tools/glusterfind: Prevent ssh public key overwrite issue

Same ssh key was used for all the sessions, when multiple sessions created in Cluster, public keys get overwritten by newest sessions. Moved ssh keys to respective session dir. BUG: 1206547 Change-Id: I3d8fac9b24bc7c71445c7b4deae83104693e7dab Signed-off-by: Aravinda VK <avishwan@redhat.com> Reviewed-on: http://review.gluster.org/10150 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kotresh HR <khiremat@redhat.com> Reviewed-by: Venky Shankar <vshankar@redhat.com> Tested-by: Venky Shankar <vshankar@redhat.com>
author: Aravinda VK <avishwan@redhat.com> 2015-04-07 15:05:09 +0530
committer: Venky Shankar <vshankar@redhat.com> 2015-04-13 08:56:30 +0000
commit: 5cb5d7029216ce71b19fd798a86ef4c384262ba9 (patch)
tree: a8687c50ee1d33b0bc229b89f73efb980fd3815a
parent: a2deb5ffb7aba02fe50ef38d9ead84debc3411cb (diff)
3 files changed, 40 insertions, 13 deletions
diff --git a/tools/glusterfind/Makefile.am b/tools/glusterfind/Makefile.am
index c99a3ddcb37..872fff12047 100644
--- a/tools/glusterfind/Makefile.am
+++ b/tools/glusterfind/Makefile.am
@@ -5,3 +5,6 @@ EXTRA_DIST =
 bin_SCRIPTS = glusterfind
 
 CLEANFILES = $(bin_SCRIPTS)
+
+install-data-local:
+	$(mkdir_p) $(DESTDIR)$(GLUSTERD_WORKDIR)/glusterfind/.keys
diff --git a/tools/glusterfind/src/main.py b/tools/glusterfind/src/main.py
index 17043dca213..96d3d8d5f33 100644
--- a/tools/glusterfind/src/main.py
+++ b/tools/glusterfind/src/main.py
@@ -39,6 +39,13 @@ class StoreAbsPath(Action):
         setattr(namespace, self.dest, os.path.abspath(values))
 
 
+def get_pem_key_path(session, volume):
+    return os.path.join(conf.get_opt("session_dir"),
+                        session,
+                        volume,
+                        "%s_%s_secret.pem" % (session, volume))
+
+
 def node_run(volume, host, path, start, outfile, args, fallback=False):
     """
     If host is local node, execute the command locally. If not local
@@ -46,6 +53,7 @@ def node_run(volume, host, path, start, outfile, args, fallback=False):
     remote node using scp.
     """
     localdir = is_host_local(host)
+    pem_key_path = get_pem_key_path(args.session, args.volume)
 
     # If Full backup is requested or start time is zero, use brickfind
     change_detector = conf.get_change_detector(args.change_detector)
@@ -69,7 +77,7 @@ def node_run(volume, host, path, start, outfile, args, fallback=False):
     if not localdir:
         # prefix with ssh command if not local node
         cmd = ["ssh",
-               "-i", conf.get_opt("secret_pem"),
+               "-i", pem_key_path,
                "root@%s" % host] + cmd
 
     rc, out, err = execute(cmd, logger=logger)
@@ -83,7 +91,7 @@ def node_run(volume, host, path, start, outfile, args, fallback=False):
 
     if not localdir:
         cmd_copy = ["scp",
-                    "-i", conf.get_opt("secret_pem"),
+                    "-i", pem_key_path,
                     "root@%s:/%s" % (host, outfile),
                     os.path.dirname(outfile)]
         execute(cmd_copy, exit_msg="%s - Copy command failed" % host,
@@ -93,6 +101,8 @@ def node_run(volume, host, path, start, outfile, args, fallback=False):
 def node_cleanup(host, args):
     localdir = is_host_local(host)
 
+    pem_key_path = get_pem_key_path(args.session, args.volume)
+
     # CHANGE_DETECTOR <SESSION> <VOLUME> <BRICK> <OUTFILE> <START> --debug
     # --gfidpath <TYPE>
     cmd = [conf.get_opt("nodecleanup"),
@@ -102,7 +112,7 @@ def node_cleanup(host, args):
     if not localdir:
         # prefix with ssh command if not local node
         cmd = ["ssh",
-               "-i", conf.get_opt("secret_pem"),
+               "-i", pem_key_path,
                "root@%s" % host] + cmd
 
     execute(cmd, exit_msg="%s - Cleanup failed" % host, logger=logger)
@@ -264,27 +274,41 @@ def _get_args():
     return parser.parse_args()
 
