def AddNodeSshKey(node_uuid, node_name,
potential_master_candidates,
- ssh_port_map,
to_authorized_keys=False,
to_public_keys=False,
get_public_keys=False,
@param node_uuid: the UUID of the node whose key is added
@type node_name: str
@param node_name: the name of the node whose key is added
- @type ssh_port_map: dict from str to int
- @param ssh_port_map: a mapping from node names to SSH port numbers
@type potential_master_candidates: list of str
@param potential_master_candidates: list of node names of potential master
candidates; this should match the list of uuids in the public key file
_InitSshUpdateData(base_data, noded_cert_file, ssconf_store)
cluster_name = base_data[constants.SSHS_CLUSTER_NAME]
+ ssh_port_map = ssconf_store.GetSshPortMap()
+
# Update the target node itself
logging.debug("Updating SSH key files of target node '%s'.", node_name)
if get_public_keys:
def RemoveNodeSshKey(node_uuid, node_name,
master_candidate_uuids,
potential_master_candidates,
- ssh_port_map,
master_uuid=None,
keys_to_remove=None,
from_authorized_keys=False,
@type potential_master_candidates: list of str
@param potential_master_candidates: list of names of potential master
candidates
- @type ssh_port_map: dict of str to int
- @param ssh_port_map: mapping of node names to their SSH port
@type keys_to_remove: dict of str to list of str
@param keys_to_remove: a dictionary mapping node UUIDS to lists of SSH keys
to be removed. This list is supposed to be used only if the keys are not
ssconf_store = ssconf.SimpleStore()
master_node = ssconf_store.GetMasterNode()
+ ssh_port_map = ssconf_store.GetSshPortMap()
if from_authorized_keys or from_public_keys:
if keys_to_remove:
raise errors.SshUpdateError("Could not move at least one master SSH key.")
-def RenewSshKeys(node_uuids, node_names, ssh_port_map,
- master_candidate_uuids,
+def RenewSshKeys(node_uuids, node_names, master_candidate_uuids,
potential_master_candidates,
pub_key_file=pathutils.SSH_PUB_KEYS,
ssconf_store=None,
@type node_names: list of str
@param node_names: list of node names whose keys should be removed. This list
should match the C{node_uuids} parameter
- @type ssh_port_map: dict of str to int
- @param ssh_port_map: map of node UUID to ssh port number
@type master_candidate_uuids: list of str
@param master_candidate_uuids: list of UUIDs of master candidates or
master node
master_node_name = ssconf_store.GetMasterNode()
master_node_uuid = _GetMasterNodeUUID(node_uuid_name_map, master_node_name)
+ ssh_port_map = ssconf_store.GetSshPortMap()
# List of all node errors that happened, but which did not abort the
# procedure as a whole. It is important that this is a list to have a
# somewhat chronological history of events.
logging.debug("Removing SSH key of node '%s'.", node_name)
node_errors = RemoveNodeSshKey(
node_uuid, node_name, master_candidate_uuids,
- potential_master_candidates, ssh_port_map,
+ potential_master_candidates,
master_uuid=master_node_uuid, from_authorized_keys=master_candidate,
from_public_keys=False, clear_authorized_keys=False,
clear_public_keys=False)
logging.debug("Add ssh key of node '%s'.", node_name)
node_errors = AddNodeSshKey(
node_uuid, node_name, potential_master_candidates,
- ssh_port_map, to_authorized_keys=master_candidate,
+ to_authorized_keys=master_candidate,
to_public_keys=potential_master_candidate,
get_public_keys=True,
pub_key_file=pub_key_file, ssconf_store=ssconf_store,
logging.debug("Add new master key to all nodes.")
node_errors = AddNodeSshKey(
master_node_uuid, master_node_name, potential_master_candidates,
- ssh_port_map, to_authorized_keys=True, to_public_keys=True,
+ to_authorized_keys=True, to_public_keys=True,
get_public_keys=False, pub_key_file=pub_key_file,
ssconf_store=ssconf_store, noded_cert_file=noded_cert_file,
run_cmd_fn=run_cmd_fn)
logging.debug("Remove the old master key from all nodes.")
