Revision 70d9e3d8
b/lib/backend.py | ||
---|---|---|
88 | 88 |
- adds the ssh public key to the users' authorized_keys file |
89 | 89 |
|
90 | 90 |
""" |
91 |
user_dir = utils.GetHomeDir(constants.GANETI_RUNAS) |
|
92 |
if not user_dir: |
|
93 |
logger.Error("Cannot find home of run-as user %s" % constants.GANETI_RUNAS) |
|
94 |
return False |
|
95 |
|
|
96 |
sshd_keys = [("ssh_host_rsa_key", rsa, 0600), |
|
97 |
("ssh_host_rsa_key.pub", rsapub, 0644), |
|
98 |
("ssh_host_dsa_key", dsa, 0600), |
|
99 |
("ssh_host_dsa_key.pub", dsapub, 0644)] |
|
91 |
sshd_keys = [(constants.SSH_HOST_RSA_PRIV, rsa, 0600), |
|
92 |
(constants.SSH_HOST_RSA_PUB, rsapub, 0644), |
|
93 |
(constants.SSH_HOST_DSA_PRIV, dsa, 0600), |
|
94 |
(constants.SSH_HOST_DSA_PUB, dsapub, 0644)] |
|
100 | 95 |
for name, content, mode in sshd_keys: |
101 |
utils.WriteFile(os.path.join(constants.SSH_CONFIG_DIR, name), |
|
102 |
data=content, mode=mode) |
|
103 |
|
|
104 |
user_ssh_dir = os.path.join(user_dir, ".ssh") |
|
96 |
utils.WriteFile(name, data=content, mode=mode) |
|
105 | 97 |
|
106 |
if not os.path.isdir(user_ssh_dir): |
|
107 |
os.mkdir(user_ssh_dir) |
|
98 |
try: |
|
99 |
priv_key, pub_key, auth_keys = ssh.GetUserFiles(constants.GANETI_RUNAS, |
|
100 |
mkdir=True) |
|
101 |
except errors.OpExecError, err: |
|
102 |
logger.Error("Error while processing user ssh files: %s" % err) |
|
103 |
return False |
|
108 | 104 |
|
109 |
for name, content in [("id_dsa", sshkey), ("id_dsa.pub", sshpub)]:
|
|
110 |
utils.WriteFile(os.path.join(user_ssh_dir, name), data=content, mode=0600)
|
|
105 |
for name, content in [(priv_key, sshkey), (pub_key, sshpub)]:
|
|
106 |
utils.WriteFile(name, data=content, mode=0600)
|
|
111 | 107 |
|
112 |
utils.AddAuthorizedKey(os.path.join(user_ssh_dir, "authorized_keys"), sshpub)
|
|
108 |
utils.AddAuthorizedKey(auth_keys, sshpub)
|
|
113 | 109 |
|
114 | 110 |
utils.RunCmd([constants.SSH_INITD_SCRIPT, "restart"]) |
115 | 111 |
|
... | ... | |
126 | 122 |
if os.path.isfile(full_name) and not os.path.islink(full_name): |
127 | 123 |
utils.RemoveFile(full_name) |
128 | 124 |
|
129 |
user_dir = utils.GetHomeDir(constants.GANETI_RUNAS) |
|
130 |
if not user_dir: |
|
131 |
logger.Error("Cannot find home of run-as user %s" % constants.GANETI_RUNAS) |
|
132 |
return |
|
133 |
|
|
134 |
user_ssh_dir = os.path.join(user_dir, ".ssh") |
|
135 | 125 |
|
136 |
if not os.path.isdir(user_ssh_dir): |
|
137 |
logger.Error("User's ssh dir '%s' does not exist?!" % user_ssh_dir) |
|
126 |
try: |
|
127 |
priv_key, pub_key, auth_keys = ssh.GetUserFiles(constants.GANETI_RUNAS) |
|
128 |
except errors.OpExecError, err: |
|
129 |
logger.Error("Error while processing ssh files: %s" % err) |
|
138 | 130 |
return |
139 | 131 |
|
140 |
f = open(os.path.join(user_ssh_dir, "id_dsa.pub"), 'r')
