Statistics
| Branch: | Tag: | Revision:

root / lib / ssh.py @ fc6ccde4

History | View | Annotate | Download (10.7 kB)

# Date Author Comment
651ce6a3 11/14/2013 05:40 pm Petr Pudlak

Use custom SSH ports for other operations

In particular copyfile and renew-crypto.

Signed-off-by: Petr Pudlak <>
Reviewed-by: Hrvoje Ribicic <>

a9f33339 11/14/2013 05:40 pm Petr Pudlak

Use custom SSH ports in node groups when working with nodes

Calling `gnt-instance console` with a custom SSH port doesn't work yet.

Signed-off-by: Petr Pudlak <>
Reviewed-by: Hrvoje Ribicic <>

b6368001 10/07/2013 07:25 pm Costas Drogos

Don't attemp ipv6 ssh in case of ipv4 cluster

In case of a cluster with primary-ip-version=4, there is no need
for cluster to try ipv6 ssh connections which may timeout.
So append '-4' on ssh if cluster is ipv4-only

Signed-off-by: Costas Drogos <>...

a9542a4f 08/07/2013 10:38 am Thomas Thrainer

Support DSA SSH keys in bootstrap

As outlined in issue 338, Ganeti failed to initialize a cluster if no
RSA SSH key is present on the master node. This patch extends Ganetis
support to DSA keys, so clusters with only DSA keys are possible now.

This fixes issue 338....

78062de9 10/26/2012 05:33 pm Michael Hanselmann

Make Paramiko an optional dependency for listrunner

With the move away from “setup-ssh”, Paramiko is no longer necessary to
configure SSH on nodes.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

5484cda5 10/26/2012 05:27 pm Michael Hanselmann

ssh: Add function to get all of user's SSH files

This new function returns the file paths for all of a user's SSH-related
files (RSA, DSA and authorized_keys).

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

7bd70e6b 10/26/2012 03:35 pm Michael Hanselmann

ssh.GetUserFiles: Parameter to disable directory check

Without this parameter, either an error would be raised or “.ssh” would
have to be created. Now it is possible to retrieve the paths without
requiring the “.ssh” directory to exist.

Signed-off-by: Michael Hanselmann <>...

d12b9f66 10/23/2012 06:32 pm Michael Hanselmann

Add initial implementation of prepare-node-join

This is a new tool as per the design document “design-ssh-setup”. It
receives a JSON data structure on its standard input and configures the
SSH daemon and root's SSH keys accordingly. Unit tests are included....

8a3c9e8a 10/23/2012 03:59 pm Michael Hanselmann

ssh.GetUserFiles: RSA support, unit tests

This patch changes “ssh.GetUserFiles” to support two different kinds of
SSH keys, RSA and DSA. Before it would always use DSA. Newly written
unit tests are included.

Signed-off-by: Michael Hanselmann <>...

052783ff 09/28/2012 03:14 pm Michael Hanselmann

Stop hardcoding root user

Some parts of the code still use a hardcoded user name: root. This patch
replaces all with a constant specified at build time. The end goal is to
make it possible to run a Ganeti cluster without any special privileges
(of course this will prevent some functionality from working)....

cffbbae7 09/25/2012 05:28 pm Michael Hanselmann

Implement virtual cluster support in Python code

- pathutils: Prepend node-specific prefix path
- RPC: Use virtual paths (see vcluster.py)
- SSH: Pass environment variables, use destination's node directory when
copying files using scp, use GANETI_HOSTNAME to determine hostname...

8fd1bfa9 09/18/2012 06:09 pm Michael Hanselmann

Migrate lib/ssh.py from constants to pathutils

File system paths moved from constants to pathutils.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

9dc45ab1 09/30/2011 01:10 pm Michael Hanselmann

ssh: Quote strings in error message

Signed-off-by: Michael Hanselmann <>
Reviewed-by: René Nussbaumer <>

ebcd61bb 03/31/2011 07:47 pm Iustin Pop

ssh.VerifyNodeHostname: remove the quiet flag

This is not needed for this function, and can interfere with debugging
of ssh failures.

