geo-rep: Alternate command to generate SSH Keys

`gluster system:: execute gsec_create` is used to generate SSH Keys in all Master nodes and collect public keys in command initiated node. But this tool will not provide details if a peer node is down and unable to generate keys. New command will be introduced to create SSH Keys in all peer nodes. Usage: gluster-georep-sshkey generate or gluster-georep-sshkey generate --no-prefix Generates two SSH keys(one for gsyncd access and other for tar) in all peer nodes and collects the public keys to the local node where it is initiated. Adds `command=` prefix to common_secret.pem.pub if `--no-prefix` argument is not set. Shows status as below, +-----------+-------------+---------------+ | NODE | NODE STATUS | KEYGEN STATUS | +-----------+-------------+---------------+ | fvm2 | UP | OK | | localhost | UP | OK | +-----------+-------------+---------------+ BUG: 1356508 Change-Id: Ib202811f41f9986694f07d9eedba31db6ed4d18f Signed-off-by: Aravinda VK <avishwan@redhat.com> Reviewed-on: http://review.gluster.org/14732 Smoke: Gluster Build System <jenkins@build.gluster.org> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> CentOS-regression: Gluster Build System <jenkins@build.gluster.org> Reviewed-by: Kotresh HR <khiremat@redhat.com>
author: Aravinda VK <avishwan@redhat.com> 2016-06-15 13:54:37 +0530
committer: Aravinda VK <avishwan@redhat.com> 2016-08-31 03:09:12 -0700
commit: 29a57765d524af8ec0e5bab17e5ff7f47b968342 (patch)
tree: 4de0fd0e3f19f02e34dc3f439946bdf44f8c0c22 /geo-replication
parent: f7e91cd7f0264894033ee98c44c552fcf5a0506c (diff)
2 files changed, 126 insertions, 2 deletions
diff --git a/geo-replication/src/Makefile.am b/geo-replication/src/Makefile.am
index f70f23e2ff8..f8cc7a0f73f 100644
--- a/geo-replication/src/Makefile.am
+++ b/geo-replication/src/Makefile.am
@@ -1,11 +1,13 @@
 gsyncddir = $(libexecdir)/glusterfs
 
 gsyncd_SCRIPTS = gverify.sh peer_gsec_create \
-	set_geo_rep_pem_keys.sh peer_mountbroker peer_mountbroker.py
+	set_geo_rep_pem_keys.sh peer_mountbroker peer_mountbroker.py \
+	peer_georep-sshkey.py
 
 # peer_gsec_create and peer_add_secret_pub are not added to
 # EXTRA_DIST as it's derived from a .in file
-EXTRA_DIST = gverify.sh set_geo_rep_pem_keys.sh peer_mountbroker.py.in
+EXTRA_DIST = gverify.sh set_geo_rep_pem_keys.sh peer_mountbroker.py.in \
+	peer_georep-sshkey.py.in
 
 gsyncd_PROGRAMS = gsyncd
 
@@ -38,5 +40,11 @@ install-exec-hook:
 	ln -s $(libexecdir)/glusterfs/peer_mountbroker.py \
 		$(DESTDIR)$(sbindir)/gluster-mountbroker
 
