From 5cb5d7029216ce71b19fd798a86ef4c384262ba9 Mon Sep 17 00:00:00 2001
From: Aravinda VK <avishwan@redhat.com>
Date: Tue, 7 Apr 2015 15:05:09 +0530
Subject: tools/glusterfind: Prevent ssh public key overwrite issue

Same ssh key was used for all the sessions, when multiple
sessions created in Cluster, public keys get overwritten by
newest sessions. Moved ssh keys to respective session dir.

BUG: 1206547
Change-Id: I3d8fac9b24bc7c71445c7b4deae83104693e7dab
Signed-off-by: Aravinda VK <avishwan@redhat.com>
Reviewed-on: http://review.gluster.org/10150
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kotresh HR <khiremat@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Venky Shankar <vshankar@redhat.com>
---
 tools/glusterfind/Makefile.am      |  3 +++
 tools/glusterfind/src/main.py      | 49 ++++++++++++++++++++++++++++----------
 tools/glusterfind/src/tool.conf.in |  1 -
 3 files changed, 40 insertions(+), 13 deletions(-)

(limited to 'tools')

diff --git a/tools/glusterfind/Makefile.am b/tools/glusterfind/Makefile.am
index c99a3ddcb37..872fff12047 100644
--- a/tools/glusterfind/Makefile.am
+++ b/tools/glusterfind/Makefile.am
@@ -5,3 +5,6 @@ EXTRA_DIST =
 bin_SCRIPTS = glusterfind
 
 CLEANFILES = $(bin_SCRIPTS)
+
+install-data-local:
+	$(mkdir_p) $(DESTDIR)$(GLUSTERD_WORKDIR)/glusterfind/.keys
diff --git a/tools/glusterfind/src/main.py b/tools/glusterfind/src/main.py
index 17043dca213..96d3d8d5f33 100644
--- a/tools/glusterfind/src/main.py
+++ b/tools/glusterfind/src/main.py
@@ -39,6 +39,13 @@ class StoreAbsPath(Action):
         setattr(namespace, self.dest, os.path.abspath(values))
 
 
+def get_pem_key_path(session, volume):
+    return os.path.join(conf.get_opt("session_dir"),
+                        session,
+                        volume,
+                        "%s_%s_secret.pem" % (session, volume))
+
+
 def node_run(volume, host, path, start, outfile, args, fallback=False):
     """
     If host is local node, execute the command locally. If not local
@@ -46,6 +53,7 @@ def node_run(volume, host, path, start, outfile, args, fallback=False):
     remote node using scp.
     """
     localdir = is_host_local(host)
+    pem_key_path = get_pem_key_path(args.session, args.volume)
 
     # If Full backup is requested or start time is zero, use brickfind
     change_detector = conf.get_change_detector(args.change_detector)
@@ -69,7 +77,7 @@ def node_run(volume, host, path, start, outfile, args, fallback=False):
     if not localdir:
         # prefix with ssh command if not local node
         cmd = ["ssh",
-               "-i", conf.get_opt("secret_pem"),
+               "-i", pem_key_path,
                "root@%s" % host] + cmd
 
     rc, out, err = execute(cmd, logger=logger)
@@ -83,7 +91,7 @@ def node_run(volume, host, path, start, outfile, args, fallback=False):
 
     if not localdir:
         cmd_copy = ["scp",
-                    "-i", conf.get_opt("secret_pem"),
+                    "-i", pem_key_path,
                     "root@%s:/%s" % (host, outfile),
                     os.path.dirname(outfile)]
         execute(cmd_copy, exit_msg="%s - Copy command failed" % host,
@@ -93,6 +101,8 @@ def node_run(volume, host, path, start, outfile, args, fallback=False):
 def node_cleanup(host, args):
     localdir = is_host_local(host)
 
