizedKey(os.path.join(user_ssh_dir, "authorized_keys"),
- f.read(8192))
+ utils.RemoveAuthorizedKey(auth_keys, f.read(8192))
finally:
f.close()
-
- utils.RemoveFile(os.path.join(user_ssh_dir, "id_dsa"))
- utils.RemoveFile(os.path.join(user_ssh_dir, "id_dsa.pub"))
+ utils.RemoveFile(priv_key)
+ utils.RemoveFile(pub_key)
def GetNodeInfo(vgname):
node: the name of this host as a fqdn
"""
- if os.path.exists('/root/.ssh/id_dsa'):
- utils.CreateBackup('/root/.ssh/id_dsa')
- if os.path.exists('/root/.ssh/id_dsa.pub'):
- utils.CreateBackup('/root/.ssh/id_dsa.pub')
+ priv_key, pub_key, auth_keys = ssh.GetUserFiles(constants.GANETI_RUNAS)
- utils.RemoveFile('/root/.ssh/id_dsa')
- utils.RemoveFile('/root/.ssh/id_dsa.pub')
+ for name in priv_key, pub_key:
+ if os.path.exists(name):
+ utils.CreateBackup(name)
+ utils.RemoveFile(name)
result = utils.RunCmd(["ssh-keygen", "-t", "dsa",
- "-f", "/root/.ssh/id_dsa",
+ "-f", priv_key,
"-q", "-N", ""])
if result.failed:
raise errors.OpExecError("Could not generate ssh keypair, error %s" %
result.output)
- f = open('/root/.ssh/id_dsa.pub', 'r')
+ f = open(pub_key, 'r')
try:
- utils.AddAuthorizedKey('/root/.ssh/authorized_keys', f.read(8192))
+ utils.AddAuthorizedKey(auth_keys, f.read(8192))
finally:
f.close()
rpc.call_node_start_master(hostname.name)
# set up ssh config and /etc/hosts
- f = open('/etc/ssh/ssh_host_rsa_key.pub', 'r')
+ f = open(constants.SSH_HOST_RSA_PUB, 'r')
try:
sshline = f.read()
finally:
"""Destroys the cluster.
"""
- utils.CreateBackup('/root/.ssh/id_dsa')
- utils.CreateBackup('/root/.ssh/id_dsa.pub')
+ priv_key, pub_key, _ = ssh.GetUserFiles(constants.GANETI_RUNAS)
+ utils.CreateBackup(priv_key)
+ utils.CreateBackup(pub_key)
rpc.call_node_leave_cluster(self.sstore.GetMasterNode())
# setup ssh on node
logger.Info("copy ssh key to node %s" % node)
+ priv_key, pub_key, _ = ssh.GetUserFiles(constants.GANETI_RUNAS)
keyarray = []
- keyfiles = ["/etc/ssh/ssh_host_dsa_key", "/etc/ssh/ssh_host_dsa_key.pub",
- "/etc/ssh/ssh_host_rsa_key", "/etc/ssh/ssh_host_rsa_key.pub",
- "/root/.ssh/id_dsa", "/root/.ssh/id_dsa.pub"]
+ keyfiles = [constants.SSH_HOST_DSA_PRIV, constants.SSH_HOST_DSA_PUB,
+ constants.SSH_HOST_RSA_PRIV, constants.SSH_HOST_RSA_PUB,
+ priv_key, pub_key]
for i in keyfiles:
f = open(i, 'r')
TCP_PING_TIMEOUT = 10
GANETI_RUNAS = "root"
-# external utilities
+# ssh constants
SSH_INITD_SCRIPT = _autoconf.SSH_INITD_SCRIPT
-SSH_CONFIG_DIR = "/etc/ssh"
+SSH_CONFIG_DIR = "/etc/ssh/"
+SSH_HOST_DSA_PRIV = SSH_CONFIG_DIR + "ssh_host_dsa_key"
+SSH_HOST_DSA_PUB = SSH_HOST_DSA_PRIV + ".pub"
+SSH_HOST_RSA_PRIV = SSH_CONFIG_DIR + "ssh_host_rsa_key"
+SSH_HOST_RSA_PUB = SSH_HOST_RSA_PRIV + ".pub"
]
+def GetUserFiles(user, mkdir=False):
+ """Return the paths of a user's ssh files.
+
+ The function will return a triplet (priv_key_path, pub_key_path,
+ auth_key_path) that are used for ssh authentication. Currently, the
+ keys used are DSA keys, so this function will return:
+ (~user/.ssh/id_dsa, ~user/.ssh/id_dsa.pub,
+ ~user/.ssh/authorized_keys).
+
+ If the optional parameter mkdir is True, the ssh directory will be
+ created if it doesn't exist.
+
+ Regardless of the mkdir parameters, the script will raise an error
+ if ~user/.ssh is not a directory.
+
+ """
+ user_dir = utils.GetHomeDir(user)
+ if not user_dir:
+ raise errors.OpExecError("Cannot resolve home of user %s" % user)
+
+ ssh_dir = os.path.join(user_dir, ".ssh")
+ if not os.path.lexists(ssh_dir):
+ if mkdir:
+ try:
+ os.mkdir(ssh_dir, 0700)
+ except EnvironmentError, err:
+ raise errors.OpExecError("Can't create .ssh dir for user %s: %s" %
+ (user, str(err)))
+ elif not os.path.isdir(ssh_dir):
+ raise errors.OpExecError("path ~%s/.ssh is not a directory" % user)
+
+ return [os.path.join(ssh_dir, base)
+ for base in ["id_dsa", "id_dsa.pub", "authorized_keys"]]
+
+
def BuildSSHCmd(hostname, user, command, batch=True, ask_key=False):
"""Build an ssh string to execute a command on a remote node.