LGTM On Tue, Nov 24, 2015 at 3:15 PM 'Helga Velroyen' via ganeti-devel < [email protected]> wrote:
> This patch makes renew-crypto use the newly introduced > bulk-removal function for SSH keys. This way the > complexity of renew-crypto (in terms of number of > SSH connections) becomes linear (from previously > quadratic). > > Signed-off-by: Helga Velroyen <[email protected]> > --- > lib/backend.py | 37 ++++++++++++++++++++++++++++--------- > 1 file changed, 28 insertions(+), 9 deletions(-) > > diff --git a/lib/backend.py b/lib/backend.py > index 1c68534..a935576 100644 > --- a/lib/backend.py > +++ b/lib/backend.py > @@ -2122,11 +2122,19 @@ def RenewSshKeys(node_uuids, node_names, > master_candidate_uuids, > # keys to add in bulk at the end > node_keys_to_add = [] > > + # list of all nodes > + node_list = [] > + > + # list of keys to be removed before generating new keys > + node_info_to_remove = [] > + > for node_uuid, node_name in node_uuid_name_map: > if node_name == master_node_name: > continue > master_candidate = node_uuid in master_candidate_uuids > potential_master_candidate = node_name in potential_master_candidates > + node_list.append((node_uuid, node_name, master_candidate, > + potential_master_candidate)) > > keys_by_uuid = ssh.QueryPubKeyFile([node_uuid], key_file=pub_key_file) > if not keys_by_uuid: > @@ -2147,19 +2155,30 @@ def RenewSshKeys(node_uuids, node_names, > master_candidate_uuids, > # remove that node's key, because it is also the master node's key > # and that would terminate all communication from the master to > the > # node. > - logging.debug("Removing SSH key of node '%s'.", node_name) > - node_errors = RemoveNodeSshKey( > - node_uuid, node_name, master_candidate_uuids, > - potential_master_candidates, > - master_uuid=master_node_uuid, > from_authorized_keys=master_candidate, > - from_public_keys=False, clear_authorized_keys=False, > - clear_public_keys=False) > - if node_errors: > - all_node_errors = all_node_errors + node_errors > + node_info_to_remove.append(SshRemoveNodeInfo( > + uuid=node_uuid, > + name=node_name, > + from_authorized_keys=master_candidate, > + from_public_keys=False, > + clear_authorized_keys=False, > + clear_public_keys=False)) > else: > logging.debug("Old key of node '%s' is the same as the current > master" > " key. Not deleting that key on the node.", > node_name) > > + logging.debug("Removing old SSH keys of all master candidates.") > + if node_info_to_remove: > + node_errors = RemoveNodeSshKeyBulk( > + node_info_to_remove, > + master_candidate_uuids, > + potential_master_candidates, > + master_uuid=master_node_uuid) > + if node_errors: > + all_node_errors = all_node_errors + node_errors > + > + for (node_uuid, node_name, master_candidate, > potential_master_candidate) \ > + in node_list: > + > logging.debug("Generating new SSH key for node '%s'.", node_name) > _GenerateNodeSshKey(node_uuid, node_name, ssh_port_map, > pub_key_file=pub_key_file, > -- > 2.6.0.rc2.230.g3dd15c0 > > -- Lisa Velden Software Engineer [email protected] Google Germany GmbH Dienerstraße 12 80331 München Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg
