[Pkg-ganeti-devel] [ganeti] 143/165: Redistribute master key on downgrade
Apollon Oikonomopoulos
apoikos at moszumanska.debian.org
Tue Aug 11 13:53:22 UTC 2015
This is an automated email from the git hooks/post-receive script.
apoikos pushed a commit to branch master
in repository ganeti.
commit 930cbbddcc5d46e4864388b939609dc60e2ba4fe
Author: Helga Velroyen <helgav at google.com>
Date: Fri Jul 17 15:03:43 2015 +0200
Redistribute master key on downgrade
When downgrading from 2.13 to 2.12, the SSH key pair of
each node needs to be replaced by the master's SSH key
pair. If that is not done, any node added after the
downgrade will not be reachable if the master is failed
over to one of the original non-master nodes.
This patch fixes Issue 1008. However, what is not cleaned
up is the nodes' authorized_keys file. This will need
significantly more effort, but this patch at least fixes
the user-impacting issue.
Signed-off-by: Helga Velroyen <helgav at google.com>
Reviewed-by: Klaus Aehlig <aehlig at google.com>
---
lib/client/gnt_cluster.py | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/lib/client/gnt_cluster.py b/lib/client/gnt_cluster.py
index 6165dce..7304aab 100644
--- a/lib/client/gnt_cluster.py
+++ b/lib/client/gnt_cluster.py
@@ -2181,6 +2181,42 @@ def _VersionSpecificDowngrade():
"""
ToStdout("Performing version-specific downgrade tasks.")
+ # Determine if this cluster is set up with SSH handling
+ # (aka not using --no-ssh-init), check if the public
+ # keyfile exists.
+ update_keys = os.path.exists(pathutils.SSH_PUB_KEYS)
+
+ if not update_keys:
+ return True
+
+ ToStdout("Replace nodes' SSH keys with the master's keys.")
+ (_, root_keyfiles) = \
+ ssh.GetAllUserFiles(constants.SSH_LOGIN_USER, mkdir=False, dircheck=False)
+
+ dsa_root_keyfiles = dict((kind, value) for (kind, value)
+ in root_keyfiles.items()
+ if kind == constants.SSHK_DSA)
+ master_private_keyfile, master_public_keyfile = \
+ dsa_root_keyfiles[constants.SSHK_DSA]
+
+ nodes = ssconf.SimpleStore().GetOnlineNodeList()
+ master_node = ssconf.SimpleStore().GetMasterNode()
+ cluster_name = ssconf.SimpleStore().GetClusterName()
+
+ # If master node is in 'nodes', remove it
+ if master_node in nodes:
+ nodes.remove(master_node)
+
+ srun = ssh.SshRunner(cluster_name=cluster_name)
+ for name in nodes:
+ for key_file in [master_private_keyfile, master_public_keyfile]:
+ command = utils.text.ShellQuoteArgs([
+ "scp", key_file, "%s:%s" % (name, key_file)])
+ result = srun.Run(master_node, constants.SSH_LOGIN_USER, command)
+ if result.exit_code != 0:
+ ToStderr("Overiding SSH key '%s' of node '%s' failed. You might"
+ " want to clean up manually." % (key_file, name))
+
return True
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ganeti/ganeti.git
More information about the Pkg-ganeti-devel
mailing list