node_errors = RemoveNodeSshKey(
master_node_uuid, master_node_name, master_candidate_uuids,
- potential_master_candidates, ssh_port_map,
+ potential_master_candidates,
keys_to_remove=old_master_keys_by_uuid, from_authorized_keys=True,
from_public_keys=False, clear_authorized_keys=False,
clear_public_keys=False)
in nodes.items() if not node_info.offline]
node_names = [name for (_, name) in nodes_uuid_names]
node_uuids = [uuid for (uuid, _) in nodes_uuid_names]
- port_map = ssh.GetSshPortMap(node_names, self.cfg)
potential_master_candidates = self.cfg.GetPotentialMasterCandidates()
master_candidate_uuids = self.cfg.GetMasterCandidateUuids()
result = self.rpc.call_node_ssh_keys_renew(
[master_uuid],
- node_uuids, node_names, port_map,
+ node_uuids, node_names,
master_candidate_uuids,
potential_master_candidates)
AddNodeCertToCandidateCerts, RemoveNodeCertFromCandidateCerts, \
EnsureKvmdOnNodes, WarnAboutFailedSshUpdates
-from ganeti.ssh import GetSshPortMap
-
def _DecideSelfPromotion(lu, exceptions=None):
"""Decide whether I should promote myself as a master candidate.
"""
potential_master_candidates = self.cfg.GetPotentialMasterCandidates()
master_node = self.cfg.GetMasterNode()
- port_map = GetSshPortMap(potential_master_candidates, self.cfg)
if readd:
# clear previous keys
new_node_uuid, new_node_name,
master_candidate_uuids,
potential_master_candidates,
- port_map,
True, # from authorized keys
True, # from public keys
False, # clear authorized keys
result = rpcrunner.call_node_ssh_key_add(
[master_node], new_node_uuid, new_node_name,
- potential_master_candidates, port_map,
+ potential_master_candidates,
is_master_candidate, is_potential_master_candidate,
is_potential_master_candidate)
if self.cfg.GetClusterInfo().modify_ssh_setup:
potential_master_candidates = self.cfg.GetPotentialMasterCandidates()
- ssh_port_map = GetSshPortMap(potential_master_candidates, self.cfg)
master_node = self.cfg.GetMasterNode()
if self.old_role == self._ROLE_CANDIDATE:
master_candidate_uuids = self.cfg.GetMasterCandidateUuids()
ssh_result = self.rpc.call_node_ssh_key_remove(
[master_node],
node.uuid, node.name,
- master_candidate_uuids, potential_master_candidates, ssh_port_map,
+ master_candidate_uuids, potential_master_candidates,
True, # remove node's key from all nodes' authorized_keys file
False, # currently, all nodes are potential master candidates
False, # do not clear node's 'authorized_keys'
if self.new_role == self._ROLE_CANDIDATE:
ssh_result = self.rpc.call_node_ssh_key_add(
[master_node], node.uuid, node.name,
- potential_master_candidates, ssh_port_map,
+ potential_master_candidates,
True, # add node's key to all node's 'authorized_keys'
True, # all nodes are potential master candidates
False) # do not update the node's public keys
potential_master_candidates = self.cfg.GetPotentialMasterCandidates()
potential_master_candidate = \
self.op.node_name in potential_master_candidates
- ssh_port_map = GetSshPortMap(potential_master_candidates, self.cfg)
master_candidate_uuids = self.cfg.GetMasterCandidateUuids()
master_node = self.cfg.GetMasterNode()
result = self.rpc.call_node_ssh_key_remove(
[master_node],
self.node.uuid, self.op.node_name,
- master_candidate_uuids, potential_master_candidates, ssh_port_map,
+ master_candidate_uuids, potential_master_candidates,
self.node.master_candidate, # from_authorized_keys
potential_master_candidate, # from_public_keys
True, # clear node's 'authorized_keys'
("node_uuid", None, "UUID of the node whose key is distributed"),
