| Branch: | Tag: | Revision:

root / lib / @ f3aebf6f

History | View | Annotate | Download (10.7 kB)

1 2f31098c Iustin Pop
2 a8083063 Iustin Pop
3 a8083063 Iustin Pop
4 ebcd61bb Iustin Pop
# Copyright (C) 2006, 2007, 2010, 2011 Google Inc.
5 a8083063 Iustin Pop
6 a8083063 Iustin Pop
# This program is free software; you can redistribute it and/or modify
7 a8083063 Iustin Pop
# it under the terms of the GNU General Public License as published by
8 a8083063 Iustin Pop
# the Free Software Foundation; either version 2 of the License, or
9 a8083063 Iustin Pop
# (at your option) any later version.
10 a8083063 Iustin Pop
11 a8083063 Iustin Pop
# This program is distributed in the hope that it will be useful, but
12 a8083063 Iustin Pop
# WITHOUT ANY WARRANTY; without even the implied warranty of
13 a8083063 Iustin Pop
14 a8083063 Iustin Pop
# General Public License for more details.
15 a8083063 Iustin Pop
16 a8083063 Iustin Pop
# You should have received a copy of the GNU General Public License
17 a8083063 Iustin Pop
# along with this program; if not, write to the Free Software
18 a8083063 Iustin Pop
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 a8083063 Iustin Pop
# 02110-1301, USA.
20 a8083063 Iustin Pop
21 a8083063 Iustin Pop
22 a8083063 Iustin Pop
"""Module encapsulating ssh functionality.
23 a8083063 Iustin Pop

24 a8083063 Iustin Pop
25 a8083063 Iustin Pop
26 a8083063 Iustin Pop
27 a8083063 Iustin Pop
import os
28 9c034cbe Iustin Pop
import logging
29 a8083063 Iustin Pop
30 a8083063 Iustin Pop
from ganeti import utils
31 a8083063 Iustin Pop
from ganeti import errors
32 82122173 Iustin Pop
from ganeti import constants
33 8062638d Manuel Franceschini
from ganeti import netutils
34 8fd1bfa9 Michael Hanselmann
from ganeti import pathutils
35 cffbbae7 Michael Hanselmann
from ganeti import vcluster
36 5484cda5 Michael Hanselmann
from ganeti import compat
37 82122173 Iustin Pop
38 82122173 Iustin Pop
39 7bd70e6b Michael Hanselmann
def GetUserFiles(user, mkdir=False, dircheck=True, kind=constants.SSHK_DSA,
40 d12b9f66 Michael Hanselmann
41 8a3c9e8a Michael Hanselmann
  """Return the paths of a user's SSH files.
42 8a3c9e8a Michael Hanselmann

43 8a3c9e8a Michael Hanselmann
  @type user: string
44 8a3c9e8a Michael Hanselmann
  @param user: Username
45 8a3c9e8a Michael Hanselmann
  @type mkdir: bool
46 8a3c9e8a Michael Hanselmann
  @param mkdir: Whether to create ".ssh" directory if it doesn't exist
47 7bd70e6b Michael Hanselmann
  @type dircheck: bool
48 7bd70e6b Michael Hanselmann
  @param dircheck: Whether to check if ".ssh" directory exists
49 8a3c9e8a Michael Hanselmann
  @type kind: string
50 8a3c9e8a Michael Hanselmann
  @param kind: One of L{constants.SSHK_ALL}
51 8a3c9e8a Michael Hanselmann
  @rtype: tuple; (string, string, string)
52 8a3c9e8a Michael Hanselmann
  @return: Tuple containing three file system paths; the private SSH key file,
53 8a3c9e8a Michael Hanselmann
    the public SSH key file and the user's C{authorized_keys} file
54 8a3c9e8a Michael Hanselmann
  @raise errors.OpExecError: When home directory of the user can not be
55 8a3c9e8a Michael Hanselmann
56 8a3c9e8a Michael Hanselmann
  @raise errors.OpExecError: Regardless of the C{mkdir} parameters, this
57 7bd70e6b Michael Hanselmann
    exception is raised if C{~$user/.ssh} is not a directory and C{dircheck}
58 7bd70e6b Michael Hanselmann
    is set to C{True}
59 70d9e3d8 Iustin Pop

