[Pkg-ganeti-devel] [ganeti] 06/12: Fix SSH key renewal on single-node clusters

Apollon Oikonomopoulos apoikos at moszumanska.debian.org
Tue Jun 27 08:23:42 UTC 2017 

This is an automated email from the git hooks/post-receive script.

apoikos pushed a commit to branch master
in repository ganeti.

commit d3f7ba914ac14d9575571f818745005e891346b2
Author: Apollon Oikonomopoulos <apoikos at debian.org>
Date:   Wed May 24 17:16:36 2017 +0300

    Fix SSH key renewal on single-node clusters
    
    Make gnt-cluster renew-crypto --new-ssh-keys work on single-node
    clusters.
---
 ...x-ssh-key-renewal-on-single-node-clusters.patch | 49 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 50 insertions(+)

diff --git a/debian/patches/fix-ssh-key-renewal-on-single-node-clusters.patch b/debian/patches/fix-ssh-key-renewal-on-single-node-clusters.patch
new file mode 100644
index 0000000..a4ee1f4
--- /dev/null
+++ b/debian/patches/fix-ssh-key-renewal-on-single-node-clusters.patch
@@ -0,0 +1,49 @@
+From be5be52a0af2e887889cd7bdeb76d4ab1529b137 Mon Sep 17 00:00:00 2001
+From: Apollon Oikonomopoulos <apoikos at debian.org>
+Date: Wed, 24 May 2017 16:15:54 +0300
+Subject: [PATCH 1/2] backend: make SSH key renewal work on single-node
+ clusters
+
+Currently gnt-cluster renew-crypt will unconditionally call
+AddNodeSshKeyBulk() to replace non-master node keys, regardless of
+whether there are non-master nodes or not. OTOH, AddNodeSshKeyBulk()
+expects that at least one operation should be perfomed and dies with an
+assertion error otherwise. Thus, on single node clusters, where there is
+only a single master node, gnt-cluster renew-crypto --new-ssh-keys will
+always fail.
+
+Fix this by calling AddNodeSshKeyBulk only if node_keys_to_add is not
+empty.
+---
+ lib/backend.py | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/lib/backend.py b/lib/backend.py
+index 9b363d297..89e93e010 100644
+--- a/lib/backend.py
++++ b/lib/backend.py
+@@ -2100,13 +2100,14 @@ def RenewSshKeys(node_uuids, node_names, master_candidate_uuids,
+                                get_public_keys=True)
+     node_keys_to_add.append(node_info)
+ 
+-  node_errors = AddNodeSshKeyBulk(
+-      node_keys_to_add, potential_master_candidates,
+-      pub_key_file=ganeti_pub_keys_file, ssconf_store=ssconf_store,
+-      noded_cert_file=noded_cert_file,
+-      run_cmd_fn=run_cmd_fn)
+-  if node_errors:
+-    all_node_errors = all_node_errors + node_errors
++  if node_keys_to_add:
++    node_errors = AddNodeSshKeyBulk(
++        node_keys_to_add, potential_master_candidates,
++        pub_key_file=ganeti_pub_keys_file, ssconf_store=ssconf_store,
++        noded_cert_file=noded_cert_file,
++        run_cmd_fn=run_cmd_fn)
++    if node_errors:
++      all_node_errors = all_node_errors + node_errors
+ 
+   # Renewing the master node's key
+ 
+-- 
+2.11.0
+
diff --git a/debian/patches/series b/debian/patches/series
index 3b48ee9..9e0e585 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ use-proper-cabal-dev.patch
 ghc8-fixes
 snap-server-1.0-compat
 non-DSA-SSH-key-support.patch
+fix-ssh-key-renewal-on-single-node-clusters.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ganeti/ganeti.git

More information about the Pkg-ganeti-devel mailing list