oops
bug fixed
On Fri, Sep 24, 2010 at 2:49 PM, Bevo <[email protected]> wrote:
> Hey Guys,
>
> I've created a patch to allow you to use a non root user for ssh
> communication and allow you to specify a privilege escalation command
> (sudo)
>
> this basically sets 2 constants and removes the user argument from
> sshrunner.
>
> Note: it would be nice to also have an argument to flag if the command
> NEEDS privilege escalation so it can prefix the escalation command as
> needed
>
> Comment and criticisms welcome
>
> Since google groups wont allow me to attached a file ill paste the
> small patch inline:
> <<EOF
> diff -ub ../ganeti-orig/bootstrap.py ./bootstrap.py
> --- ../ganeti-orig/bootstrap.py 2010-09-24 10:12:58.000000000 +1000
> +++ ./bootstrap.py 2010-09-24 11:59:52.000000000 +1000
> @@ -491,7 +491,7 @@
> constants.CONFD_HMAC_KEY,
> constants.DAEMON_UTIL, constants.NODED))
>
> - result = sshrunner.Run(node, 'root', mycommand, batch=False,
> + result = sshrunner.Run(node, mycommand, batch=False,
> ask_key=ssh_key_check,
> use_cluster_key=False,
> strict_host_check=ssh_key_check)
> diff -ub ../ganeti-orig/cli.py ./cli.py
> --- ../ganeti-orig/cli.py 2010-09-24 10:12:58.000000000 +1000
> +++ ./cli.py 2010-09-24 14:20:19.000000000 +1000
> @@ -1863,7 +1863,7 @@
> # No need to use SSH
> result = utils.RunCmd(cmd)
> else:
> - result = self.ssh.Run(node_name, "root",
> utils.ShellQuoteArgs(cmd))
> + result = self.ssh.Run(node_name, utils.ShellQuoteArgs(cmd))
>
> if result.failed:
> errmsg = ["Failed to run command %s" % result.cmd]
> diff -ub ../ganeti-orig/cmdlib.py ./cmdlib.py
> --- ../ganeti-orig/cmdlib.py 2010-09-24 10:12:58.000000000 +1000
> +++ ./cmdlib.py 2010-09-24 14:22:00.000000000 +1000
> @@ -6934,7 +6934,7 @@
> console_cmd = hyper.GetShellCommandForConsole(instance, hvparams,
> beparams)
>
> # build ssh cmdline
> - return self.ssh.BuildCmd(node, "root", console_cmd, batch=True,
> tty=True)
> + return self.ssh.BuildCmd(node, console_cmd, batch=True, tty=True)
>
>
> class LUReplaceDisks(LogicalUnit):
> Common subdirectories: ../ganeti-orig/confd and ./confd
> diff -ub ../ganeti-orig/constants.py ./constants.py
> --- ../ganeti-orig/constants.py 2010-09-24 10:12:58.000000000 +1000
> +++ ./constants.py 2010-09-24 11:46:18.000000000 +1000
> @@ -118,6 +118,10 @@
> TOOLSDIR = _autoconf.TOOLSDIR
> CONF_DIR = SYSCONFDIR + "/ganeti"
>
> +# remote command setup
> +REMOTE_SSH_USER = 'ganeti'
> +REMOTE_CMD_ESCALATION = '/usr/bin/sudo'
> +
> ALL_CERT_FILES = frozenset([NODED_CERT_FILE, RAPI_CERT_FILE])
>
> MASTER_SOCKET = SOCKET_DIR + "/ganeti-master"
> Common subdirectories: ../ganeti-orig/http and ./http
> Common subdirectories: ../ganeti-orig/hypervisor and ./hypervisor
> Common subdirectories: ../ganeti-orig/rapi and ./rapi
> diff -ub ../ganeti-orig/ssh.py ./ssh.py
> --- ../ganeti-orig/ssh.py 2010-09-24 10:12:58.000000000 +1000
> +++ ./ssh.py 2010-09-24 14:33:43.000000000 +1000
> @@ -130,7 +130,7 @@
>
> return options
>
> - def BuildCmd(self, hostname, user, command, batch=True,
> ask_key=False,
> + def BuildCmd(self, user, priv_escalation, hostname, command,
> batch=True, ask_key=False,
> tty=False, use_cluster_key=True,
> strict_host_check=True,
> private_key=None, quiet=True):
> """Build an ssh command to execute a command on a remote node.
> @@ -155,6 +155,9 @@
> argv.extend(self._BuildSshOptions(batch, ask_key,
> use_cluster_key,
> strict_host_check, private_key,
> quiet=quiet))
> +
> + command = priv_escalation + ' ' + command
> +
> if tty:
> argv.extend(["-t", "-t"])
> argv.extend(["%...@%s" % (user, hostname), command])
> @@ -172,7 +175,7 @@
> @return: the result as from L{utils.RunCmd()}
>
> """
> - return utils.RunCmd(self.BuildCmd(*args, **kwargs))
> + return utils.RunCmd(self.BuildCmd(constants.REMOTE_SSH_USER,
> constants.REMOTE_CMD_ESCALATION, *args, **kwargs))
>
> def CopyFileToNode(self, node, filename):
> """Copy a file to another node with scp.