60 70d9e3d8 Iustin Pop
61 d12b9f66 Michael Hanselmann
  if _homedir_fn is None:
62 d12b9f66 Michael Hanselmann
    _homedir_fn = utils.GetHomeDir
63 d12b9f66 Michael Hanselmann
64 8a3c9e8a Michael Hanselmann
  user_dir = _homedir_fn(user)
65 70d9e3d8 Iustin Pop
  if not user_dir:
66 8a3c9e8a Michael Hanselmann
    raise errors.OpExecError("Cannot resolve home of user '%s'" % user)
67 8a3c9e8a Michael Hanselmann
68 8a3c9e8a Michael Hanselmann
  if kind == constants.SSHK_DSA:
69 8a3c9e8a Michael Hanselmann
    suffix = "dsa"
70 8a3c9e8a Michael Hanselmann
  elif kind == constants.SSHK_RSA:
71 8a3c9e8a Michael Hanselmann
    suffix = "rsa"
72 8a3c9e8a Michael Hanselmann
73 8a3c9e8a Michael Hanselmann
    raise errors.ProgrammerError("Unknown SSH key kind '%s'" % kind)
74 70d9e3d8 Iustin Pop
75 c4feafe8 Iustin Pop
  ssh_dir = utils.PathJoin(user_dir, ".ssh")
76 5bae14d9 Guido Trotter
  if mkdir:
77 5bae14d9 Guido Trotter
    utils.EnsureDirs([(ssh_dir, constants.SECURE_DIR_MODE)])
78 7bd70e6b Michael Hanselmann
  elif dircheck and not os.path.isdir(ssh_dir):
79 898a6d45 Michael Hanselmann
    raise errors.OpExecError("Path %s is not a directory" % ssh_dir)
80 70d9e3d8 Iustin Pop
81 c4feafe8 Iustin Pop
  return [utils.PathJoin(ssh_dir, base)
82 8a3c9e8a Michael Hanselmann
          for base in ["id_%s" % suffix, "" % suffix,
83 8a3c9e8a Michael Hanselmann
84 70d9e3d8 Iustin Pop
85 70d9e3d8 Iustin Pop
86 5484cda5 Michael Hanselmann
def GetAllUserFiles(user, mkdir=False, dircheck=True, _homedir_fn=None):
87 5484cda5 Michael Hanselmann
  """Wrapper over L{GetUserFiles} to retrieve files for all SSH key types.
88 5484cda5 Michael Hanselmann

89 5484cda5 Michael Hanselmann
  See L{GetUserFiles} for details.
90 5484cda5 Michael Hanselmann

91 5484cda5 Michael Hanselmann
  @rtype: tuple; (string, dict with string as key, tuple of (string, string) as
92 5484cda5 Michael Hanselmann
93 5484cda5 Michael Hanselmann

94 5484cda5 Michael Hanselmann
95 5484cda5 Michael Hanselmann
  helper = compat.partial(GetUserFiles, user, mkdir=mkdir, dircheck=dircheck,
96 5484cda5 Michael Hanselmann
97 5484cda5 Michael Hanselmann
  result = [(kind, helper(kind=kind)) for kind in constants.SSHK_ALL]
98 5484cda5 Michael Hanselmann
99 5484cda5 Michael Hanselmann
  authorized_keys = [i for (_, (_, _, i)) in result]
100 5484cda5 Michael Hanselmann
101 5484cda5 Michael Hanselmann
  assert len(frozenset(authorized_keys)) == 1, \
102 5484cda5 Michael Hanselmann
    "Different paths for authorized_keys were returned"
103 5484cda5 Michael Hanselmann
104 5484cda5 Michael Hanselmann
  return (authorized_keys[0],
105 5484cda5 Michael Hanselmann
          dict((kind, (privkey, pubkey))
106 5484cda5 Michael Hanselmann
               for (kind, (privkey, pubkey, _)) in result))
107 5484cda5 Michael Hanselmann
108 5484cda5 Michael Hanselmann
109 c92b310a Michael Hanselmann
class SshRunner:
110 c92b310a Michael Hanselmann
  """Wrapper for SSH commands.
111 a8083063 Iustin Pop