|
|
132 |
f = open(pub_key, 'r')
|
|
141 | 133 |
try: |
142 |
utils.RemoveAuthorizedKey(os.path.join(user_ssh_dir, "authorized_keys"), |
|
143 |
f.read(8192)) |
|
134 |
utils.RemoveAuthorizedKey(auth_keys, f.read(8192)) |
|
144 | 135 |
finally: |
145 | 136 |
f.close() |
146 | 137 |
|
147 |
|
|
148 |
utils.RemoveFile(os.path.join(user_ssh_dir, "id_dsa")) |
|
149 |
utils.RemoveFile(os.path.join(user_ssh_dir, "id_dsa.pub")) |
|
138 |
utils.RemoveFile(priv_key) |
|
139 |
utils.RemoveFile(pub_key) |
|
150 | 140 |
|
151 | 141 |
|
152 | 142 |
def GetNodeInfo(vgname): |
b/lib/cmdlib.py | ||
---|---|---|
476 | 476 |
node: the name of this host as a fqdn |
477 | 477 |
|
478 | 478 |
""" |
479 |
if os.path.exists('/root/.ssh/id_dsa'): |
|
480 |
utils.CreateBackup('/root/.ssh/id_dsa') |
|
481 |
if os.path.exists('/root/.ssh/id_dsa.pub'): |
|
482 |
utils.CreateBackup('/root/.ssh/id_dsa.pub') |
|
479 |
priv_key, pub_key, auth_keys = ssh.GetUserFiles(constants.GANETI_RUNAS) |
|
483 | 480 |
|
484 |
utils.RemoveFile('/root/.ssh/id_dsa') |
|
485 |
utils.RemoveFile('/root/.ssh/id_dsa.pub') |
|
481 |
for name in priv_key, pub_key: |
|
482 |
if os.path.exists(name): |
|
483 |
utils.CreateBackup(name) |
|
484 |
utils.RemoveFile(name) |
|
486 | 485 |
|
487 | 486 |
result = utils.RunCmd(["ssh-keygen", "-t", "dsa", |
488 |
"-f", "/root/.ssh/id_dsa",
|
|
487 |
"-f", priv_key,
|
|
489 | 488 |
"-q", "-N", ""]) |
490 | 489 |
if result.failed: |
491 | 490 |
raise errors.OpExecError("Could not generate ssh keypair, error %s" % |
492 | 491 |
result.output) |
493 | 492 |
|
494 |
f = open('/root/.ssh/id_dsa.pub', 'r')
|
|
493 |
f = open(pub_key, 'r')
|
|
495 | 494 |
try: |
496 |
utils.AddAuthorizedKey('/root/.ssh/authorized_keys', f.read(8192))
|
|
495 |
utils.AddAuthorizedKey(auth_keys, f.read(8192))
|
|
497 | 496 |
finally: |
498 | 497 |
f.close() |
499 | 498 |
|
... | ... | |
627 | 626 |
rpc.call_node_start_master(hostname.name) |
628 | 627 |
|
629 | 628 |
# set up ssh config and /etc/hosts |
630 |
f = open('/etc/ssh/ssh_host_rsa_key.pub', 'r')
|
|
629 |
f = open(constants.SSH_HOST_RSA_PUB, 'r')
|
|
631 | 630 |
try: |
632 | 631 |
sshline = f.read() |
633 | 632 |
finally: |
... | ... | |
676 | 675 |
"""Destroys the cluster. |
677 | 676 |
|
678 | 677 |
""" |
679 |
utils.CreateBackup('/root/.ssh/id_dsa') |
|
680 |
utils.CreateBackup('/root/.ssh/id_dsa.pub') |
|
678 |
priv_key, pub_key, _ = ssh.GetUserFiles(constants.GANETI_RUNAS) |
|
679 |
utils.CreateBackup(priv_key) |
|
680 |
utils.CreateBackup(pub_key) |
|
681 | 681 |
rpc.call_node_leave_cluster(self.sstore.GetMasterNode()) |
682 | 682 |
|
683 | 683 |
|
... | ... | |
1508 | 1508 |
|
1509 | 1509 |
# setup ssh on node |
1510 | 1510 |
logger.Info("copy ssh key to node %s" % node) |
1511 |