("node_name", None, "Name of the node whose key is distributed"),
("potential_master_candidates", None, "Potential master candidates"),
- ("ssh_port_map", None, "Map of nodes' SSH ports to be used for transfers"),
("to_authorized_keys", None, "Whether the node's key should be added"
" to all nodes' 'authorized_keys' file"),
("to_public_keys", None, "Whether the node's key should be added"
("node_name", None, "Name of the node whose key is removed"),
("master_candidate_uuids", None, "List of UUIDs of master candidates."),
("potential_master_candidates", None, "Potential master candidates"),
- ("ssh_port_map", None, "Map of nodes' SSH ports to be used for transfers"),
("from_authorized_keys", None,
"If the key should be removed from the 'authorized_keys' file."),
("from_public_keys", None,
("node_ssh_keys_renew", MULTI, None, constants.RPC_TMO_SLOW, [
("node_uuids", None, "UUIDs of the nodes whose key is renewed"),
("node_names", None, "Names of the nodes whose key is renewed"),
- ("ssh_port_map", None, "Map of nodes' SSH ports to be used for transfers"),
("master_candidate_uuids", None, "List of UUIDs of master candidates."),
("potential_master_candidates", None, "Potential master candidates")],
None, None, "Renew all SSH key pairs of all nodes nodes."),
"""Distributes a new node's SSH key if authorized.
"""
- (node_uuid, node_name, potential_master_candidates, ssh_port_map,
+ (node_uuid, node_name, potential_master_candidates,
to_authorized_keys, to_public_keys, get_public_keys) = params
return backend.AddNodeSshKey(node_uuid, node_name,
- potential_master_candidates, ssh_port_map,
+ potential_master_candidates,
to_authorized_keys=to_authorized_keys,
to_public_keys=to_public_keys,
get_public_keys=get_public_keys)
"""Generates a new root SSH key pair on the node.
"""
- (node_uuids, node_names, ssh_port_map,
- master_candidate_uuids, potential_master_candidates) = params
- return backend.RenewSshKeys(node_uuids, node_names, ssh_port_map,
+ (node_uuids, node_names, master_candidate_uuids,
+ potential_master_candidates) = params
+ return backend.RenewSshKeys(node_uuids, node_names,
master_candidate_uuids,
potential_master_candidates)
"""
(node_uuid, node_name,
- master_candidate_uuids, potential_master_candidates, ssh_port_map,
+ master_candidate_uuids, potential_master_candidates,
from_authorized_keys, from_public_keys, clear_authorized_keys,
clear_public_keys) = params
return backend.RemoveNodeSshKey(node_uuid, node_name,
master_candidate_uuids,
potential_master_candidates,
- ssh_port_map,
from_authorized_keys=from_authorized_keys,
from_public_keys=from_public_keys,
clear_authorized_keys=clear_authorized_keys,
(result.cmd, result.fail_reason))
-def GetSshPortMap(nodes, cfg):
- """Retrieves SSH ports of given nodes from the config.
-
- @param nodes: the names of nodes
- @type nodes: a list of strings
- @param cfg: a configuration object
- @type cfg: L{ConfigWriter}
- @return: a map from node names to ssh ports
- @rtype: a dict from str to int
-
- """
- node_port_map = {}
- node_groups = dict(map(lambda n: (n.name, n.group),
- cfg.GetAllNodesInfo().values()))
- group_port_map = cfg.GetGroupSshPorts()
- for node in nodes:
- group_uuid = node_groups.get(node)
- ssh_port = group_port_map.get(group_uuid)
- node_port_map[node] = ssh_port
- return node_port_map
-
-
def ReadRemoteSshPubKeys(pub_key_file, node, cluster_name, port, ask_key,
strict_host_check):
"""Fetches the public DSA SSH key from a node via SSH.