112 a8083063 Iustin Pop
113 b43dcc5a Manuel Franceschini
  def __init__(self, cluster_name, ipv6=False):
114 b43dcc5a Manuel Franceschini
    """Initializes this class.
115 b43dcc5a Manuel Franceschini

116 b43dcc5a Manuel Franceschini
    @type cluster_name: str
117 b43dcc5a Manuel Franceschini
    @param cluster_name: name of the cluster
118 b43dcc5a Manuel Franceschini
    @type ipv6: bool
119 b43dcc5a Manuel Franceschini
    @param ipv6: If true, force ssh to use IPv6 addresses only
120 b43dcc5a Manuel Franceschini

121 b43dcc5a Manuel Franceschini
122 56bece1f Iustin Pop
    self.cluster_name = cluster_name
123 b43dcc5a Manuel Franceschini
    self.ipv6 = ipv6
124 1ff08570 Michael Hanselmann
125 652d6694 Michael Hanselmann
  def _BuildSshOptions(self, batch, ask_key, use_cluster_key,
126 a9f33339 Petr Pudlak
                       strict_host_check, private_key=None, quiet=True,
127 a9f33339 Petr Pudlak
128 bf75f132 Iustin Pop
    """Builds a list with needed SSH options.
129 bf75f132 Iustin Pop

130 bf75f132 Iustin Pop
    @param batch: same as ssh's batch option
131 bf75f132 Iustin Pop
    @param ask_key: allows ssh to ask for key confirmation; this
132 bf75f132 Iustin Pop
        parameter conflicts with the batch one
133 bf75f132 Iustin Pop
    @param use_cluster_key: if True, use the cluster name as the
134 bf75f132 Iustin Pop
        HostKeyAlias name
135 bf75f132 Iustin Pop
    @param strict_host_check: this makes the host key checking strict
136 4403ff8d René Nussbaumer
    @param private_key: use this private key instead of the default
137 2892a4c9 Iustin Pop
    @param quiet: whether to enable -q to ssh
138 a9f33339 Petr Pudlak
    @param port: the SSH port to use, or None to use the default
139 bf75f132 Iustin Pop

140 bf75f132 Iustin Pop
    @rtype: list
141 a4ccecf6 Michael Hanselmann
    @return: the list of options ready to use in L{utils.process.RunCmd}
142 bf75f132 Iustin Pop

