From: Sage Weil Date: Sat, 17 Aug 2013 00:59:11 +0000 (-0700) Subject: ceph-post-file: single command to upload a file to cephdrop X-Git-Tag: v0.67.3~16 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=8a1da62d9564a32f7b8963fe298e1ac3ad0ea3d9;p=ceph.git ceph-post-file: single command to upload a file to cephdrop Use sftp to upload to a directory that only this user and ceph devs can access. Distribute an ssh key to connect to the account. This will let us revoke the key in the future if we feel the need. Also distribute a known_hosts file so that users have some confidence that they are connecting to the real ceph drop account and not some third party. Signed-off-by: Sage Weil Reviewed-by: Dan Mick (cherry picked from commit d08e05e463f1f7106a1f719d81b849435790a3b9) --- diff --git a/Makefile.am b/Makefile.am index e7dd86ee1ae3..8e0c650bc230 100644 --- a/Makefile.am +++ b/Makefile.am @@ -12,8 +12,17 @@ EXTRA_DIST += \ udev/50-rbd.rules \ udev/60-ceph-partuuid-workaround.rules \ udev/95-ceph-osd.rules \ - udev/95-ceph-osd-alt.rules + udev/95-ceph-osd-alt.rules \ + share/known_hosts_drop.ceph.com \ + share/id_dsa_drop.ceph.com \ + share/id_dsa_drop.ceph.com.pub +# why is it so hard to make autotools to this? +install-data-local: + -mkdir -p $(DESTDIR)$(datadir)/ceph + -install -m 644 share/known_hosts_drop.ceph.com $(DESTDIR)$(datadir)/ceph/known_hosts_drop.ceph.com + -install -m 644 share/known_hosts_drop.ceph.com $(DESTDIR)$(datadir)/ceph/id_dsa_drop.ceph.com + -install -m 644 share/known_hosts_drop.ceph.com $(DESTDIR)$(datadir)/ceph/id_dsa_drop.ceph.com.pub all-local: if WITH_DEBUG diff --git a/ceph.spec.in b/ceph.spec.in index b1802c3d25dc..9fdea422993e 100644 --- a/ceph.spec.in +++ b/ceph.spec.in @@ -384,6 +384,9 @@ fi %dir %{_docdir}/ceph %{_docdir}/ceph/sample.ceph.conf %{_docdir}/ceph/sample.fetch_config +%{_datadir}/ceph/known_hosts_drop.ceph.com +%{_datadir}/ceph/id_dsa_drop.ceph.com +%{_datadir}/ceph/id_dsa_drop.ceph.com.pub %{_bindir}/ceph %{_bindir}/cephfs %{_bindir}/ceph-conf @@ -394,6 +397,7 @@ fi %{_bindir}/osdmaptool %{_bindir}/ceph-authtool %{_bindir}/ceph-syn +%{_bindir}/ceph-post-file %{_bindir}/ceph-run %{_bindir}/ceph-mon %{_bindir}/ceph-mds @@ -445,6 +449,7 @@ fi %{_mandir}/man8/mkcephfs.8* %{_mandir}/man8/ceph-run.8* %{_mandir}/man8/ceph-syn.8* +%{_mandir}/man8/ceph-post-file.8* %{_mandir}/man8/ceph-dencoder.8* %{_mandir}/man8/ceph-rest-api.8* %{_mandir}/man8/crushtool.8* diff --git a/debian/ceph-common.install b/debian/ceph-common.install index 6c8af7c74b2f..41453f5a6463 100644 --- a/debian/ceph-common.install +++ b/debian/ceph-common.install @@ -8,11 +8,16 @@ usr/bin/ceph-rest-api usr/bin/ceph-syn usr/bin/rados usr/bin/rbd +usr/bin/ceph-post-file usr/share/man/man8/ceph-authtool.8 usr/share/man/man8/ceph-conf.8 usr/share/man/man8/ceph-dencoder.8 usr/share/man/man8/ceph-rest-api.8 usr/share/man/man8/ceph-syn.8 +usr/share/man/man8/ceph-post-file.8 usr/share/man/man8/ceph.8 usr/share/man/man8/rados.8 usr/share/man/man8/rbd.8 +usr/share/ceph/known_hosts_drop.ceph.com +usr/share/ceph/id_dsa_drop.ceph.com +usr/share/ceph/id_dsa_drop.ceph.com.pub diff --git a/doc/man/8/ceph-debugpack.rst b/doc/man/8/ceph-debugpack.rst index ecfafb1211fe..d07f53dee724 100644 --- a/doc/man/8/ceph-debugpack.rst +++ b/doc/man/8/ceph-debugpack.rst @@ -45,3 +45,4 @@ See also ======== :doc:`ceph `\(8) +:doc:`ceph-post-file `\(8) diff --git a/doc/man/8/ceph-post-file.rst b/doc/man/8/ceph-post-file.rst new file mode 100644 index 000000000000..5625843eaa63 --- /dev/null +++ b/doc/man/8/ceph-post-file.rst @@ -0,0 +1,69 @@ +======================================== + ceph-post-file -- post files for ceph developers +======================================== + +.. program:: ceph-post-file + +Synopsis +======== + +| **ceph-post-file** [-d *description] [-u *user*] *file or