From 29a57765d524af8ec0e5bab17e5ff7f47b968342 Mon Sep 17 00:00:00 2001
From: Aravinda VK <avishwan@redhat.com>
Date: Wed, 15 Jun 2016 13:54:37 +0530
Subject: geo-rep: Alternate command to generate SSH Keys

`gluster system:: execute gsec_create` is used to generate SSH
Keys in all Master nodes and collect public keys in command initiated
node. But this tool will not provide details if a peer node is down and
unable to generate keys.

New command will be introduced to create SSH Keys in all peer nodes.

Usage:

    gluster-georep-sshkey generate
    or
    gluster-georep-sshkey generate --no-prefix

Generates two SSH keys(one for gsyncd access and other for tar) in all
peer nodes and collects the public keys to the local node where it is
initiated. Adds `command=` prefix to common_secret.pem.pub if `--no-prefix`
argument is not set.

Shows status as below,

+-----------+-------------+---------------+
|    NODE   | NODE STATUS | KEYGEN STATUS |
+-----------+-------------+---------------+
|    fvm2   |          UP |            OK |
| localhost |          UP |            OK |
+-----------+-------------+---------------+

BUG: 1356508
Change-Id: Ib202811f41f9986694f07d9eedba31db6ed4d18f
Signed-off-by: Aravinda VK <avishwan@redhat.com>
Reviewed-on: http://review.gluster.org/14732
Smoke: Gluster Build System <jenkins@build.gluster.org>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Kotresh HR <khiremat@redhat.com>
---
 .gitignore                                   |   1 +
 configure.ac                                 |   1 +
 geo-replication/src/Makefile.am              |  12 ++-
 geo-replication/src/peer_georep-sshkey.py.in | 116 +++++++++++++++++++++++++++
 glusterfs.spec.in                            |  10 ++-
 5 files changed, 136 insertions(+), 4 deletions(-)
 create mode 100644 geo-replication/src/peer_georep-sshkey.py.in

diff --git a/.gitignore b/.gitignore
index 97c4d18d2aa..132c7cc3cc0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -65,6 +65,7 @@ geo-replication/src/peer_gsec_create
 geo-replication/src/peer_mountbroker
 geo-replication/src/peer_mountbroker.py
 geo-replication/src/set_geo_rep_pem_keys.sh
+geo-replication/src/peer_georep-sshkey.py
 geo-replication/syncdaemon.egg-info
 geo-replication/syncdaemon/configinterface.py
 geo-replication/tests/unit/.coverage
diff --git a/configure.ac b/configure.ac
index 2519f6baeb2..dc9f96b4091 100644
--- a/configure.ac
+++ b/configure.ac
@@ -42,6 +42,7 @@ AC_CONFIG_FILES([Makefile
                 geo-replication/src/peer_gsec_create
                 geo-replication/src/peer_mountbroker
                 geo-replication/src/peer_mountbroker.py
+                geo-replication/src/peer_georep-sshkey.py
                 extras/peer_add_secret_pub
                 geo-replication/syncdaemon/configinterface.py
                 glusterfsd/Makefile
diff --git a/geo-replication/src/Makefile.am b/geo-replication/src/Makefile.am
index f70f23e2ff8..f8cc7a0f73f 100644
--- a/geo-replication/src/Makefile.am
+++ b/geo-replication/src/Makefile.am
@@ -1,11 +1,13 @@
 gsyncddir = $(libexecdir)/glusterfs
 
 gsyncd_SCRIPTS = gverify.sh peer_gsec_create \
-	set_geo_rep_pem_keys.sh peer_mountbroker peer_mountbroker.py
+	set_geo_rep_pem_keys.sh peer_mountbroker peer_mountbroker.py \
+	peer_georep-sshkey.py
 
