Add the SSH key type and length to the config, and set them
authorHrvoje Ribicic <riba@google.com>
Mon, 12 Oct 2015 15:39:11 +0000 (11:39 -0400)
committerHrvoje Ribicic <riba@google.com>
Fri, 20 Nov 2015 10:13:57 +0000 (11:13 +0100)
This patch uses the previously added CLI options to allow the key
parameters to be specified at initialization time and saved in the
configuration.

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Helga Velroyen <helgav@google.com>

lib/bootstrap.py
lib/client/gnt_cluster.py
lib/ht.py
lib/objects.py
src/Ganeti/Constants.hs
src/Ganeti/Objects.hs
test/hs/Test/Ganeti/Objects.hs

index d649b8e..69f75dd 100644 (file)
@@ -485,16 +485,17 @@ def _InitCheckDrbdHelper(drbd_helper, drbd_enabled):
 def InitCluster(cluster_name, mac_prefix, # pylint: disable=R0913, R0914
                 master_netmask, master_netdev, file_storage_dir,
                 shared_file_storage_dir, gluster_storage_dir,
-                candidate_pool_size, secondary_ip=None,
-                vg_name=None, beparams=None, nicparams=None, ndparams=None,
-                hvparams=None, diskparams=None, enabled_hypervisors=None,
-                modify_etc_hosts=True, modify_ssh_setup=True,
-                maintain_node_health=False, drbd_helper=None, uid_pool=None,
-                default_iallocator=None, default_iallocator_params=None,
-                primary_ip_version=None, ipolicy=None,
-                prealloc_wipe_disks=False, use_external_mip_script=False,
-                hv_state=None, disk_state=None, enabled_disk_templates=None,
-                install_image=None, zeroing_image=None, compression_tools=None,
+                candidate_pool_size, ssh_key_type, ssh_key_bits,
+                secondary_ip=None, vg_name=None, beparams=None, nicparams=None,
+                ndparams=None, hvparams=None, diskparams=None,
+                enabled_hypervisors=None, modify_etc_hosts=True,
+                modify_ssh_setup=True, maintain_node_health=False,
+                drbd_helper=None, uid_pool=None, default_iallocator=None,
+                default_iallocator_params=None, primary_ip_version=None,
+                ipolicy=None, prealloc_wipe_disks=False,
+                use_external_mip_script=False, hv_state=None, disk_state=None,
+                enabled_disk_templates=None, install_image=None,
+                zeroing_image=None, compression_tools=None,
                 enabled_user_shutdown=False):
   """Initialise the cluster.
 
@@ -797,6 +798,8 @@ def InitCluster(cluster_name, mac_prefix, # pylint: disable=R0913, R0914
     zeroing_image=zeroing_image,
     compression_tools=compression_tools,
     enabled_user_shutdown=enabled_user_shutdown,
+    ssh_key_type=ssh_key_type,
+    ssh_key_bits=ssh_key_bits,
     )
   master_node_config = objects.Node(name=hostname.name,
                                     primary_ip=hostname.ip,
index 2ade408..946047a 100644 (file)
@@ -299,6 +299,16 @@ def InitCluster(opts, args):
   else:
     enabled_user_shutdown = False
 
+  if opts.ssh_key_type:
+    ssh_key_type = opts.ssh_key_type
+  else:
+    ssh_key_type = constants.SSH_DEFAULT_KEY_TYPE
+
+  if opts.ssh_key_bits:
+    ssh_key_bits = opts.ssh_key_bits
+  else:
+    ssh_key_bits = constants.SSH_DEFAULT_KEY_BITS
+
   bootstrap.InitCluster(cluster_name=args[0],
                         secondary_ip=opts.secondary_ip,
                         vg_name=vg_name,
@@ -333,6 +343,8 @@ def InitCluster(opts, args):
                         zeroing_image=zeroing_image,
                         compression_tools=compression_tools,
                         enabled_user_shutdown=enabled_user_shutdown,
+                        ssh_key_type=ssh_key_type,
+                        ssh_key_bits=ssh_key_bits,
                         )
   op = opcodes.OpClusterPostInit()
   SubmitOpCode(op, opts=opts)
index 1fd5660..edadc3b 100644 (file)
--- a/lib/ht.py
+++ b/lib/ht.py
@@ -651,6 +651,7 @@ def TStorageType(val):
 TTagKind = TElemOf(constants.VALID_TAG_TYPES)
 TDdmSimple = TElemOf(constants.DDMS_VALUES)
 TVerifyOptionalChecks = TElemOf(constants.VERIFY_OPTIONAL_CHECKS)
+TSshKeyType = TElemOf(constants.SSHK_ALL)
 
 
 @WithDesc("IPv4 network")
index 8b5a926..4ea958a 100644 (file)
@@ -1653,6 +1653,8 @@ class Cluster(TaggableObject):
     "compression_tools",
     "enabled_user_shutdown",
     "data_collectors",
+    "ssh_key_type",
+    "ssh_key_bits",
     ] + _TIMESTAMPS + _UUID
 
   def UpgradeConfig(self):
@@ -1808,6 +1810,12 @@ class Cluster(TaggableObject):
     if self.enabled_user_shutdown is None:
       self.enabled_user_shutdown = False
 
+    if self.ssh_key_type is None:
+      self.ssh_key_type = constants.SSH_DEFAULT_KEY_TYPE
+
+    if self.ssh_key_bits is None:
+      self.ssh_key_bits = constants.SSH_DEFAULT_KEY_BITS
+
   @property
   def primary_hypervisor(self):
     """The first hypervisor is the primary.
index eedd493..1a6ceca 100644 (file)
@@ -4702,6 +4702,14 @@ sshakRsa = "ssh-rsa"
 sshakAll :: FrozenSet String
 sshakAll = ConstantUtils.mkSet [sshakDss, sshakRsa]
 
+-- * SSH key default values
+
+sshDefaultKeyType :: String
+sshDefaultKeyType = sshkRsa
+
+sshDefaultKeyBits :: Int
+sshDefaultKeyBits = 2048
+
 -- * SSH setup
 
 sshsClusterName :: String
index 9817900..b47c629 100644 (file)
@@ -678,6 +678,8 @@ $(buildObject "Cluster" "cluster" $
   , simpleField "compression_tools"              [t| [String]                |]
   , simpleField "enabled_user_shutdown"          [t| Bool                    |]
   , simpleField "data_collectors"         [t| Container DataCollectorConfig  |]
+  , simpleField "ssh_key_type"                   [t| SshKeyType              |]
+  , simpleField "ssh_key_bits"                   [t| Int                     |]
  ]
  ++ timeStampFields
  ++ uuidFields
index 3ece5a2..8f7563b 100644 (file)
@@ -375,6 +375,13 @@ instance Arbitrary FilterRule where
                          <*> arbitrary
                          <*> genUUID
 
+instance Arbitrary SshKeyType where
+  arbitrary = oneof
+    [ pure RSA
+    , pure DSA
+    , pure ECDSA
+    ]
+
 -- | Generates a network instance with minimum netmasks of /24. Generating
 -- bigger networks slows down the tests, because long bit strings are generated
 -- for the reservations.