From 6e036c758add503a170cc3134e95fea3e78e89cb Mon Sep 17 00:00:00 2001
From: Kotresh HR <khiremat@redhat.com>
Date: Thu, 29 Oct 2015 09:30:15 +0000
Subject: geo-rep: Make restrictive ssh keys optional

In containerized environment where networking
configuration is "net=host", both host and
containers use the same IP. The validations
gsyncd shell and rsync to be the siblings
fails. Hence, for now, creating restrictive
ssh keys is made optional as follows.

If the argument 'container' is passed, it
will create non restrictive ssh keys else
restrictive ssh keys.

e.g.,
gluster system:: execute gsec_create container
     Creates non restrictive ssh keys.
gluster system:: execute gsec_create
     Creates restrictive ssh keys.

Change-Id: Ibed362f64b9b4c9931207f863a2da944c6bd1d66
BUG: 1276028
Signed-off-by: Kotresh HR <khiremat@redhat.com>
Reviewed-on: http://review.gluster.org/12459
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Aravinda VK <avishwan@redhat.com>
---
 geo-replication/src/peer_gsec_create.in | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'geo-replication')

diff --git a/geo-replication/src/peer_gsec_create.in b/geo-replication/src/peer_gsec_create.in
index 9cadce56453..97c4333d69c 100755
--- a/geo-replication/src/peer_gsec_create.in
+++ b/geo-replication/src/peer_gsec_create.in
@@ -13,6 +13,11 @@ if [ ! -f "$GLUSTERD_WORKDIR"/geo-replication/tar_ssh.pem.pub ]; then
     ssh-keygen -N '' -f "$GLUSTERD_WORKDIR"/geo-replication/tar_ssh.pem > /dev/null
 fi
 
-output1=`echo command=\"${exec_prefix}/libexec/glusterfs/gsyncd\" " "``cat "$GLUSTERD_WORKDIR"/geo-replication/secret.pem.pub`
-output2=`echo command=\"tar \$\{SSH_ORIGINAL_COMMAND#* \}\" " "``cat "$GLUSTERD_WORKDIR"/geo-replication/tar_ssh.pem.pub`
+if [ "Xcontainer" = "X$1" ]; then
+    output1=`cat "$GLUSTERD_WORKDIR"/geo-replication/secret.pem.pub`
+    output2=`cat "$GLUSTERD_WORKDIR"/geo-replication/tar_ssh.pem.pub`
+else
+    output1=`echo command=\"${exec_prefix}/libexec/glusterfs/gsyncd\" " "``cat "$GLUSTERD_WORKDIR"/geo-replication/secret.pem.pub`
+    output2=`echo command=\"tar \$\{SSH_ORIGINAL_COMMAND#* \}\" " "``cat "$GLUSTERD_WORKDIR"/geo-replication/tar_ssh.pem.pub`
+fi
 echo -e "$output1\n$output2"
-- 
cgit