def UpdateSshRoot(data, dry_run, _homedir_fn=None): """Updates root's SSH keys. Root's C{authorized_keys} file is also updated with new public keys. @type data: dict @param data: Input data @type dry_run: boolean @param dry_run: Whether to perform a dry run """ authorized_keys = data.get(constants.SSHS_SSH_AUTHORIZED_KEYS) (auth_keys_file, _) = \ ssh.GetAllUserFiles(constants.SSH_LOGIN_USER, mkdir=True, _homedir_fn=_homedir_fn) if dry_run: logging.info("This is a dry run, not replacing the SSH keys.") else: ssh_key_type = data.get(constants.SSHS_SSH_KEY_TYPE) ssh_key_bits = data.get(constants.SSHS_SSH_KEY_BITS) common.GenerateRootSshKeys(ssh_key_type, ssh_key_bits, error_fn=JoinError, _homedir_fn=_homedir_fn) if authorized_keys: if dry_run: logging.info("This is a dry run, not modifying %s", auth_keys_file) else: all_authorized_keys = [] for keys in authorized_keys.values(): all_authorized_keys += keys ssh.AddAuthorizedKeys(auth_keys_file, all_authorized_keys)
def _SetupSSH(options, cluster_name, node, ssh_port, cl): """Configures a destination node's SSH daemon. @param options: Command line options @type cluster_name @param cluster_name: Cluster name @type node: string @param node: Destination node name @type ssh_port: int @param ssh_port: Destination node ssh port @param cl: luxi client """ # Retrieve the list of master and master candidates candidate_filter = ["|", ["=", "role", "M"], ["=", "role", "C"]] result = cl.Query(constants.QR_NODE, ["uuid"], candidate_filter) if len(result.data) < 1: raise errors.OpPrereqError("No master or master candidate node is found.") candidates = [uuid for ((_, uuid),) in result.data] candidate_keys = ssh.QueryPubKeyFile(candidates) if options.force_join: ToStderr("The \"--force-join\" option is no longer supported and will be" " ignored.") host_keys = _ReadSshKeys(constants.SSH_DAEMON_KEYFILES) (_, root_keyfiles) = \ ssh.GetAllUserFiles(constants.SSH_LOGIN_USER, mkdir=False, dircheck=False) dsa_root_keyfiles = dict((kind, value) for (kind, value) in root_keyfiles.items() if kind == constants.SSHK_DSA) root_keys = _ReadSshKeys(dsa_root_keyfiles) (_, cert_pem) = \ utils.ExtractX509Certificate(utils.ReadFile(pathutils.NODED_CERT_FILE)) data = { constants.SSHS_CLUSTER_NAME: cluster_name, constants.SSHS_NODE_DAEMON_CERTIFICATE: cert_pem, constants.SSHS_SSH_HOST_KEY: host_keys, constants.SSHS_SSH_ROOT_KEY: root_keys, constants.SSHS_SSH_AUTHORIZED_KEYS: candidate_keys, } ssh.RunSshCmdWithStdin(cluster_name, node, pathutils.PREPARE_NODE_JOIN, ssh_port, data, debug=options.debug, verbose=options.verbose, use_cluster_key=False, ask_key=options.ssh_key_check, strict_host_check=options.ssh_key_check) (_, dsa_pub_keyfile) = root_keyfiles[constants.SSHK_DSA] pub_key = ssh.ReadRemoteSshPubKeys(dsa_pub_keyfile, node, cluster_name, ssh_port, options.ssh_key_check, options.ssh_key_check) # Unfortunately, we have to add the key with the node name rather than # the node's UUID here, because at this point, we do not have a UUID yet. # The entry will be corrected in noded later. ssh.AddPublicKey(node, pub_key)
