def UpdateSshRoot(data, dry_run, _homedir_fn=None):
"""Updates root's SSH keys.
Root's C{authorized_keys} file is also updated with new public keys.
@type data: dict
@param data: Input data
@type dry_run: boolean
@param dry_run: Whether to perform a dry run
"""
authorized_keys = data.get(constants.SSHS_SSH_AUTHORIZED_KEYS)
(auth_keys_file, _) = \
ssh.GetAllUserFiles(constants.SSH_LOGIN_USER, mkdir=True,
_homedir_fn=_homedir_fn)
if dry_run:
logging.info("This is a dry run, not replacing the SSH keys.")
else:
ssh_key_type = data.get(constants.SSHS_SSH_KEY_TYPE)
ssh_key_bits = data.get(constants.SSHS_SSH_KEY_BITS)
common.GenerateRootSshKeys(ssh_key_type,
ssh_key_bits,
error_fn=JoinError,
_homedir_fn=_homedir_fn)
if authorized_keys:
if dry_run:
logging.info("This is a dry run, not modifying %s", auth_keys_file)
else:
all_authorized_keys = []
for keys in authorized_keys.values():
all_authorized_keys += keys
ssh.AddAuthorizedKeys(auth_keys_file, all_authorized_keys)
def _SetupSSH(options, cluster_name, node, ssh_port, cl):
"""Configures a destination node's SSH daemon.
@param options: Command line options
@type cluster_name
@param cluster_name: Cluster name
@type node: string
@param node: Destination node name
@type ssh_port: int
@param ssh_port: Destination node ssh port
@param cl: luxi client
"""
# Retrieve the list of master and master candidates
candidate_filter = ["|", ["=", "role", "M"], ["=", "role", "C"]]
result = cl.Query(constants.QR_NODE, ["uuid"], candidate_filter)
if len(result.data) < 1:
raise errors.OpPrereqError("No master or master candidate node is found.")
candidates = [uuid for ((_, uuid),) in result.data]
candidate_keys = ssh.QueryPubKeyFile(candidates)
if options.force_join:
ToStderr("The \"--force-join\" option is no longer supported and will be"
" ignored.")
host_keys = _ReadSshKeys(constants.SSH_DAEMON_KEYFILES)
(_, root_keyfiles) = \
ssh.GetAllUserFiles(constants.SSH_LOGIN_USER, mkdir=False, dircheck=False)
dsa_root_keyfiles = dict((kind, value) for (kind, value)
in root_keyfiles.items()
if kind == constants.SSHK_DSA)
root_keys = _ReadSshKeys(dsa_root_keyfiles)
(_, cert_pem) = \
utils.ExtractX509Certificate(utils.ReadFile(pathutils.NODED_CERT_FILE))
data = {
constants.SSHS_CLUSTER_NAME: cluster_name,
constants.SSHS_NODE_DAEMON_CERTIFICATE: cert_pem,
constants.SSHS_SSH_HOST_KEY: host_keys,
constants.SSHS_SSH_ROOT_KEY: root_keys,
constants.SSHS_SSH_AUTHORIZED_KEYS: candidate_keys,
}
ssh.RunSshCmdWithStdin(cluster_name, node, pathutils.PREPARE_NODE_JOIN,
ssh_port, data,
debug=options.debug, verbose=options.verbose,
use_cluster_key=False, ask_key=options.ssh_key_check,
strict_host_check=options.ssh_key_check)
(_, dsa_pub_keyfile) = root_keyfiles[constants.SSHK_DSA]
pub_key = ssh.ReadRemoteSshPubKeys(dsa_pub_keyfile, node, cluster_name,
ssh_port, options.ssh_key_check,
options.ssh_key_check)
# Unfortunately, we have to add the key with the node name rather than
# the node's UUID here, because at this point, we do not have a UUID yet.
# The entry will be corrected in noded later.
ssh.AddPublicKey(node, pub_key)
def UpdateSshRoot(data, dry_run, _homedir_fn=None):
"""Updates root's SSH keys.
Root's C{authorized_keys} file is also updated with new public keys.