 # peer_gsec_create and peer_add_secret_pub are not added to
 # EXTRA_DIST as it's derived from a .in file
-EXTRA_DIST = gverify.sh set_geo_rep_pem_keys.sh peer_mountbroker.py.in
+EXTRA_DIST = gverify.sh set_geo_rep_pem_keys.sh peer_mountbroker.py.in \
+	peer_georep-sshkey.py.in
 
 gsyncd_PROGRAMS = gsyncd
 
@@ -38,5 +40,11 @@ install-exec-hook:
 	ln -s $(libexecdir)/glusterfs/peer_mountbroker.py \
 		$(DESTDIR)$(sbindir)/gluster-mountbroker
 
+	rm -f $(DESTDIR)$(sbindir)/gluster-georep-sshkey
+	ln -s $(libexecdir)/glusterfs/peer_georep-sshkey.py \
+		$(DESTDIR)$(sbindir)/gluster-georep-sshkey
+
+
 uninstall-hook:
 	rm -f $(DESTDIR)$(sbindir)/gluster-mountbroker
+	rm -f $(DESTDIR)$(sbindir)/gluster-georep-sshkey
diff --git a/geo-replication/src/peer_georep-sshkey.py.in b/geo-replication/src/peer_georep-sshkey.py.in
new file mode 100644
index 00000000000..400f29d64f3
--- /dev/null
+++ b/geo-replication/src/peer_georep-sshkey.py.in
@@ -0,0 +1,116 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+#  Copyright (c) 2016 Red Hat, Inc. <http://www.redhat.com>
+#  This file is part of GlusterFS.
+#
+#  This file is licensed to you under your choice of the GNU Lesser
+#  General Public License, version 3 or any later version (LGPLv3 or
+#  later), or the GNU General Public License, version 2 (GPLv2), in all
+#  cases as published by the Free Software Foundation.
+#
+"""
+Usage:
+    gluster-georep-sshkey generate
+    or
+    gluster-georep-sshkey generate --no-prefix
+
+Generates two SSH keys(one for gsyncd access and other for tar) in all
+peer nodes and collects the public keys to the local node where it is
+initiated. Adds `command=` prefix to common_secret.pem.pub if `--no-prefix`
+argument is not passed.
+"""
+import os
+import glob
+
+from gluster.cliutils import (node_output_ok, execute, execute_in_peers,
+                              Cmd, runcli)
+from prettytable import PrettyTable
+
+
+SECRET_PEM = "@GLUSTERD_WORKDIR@/geo-replication/secret.pem"
+TAR_SSH_PEM = "@GLUSTERD_WORKDIR@/geo-replication/tar_ssh.pem"
+GSYNCD_CMD = 'command="@GLUSTERFS_LIBEXECDIR@/gsyncd"  '
+TAR_CMD = 'command="tar ${SSH_ORIGINAL_COMMAND#* }"  '
+COMMON_SECRET_FILE = "@GLUSTERD_WORKDIR@/geo-replication/common_secret.pem.pub"
+
+
+class NodeGenCmd(Cmd):
+    name = "node-generate"
+
+    def args(self, parser):
+        parser.add_argument("no_prefix")
+
+    def run(self, args):
+        # Regenerate if secret.pem.pub not exists
+        if not os.path.exists(SECRET_PEM + ".pub"):
+            # Cleanup old files
+            for f in glob.glob(SECRET_PEM + "*"):
+                os.remove(f)
+
+            execute(["ssh-keygen", "-N", "", "-f", SECRET_PEM])
+
+        # Regenerate if ssh_tar.pem.pub not exists
+        if not os.path.exists(TAR_SSH_PEM + ".pub"):
+            # Cleanup old files
+            for f in glob.glob(TAR_SSH_PEM + "*"):
+                os.remove(f)
+
+            execute(["ssh-keygen", "-N", "", "-f", TAR_SSH_PEM])
+
+        # Add required prefixes if prefix is not "container"
+        prefix_secret_pem_pub = ""
+        prefix_tar_ssh_pem_pub = ""
+        if args.no_prefix != "no-prefix":
+            prefix_secret_pem_pub = GSYNCD_CMD
+            prefix_tar_ssh_pem_pub = TAR_CMD
+
+        data = {"default_pub": "", "tar_pub": ""}
+        with open(SECRET_PEM + ".pub") as f:
+            data["default_pub"] = prefix_secret_pem_pub + f.read().strip()
+
+        with open(TAR_SSH_PEM + ".pub") as f:
+            data["tar_pub"] = prefix_tar_ssh_pem_pub + f.read().strip()
+
+        node_output_ok(data)
+
+
+def color_status(value):
+    if value in ["UP", "OK"]:
+        return "green"
+    return "red"
+
+
+class GenCmd(Cmd):
+    name = "generate"
+
+    def args(self, parser):
+        parser.add_argument("--no-prefix", help="Do not use prefix in "
+                            "generated pub keys", action="store_true")
+
+    def run(self, args):
+        prefix = "no-prefix" if args.no_prefix else "."
+        out = execute_in_peers("node-generate", [prefix])
+
+        common_secrets = []
+        table = PrettyTable(["NODE", "NODE STATUS", "KEYGEN STATUS"])
+        table.align["NODE STATUS"] = "r"
+        table.align["KEYGEN STATUS"] = "r"
+        for p in out:
+            if p.ok:
+                common_secrets.append(p.output["default_pub"])
+                common_secrets.append(p.output["tar_pub"])
+
+            table.add_row([p.hostname,
+                           "UP" if p.node_up else "DOWN",
+                           "OK" if p.ok else "NOT OK: {0}".format(
+                               p.error)])
+
+        with open(COMMON_SECRET_FILE, "w") as f:
+            f.write("\n".join(common_secrets) + "\n")
+
+        print (table)
+
+
+if __name__ == "__main__":
+    runcli()
diff --git a/glusterfs.spec.in b/glusterfs.spec.in
index aeb1edf4a55..266b744a56a 100644
--- a/glusterfs.spec.in
+++ b/glusterfs.spec.in
@@ -391,7 +391,8 @@ Summary:          GlusterFS Geo-replication
 Group:            Applications/File
 Requires:         %{name}%{?_isa} = %{version}-%{release}
 Requires:         %{name}-server%{?_isa} = %{version}-%{release}
-Requires:         python python-ctypes
+Requires:         python python-ctypes python-prettytable
+Requires:         python-gluster = %{version}-%{release}
 Requires:         rsync
 
 %description geo-replication
@@ -1045,6 +1046,8 @@ exit 0
 %{_libexecdir}/glusterfs/peer_mountbroker
 %{_libexecdir}/glusterfs/peer_mountbroker.py*
 %{_libexecdir}/glusterfs/gfind_missing_files
+%{_libexecdir}/glusterfs/peer_georep-sshkey.py*
+%{_sbindir}/gluster-georep-sshkey
 
        %dir %attr(0755,-,-) %{_sharedstatedir}/glusterd/geo-replication
 %ghost      %attr(0644,-,-) %{_sharedstatedir}/glusterd/geo-replication/gsyncd_template.conf
@@ -1238,8 +1241,11 @@ exit 0
 %endif
 
 %changelog
+* Wed Aug 31 2016 Aravinda VK <avishwan@redhat.com>
+- Added new Geo-replication utility "gluster-georep-sshkey" (#1356508)
+
 * Thu Aug 25 2016 Aravinda VK <avishwan@redhat.com>
-* Added gluster-mountbroker utility for geo-rep mountbroker setup (#1343333)
+- Added gluster-mountbroker utility for geo-rep mountbroker setup (#1343333)
 
 * Mon Aug 22 2016 Milind Changire <mchangir@redhat.com>
 - Add psmisc as dependency for glusterfs-fuse for killall command (#1367665)
-- 
cgit