143 bf75f132 Iustin Pop
144 f6d9f4c3 Michael Hanselmann
    options = [
145 f6d9f4c3 Michael Hanselmann
146 f6d9f4c3 Michael Hanselmann
147 8fd1bfa9 Michael Hanselmann
      "-oGlobalKnownHostsFile=%s" % pathutils.SSH_KNOWN_HOSTS_FILE,
148 f6d9f4c3 Michael Hanselmann
149 b427788e Iustin Pop
150 f6d9f4c3 Michael Hanselmann
151 f6d9f4c3 Michael Hanselmann
152 f6d9f4c3 Michael Hanselmann
    if use_cluster_key:
153 56bece1f Iustin Pop
      options.append("-oHostKeyAlias=%s" % self.cluster_name)
154 f6d9f4c3 Michael Hanselmann
155 2892a4c9 Iustin Pop
    if quiet:
156 2892a4c9 Iustin Pop
157 2892a4c9 Iustin Pop
158 4403ff8d René Nussbaumer
    if private_key:
159 4403ff8d René Nussbaumer
      options.append("-i%s" % private_key)
160 4403ff8d René Nussbaumer
161 a9f33339 Petr Pudlak
    if port:
162 a9f33339 Petr Pudlak
      options.append("-oPort=%d" % port)
163 a9f33339 Petr Pudlak
164 652d6694 Michael Hanselmann
    # TODO: Too many boolean options, maybe convert them to more descriptive
165 652d6694 Michael Hanselmann
    # constants.
166 652d6694 Michael Hanselmann
167 f6d9f4c3 Michael Hanselmann
    # Note: ask_key conflicts with batch mode
168 f6d9f4c3 Michael Hanselmann
    if batch:
169 f6d9f4c3 Michael Hanselmann
      if ask_key:
170 f6d9f4c3 Michael Hanselmann
        raise errors.ProgrammerError("SSH call requested conflicting options")
171 f6d9f4c3 Michael Hanselmann
172 652d6694 Michael Hanselmann
173 652d6694 Michael Hanselmann
174 652d6694 Michael Hanselmann
      if strict_host_check:
175 652d6694 Michael Hanselmann
176 652d6694 Michael Hanselmann
177 652d6694 Michael Hanselmann
178 f6d9f4c3 Michael Hanselmann
179 e66d9f1a Iustin Pop
180 e66d9f1a Iustin Pop
      # non-batch mode
181 e66d9f1a Iustin Pop
182 e66d9f1a Iustin Pop
      if ask_key:
183 e66d9f1a Iustin Pop
184 e66d9f1a Iustin Pop
      elif strict_host_check:
185 e66d9f1a Iustin Pop
186 e66d9f1a Iustin Pop
187 e66d9f1a Iustin Pop
188 f6d9f4c3 Michael Hanselmann
189 b43dcc5a Manuel Franceschini
    if self.ipv6:
190 b43dcc5a Manuel Franceschini
191 b6368001 Costas Drogos
192 b6368001 Costas Drogos
193 b43dcc5a Manuel Franceschini
194 f6d9f4c3 Michael Hanselmann
    return options
195 1ff08570 Michael Hanselmann
196 8f07f831 Michael Hanselmann
  def BuildCmd(self, hostname, user, command, batch=True, ask_key=False,
197 4403ff8d René Nussbaumer
               tty=False, use_cluster_key=True, strict_host_check=True,
198 a9f33339 Petr Pudlak
               private_key=None, quiet=True, port=None):
199 c92b310a Michael Hanselmann
    """Build an ssh command to execute a command on a remote node.
200 c92b310a Michael Hanselmann

201 c41eea6e Iustin Pop
    @param hostname: the target host, string
202 c41eea6e Iustin Pop
    @param user: user to auth as
203 c41eea6e Iustin Pop
    @param command: the command
204 c41eea6e Iustin Pop
    @param batch: if true, ssh will run in batch mode with no prompting
205 c41eea6e Iustin Pop
    @param ask_key: if true, ssh will run with
206 c41eea6e Iustin Pop
        StrictHostKeyChecking=ask, so that we can connect to an
207 c41eea6e Iustin Pop
        unknown host (not valid in batch mode)
208 c41eea6e Iustin Pop
    @param use_cluster_key: whether to expect and use the
209 c41eea6e Iustin Pop
        cluster-global SSH key
210 c41eea6e Iustin Pop
    @param strict_host_check: whether to check the host's SSH key at all
211 4403ff8d René Nussbaumer
    @param private_key: use this private key instead of the default
212 2892a4c9 Iustin Pop
    @param quiet: whether to enable -q to ssh
213 a9f33339 Petr Pudlak
    @param port: the SSH port on which the node's daemon is running
214 c41eea6e Iustin Pop

215 c41eea6e Iustin Pop
    @return: the ssh call to run 'command' on the remote host.
216 c92b310a Michael Hanselmann

217 c92b310a Michael Hanselmann
218 2892a4c9 Iustin Pop
    argv = [constants.SSH]
219 652d6694 Michael Hanselmann
    argv.extend(self._BuildSshOptions(batch, ask_key, use_cluster_key,
220 2892a4c9 Iustin Pop
                                      strict_host_check, private_key,
221 a9f33339 Petr Pudlak
                                      quiet=quiet, port=port))
222 8f07f831 Michael Hanselmann
    if tty:
223 f724a702 Balazs Lecz
      argv.extend(["-t", "-t"])
224 cffbbae7 Michael Hanselmann
225 cffbbae7 Michael Hanselmann
    argv.append("%s@%s" % (user, hostname))
226 cffbbae7 Michael Hanselmann
227 cffbbae7 Michael Hanselmann
    # Insert variables for virtual nodes
228 cffbbae7 Michael Hanselmann
    argv.extend("export %s=%s;" %
229 cffbbae7 Michael Hanselmann
                (utils.ShellQuote(name), utils.ShellQuote(value))
230 cffbbae7 Michael Hanselmann
                for (name, value) in
231 cffbbae7 Michael Hanselmann
232 cffbbae7 Michael Hanselmann
233 cffbbae7 Michael Hanselmann
234 cffbbae7 Michael Hanselmann
235 c92b310a Michael Hanselmann
    return argv
236 c92b310a Michael Hanselmann
237 54ab6aec Michael Hanselmann
  def Run(self, *args, **kwargs):
238 c92b310a Michael Hanselmann
    """Runs a command on a remote node.
239 c92b310a Michael Hanselmann