@type data: dict
@param data: Input data
@type dry_run: boolean
@param dry_run: Whether to perform a dry run
"""
keys = data.get(constants.SSHS_SSH_ROOT_KEY)
if not keys:
return
(auth_keys_file, keyfiles) = \
ssh.GetAllUserFiles(constants.SSH_LOGIN_USER, mkdir=True,
_homedir_fn=_homedir_fn)
_UpdateKeyFiles(keys, dry_run, keyfiles)
if dry_run:
logging.info("This is a dry run, not modifying %s", auth_keys_file)
else:
for (_, _, public_key) in keys:
utils.AddAuthorizedKey(auth_keys_file, public_key)
def testGetAllUserFiles(self):
result = ssh.GetAllUserFiles("example7475", mkdir=False, dircheck=False,
_homedir_fn=self._GetTempHomedir)
self.assertEqual(result,
(os.path.join(self.tmpdir, ".ssh", "authorized_keys"), {
constants.SSHK_RSA:
(os.path.join(self.tmpdir, ".ssh", "id_rsa"),
os.path.join(self.tmpdir, ".ssh", "id_rsa.pub")),
constants.SSHK_DSA:
(os.path.join(self.tmpdir, ".ssh", "id_dsa"),
os.path.join(self.tmpdir, ".ssh", "id_dsa.pub")),
}))
self.assertEqual(os.listdir(self.tmpdir), [])
def UpdateAuthorizedKeys(data, dry_run, _homedir_fn=None):
"""Updates root's C{authorized_keys} file.
@type data: dict
@param data: Input data
@type dry_run: boolean
@param dry_run: Whether to perform a dry run
"""
instructions = data.get(constants.SSHS_SSH_AUTHORIZED_KEYS)
if not instructions:
logging.info("No change to the authorized_keys file requested.")
return
(action, authorized_keys) = instructions
(auth_keys_file, _) = \
ssh.GetAllUserFiles(constants.SSH_LOGIN_USER, mkdir=True,
_homedir_fn=_homedir_fn)
key_values = []
for key_value in authorized_keys.values():
key_values += key_value
if action == constants.SSHS_ADD:
if dry_run:
logging.info("This is a dry run, not adding keys to %s",
auth_keys_file)
else:
if not os.path.exists(auth_keys_file):
utils.WriteFile(auth_keys_file, mode=0600, data="")
ssh.AddAuthorizedKeys(auth_keys_file, key_values)
elif action == constants.SSHS_REMOVE:
if dry_run:
logging.info("This is a dry run, not removing keys from %s",
auth_keys_file)
else:
ssh.RemoveAuthorizedKeys(auth_keys_file, key_values)
else:
raise SshUpdateError(
"Action '%s' not implemented for authorized keys." % action)
def _SetupSSH(options, cluster_name, node, ssh_port):
"""Configures a destination node's SSH daemon.
@param options: Command line options
@type cluster_name
@param cluster_name: Cluster name
@type node: string
@param node: Destination node name
@type ssh_port: int
@param ssh_port: Destination node ssh port
"""
if options.force_join:
ToStderr(
"The \"--force-join\" option is no longer supported and will be"
" ignored.")
host_keys = _ReadSshKeys(constants.SSH_DAEMON_KEYFILES)
(_, root_keyfiles) = \
ssh.GetAllUserFiles(constants.SSH_LOGIN_USER, mkdir=False, dircheck=False)
root_keys = _ReadSshKeys(root_keyfiles)
(_, cert_pem) = \
utils.ExtractX509Certificate(utils.ReadFile(pathutils.NODED_CERT_FILE))
data = {
constants.SSHS_CLUSTER_NAME: cluster_name,
constants.SSHS_NODE_DAEMON_CERTIFICATE: cert_pem,
constants.SSHS_SSH_HOST_KEY: host_keys,
constants.SSHS_SSH_ROOT_KEY: root_keys,
}
bootstrap.RunNodeSetupCmd(cluster_name, node, pathutils.PREPARE_NODE_JOIN,
options.debug, options.verbose, False,
options.ssh_key_check, options.ssh_key_check,
ssh_port, data)