priv_key, pub_key, _ = ssh.GetUserFiles(constants.GANETI_RUNAS) |
|
1511 | 1512 |
keyarray = [] |
1512 |
keyfiles = ["/etc/ssh/ssh_host_dsa_key", "/etc/ssh/ssh_host_dsa_key.pub",
|
|
1513 |
"/etc/ssh/ssh_host_rsa_key", "/etc/ssh/ssh_host_rsa_key.pub",
|
|
1514 |
"/root/.ssh/id_dsa", "/root/.ssh/id_dsa.pub"]
|
|
1513 |
keyfiles = [constants.SSH_HOST_DSA_PRIV, constants.SSH_HOST_DSA_PUB,
|
|
1514 |
constants.SSH_HOST_RSA_PRIV, constants.SSH_HOST_RSA_PUB,
|
|
1515 |
priv_key, pub_key]
|
|
1515 | 1516 |
|
1516 | 1517 |
for i in keyfiles: |
1517 | 1518 |
f = open(i, 'r') |
b/lib/constants.py | ||
---|---|---|
110 | 110 |
TCP_PING_TIMEOUT = 10 |
111 | 111 |
GANETI_RUNAS = "root" |
112 | 112 |
|
113 |
# external utilities
|
|
113 |
# ssh constants
|
|
114 | 114 |
SSH_INITD_SCRIPT = _autoconf.SSH_INITD_SCRIPT |
115 |
SSH_CONFIG_DIR = "/etc/ssh" |
|
115 |
SSH_CONFIG_DIR = "/etc/ssh/" |
|
116 |
SSH_HOST_DSA_PRIV = SSH_CONFIG_DIR + "ssh_host_dsa_key" |
|
117 |
SSH_HOST_DSA_PUB = SSH_HOST_DSA_PRIV + ".pub" |
|
118 |
SSH_HOST_RSA_PRIV = SSH_CONFIG_DIR + "ssh_host_rsa_key" |
|
119 |
SSH_HOST_RSA_PUB = SSH_HOST_RSA_PRIV + ".pub" |
b/lib/ssh.py | ||
---|---|---|
55 | 55 |
] |
56 | 56 |
|
57 | 57 |
|
58 |
def GetUserFiles(user, mkdir=False): |
|
59 |
"""Return the paths of a user's ssh files. |
|
60 |
|
|
61 |
The function will return a triplet (priv_key_path, pub_key_path, |
|
62 |
auth_key_path) that are used for ssh authentication. Currently, the |
|
63 |
keys used are DSA keys, so this function will return: |
|
64 |
(~user/.ssh/id_dsa, ~user/.ssh/id_dsa.pub, |
|
65 |
~user/.ssh/authorized_keys). |
|
66 |
|
|
67 |
If the optional parameter mkdir is True, the ssh directory will be |
|
68 |
created if it doesn't exist. |
|
69 |
|
|
70 |
Regardless of the mkdir parameters, the script will raise an error |
|
71 |
if ~user/.ssh is not a directory. |
|
72 |
|
|
73 |
""" |
|
74 |
user_dir = utils.GetHomeDir(user) |
|
75 |
if not user_dir: |
|
76 |
raise errors.OpExecError("Cannot resolve home of user %s" % user) |
|
77 |
|
|
78 |
ssh_dir = os.path.join(user_dir, ".ssh") |
|
79 |
if not os.path.lexists(ssh_dir): |
|
80 |
if mkdir: |
|
81 |
try: |
|
82 |
os.mkdir(ssh_dir, 0700) |
|
83 |
except EnvironmentError, err: |
|
84 |
raise errors.OpExecError("Can't create .ssh dir for user %s: %s" % |
|
85 |
(user, str(err))) |
|
86 |
elif not os.path.isdir(ssh_dir): |
|
87 |
raise errors.OpExecError("path ~%s/.ssh is not a directory" % user) |
|
88 |
|
|
89 |
return [os.path.join(ssh_dir, base) |
|
90 |
for base in ["id_dsa", "id_dsa.pub", "authorized_keys"]] |
|
91 |
|
|
92 |
|
|
58 | 93 |
def BuildSSHCmd(hostname, user, command, batch=True, ask_key=False): |
59 | 94 |
"""Build an ssh string to execute a command on a remote node. |
60 | 95 |
|
Also available in: Unified diff