summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAravinda VK <avishwan@redhat.com>2015-04-07 15:05:09 +0530
committerVenky Shankar <vshankar@redhat.com>2015-04-13 08:56:30 +0000
commit5cb5d7029216ce71b19fd798a86ef4c384262ba9 (patch)
treea8687c50ee1d33b0bc229b89f73efb980fd3815a
parenta2deb5ffb7aba02fe50ef38d9ead84debc3411cb (diff)
tools/glusterfind: Prevent ssh public key overwrite issue
Same ssh key was used for all the sessions, when multiple sessions created in Cluster, public keys get overwritten by newest sessions. Moved ssh keys to respective session dir. BUG: 1206547 Change-Id: I3d8fac9b24bc7c71445c7b4deae83104693e7dab Signed-off-by: Aravinda VK <avishwan@redhat.com> Reviewed-on: http://review.gluster.org/10150 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kotresh HR <khiremat@redhat.com> Reviewed-by: Venky Shankar <vshankar@redhat.com> Tested-by: Venky Shankar <vshankar@redhat.com>
-rw-r--r--tools/glusterfind/Makefile.am3
-rw-r--r--tools/glusterfind/src/main.py49
-rw-r--r--tools/glusterfind/src/tool.conf.in1
3 files changed, 40 insertions, 13 deletions
diff --git a/tools/glusterfind/Makefile.am b/tools/glusterfind/Makefile.am
index c99a3ddcb37..872fff12047 100644
--- a/tools/glusterfind/Makefile.am
+++ b/tools/glusterfind/Makefile.am
@@ -5,3 +5,6 @@ EXTRA_DIST =
bin_SCRIPTS = glusterfind
CLEANFILES = $(bin_SCRIPTS)
+
+install-data-local:
+ $(mkdir_p) $(DESTDIR)$(GLUSTERD_WORKDIR)/glusterfind/.keys
diff --git a/tools/glusterfind/src/main.py b/tools/glusterfind/src/main.py
index 17043dca213..96d3d8d5f33 100644
--- a/tools/glusterfind/src/main.py
+++ b/tools/glusterfind/src/main.py
@@ -39,6 +39,13 @@ class StoreAbsPath(Action):
setattr(namespace, self.dest, os.path.abspath(values))
+def get_pem_key_path(session, volume):
+ return os.path.join(conf.get_opt("session_dir"),
+ session,
+ volume,
+ "%s_%s_secret.pem" % (session, volume))
+
+
def node_run(volume, host, path, start, outfile, args, fallback=False):
"""
If host is local node, execute the command locally. If not local
@@ -46,6 +53,7 @@ def node_run(volume, host, path, start, outfile, args, fallback=False):
remote node using scp.
"""
localdir = is_host_local(host)
+ pem_key_path = get_pem_key_path(args.session, args.volume)
# If Full backup is requested or start time is zero, use brickfind
change_detector = conf.get_change_detector(args.change_detector)
@@ -69,7 +77,7 @@ def node_run(volume, host, path, start, outfile, args, fallback=False):
if not localdir:
# prefix with ssh command if not local node
cmd = ["ssh",
- "-i", conf.get_opt("secret_pem"),
+ "-i", pem_key_path,
"root@%s" % host] + cmd
rc, out, err = execute(cmd, logger=logger)
@@ -83,7 +91,7 @@ def node_run(volume, host, path, start, outfile, args, fallback=False):
if not localdir:
cmd_copy = ["scp",
- "-i", conf.get_opt("secret_pem"),
+ "-i", pem_key_path,
"root@%s:/%s" % (host, outfile),
os.path.dirname(outfile)]
execute(cmd_copy, exit_msg="%s - Copy command failed" % host,
@@ -93,6 +101,8 @@ def node_run(volume, host, path, start, outfile, args, fallback=False):