from ganeti import hypervisor
from ganeti import netutils
from ganeti import objects
-from ganeti import pathutils
from ganeti import serializer
from ganeti import ssh
from ganeti import utils
self._ssconf_mock.GetMasterNode = mock.Mock()
self._ssconf_mock.GetClusterName = mock.Mock()
self._ssconf_mock.GetOnlineNodeList = mock.Mock()
+ self._ssconf_mock.GetSshPortMap = mock.Mock()
self._run_cmd_mock = mock.Mock()
self._run_cmd_mock.side_effect = self._ssh_file_manager.RunCommand
self._all_nodes = []
self._potential_master_candidates = []
self._master_candidate_uuids = []
- self._ssh_port_map = {}
self._ssconf_mock.reset_mock()
self._ssconf_mock.GetNodeList.reset_mock()
self._ssh_file_manager.InitAllNodes(15, 10, 5)
self._master_node = self._ssh_file_manager.GetMasterNodeName()
- self._ssh_port_map = self._ssh_file_manager.GetSshPortMap(self._SSH_PORT)
+ self._ssconf_mock.GetSshPortMap.return_value = \
+ self._ssh_file_manager.GetSshPortMap(self._SSH_PORT)
self._potential_master_candidates = \
self._ssh_file_manager.GetAllPotentialMasterCandidateNodeNames()
self._master_candidate_uuids = \
ssh.AddPublicKey(test_node_uuid, "some_old_key",
key_file=self._pub_key_file)
- backend._GenerateNodeSshKey(test_node_uuid, test_node_name,
- self._ssh_port_map,
- pub_key_file=self._pub_key_file,
- ssconf_store=self._ssconf_mock,
- noded_cert_file=self.noded_cert_file,
- run_cmd_fn=self._run_cmd_mock)
+ backend._GenerateNodeSshKey(
+ test_node_uuid, test_node_name,
+ self._ssh_file_manager.GetSshPortMap(self._SSH_PORT),
+ pub_key_file=self._pub_key_file,
+ ssconf_store=self._ssconf_mock,
+ noded_cert_file=self.noded_cert_file,
+ run_cmd_fn=self._run_cmd_mock)
calls_per_node = self._GetCallsPerNode()
for node, calls in calls_per_node.items():
ssh.AddPublicKey(name, key, key_file=self._pub_key_file)
self._potential_master_candidates.append(name)
- self._ssh_port_map[name] = self._SSH_PORT
+ self._ssconf_mock.GetSshPortMap.return_value = \
+ self._ssh_file_manager.GetSshPortMap(self._SSH_PORT)
def _GetNewMasterCandidate(self):
"""Returns the properties of a new master candidate node."""
backend.AddNodeSshKey(new_node_uuid, new_node_name,
self._potential_master_candidates,
- self._ssh_port_map,
to_authorized_keys=is_master_candidate,
to_public_keys=is_potential_master_candidate,
get_public_keys=is_potential_master_candidate,
backend.AddNodeSshKey(new_node_uuid, new_node_name,
self._potential_master_candidates,
- self._ssh_port_map,
to_authorized_keys=is_master_candidate,
to_public_keys=is_potential_master_candidate,
get_public_keys=is_potential_master_candidate,
self.assertRaises(
AssertionError, backend.AddNodeSshKey, new_node_uuid, new_node_name,
- self._potential_master_candidates, self._ssh_port_map,
+ self._potential_master_candidates,
to_authorized_keys=is_master_candidate,
to_public_keys=is_potential_master_candidate,
get_public_keys=is_potential_master_candidate,
backend.AddNodeSshKey(node_info.uuid, node_name,
self._potential_master_candidates,
- self._ssh_port_map,
to_authorized_keys=True,
to_public_keys=False,
get_public_keys=False,
backend.RemoveNodeSshKey(node_uuid, node_name,
self._master_candidate_uuids,
self._potential_master_candidates,
- self._ssh_port_map,
from_authorized_keys=True,
from_public_keys=True,
clear_authorized_keys=True,
backend.RemoveNodeSshKey(node_info.uuid, node_name,
self._master_candidate_uuids,
self._potential_master_candidates,
- self._ssh_port_map,
from_authorized_keys=False,
