diff options
| author | Kotresh HR <khiremat@redhat.com> | 2015-01-16 14:32:09 +0530 |
|---|---|---|
| committer | Venky Shankar <vshankar@redhat.com> | 2015-01-21 22:58:41 -0800 |
| commit | f3ad194918dbbf00dcc9aebb226728294161ed7a (patch) | |
| tree | b7bb5ec817d849818108cd95893f22b8cc4bdb06 /geo-replication | |
| parent | 27f2b8839e4d3ebe9ccbde071864b3e8016a3c4d (diff) | |
geo-rep: Handle copying of common_secret.pem.pub to slave correctly.
Current Behaviour:
1. Geo-replication gsec_create creates common_secret.pem.pub file
containing public keys of the all the nodes of master cluster
in the location /var/lib/glusterd/
2. Geo-replication create push-pem copies the common_secret.pem.pub
to the same location on all the slave nodes with same name.
Problem:
Wrong public keys might get copied on to slave nodes in multiple
geo-replication sessions simultaneosly.
E.g.
A geo-rep session is established between Node1(vol1:Master) to
Node2 (vol2:Slave). And one more geo-rep session where
Node2 (vol3) becomes master to Node3 (vol4) as below.
Session1: Node1 (vol1) ---> Node2 (vol2)
Session2: Node2 (vol3) ---> Node3 (vol4)
If steps followed to create both geo-replication session is as
follows, wrong public keys are copied on to Node3 from Node2.
1. gsec_create is done on Node1 (vol1) -Session1
2. gsec_create is done on Node2 (vol3) -Session2
3. create push-pem is done Node1 - Session1.
-This overwrites common_secret.pem.pub in Node2
created by gsec_create in second step.
4. create push-pem on Node2 (vol3) copies overwrited
common_secret.pem.pub keys to Node3. -Session2
Consequence:
Session2 fails to start with Permission denied because of wrong
public keys
Solution:
On geo-rep create push-pem, don't copy common_secret.pem.pub
file with same name on to all slave nodes. Prefix master and
slave volume names to the filename.
NOTE: This brings change in manual steps to be followed to setup
non-root geo-replication (mountbroker). To copy ssh public
keys, extra two arguments needs to be followed.
set_geo_rep_pem_keys.sh <mountbroker_user> <master vol name> \
<slave vol name>
Path to set_geo_rep_pem_keys.sh:
Source Installation:
/usr/local/libexec/glusterfs/set_geo_rep_pem_keys.sh
Rpm Installatino:
/usr/libexec/glusterfs/set_geo_rep_pem_keys.sh
Change-Id: If38cd4e6f58d674d5fe2d93da15803c73b660c33
BUG: 1183229
Signed-off-by: Kotresh HR <khiremat@redhat.com>
Reviewed-on: http://review.gluster.org/9460
Reviewed-by: Aravinda VK <avishwan@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Venky Shankar <vshankar@redhat.com>
Diffstat (limited to 'geo-replication')
| -rw-r--r-- | geo-replication/src/peer_add_secret_pub.in | 24 | ||||
| -rwxr-xr-x | geo-replication/src/set_geo_rep_pem_keys.sh | 23 |
2 files changed, 35 insertions, 12 deletions
diff --git a/geo-replication/src/peer_add_secret_pub.in b/geo-replication/src/peer_add_secret_pub.in index 97011f204d2..5a9fd9ac347 100644 --- a/geo-replication/src/peer_add_secret_pub.in +++ b/geo-replication/src/peer_add_secret_pub.in @@ -1,18 +1,26 @@ #!/bin/bash -if [ "$1" == "" ]; then - user="root" - home_dir=`getent passwd root | cut -d ':' -f 6`; -else - user=$1 - home_dir=`getent passwd $1 | cut -d ':' -f 6`; -fi +user=$1 +mastervol=$2 +slavevol=$3 if [ "$user" == "" ]; then echo "Invalid User"; exit 1; fi +if [ "$mastervol" == "" ]; then + echo "Invalid master volume"; + exit 1; +fi + +if [ "$slavevol" == "" ]; then + echo "Invalid slave volume"; + exit 1; +fi + +home_dir=`getent passwd $user | cut -d ':' -f 6`; + if [ "$home_dir" == "" ]; then echo "Invalid home dir"; exit 1; @@ -30,4 +38,4 @@ if [ ! -d $home_dir/.ssh/authorized_keys ]; then chown $user: $home_dir/.ssh/authorized_keys; fi -cat "$GLUSTERD_WORKDIR"/geo-replication/common_secret.pem.pub >> $home_dir/.ssh/authorized_keys; +cat "$GLUSTERD_WORKDIR"/geo-replication/${mastervol}_${slavevol}_common_secret.pem.pub >> $home_dir/.ssh/authorized_keys; diff --git a/geo-replication/src/set_geo_rep_pem_keys.sh b/geo-replication/src/set_geo_rep_pem_keys.sh index 7b825693fad..c7cbdf36e4b 100755 --- a/geo-replication/src/set_geo_rep_pem_keys.sh +++ b/geo-replication/src/set_geo_rep_pem_keys.sh @@ -10,11 +10,26 @@ function main() { user=$1 + master_vol=$2 + slave_vol=$3 + if [ "$user" == "" ]; then echo "Please enter the user's name" exit 1; fi + if [ "$master_vol" == "" ]; then + echo "Invalid master volume name" + exit 1; + fi + + if [ "$slave_vol" == "" ]; then + echo "Invalid slave volume name" + exit 1; + fi + + COMMON_SECRET_PEM_PUB=${master_vol}_${slave_vol}_common_secret.pem.pub + if [ "$user" == "root" ]; then echo "This script is not needed for root" exit 1; @@ -27,10 +42,10 @@ function main() exit 1; fi - if [ -f $home_dir/common_secret.pem.pub ]; then - cp $home_dir/common_secret.pem.pub ${GLUSTERD_WORKDIR}/geo-replication/ - gluster system:: copy file /geo-replication/common_secret.pem.pub - gluster system:: execute add_secret_pub $user + if [ -f $home_dir/${COMMON_SECRET_PEM_PUB} ]; then + cp $home_dir/${COMMON_SECRET_PEM_PUB} ${GLUSTERD_WORKDIR}/geo-replication/ + gluster system:: copy file /geo-replication/${COMMON_SECRET_PEM_PUB} + gluster system:: execute add_secret_pub $user ${master_vol} ${slave_vol} else echo "$home_dir/common_secret.pem.pub not present. Please run geo-replication command on master with push-pem option to generate the file" exit 1; |