def node_cleanup(host, args):
localdir = is_host_local(host)
+ pem_key_path = get_pem_key_path(args.session, args.volume)
+
# CHANGE_DETECTOR <SESSION> <VOLUME> <BRICK> <OUTFILE> <START> --debug
# --gfidpath <TYPE>
cmd = [conf.get_opt("nodecleanup"),
@@ -102,7 +112,7 @@ def node_cleanup(host, args):
if not localdir:
# prefix with ssh command if not local node
cmd = ["ssh",
- "-i", conf.get_opt("secret_pem"),
+ "-i", pem_key_path,
"root@%s" % host] + cmd
execute(cmd, exit_msg="%s - Cleanup failed" % host, logger=logger)
@@ -264,27 +274,41 @@ def _get_args():
return parser.parse_args()
-def ssh_setup():
- if not os.path.exists(conf.get_opt("secret_pem")):
+def ssh_setup(args):
+ pem_key_path = get_pem_key_path(args.session, args.volume)
+
+ if not os.path.exists(pem_key_path):
# Generate ssh-key
cmd = ["ssh-keygen",
"-N",
"",
"-f",
- conf.get_opt("secret_pem")]
+ pem_key_path]
execute(cmd,
exit_msg="Unable to generate ssh key %s"
- % conf.get_opt("secret_pem"),
+ % pem_key_path,
logger=logger)
- logger.info("Ssh key generated %s" % conf.get_opt("secret_pem"))
+ logger.info("Ssh key generated %s" % pem_key_path)
+
+ try:
+ shutil.copyfile(pem_key_path + ".pub",
+ os.path.join(conf.get_opt("session_dir"),
+ ".keys",
+ "%s_%s_secret.pem.pub" % (args.session,
+ args.volume)))
+ except (IOError, OSError) as e:
+ fail("Failed to copy public key to %s: %s"
+ % (os.path.join(conf.get_opt("session_dir"), ".keys"), e),
+ logger=logger)
# Copy pub file to all nodes
cmd = ["gluster",
"system::",
"copy",
"file",
- "/" + os.path.basename(conf.get_opt("secret_pem")) + ".pub"]
+ "/glusterfind/.keys/%s.pub" % os.path.basename(pem_key_path)]
+
execute(cmd, exit_msg="Failed to distribute ssh keys", logger=logger)
logger.info("Distributed ssh key to all nodes of Volume")
@@ -295,7 +319,7 @@ def ssh_setup():
"execute",
"add_secret_pub",
"root",
- os.path.basename(conf.get_opt("secret_pem")) + ".pub"]
+ "/glusterfind/.keys/%s.pub" % os.path.basename(pem_key_path)]
execute(cmd,
exit_msg="Failed to add ssh keys to authorized_keys file",
logger=logger)
@@ -320,7 +344,7 @@ def mode_create(session_dir, args):
fail("Session %s already created" % args.session, logger=logger)
if not os.path.exists(status_file) or args.force:
- ssh_setup()
+ ssh_setup(args)
execute(["gluster", "volume", "set",
args.volume, "build-pgfid", "on"],
@@ -419,7 +443,8 @@ def mode_list(session_dir, args):
else:
sessions = []
for d in os.listdir(session_dir):
- sessions.append(d)
+ if d != ".keys":
+ sessions.append(d)
output = []
for session in sessions:
diff --git a/tools/glusterfind/src/tool.conf.in b/tools/glusterfind/src/tool.conf.in
index 48ecdda06cc..54230cb4dca 100644
--- a/tools/glusterfind/src/tool.conf.in
+++ b/tools/glusterfind/src/tool.conf.in
@@ -1,6 +1,5 @@
[vars]
session_dir=@GLUSTERD_WORKDIR@/glusterfind/
-secret_pem=@GLUSTERD_WORKDIR@/glusterfind.secret.pem
working_dir=@GLUSTERFSD_MISCDIR@/glusterfind/
log_dir=/var/log/glusterfs/glusterfind/
nodecleanup=@GLUSTERFS_LIBEXECDIR@/glusterfind/nodecleanup.py