do SSH magic when running new only

Signed-off-by: Alfredo Deza <alfredo.deza@inktank.com>

diff --git a/ceph_deploy/new.py b/ceph_deploy/new.py
index 33d2b6eb88833aec59c6cc615f77f24304e78c25..5a19bec05dd6832060fccf1fde2a8a1076fd0ffc 100644 (file)
--- a/ceph_deploy/new.py
+++ b/ceph_deploy/new.py
@@ -10,8 +10,11 @@ import socket
 from . import exc
 from .cliutil import priority
 from .conf import CephConf
-from .util import arg_validators
+from . import hosts
+from .util import arg_validators, ssh
 from .misc import mon_hosts
+from .lib.remoto import process
+from .connection import get_local_connection
 
 
 LOG = logging.getLogger(__name__)
@@ -19,14 +22,16 @@ LOG = logging.getLogger(__name__)
 
 def generate_auth_key():
     key = os.urandom(16)
-    header = struct.pack('<hiih',
-                1,               # le16 type: CEPH_CRYPTO_AES
-                int(time.time()),  # le32 created: seconds
-                0,               # le32 created: nanoseconds,
-                len(key),        # le16: len(key)
-                )
+    header = struct.pack(
+        '<hiih',
+        1,                 # le16 type: CEPH_CRYPTO_AES
+        int(time.time()),  # le32 created: seconds
+        0,                 # le32 created: nanoseconds,
+        len(key),          # le16: len(key)
+    )
     return base64.b64encode(header + key)
 
+
 def get_nonlocal_ip(host):
     """
     Search result of getaddrinfo() for a non-localhost-net address
@@ -40,6 +45,51 @@ def get_nonlocal_ip(host):
     raise exc.UnableToResolveError(host)
 
 
+def ssh_copy_keys(hostname, username=None):
+    LOG.info('making sure passwordless SSH succeeds')
+    if ssh.can_connect_passwordless(hostname):
+        return
+
+    LOG.warning('could not connect via SSH')
+
+    # Create the key if it doesn't exist:
+    id_rsa_pub_file = os.path.expanduser(u'~/.ssh/id_rsa.pub')
+    id_rsa_file = id_rsa_pub_file.split('.pub')[0]
+    if not os.path.exists(id_rsa_file):
+        LOG.info('creating a passwordless id_rsa.pub key file')
+        with get_local_connection(LOG) as conn:
+            process.run(
+                conn,
+                [
+                    'ssh-keygen',
+                    '-t',
+                    'rsa',
+                    '-N',
+                    "",
+                    '-f',
+                    id_rsa_file,
+                ]
+            )
+
+    # Get the contents of id_rsa.pub and push it to the host
+    LOG.info('will connect again with password prompt')
+    distro = hosts.get(hostname, username)  # XXX Add username
+    auth_keys_path = '.ssh/authorized_keys'
+    if not distro.conn.remote_module.path_exists(auth_keys_path):
+        distro.conn.logger.warning(
+            '.ssh/authorized_keys does not exist, will skip adding keys'
+        )
+    else:
+        LOG.info('adding public keys to authorized_keys')
+        with open(os.path.expanduser('~/.ssh/id_rsa.pub'), 'r') as id_rsa:
+            contents = id_rsa.read()
+        distro.conn.remote_module.append_to_file(
+            auth_keys_path,
+            contents
+        )
+    distro.conn.exit()
+
+
 def new(args):
     LOG.debug('Creating new cluster named %s', args.cluster)
     cfg = CephConf()
@@ -58,6 +108,8 @@ def new(args):
         LOG.debug('Monitor %s at %s', name, ip)
         mon_initial_members.append(name)
         mon_host.append(ip)
+        if args.ssh_copykey:
+            ssh_copy_keys(host, args.username)
 
     LOG.debug('Monitor initial members are %s', mon_initial_members)
     LOG.debug('Monitor addrs are %s', mon_host)
@@ -128,6 +180,14 @@ def make(parser):
         help='initial monitor hostname, fqdn, or hostname:fqdn pair',
         type=arg_validators.Hostname(),
         )
+    parser.add_argument(
+        '--no-ssh-copykey',
+        dest='ssh_copykey',
+        action='store_false',
+        default=True,
+        help='do not attempt to copy SSH keys',
+    )
+
     parser.set_defaults(
         func=new,
         )