+    pem_key_path = get_pem_key_path(args.session, args.volume)
+
     # CHANGE_DETECTOR <SESSION> <VOLUME> <BRICK> <OUTFILE> <START> --debug
     # --gfidpath <TYPE>
     cmd = [conf.get_opt("nodecleanup"),
@@ -102,7 +112,7 @@ def node_cleanup(host, args):
     if not localdir:
         # prefix with ssh command if not local node
         cmd = ["ssh",
-               "-i", conf.get_opt("secret_pem"),
+               "-i", pem_key_path,
                "root@%s" % host] + cmd
 
     execute(cmd, exit_msg="%s - Cleanup failed" % host, logger=logger)
@@ -264,27 +274,41 @@ def _get_args():
     return parser.parse_args()
 
 
-def ssh_setup():
-    if not os.path.exists(conf.get_opt("secret_pem")):
+def ssh_setup(args):
+    pem_key_path = get_pem_key_path(args.session, args.volume)
+
+    if not os.path.exists(pem_key_path):
         # Generate ssh-key
         cmd = ["ssh-keygen",
                "-N",
                "",
                "-f",
-               conf.get_opt("secret_pem")]
+               pem_key_path]
         execute(cmd,
                 exit_msg="Unable to generate ssh key %s"
-                % conf.get_opt("secret_pem"),
+                % pem_key_path,
                 logger=logger)
 
-        logger.info("Ssh key generated %s" % conf.get_opt("secret_pem"))
+        logger.info("Ssh key generated %s" % pem_key_path)
+
+    try:
+        shutil.copyfile(pem_key_path + ".pub",
+                        os.path.join(conf.get_opt("session_dir"),
+                                     ".keys",
+                                     "%s_%s_secret.pem.pub" % (args.session,
+                                                               args.volume)))
+    except (IOError, OSError) as e:
+        fail("Failed to copy public key to %s: %s"
+             % (os.path.join(conf.get_opt("session_dir"), ".keys"), e),
+             logger=logger)
 
     # Copy pub file to all nodes
     cmd = ["gluster",
            "system::",
            "copy",
            "file",
-           "/" + os.path.basename(conf.get_opt("secret_pem")) + ".pub"]
+           "/glusterfind/.keys/%s.pub" % os.path.basename(pem_key_path)]
+
     execute(cmd, exit_msg="Failed to distribute ssh keys", logger=logger)
 
     logger.info("Distributed ssh key to all nodes of Volume")
@@ -295,7 +319,7 @@ def ssh_setup():
            "execute",
            "add_secret_pub",
            "root",
-           os.path.basename(conf.get_opt("secret_pem")) + ".pub"]
+           "/glusterfind/.keys/%s.pub" % os.path.basename(pem_key_path)]
     execute(cmd,
             exit_msg="Failed to add ssh keys to authorized_keys file",
             logger=logger)
@@ -320,7 +344,7 @@ def mode_create(session_dir, args):
         fail("Session %s already created" % args.session, logger=logger)
 
     if not os.path.exists(status_file) or args.force:
-        ssh_setup()
+        ssh_setup(args)
 
         execute(["gluster", "volume", "set",
                  args.volume, "build-pgfid", "on"],
@@ -419,7 +443,8 @@ def mode_list(session_dir, args):
     else:
         sessions = []
         for d in os.listdir(session_dir):
-            sessions.append(d)
+            if d != ".keys":
+                sessions.append(d)
 
     output = []
     for session in sessions:
diff --git a/tools/glusterfind/src/tool.conf.in b/tools/glusterfind/src/tool.conf.in
index 48ecdda06cc..54230cb4dca 100644
--- a/tools/glusterfind/src/tool.conf.in
+++ b/tools/glusterfind/src/tool.conf.in
@@ -1,6 +1,5 @@
 [vars]
 session_dir=@GLUSTERD_WORKDIR@/glusterfind/
-secret_pem=@GLUSTERD_WORKDIR@/glusterfind.secret.pem
 working_dir=@GLUSTERFSD_MISCDIR@/glusterfind/
 log_dir=/var/log/glusterfs/glusterfind/
 nodecleanup=@GLUSTERFS_LIBEXECDIR@/glusterfind/nodecleanup.py
-- 
cgit