Signed-off-by: Iustin Pop <>
Reviewed-by: Michael Hanselmann <>

a4ccecf6 01/11/2011 05:33 pm Michael Hanselmann

utils: Move process-related code into separate file

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

ae8419a2 09/07/2010 01:07 pm Michael Hanselmann

Merge branch 'devel-2.2'

  • devel-2.2:
    cli: Use list of options shared between commands
    jqueue: Use separate function for encoding errors
    Fix some epydoc warnings
    Fix breakage introduced by commit 8044bf655
    Remove “dry_run” from opcodes.OpCreateInstance...
697a3d61 09/03/2010 02:27 pm Manuel Franceschini

Fix some epydoc warnings

Signed-off-by: Manuel Franceschini <>
Reviewed-by: Michael Hanselmann <>

8062638d 08/25/2010 04:18 pm Manuel Franceschini

Fix scp command when target is an IPv6 address

Due to the syntax used for the target in scp <target>:<path>, it is
necessary when the target is an IPv6 address to enclose it in square
brackets.

Signed-off-by: Manuel Franceschini <>
Reviewed-by: Iustin Pop <>

c30421e0 08/25/2010 12:56 pm René Nussbaumer

Merge branch 'devel-2.2'

hansmi helped me with merging the conflict. Thanks

Conflicts:
lib/workerpool.py

Signed-off-by: René Nussbaumer <>
Reviewed-by: Iustin Pop <>

33993ab8 08/25/2010 12:02 pm René Nussbaumer

Adding a paramiko fingerprint format helper

And provide unittests for them

Signed-off-by: René Nussbaumer <>
Reviewed-by: Iustin Pop <>

8f9069e5 08/23/2010 01:39 pm Iustin Pop

Merge branch 'devel-2.2'

  • devel-2.2:
    setup-ssh: fix updating of authorized_keys
    setup-ssh: Also use keys from the ssh-agent
    setup-ssh: try to use key auth first
    setup-ssh: redo the logging levels
    setup-ssh: only read the ssh port once
    setup-ssh: fix the logging error message...
2175e25d 08/20/2010 01:03 pm Manuel Franceschini

Fix small spelling mistake

Signed-off-by: Manuel Franceschini <>
Reviewed-by: Iustin Pop <>

b43dcc5a 08/19/2010 12:44 pm Manuel Franceschini

Support IPv6 node add

Signed-off-by: Manuel Franceschini <>
Reviewed-by: Iustin Pop <>

898a6d45 08/10/2010 07:05 pm Michael Hanselmann

Adjust message in case ~/.ssh is no directory

Use actual path, not something hardcoded.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Guido Trotter <>

f724a702 05/10/2010 12:15 pm Balazs Lecz

Force ssh to allocate a tty

This is required to avoid the
"Pseudo-terminal will not be allocated because stdin is not a terminal."
ssh error message in case a Ganeti script is run non-interactively.

Signed-off-by: Balazs Lecz <>
Reviewed-by: Iustin Pop <>

5bae14d9 05/07/2010 02:34 pm Guido Trotter

ssh.GetUserFiles: move to EnsureDirs

We also create a generic SECURE_DIR_MODE constant, rather than
hardcoding 0700 in the code.

Signed-off-by: Guido Trotter <>
Reviewed-by: Balazs Lecz <>

2892a4c9 04/22/2010 02:32 pm Iustin Pop

ssh: make quiet configurable

Currently both CopyFileToNode and BuildCmd hardcode "-q" in the options.
This patch moves this setting as a configurable option to
_BuildSshOptions.

Signed-off-by: Iustin Pop <>
Reviewed-by: Michael Hanselmann <>

b427788e 04/22/2010 12:11 pm Iustin Pop

SSH: do not check IPs

Since we use the cluster name for the SSH known_hosts file, ssh will
always detect a changed IP (since we never connect to the cluster master
name, but the node names), and will complain about it/try to update the
user known hosts file (since that is /dev/null, it doesn't matter, but...

c4feafe8 03/08/2010 03:48 pm Iustin Pop

Switch from os.path.join to utils.PathJoin

This passes a full burnin with lots of instances, and should be safe as
we mostly to join a known root (various constants) to a run-time
variable.