+	rm -f $(DESTDIR)$(sbindir)/gluster-georep-sshkey
+	ln -s $(libexecdir)/glusterfs/peer_georep-sshkey.py \
+		$(DESTDIR)$(sbindir)/gluster-georep-sshkey
+
+
 uninstall-hook:
 	rm -f $(DESTDIR)$(sbindir)/gluster-mountbroker
+	rm -f $(DESTDIR)$(sbindir)/gluster-georep-sshkey
diff --git a/geo-replication/src/peer_georep-sshkey.py.in b/geo-replication/src/peer_georep-sshkey.py.in
new file mode 100644
index 00000000000..400f29d64f3
--- /dev/null
+++ b/geo-replication/src/peer_georep-sshkey.py.in
@@ -0,0 +1,116 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+#  Copyright (c) 2016 Red Hat, Inc. <http://www.redhat.com>
+#  This file is part of GlusterFS.
+#
+#  This file is licensed to you under your choice of the GNU Lesser
+#  General Public License, version 3 or any later version (LGPLv3 or
+#  later), or the GNU General Public License, version 2 (GPLv2), in all
+#  cases as published by the Free Software Foundation.
+#
+"""
+Usage:
+    gluster-georep-sshkey generate
+    or
+    gluster-georep-sshkey generate --no-prefix
+
+Generates two SSH keys(one for gsyncd access and other for tar) in all
+peer nodes and collects the public keys to the local node where it is
+initiated. Adds `command=` prefix to common_secret.pem.pub if `--no-prefix`
+argument is not passed.
+"""
+import os
+import glob
+
+from gluster.cliutils import (node_output_ok, execute, execute_in_peers,
+                              Cmd, runcli)
+from prettytable import PrettyTable
+
+
+SECRET_PEM = "@GLUSTERD_WORKDIR@/geo-replication/secret.pem"
+TAR_SSH_PEM = "@GLUSTERD_WORKDIR@/geo-replication/tar_ssh.pem"
+GSYNCD_CMD = 'command="@GLUSTERFS_LIBEXECDIR@/gsyncd"  '
+TAR_CMD = 'command="tar ${SSH_ORIGINAL_COMMAND#* }"  '
+COMMON_SECRET_FILE = "@GLUSTERD_WORKDIR@/geo-replication/common_secret.pem.pub"
+
+
+class NodeGenCmd(Cmd):
+    name = "node-generate"
+
+    def args(self, parser):
+        parser.add_argument("no_prefix")
+
+    def run(self, args):
+        # Regenerate if secret.pem.pub not exists
+        if not os.path.exists(SECRET_PEM + ".pub"):
+            # Cleanup old files
+            for f in glob.glob(SECRET_PEM + "*"):
+                os.remove(f)
+
+            execute(["ssh-keygen", "-N", "", "-f", SECRET_PEM])
+
+        # Regenerate if ssh_tar.pem.pub not exists
+        if not os.path.exists(TAR_SSH_PEM + ".pub"):
+            # Cleanup old files
+            for f in glob.glob(TAR_SSH_PEM + "*"):
+                os.remove(f)
+
+            execute(["ssh-keygen", "-N", "", "-f", TAR_SSH_PEM])
+
+        # Add required prefixes if prefix is not "container"
+        prefix_secret_pem_pub = ""
+        prefix_tar_ssh_pem_pub = ""
+        if args.no_prefix != "no-prefix":
+            prefix_secret_pem_pub = GSYNCD_CMD
+            prefix_tar_ssh_pem_pub = TAR_CMD
+
+        data = {"default_pub": "", "tar_pub": ""}
+        with open(SECRET_PEM + ".pub") as f:
+            data["default_pub"] = prefix_secret_pem_pub + f.read().strip()
+
+        with open(TAR_SSH_PEM + ".pub") as f:
+            data["tar_pub"] = prefix_tar_ssh_pem_pub + f.read().strip()
+
+        node_output_ok(data)
+
+
+def color_status(value):
+    if value in ["UP", "OK"]:
+        return "green"
+    return "red"
+
+
+class GenCmd(Cmd):
+    name = "generate"
+
+    def args(self, parser):
+        parser.add_argument("--no-prefix", help="Do not use prefix in "
+                            "generated pub keys", action="store_true")
+
+    def run(self, args):
+        prefix = "no-prefix" if args.no_prefix else "."
+        out = execute_in_peers("node-generate", [prefix])
+
+        common_secrets = []
+        table = PrettyTable(["NODE", "NODE STATUS", "KEYGEN STATUS"])
+        table.align["NODE STATUS"] = "r"
+        table.align["KEYGEN STATUS"] = "r"
+        for p in out:
+            if p.ok:
+                common_secrets.append(p.output["default_pub"])
+                common_secrets.append(p.output["tar_pub"])
+
+            table.add_row([p.hostname,
+                           "UP" if p.node_up else "DOWN",
+                           "OK" if p.ok else "NOT OK: {0}".format(
+                               p.error)])
+
+        with open(COMMON_SECRET_FILE, "w") as f:
+            f.write("\n".join(common_secrets) + "\n")
+
+        print (table)
+
+
+if __name__ == "__main__":
+    runcli()
author	Aravinda VK <avishwan@redhat.com>	2016-06-15 13:54:37 +0530
committer	Aravinda VK <avishwan@redhat.com>	2016-08-31 03:09:12 -0700
commit	29a57765d524af8ec0e5bab17e5ff7f47b968342 (patch)
tree	4de0fd0e3f19f02e34dc3f439946bdf44f8c0c22 /geo-replication
parent	f7e91cd7f0264894033ee98c44c552fcf5a0506c (diff)