 
-def ssh_setup():
-    if not os.path.exists(conf.get_opt("secret_pem")):
+def ssh_setup(args):
+    pem_key_path = get_pem_key_path(args.session, args.volume)
+
+    if not os.path.exists(pem_key_path):
         # Generate ssh-key
         cmd = ["ssh-keygen",
                "-N",
                "",
                "-f",
-               conf.get_opt("secret_pem")]
+               pem_key_path]
         execute(cmd,
                 exit_msg="Unable to generate ssh key %s"
-                % conf.get_opt("secret_pem"),
+                % pem_key_path,
                 logger=logger)
 
-        logger.info("Ssh key generated %s" % conf.get_opt("secret_pem"))
+        logger.info("Ssh key generated %s" % pem_key_path)
+
+    try:
+        shutil.copyfile(pem_key_path + ".pub",
+                        os.path.join(conf.get_opt("session_dir"),
+                                     ".keys",
+                                     "%s_%s_secret.pem.pub" % (args.session,
+                                                               args.volume)))
+    except (IOError, OSError) as e:
+        fail("Failed to copy public key to %s: %s"
+             % (os.path.join(conf.get_opt("session_dir"), ".keys"), e),
+             logger=logger)
 
     # Copy pub file to all nodes
     cmd = ["gluster",
            "system::",
            "copy",
            "file",
-           "/" + os.path.basename(conf.get_opt("secret_pem")) + ".pub"]
+           "/glusterfind/.keys/%s.pub" % os.path.basename(pem_key_path)]
+
     execute(cmd, exit_msg="Failed to distribute ssh keys", logger=logger)
 
     logger.info("Distributed ssh key to all nodes of Volume")
@@ -295,7 +319,7 @@ def ssh_setup():
            "execute",
            "add_secret_pub",
            "root",
-           os.path.basename(conf.get_opt("secret_pem")) + ".pub"]
+           "/glusterfind/.keys/%s.pub" % os.path.basename(pem_key_path)]
     execute(cmd,
             exit_msg="Failed to add ssh keys to authorized_keys file",
             logger=logger)
@@ -320,7 +344,7 @@ def mode_create(session_dir, args):
         fail("Session %s already created" % args.session, logger=logger)
 
     if not os.path.exists(status_file) or args.force:
-        ssh_setup()
+        ssh_setup(args)
 
         execute(["gluster", "volume", "set",
                  args.volume, "build-pgfid", "on"],
@@ -419,7 +443,8 @@ def mode_list(session_dir, args):
     else:
         sessions = []
         for d in os.listdir(session_dir):
-            sessions.append(d)
+            if d != ".keys":
+                sessions.append(d)
 
     output = []
     for session in sessions:
diff --git a/tools/glusterfind/src/tool.conf.in b/tools/glusterfind/src/tool.conf.in
index 48ecdda06cc..54230cb4dca 100644
--- a/tools/glusterfind/src/tool.conf.in
+++ b/tools/glusterfind/src/tool.conf.in
@@ -1,6 +1,5 @@
 [vars]
 session_dir=@GLUSTERD_WORKDIR@/glusterfind/
-secret_pem=@GLUSTERD_WORKDIR@/glusterfind.secret.pem
 working_dir=@GLUSTERFSD_MISCDIR@/glusterfind/
 log_dir=/var/log/glusterfs/glusterfind/
 nodecleanup=@GLUSTERFS_LIBEXECDIR@/glusterfind/nodecleanup.py
author	Aravinda VK <avishwan@redhat.com>	2015-04-07 15:05:09 +0530
committer	Venky Shankar <vshankar@redhat.com>	2015-04-13 08:56:30 +0000
commit	5cb5d7029216ce71b19fd798a86ef4c384262ba9 (patch)
tree	a8687c50ee1d33b0bc229b89f73efb980fd3815a
parent	a2deb5ffb7aba02fe50ef38d9ead84debc3411cb (diff)