Signed-off-by: Iustin Pop <>
Reviewed-by: Michael Hanselmann <>

4403ff8d 02/22/2010 05:56 pm René Nussbaumer

Make it possible to pass custom private key path to SshRunner.Run

Signed-off-by: René Nussbaumer <>
Signed-off-by: Michael Hanselmann <>
Reviewed-by: Michael Hanselmann <>

e66d9f1a 02/18/2010 12:27 pm Iustin Pop

Fix ssh host key checking with no-key-check

In case we add a node with “--no-ssh-key-check”, this should override
any default yes/ask values in the system-wide (or user) ssh key check.

Currently this only works in batch mode, whereas in non-batch we only...

8b2df5f6 12/16/2009 11:47 am Iustin Pop

Pass --fqdn to ssh hostname checks

The cluster verify checks for fqdn are done via address lookups, and
there we actually use the FQDN. However, for the ssh hostname check
which is done at node add time, we rely on the default of the “hostname”
command. And Debian for example recently changed the default to return...

099c52ad 11/03/2009 04:31 pm Iustin Pop

Another round of pylint-related style fixes

A newer version of pylint, more warnings…

Signed-off-by: Iustin Pop <>
Reviewed-by: Michael Hanselmann <>

31821208 09/25/2009 06:54 pm Iustin Pop

Fix the confusing ssh/hostname message in node add

Before, it used to say:

ssh/hostname verification failed node1.example.com -> hostname mismatch, got
node2

Now it says for wrong hostnames (maybe too verbose):

ssh/hostname verification failed (checking from node1.example.com): hostname...
5bbd3f7f 07/07/2009 03:51 pm Michael Hanselmann

Fix some typos

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

a162cf5b 02/03/2009 12:55 pm Iustin Pop

ssh: more details on failure

In case we fail without output from the ssh command, we should at least
add the exit code or any other failure reason to the error message, and
log it and the cmdline used to the node daemon log.

Reviewed-by: imsnah

a3f9f296 02/03/2009 12:45 pm Guido Trotter

Give a sane permission to the known_host file

Reviewed-by: iustinp

9c034cbe 12/14/2008 02:04 pm Iustin Pop

lib/ssh.py: import the logging module

This only means most of our error paths in this module were not working
(and generating exceptions).

Reviewed-by: amishchenko

bf75f132 12/14/2008 02:04 pm Iustin Pop

SshRunner: add docstring for _BuildSshOptions

Reviewed-by: amishchenko

c41eea6e 12/11/2008 07:13 pm Iustin Pop

Fix epydoc format warnings

This patch should fix all outstanding epydoc parsing errors; as such, we
switch epydoc into verbose mode so that any new errors will be visible.

Reviewed-by: imsnah

23828f1c 10/20/2008 03:50 pm Iustin Pop

Convert ssh.py to use the logging module

Reviewed-by: imsnah

56bece1f 10/06/2008 02:48 pm Iustin Pop

Change SshRunner usage

Currently the SshRunner uses a SimpleConfigReader instance, however this
is not best. We change it to use the cluster name directly (and its
constructor now takes this as parameter, instead of SCR), and its
callers are change to pass the name directly....

7688d0d3 10/01/2008 08:35 pm Michael Hanselmann

Convert ssh.py

Get rid of ssconf and convert to configuration instead.

Reviewed-by: iustinp

652d6694 08/15/2008 11:47 am Michael Hanselmann

SshRunner: Add parameter to always accept peer's SSH key

This will be used to add nodes without user interaction, specifically
in QA tests.

Reviewed-by: ultrotter

f6d9f4c3 08/15/2008 11:44 am Michael Hanselmann

Move SSH option building into a function

I'm going to add another option and it would make maintaining
them in constants even more complicated.

Reviewed-by: ultrotter

54ab6aec 08/15/2008 11:44 am Michael Hanselmann

SshRunner.Run: Pass all arguments to BuildCmd

This patch changes SshRunner.Run to pass all arguments to
SshRunner.BuildCmd. They had the same arguments before
and should stay that way. This change makes it easier
to add new or change existing arguments.
...