> @@ -225,7 +228,7 @@
> - detail: string with details
>
> """
> - retval = self.Run(node, 'root', 'hostname --fqdn')
> + retval = self.Run(node, 'hostname --fqdn')
>
> if retval.failed:
> msg = "ssh problem"
> EOF
>
diff -ub ../ganeti-orig/backend.py ./backend.py
--- ../ganeti-orig/backend.py 2010-09-24 10:12:58.000000000 +1000
+++ ./backend.py 2010-09-24 15:06:33.000000000 +1000
@@ -1637,7 +1637,9 @@
destcmd = utils.BuildShellCmd("dd of=%s conv=nocreat,notrunc bs=65536"
" oflag=dsync", dest_path)
- remotecmd = _GetSshRunner(cluster_name).BuildCmd(dest_node,
+ remotecmd = _GetSshRunner(cluster_name).BuildCmd( constants.REMOTE_SSH_USER,
+ constants.REMOTE_CMD_ESCALATION,
+ dest_node,
constants.GANETI_RUNAS,
destcmd)
diff -ub ../ganeti-orig/bootstrap.py ./bootstrap.py
--- ../ganeti-orig/bootstrap.py 2010-09-24 10:12:58.000000000 +1000
+++ ./bootstrap.py 2010-09-24 11:59:52.000000000 +1000
@@ -491,7 +491,7 @@
constants.CONFD_HMAC_KEY,
constants.DAEMON_UTIL, constants.NODED))
- result = sshrunner.Run(node, 'root', mycommand, batch=False,
+ result = sshrunner.Run(node, mycommand, batch=False,
ask_key=ssh_key_check,
use_cluster_key=False,
strict_host_check=ssh_key_check)
diff -ub ../ganeti-orig/cli.py ./cli.py
--- ../ganeti-orig/cli.py 2010-09-24 10:12:58.000000000 +1000
+++ ./cli.py 2010-09-24 14:20:19.000000000 +1000
@@ -1863,7 +1863,7 @@
# No need to use SSH
result = utils.RunCmd(cmd)
else:
- result = self.ssh.Run(node_name, "root", utils.ShellQuoteArgs(cmd))
+ result = self.ssh.Run(node_name, utils.ShellQuoteArgs(cmd))
if result.failed:
errmsg = ["Failed to run command %s" % result.cmd]
diff -ub ../ganeti-orig/cmdlib.py ./cmdlib.py
--- ../ganeti-orig/cmdlib.py 2010-09-24 10:12:58.000000000 +1000
+++ ./cmdlib.py 2010-09-24 15:05:48.000000000 +1000
@@ -6934,7 +6934,7 @@
console_cmd = hyper.GetShellCommandForConsole(instance, hvparams, beparams)
# build ssh cmdline
- return self.ssh.BuildCmd(node, "root", console_cmd, batch=True, tty=True)
+ return self.ssh.BuildCmd(constants.REMOTE_SSH_USER, constants.REMOTE_CMD_ESCALATION, node, console_cmd, batch=True, tty=True)
class LUReplaceDisks(LogicalUnit):
Common subdirectories: ../ganeti-orig/confd and ./confd
diff -ub ../ganeti-orig/constants.py ./constants.py
--- ../ganeti-orig/constants.py 2010-09-24 10:12:58.000000000 +1000
+++ ./constants.py 2010-09-24 11:46:18.000000000 +1000
@@ -118,6 +118,10 @@
TOOLSDIR = _autoconf.TOOLSDIR
CONF_DIR = SYSCONFDIR + "/ganeti"
+# remote command setup
+REMOTE_SSH_USER = 'ganeti'
+REMOTE_CMD_ESCALATION = '/usr/bin/sudo'
+
ALL_CERT_FILES = frozenset([NODED_CERT_FILE, RAPI_CERT_FILE])
MASTER_SOCKET = SOCKET_DIR + "/ganeti-master"
Common subdirectories: ../ganeti-orig/http and ./http
Common subdirectories: ../ganeti-orig/hypervisor and ./hypervisor
Common subdirectories: ../ganeti-orig/rapi and ./rapi
diff -ub ../ganeti-orig/ssh.py ./ssh.py
--- ../ganeti-orig/ssh.py 2010-09-24 10:12:58.000000000 +1000
+++ ./ssh.py 2010-09-24 14:33:43.000000000 +1000
@@ -130,7 +130,7 @@
return options
- def BuildCmd(self, hostname, user, command, batch=True, ask_key=False,
+ def BuildCmd(self, user, priv_escalation, hostname, command, batch=True, ask_key=False,
tty=False, use_cluster_key=True, strict_host_check=True,
private_key=None, quiet=True):
"""Build an ssh command to execute a command on a remote node.
@@ -155,6 +155,9 @@
argv.extend(self._BuildSshOptions(batch, ask_key, use_cluster_key,
strict_host_check, private_key,
quiet=quiet))
+
+ command = priv_escalation + ' ' + command
+
if tty:
argv.extend(["-t", "-t"])
argv.extend(["%...@%s" % (user, hostname), command])
@@ -172,7 +175,7 @@
@return: the result as from L{utils.RunCmd()}
"""
- return utils.RunCmd(self.BuildCmd(*args, **kwargs))
+ return utils.RunCmd(self.BuildCmd(constants.REMOTE_SSH_USER, constants.REMOTE_CMD_ESCALATION, *args, **kwargs))
def CopyFileToNode(self, node, filename):
"""Copy a file to another node with scp.
@@ -225,7 +228,7 @@
- detail: string with details
"""
- retval = self.Run(node, 'root', 'hostname --fqdn')
+ retval = self.Run(node, 'hostname --fqdn')
if retval.failed:
msg = "ssh problem"