240 c92b310a Michael Hanselmann
    This method has the same return value as `utils.RunCmd()`, which it
241 c92b310a Michael Hanselmann
    uses to launch ssh.
242 c92b310a Michael Hanselmann

243 c41eea6e Iustin Pop
    Args: see SshRunner.BuildCmd.
244 c92b310a Michael Hanselmann

245 a4ccecf6 Michael Hanselmann
    @rtype: L{utils.process.RunResult}
246 a4ccecf6 Michael Hanselmann
    @return: the result as from L{utils.process.RunCmd()}
247 c92b310a Michael Hanselmann

248 c92b310a Michael Hanselmann
249 54ab6aec Michael Hanselmann
    return utils.RunCmd(self.BuildCmd(*args, **kwargs))
250 c92b310a Michael Hanselmann
251 651ce6a3 Petr Pudlak
  def CopyFileToNode(self, node, port, filename):
252 c92b310a Michael Hanselmann
    """Copy a file to another node with scp.
253 c92b310a Michael Hanselmann

254 c41eea6e Iustin Pop
    @param node: node in the cluster
255 c41eea6e Iustin Pop
    @param filename: absolute pathname of a local file
256 c92b310a Michael Hanselmann

257 c41eea6e Iustin Pop
    @rtype: boolean
258 c41eea6e Iustin Pop
    @return: the success of the operation
259 a8083063 Iustin Pop

260 c92b310a Michael Hanselmann
261 c92b310a Michael Hanselmann
    if not os.path.isabs(filename):
262 23828f1c Iustin Pop
      logging.error("File %s must be an absolute path", filename)
263 c92b310a Michael Hanselmann
      return False
264 a8083063 Iustin Pop
265 1d544ba3 Michael Hanselmann
    if not os.path.isfile(filename):
266 23828f1c Iustin Pop
      logging.error("File %s does not exist", filename)
267 1d544ba3 Michael Hanselmann
      return False
268 1d544ba3 Michael Hanselmann
269 2892a4c9 Iustin Pop
    command = [constants.SCP, "-p"]
270 651ce6a3 Petr Pudlak
    command.extend(self._BuildSshOptions(True, False, True, True, port=port))
271 c92b310a Michael Hanselmann
272 8062638d Manuel Franceschini
    if netutils.IP6Address.IsValid(node):
273 8062638d Manuel Franceschini
      node = netutils.FormatAddress((node, None))
274 8062638d Manuel Franceschini
275 cffbbae7 Michael Hanselmann
    command.append("%s:%s" % (node, vcluster.ExchangeNodeRoot(node, filename)))
276 a8083063 Iustin Pop
277 c92b310a Michael Hanselmann
    result = utils.RunCmd(command)
278 a8083063 Iustin Pop
279 c92b310a Michael Hanselmann
    if result.failed:
280 9dc45ab1 Michael Hanselmann
      logging.error("Copy to node %s failed (%s) error '%s',"
281 9dc45ab1 Michael Hanselmann
                    " command was '%s'",
282 23828f1c Iustin Pop
                    node, result.fail_reason, result.output, result.cmd)
283 a8083063 Iustin Pop
284 c92b310a Michael Hanselmann
    return not result.failed
285 a8083063 Iustin Pop
286 a9f33339 Petr Pudlak
  def VerifyNodeHostname(self, node, ssh_port):
287 c92b310a Michael Hanselmann
    """Verify hostname consistency via SSH.
288 a8083063 Iustin Pop

289 c92b310a Michael Hanselmann
    This functions connects via ssh to a node and compares the hostname
290 c92b310a Michael Hanselmann
    reported by the node to the name with have (the one that we
291 c92b310a Michael Hanselmann
    connected to).
292 a8083063 Iustin Pop