51144e33 08/13/2008 03:55 pm Michael Hanselmann

Fix adding pristine nodes

If a node hasn't been part of the cluster before being added it'll not
have the cluster's SSH key. This patch makes sure to accept those by
not aliasing the machine name to the cluster name.

Reviewed-by: ultrotter

1d544ba3 04/01/2008 07:52 pm Michael Hanselmann

Check whether path is valid before accessing it

Reviewed-by: ultrotter

fff33d70 03/18/2008 03:04 pm Michael Hanselmann

Use constants for “ssh” and “scp” binaries instead of magic values

Reviewed-by: ultrotter

1ff08570 03/18/2008 03:03 pm Michael Hanselmann

Use new cluster alias in known_hosts file

Reviewed-by: ultrotter

8f07f831 03/18/2008 03:03 pm Michael Hanselmann

Add “tty” parameter to SshRunner.BuildCmd

This allows callers to allocate a pseudo-TTY easily.

Reviewed-by: ultrotter

bf3d57b8 03/18/2008 03:03 pm Michael Hanselmann

Order SSH options alphabetically

Reviewed-by: ultrotter

c92b310a 03/18/2008 03:02 pm Michael Hanselmann

Move SSH functions into a class

This renames some functions and does some minor codestyle cleanup.

Reviewed-by: ultrotter

75a5f456 03/18/2008 03:02 pm Michael Hanselmann

Add function to write cluster SSH key to known_hosts file

The whole Ganeti cluster has a single SSH key. Its fingerprint is
written to Ganeti's known_hosts file, together with an alias. This
allows us to always use that alias instead of the real hostname,...

aa4260ca 10/19/2007 02:49 pm Iustin Pop

Some tiny style fixes

Reviewed-by: imsnah

70d9e3d8 10/16/2007 11:28 am Iustin Pop

Replace more ssh paths with proper constants

The node's ssh keys filenames are now provided as constants; this should
allow easier customization.

Also, the user's ssh key computing has been abstracted into ssh.py

Reviewed-by: imsnah

2f31098c 10/10/2007 01:00 pm Iustin Pop

Remove the shebang from modules

Since modules are not directly executables, remove the shebang from
them. This helps with lintian warnings.

Also make the autogenerated _autoconf.py contain two comment lines at
the beginning, like the other modules.

Reviewed-by: ultrotter

72f0f7fd 09/13/2007 02:31 pm Iustin Pop

Fix the ssh change which breaks remote ssh commands

Explanation: since we use lists and not a string, every argument we give
is passed unchanged to the remote shell. So, for example, passing
'/etc/init.d/ganeti restart' to the remote shell, it will try to run the...

00003458 09/07/2007 02:30 pm Guido Trotter

Make import/export use the auxiliary ssh library to build the remote commands.

This avoids forgetting some parameters, as it's happening right now
(the correct known host file is not being passed)

In order to do so we split SSHCall into an auxiliary BuildSSHCmd which builds...

82122173 08/24/2007 12:20 pm Iustin Pop

Rework ssh known-hosts handling.

This changes:
- cluster setup, we no longer edit /etc/ssh/ssh_known_hosts but our
own file
- node add, we no longer remove root's known_hosts (twice)
- gnt-instance console, both the LU and the script: since now the ssh...

3899870e 08/20/2007 04:27 pm Iustin Pop

Disable hashing of the ssh keys.

In case we use StrictHostKeyChecking=ask, also add HashKnownHosts=no so that
debugging is easier. The nodes to which we are connecting are anyway visible in
/etc/ssh/ssh_known_hosts.

3ecf6786 08/14/2007 06:17 pm Iustin Pop

Style changes for pep-8 and python-3000 compliance.

This changes the raising of exceptions from:
raise Exception, value
to
raise Exception(value)

as the first form will be removed in python-3000 and the second form is
preferred now.

The changes also involve a few cases of changing from raising standard...

098c0958 07/26/2007 02:40 pm Michael Hanselmann

Comment formatting updates.

Reviewed-by: iustinp

a8083063 07/16/2007 04:39 pm Iustin Pop

Initial commit.