summaryrefslogtreecommitdiffstats
path: root/geo-replication/src/peer_georep-sshkey.py.in
blob: 58696e9a616f91b1790bbe4448e3cf9680a6ea4b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#!/usr/bin/python3
# -*- coding: utf-8 -*-
#
#  Copyright (c) 2016 Red Hat, Inc. <http://www.redhat.com>
#  This file is part of GlusterFS.
#
#  This file is licensed to you under your choice of the GNU Lesser
#  General Public License, version 3 or any later version (LGPLv3 or
#  later), or the GNU General Public License, version 2 (GPLv2), in all
#  cases as published by the Free Software Foundation.
#
"""
Usage:
    gluster-georep-sshkey generate
    or
    gluster-georep-sshkey generate --no-prefix

Generates two SSH keys(one for gsyncd access and other for tar) in all
peer nodes and collects the public keys to the local node where it is
initiated. Adds `command=` prefix to common_secret.pem.pub if `--no-prefix`
argument is not passed.
"""
import os
import glob

from gluster.cliutils import (node_output_ok, execute, execute_in_peers,
                              Cmd, runcli)
from prettytable import PrettyTable


SECRET_PEM = "@GLUSTERD_WORKDIR@/geo-replication/secret.pem"
TAR_SSH_PEM = "@GLUSTERD_WORKDIR@/geo-replication/tar_ssh.pem"
GSYNCD_CMD = 'command="@GLUSTERFS_LIBEXECDIR@/gsyncd" '
TAR_CMD = 'command="tar ${SSH_ORIGINAL_COMMAND#* }" '
COMMON_SECRET_FILE = "@GLUSTERD_WORKDIR@/geo-replication/common_secret.pem.pub"


class NodeGenCmd(Cmd):
    name = "node-generate"

    def args(self, parser):
        parser.add_argument("no_prefix")

    def run(self, args):
        # Regenerate if secret.pem.pub not exists
        if not os.path.exists(SECRET_PEM + ".pub"):
            # Cleanup old files
            for f in glob.glob(SECRET_PEM + "*"):
                os.remove(f)

            execute(["ssh-keygen", "-N", "", "-f", SECRET_PEM])

        # Regenerate if ssh_tar.pem.pub not exists
        if not os.path.exists(TAR_SSH_PEM + ".pub"):
            # Cleanup old files
            for f in glob.glob(TAR_SSH_PEM + "*"):
                os.remove(f)

            execute(["ssh-keygen", "-N", "", "-f", TAR_SSH_PEM])

        # Add required prefixes if prefix is not "container"
        prefix_secret_pem_pub = ""
        prefix_tar_ssh_pem_pub = ""
        if args.no_prefix != "no-prefix":
            prefix_secret_pem_pub = GSYNCD_CMD
            prefix_tar_ssh_pem_pub = TAR_CMD

        data = {"default_pub": "", "tar_pub": ""}
        with open(SECRET_PEM + ".pub") as f:
            data["default_pub"] = prefix_secret_pem_pub + f.read().strip()

        with open(TAR_SSH_PEM + ".pub") as f:
            data["tar_pub"] = prefix_tar_ssh_pem_pub + f.read().strip()

        node_output_ok(data)


def color_status(value):
    if value in ["UP", "OK"]:
        return "green"
    return "red"


class GenCmd(Cmd):
    name = "generate"

    def args(self, parser):
        parser.add_argument("--no-prefix", help="Do not use prefix in "
                            "generated pub keys", action="store_true")

    def run(self, args):
        prefix = "no-prefix" if args.no_prefix else "."
        out = execute_in_peers("node-generate", [prefix])

        common_secrets = []
        table = PrettyTable(["NODE", "NODE STATUS", "KEYGEN STATUS"])
        table.align["NODE STATUS"] = "r"
        table.align["KEYGEN STATUS"] = "r"
        for p in out:
            if p.ok:
                common_secrets.append(p.output["default_pub"])
                common_secrets.append(p.output["tar_pub"])

            table.add_row([p.hostname,
                           "UP" if p.node_up else "DOWN",
                           "OK" if p.ok else "NOT OK: {0}".format(
                               p.error)])

        with open(COMMON_SECRET_FILE, "w") as f:
            f.write("\n".join(common_secrets) + "\n")

        print (table)


if __name__ == "__main__":
    runcli()