from_public_keys=True,
clear_authorized_keys=True,
backend.RemoveNodeSshKey(node_info.uuid, node_name,
self._master_candidate_uuids,
self._potential_master_candidates,
- self._ssh_port_map,
from_authorized_keys=False,
from_public_keys=False,
clear_authorized_keys=True,
backend.RemoveNodeSshKey(node_info.uuid, node_name,
self._master_candidate_uuids,
self._potential_master_candidates,
- self._ssh_port_map,
from_authorized_keys=True,
from_public_keys=False,
clear_authorized_keys=False,
backend.RemoveNodeSshKey(node_info.uuid, node_name,
self._master_candidate_uuids,
self._potential_master_candidates,
- self._ssh_port_map,
from_authorized_keys=False,
from_public_keys=True,
clear_authorized_keys=False,
backend.AddNodeSshKey(new_node_uuid, new_node_name,
self._potential_master_candidates,
- self._ssh_port_map,
to_authorized_keys=is_master_candidate,
to_public_keys=is_potential_master_candidate,
get_public_keys=is_potential_master_candidate,
backend.RemoveNodeSshKey(node_info.uuid, node_name,
self._master_candidate_uuids,
self._potential_master_candidates,
- self._ssh_port_map,
from_authorized_keys=True,
from_public_keys=True,
clear_authorized_keys=True,
backend.AddNodeSshKey(new_node_uuid, new_node_name,
self._potential_master_candidates,
- self._ssh_port_map,
to_authorized_keys=is_master_candidate,
to_public_keys=is_potential_master_candidate,
get_public_keys=is_potential_master_candidate,
self.assertRaises(
errors.SshUpdateError, backend.AddNodeSshKey, new_node_uuid,
- new_node_name, self._potential_master_candidates, self._ssh_port_map,
+ new_node_name, self._potential_master_candidates,
to_authorized_keys=is_master_candidate,
to_public_keys=is_potential_master_candidate,
get_public_keys=is_potential_master_candidate,
backend.AddNodeSshKey(new_node_uuid, new_node_name,
self._potential_master_candidates,
- self._ssh_port_map,
to_authorized_keys=is_master_candidate,
to_public_keys=is_potential_master_candidate,
get_public_keys=is_potential_master_candidate,
node_errors = backend.AddNodeSshKey(
new_node_uuid, new_node_name, self._potential_master_candidates,
- self._ssh_port_map, to_authorized_keys=is_master_candidate,
+ to_authorized_keys=is_master_candidate,
to_public_keys=is_potential_master_candidate,
get_public_keys=is_potential_master_candidate,
pub_key_file=self._pub_key_file,
backend.RemoveNodeSshKey(node_info.uuid, node_name,
self._master_candidate_uuids,
self._potential_master_candidates,
- self._ssh_port_map,
from_authorized_keys=True,
from_public_keys=True,
clear_authorized_keys=True,
error_msgs = backend.RemoveNodeSshKey(
node_info.uuid, node_name, self._master_candidate_uuids,
- self._potential_master_candidates, self._ssh_port_map,
+ self._potential_master_candidates,
from_authorized_keys=True, from_public_keys=True,
clear_authorized_keys=True, clear_public_keys=True,
pub_key_file=self._pub_key_file, ssconf_store=self._ssconf_mock,
backend.RemoveNodeSshKey(node_info.uuid, node_name,
self._master_candidate_uuids,
self._potential_master_candidates,
- self._ssh_port_map,
from_authorized_keys=True,
from_public_keys=True,
clear_authorized_keys=True,
error_msgs = backend.RemoveNodeSshKey(
node_info.uuid, node_name, self._master_candidate_uuids,
- self._potential_master_candidates, self._ssh_port_map,
+ self._potential_master_candidates,
from_authorized_keys=True, from_public_keys=True,
clear_authorized_keys=True, clear_public_keys=True,
pub_key_file=self._pub_key_file, ssconf_store=self._ssconf_mock,