[Pkg-ganeti-devel] [ganeti] 06/12: Fix SSH key renewal on single-node clusters
Apollon Oikonomopoulos
apoikos at moszumanska.debian.org
Tue Jun 27 08:23:42 UTC 2017
This is an automated email from the git hooks/post-receive script.
apoikos pushed a commit to branch master
in repository ganeti.
commit d3f7ba914ac14d9575571f818745005e891346b2
Author: Apollon Oikonomopoulos <apoikos at debian.org>
Date: Wed May 24 17:16:36 2017 +0300
Fix SSH key renewal on single-node clusters
Make gnt-cluster renew-crypto --new-ssh-keys work on single-node
clusters.
---
...x-ssh-key-renewal-on-single-node-clusters.patch | 49 ++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 50 insertions(+)
diff --git a/debian/patches/fix-ssh-key-renewal-on-single-node-clusters.patch b/debian/patches/fix-ssh-key-renewal-on-single-node-clusters.patch
new file mode 100644
index 0000000..a4ee1f4
--- /dev/null
+++ b/debian/patches/fix-ssh-key-renewal-on-single-node-clusters.patch
@@ -0,0 +1,49 @@
+From be5be52a0af2e887889cd7bdeb76d4ab1529b137 Mon Sep 17 00:00:00 2001
+From: Apollon Oikonomopoulos <apoikos at debian.org>
+Date: Wed, 24 May 2017 16:15:54 +0300
+Subject: [PATCH 1/2] backend: make SSH key renewal work on single-node
+ clusters
+
+Currently gnt-cluster renew-crypt will unconditionally call
+AddNodeSshKeyBulk() to replace non-master node keys, regardless of
+whether there are non-master nodes or not. OTOH, AddNodeSshKeyBulk()
+expects that at least one operation should be perfomed and dies with an
+assertion error otherwise. Thus, on single node clusters, where there is
+only a single master node, gnt-cluster renew-crypto --new-ssh-keys will
+always fail.
+
+Fix this by calling AddNodeSshKeyBulk only if node_keys_to_add is not
+empty.
+---
+ lib/backend.py | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/lib/backend.py b/lib/backend.py
+index 9b363d297..89e93e010 100644
+--- a/lib/backend.py
++++ b/lib/backend.py
+@@ -2100,13 +2100,14 @@ def RenewSshKeys(node_uuids, node_names, master_candidate_uuids,
+ get_public_keys=True)
+ node_keys_to_add.append(node_info)
+
+- node_errors = AddNodeSshKeyBulk(
+- node_keys_to_add, potential_master_candidates,
+- pub_key_file=ganeti_pub_keys_file, ssconf_store=ssconf_store,
+- noded_cert_file=noded_cert_file,
+- run_cmd_fn=run_cmd_fn)
+- if node_errors:
+- all_node_errors = all_node_errors + node_errors
++ if node_keys_to_add:
++ node_errors = AddNodeSshKeyBulk(
++ node_keys_to_add, potential_master_candidates,
++ pub_key_file=ganeti_pub_keys_file, ssconf_store=ssconf_store,
++ noded_cert_file=noded_cert_file,
++ run_cmd_fn=run_cmd_fn)
++ if node_errors:
++ all_node_errors = all_node_errors + node_errors
+
+ # Renewing the master node's key
+
+--
+2.11.0
+
diff --git a/debian/patches/series b/debian/patches/series
index 3b48ee9..9e0e585 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ use-proper-cabal-dev.patch
ghc8-fixes
snap-server-1.0-compat
non-DSA-SSH-key-support.patch
+fix-ssh-key-renewal-on-single-node-clusters.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ganeti/ganeti.git
More information about the Pkg-ganeti-devel
mailing list