def UpdateSshRoot(data, dry_run, _homedir_fn=None): """Updates root's SSH keys. Root's C{authorized_keys} file is also updated with new public keys. @type data: dict @param data: Input data @type dry_run: boolean @param dry_run: Whether to perform a dry run """ keys = data.get(constants.SSHS_SSH_ROOT_KEY) if not keys: return (auth_keys_file, keyfiles) = \ ssh.GetAllUserFiles(constants.SSH_LOGIN_USER, mkdir=True, _homedir_fn=_homedir_fn) _UpdateKeyFiles(keys, dry_run, keyfiles) if dry_run: logging.info("This is a dry run, not modifying %s", auth_keys_file) else: for (_, _, public_key) in keys: utils.AddAuthorizedKey(auth_keys_file, public_key)
def testGetAllUserFiles(self): result = ssh.GetAllUserFiles("example7475", mkdir=False, dircheck=False, _homedir_fn=self._GetTempHomedir) self.assertEqual(result, (os.path.join(self.tmpdir, ".ssh", "authorized_keys"), { constants.SSHK_RSA: (os.path.join(self.tmpdir, ".ssh", "id_rsa"), os.path.join(self.tmpdir, ".ssh", "id_rsa.pub")), constants.SSHK_DSA: (os.path.join(self.tmpdir, ".ssh", "id_dsa"), os.path.join(self.tmpdir, ".ssh", "id_dsa.pub")), })) self.assertEqual(os.listdir(self.tmpdir), [])
def UpdateAuthorizedKeys(data, dry_run, _homedir_fn=None): """Updates root's C{authorized_keys} file. @type data: dict @param data: Input data @type dry_run: boolean @param dry_run: Whether to perform a dry run """ instructions = data.get(constants.SSHS_SSH_AUTHORIZED_KEYS) if not instructions: logging.info("No change to the authorized_keys file requested.") return (action, authorized_keys) = instructions (auth_keys_file, _) = \ ssh.GetAllUserFiles(constants.SSH_LOGIN_USER, mkdir=True, _homedir_fn=_homedir_fn) key_values = [] for key_value in authorized_keys.values(): key_values += key_value if action == constants.SSHS_ADD: if dry_run: logging.info("This is a dry run, not adding keys to %s", auth_keys_file) else: if not os.path.exists(auth_keys_file): utils.WriteFile(auth_keys_file, mode=0600, data="") ssh.AddAuthorizedKeys(auth_keys_file, key_values) elif action == constants.SSHS_REMOVE: if dry_run: logging.info("This is a dry run, not removing keys from %s", auth_keys_file) else: ssh.RemoveAuthorizedKeys(auth_keys_file, key_values) else: raise SshUpdateError( "Action '%s' not implemented for authorized keys." % action)
def _SetupSSH(options, cluster_name, node, ssh_port): """Configures a destination node's SSH daemon. @param options: Command line options @type cluster_name @param cluster_name: Cluster name @type node: string @param node: Destination node name @type ssh_port: int @param ssh_port: Destination node ssh port """ if options.force_join: ToStderr( "The \"--force-join\" option is no longer supported and will be" " ignored.") host_keys = _ReadSshKeys(constants.SSH_DAEMON_KEYFILES) (_, root_keyfiles) = \ ssh.GetAllUserFiles(constants.SSH_LOGIN_USER, mkdir=False, dircheck=False) root_keys = _ReadSshKeys(root_keyfiles) (_, cert_pem) = \ utils.ExtractX509Certificate(utils.ReadFile(pathutils.NODED_CERT_FILE)) data = { constants.SSHS_CLUSTER_NAME: cluster_name, constants.SSHS_NODE_DAEMON_CERTIFICATE: cert_pem, constants.SSHS_SSH_HOST_KEY: host_keys, constants.SSHS_SSH_ROOT_KEY: root_keys, } bootstrap.RunNodeSetupCmd(cluster_name, node, pathutils.PREPARE_NODE_JOIN, options.debug, options.verbose, False, options.ssh_key_check, options.ssh_key_check, ssh_port, data)