History | View | Annotate | Download (8.6 kB)
ssh: Quote strings in error message
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: René Nussbaumer <rn@google.com>
ssh.VerifyNodeHostname: remove the quiet flag
This is not needed for this function, and can interfere with debuggingof ssh failures.
Signed-off-by: Iustin Pop <iustin@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
utils: Move process-related code into separate file
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Merge branch 'devel-2.2'
Fix some epydoc warnings
Signed-off-by: Manuel Franceschini <livewire@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Fix scp command when target is an IPv6 address
Due to the syntax used for the target in scp <target>:<path>, it isnecessary when the target is an IPv6 address to enclose it in squarebrackets.
Signed-off-by: Manuel Franceschini <livewire@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
hansmi helped me with merging the conflict. Thanks
Conflicts: lib/workerpool.py
Signed-off-by: René Nussbaumer <rn@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
Adding a paramiko fingerprint format helper
And provide unittests for them
Fix small spelling mistake
Support IPv6 node add
Adjust message in case ~/.ssh is no directory
Use actual path, not something hardcoded.
Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Guido Trotter <ultrotter@google.com>
Force ssh to allocate a tty
This is required to avoid the"Pseudo-terminal will not be allocated because stdin is not a terminal." ssh error message in case a Ganeti script is run non-interactively.
Signed-off-by: Balazs Lecz <leczb@google.com>Reviewed-by: Iustin Pop <iustin@google.com>
ssh.GetUserFiles: move to EnsureDirs
We also create a generic SECURE_DIR_MODE constant, rather thanhardcoding 0700 in the code.
Signed-off-by: Guido Trotter <ultrotter@google.com>Reviewed-by: Balazs Lecz <leczb@google.com>
ssh: make quiet configurable
Currently both CopyFileToNode and BuildCmd hardcode "-q" in the options.This patch moves this setting as a configurable option to_BuildSshOptions.
SSH: do not check IPs
Since we use the cluster name for the SSH known_hosts file, ssh willalways detect a changed IP (since we never connect to the cluster mastername, but the node names), and will complain about it/try to update theuser known hosts file (since that is /dev/null, it doesn't matter, but...
Switch from os.path.join to utils.PathJoin
This passes a full burnin with lots of instances, and should be safe aswe mostly to join a known root (various constants) to a run-timevariable.
Make it possible to pass custom private key path to SshRunner.Run
Signed-off-by: René Nussbaumer <rn@google.com>Signed-off-by: Michael Hanselmann <hansmi@google.com>Reviewed-by: Michael Hanselmann <hansmi@google.com>
Fix ssh host key checking with no-key-check
In case we add a node with “--no-ssh-key-check”, this should overrideany default yes/ask values in the system-wide (or user) ssh key check.
Currently this only works in batch mode, whereas in non-batch we only...
Pass --fqdn to ssh hostname checks
The cluster verify checks for fqdn are done via address lookups, andthere we actually use the FQDN. However, for the ssh hostname checkwhich is done at node add time, we rely on the default of the “hostname”command. And Debian for example recently changed the default to return...
Another round of pylint-related style fixes
A newer version of pylint, more warnings…
Fix the confusing ssh/hostname message in node add
Before, it used to say:
ssh/hostname verification failed node1.example.com -> hostname mismatch, got node2
Now it says for wrong hostnames (maybe too verbose):
ssh/hostname verification failed (checking from node1.example.com): hostname...
Fix some typos
ssh: more details on failure
In case we fail without output from the ssh command, we should at leastadd the exit code or any other failure reason to the error message, andlog it and the cmdline used to the node daemon log.
Reviewed-by: imsnah
Give a sane permission to the known_host file
Reviewed-by: iustinp
lib/ssh.py: import the logging module
This only means most of our error paths in this module were not working(and generating exceptions).
Reviewed-by: amishchenko
SshRunner: add docstring for _BuildSshOptions
Fix epydoc format warnings
This patch should fix all outstanding epydoc parsing errors; as such, weswitch epydoc into verbose mode so that any new errors will be visible.
Convert ssh.py to use the logging module
Change SshRunner usage
Currently the SshRunner uses a SimpleConfigReader instance, however thisis not best. We change it to use the cluster name directly (and itsconstructor now takes this as parameter, instead of SCR), and itscallers are change to pass the name directly....
Convert ssh.py
Get rid of ssconf and convert to configuration instead.
SshRunner: Add parameter to always accept peer's SSH key
This will be used to add nodes without user interaction, specificallyin QA tests.
Reviewed-by: ultrotter
Move SSH option building into a function
I'm going to add another option and it would make maintainingthem in constants even more complicated.
SshRunner.Run: Pass all arguments to BuildCmd
This patch changes SshRunner.Run to pass all arguments toSshRunner.BuildCmd. They had the same arguments beforeand should stay that way. This change makes it easierto add new or change existing arguments....
Fix adding pristine nodes
If a node hasn't been part of the cluster before being added it'll nothave the cluster's SSH key. This patch makes sure to accept those bynot aliasing the machine name to the cluster name.
Check whether path is valid before accessing it
Use constants for “ssh” and “scp” binaries instead of magic values
Use new cluster alias in known_hosts file
Add “tty” parameter to SshRunner.BuildCmd
This allows callers to allocate a pseudo-TTY easily.
Order SSH options alphabetically
Move SSH functions into a class
This renames some functions and does some minor codestyle cleanup.
Add function to write cluster SSH key to known_hosts file
The whole Ganeti cluster has a single SSH key. Its fingerprint iswritten to Ganeti's known_hosts file, together with an alias. Thisallows us to always use that alias instead of the real hostname,...
Some tiny style fixes
Replace more ssh paths with proper constants
The node's ssh keys filenames are now provided as constants; this shouldallow easier customization.
Also, the user's ssh key computing has been abstracted into ssh.py
Remove the shebang from modules
Since modules are not directly executables, remove the shebang fromthem. This helps with lintian warnings.
Also make the autogenerated _autoconf.py contain two comment lines atthe beginning, like the other modules.
Fix the ssh change which breaks remote ssh commands
Explanation: since we use lists and not a string, every argument we giveis passed unchanged to the remote shell. So, for example, passing'/etc/init.d/ganeti restart' to the remote shell, it will try to run the...
Make import/export use the auxiliary ssh library to build the remote commands.
This avoids forgetting some parameters, as it's happening right now(the correct known host file is not being passed)
In order to do so we split SSHCall into an auxiliary BuildSSHCmd which builds...
Rework ssh known-hosts handling.
This changes: - cluster setup, we no longer edit /etc/ssh/ssh_known_hosts but our own file - node add, we no longer remove root's known_hosts (twice) - gnt-instance console, both the LU and the script: since now the ssh...
Disable hashing of the ssh keys.
In case we use StrictHostKeyChecking=ask, also add HashKnownHosts=no so thatdebugging is easier. The nodes to which we are connecting are anyway visible in/etc/ssh/ssh_known_hosts.
Style changes for pep-8 and python-3000 compliance.
This changes the raising of exceptions from: raise Exception, valueto raise Exception(value)
as the first form will be removed in python-3000 and the second form ispreferred now.
The changes also involve a few cases of changing from raising standard...
Comment formatting updates.
Initial commit.