293 c92b310a Michael Hanselmann
    This is used to detect problems in ssh known_hosts files
294 5bbd3f7f Michael Hanselmann
    (conflicting known hosts) and inconsistencies between dns/hosts
295 c92b310a Michael Hanselmann
    entries and local machine names
296 a8083063 Iustin Pop

297 c41eea6e Iustin Pop
    @param node: nodename of a host to check; can be short or
298 c41eea6e Iustin Pop
        full qualified hostname
299 a9f33339 Petr Pudlak
    @param ssh_port: the port of a SSH daemon running on the node
300 a8083063 Iustin Pop

301 c41eea6e Iustin Pop
    @return: (success, detail), where:
302 c41eea6e Iustin Pop
        - success: True/False
303 c41eea6e Iustin Pop
        - detail: string with details
304 a8083063 Iustin Pop

305 c92b310a Michael Hanselmann
306 cffbbae7 Michael Hanselmann
    cmd = ("if test -z \"$GANETI_HOSTNAME\"; then"
307 cffbbae7 Michael Hanselmann
           "  hostname --fqdn;"
308 cffbbae7 Michael Hanselmann
309 cffbbae7 Michael Hanselmann
           "  echo \"$GANETI_HOSTNAME\";"
310 cffbbae7 Michael Hanselmann
311 a9f33339 Petr Pudlak
    retval = self.Run(node, constants.SSH_LOGIN_USER, cmd,
312 a9f33339 Petr Pudlak
                      quiet=False, port=ssh_port)
313 a8083063 Iustin Pop
314 c92b310a Michael Hanselmann
    if retval.failed:
315 c92b310a Michael Hanselmann
      msg = "ssh problem"
316 c92b310a Michael Hanselmann
      output = retval.output
317 c92b310a Michael Hanselmann
      if output:
318 c92b310a Michael Hanselmann
        msg += ": %s" % output
319 a162cf5b Iustin Pop
320 a162cf5b Iustin Pop
        msg += ": %s (no output)" % retval.fail_reason
321 099c52ad Iustin Pop
      logging.error("Command %s failed: %s", retval.cmd, msg)
322 c92b310a Michael Hanselmann
      return False, msg
323 a8083063 Iustin Pop
324 c92b310a Michael Hanselmann
    remotehostname = retval.stdout.strip()
325 a8083063 Iustin Pop
326 c92b310a Michael Hanselmann
    if not remotehostname or remotehostname != node:
327 31821208 Iustin Pop
      if node.startswith(remotehostname + "."):
328 31821208 Iustin Pop
        msg = "hostname not FQDN"
329 31821208 Iustin Pop
330 2175e25d Manuel Franceschini
        msg = "hostname mismatch"
331 31821208 Iustin Pop
      return False, ("%s: expected %s but got %s" %
332 31821208 Iustin Pop
                     (msg, node, remotehostname))
333 a8083063 Iustin Pop
334 c92b310a Michael Hanselmann
    return True, "host matches"
335 75a5f456 Michael Hanselmann
336 75a5f456 Michael Hanselmann
337 7688d0d3 Michael Hanselmann
def WriteKnownHostsFile(cfg, file_name):
338 75a5f456 Michael Hanselmann
  """Writes the cluster-wide equally known_hosts file.
339 75a5f456 Michael Hanselmann

340 75a5f456 Michael Hanselmann
341 a9542a4f Thomas Thrainer
  data = ""
342 a9542a4f Thomas Thrainer
  if cfg.GetRsaHostKey():
343 a9542a4f Thomas Thrainer
    data += "%s ssh-rsa %s\n" % (cfg.GetClusterName(), cfg.GetRsaHostKey())
344 a9542a4f Thomas Thrainer
  if cfg.GetDsaHostKey():
345 a9542a4f Thomas Thrainer
    data += "%s ssh-dss %s\n" % (cfg.GetClusterName(), cfg.GetDsaHostKey())
346 a9542a4f Thomas Thrainer
347 a9542a4f Thomas Thrainer
  utils.WriteFile(file_name, mode=0600, data=data)