dir* ... + + +Description +=========== + +**ceph-post-file** will upload files or directories to ceph.com for +later analysis by Ceph developers. + +Each invocation uploads files or directories to a separate directory +with a unique tag. That tag can be passed to a developer or +referenced in a bug report (http://tracker.ceph.com/). Once the +upload completes, the directory is marked non-readable and +non-writeable to prevent access or modification by other users. + +Warning +======= + +Basic measures are taken to make posted data be visible only to +developers with access to ceph.com infrastructure. However, users +should think twice and/or take appropriate precautions before +posting potentially sensitive data (for example, logs or data +directories that contain Ceph secrets). + + +Options +======= + +.. option:: -d *description*, --description *description* + + Add a short description for the upload. This is a good opportunity + to reference a bug number. There is no default value. + +.. option:: -u *user* + + Set the user metadata for the upload. This defaults to `whoami`@`hostname -f`. + +Examples +======== + +To upload a single log:: + + ceph-post-file /var/log/ceph/ceph-mon.`hostname`.log + +To upload several directories:: + + ceph-post-file -d 'mon data directories' /var/log/ceph/mon/* + + +Availability +============ + +**ceph-post-file** is part of the Ceph distributed file system. Please refer to +the Ceph documentation at http://ceph.com/docs for more information. + +See also +======== + +:doc:`ceph `\(8), +:doc:`ceph-debugpack `\(8), diff --git a/man/Makefile.am b/man/Makefile.am index 5096022ab461..be071b17bb67 100644 --- a/man/Makefile.am +++ b/man/Makefile.am @@ -26,4 +26,5 @@ dist_man_MANS = \ ceph-dencoder.8 \ ceph-rest-api.8 \ ceph-rbdnamer.8 \ + ceph-post-file.8 \ rbd-fuse.8 diff --git a/man/ceph-post-file.8 b/man/ceph-post-file.8 new file mode 100644 index 000000000000..110f3c223b81 --- /dev/null +++ b/man/ceph-post-file.8 @@ -0,0 +1,130 @@ +.\" Man page generated from reStructuredText. +. +.TH "CEPH-POST-FILE" "8" "August 14, 2013" "dev" "Ceph" +.SH NAME +ceph-post-file \- post files for ceph developers +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.SH SYNOPSIS +.nf +\fBceph\-post\-file\fP [\-d \fIdescription] [\-u *user\fP] \fIfile or dir\fP ... +.fi +.sp +.SH DESCRIPTION +.sp +\fBceph\-post\-file\fP will upload files or directories to ceph.com for +later analysis by Ceph developers. +.sp +Each invocation uploads files or directories to a separate directory +with a unique tag. That tag can be passed to a developer or +referenced in a bug report (\fI\%http://tracker.ceph.com/\fP). Once the +upload completes, the directory is marked non\-readable and +non\-writeable to prevent access or modification by other users. +.SH WARNING +.sp +Basic measures are taken to make posted data be visible only to +developers with access to ceph.com infrastructure. However, users +should think twice and/or take appropriate precautions before +posting potentially sensitive data (for example, logs or data +directories that contain Ceph secrets). +.SH OPTIONS +.INDENT 0.0 +.TP +.B \-d *description*, \-\-description *description* +Add a short description for the upload. This is a good opportunity +to reference a bug number. There is no default value. +.UNINDENT +.INDENT 0.0 +.TP +.B \-u *user* +Set the user metadata for the upload. This defaults to \fIwhoami\(ga@\(gahostname \-f\fP\&. +.UNINDENT +.SH EXAMPLES +.sp +To upload a single log: +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +ceph\-post\-file /var/log/ceph/ceph\-mon.\(gahostname\(ga.log +.ft P +.fi +.UNINDENT +.UNINDENT +.sp +To upload several directories: +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +ceph\-post\-file \-d \(aqmon data directories\(aq /var/log/ceph/mon/* +.ft P +.fi +.UNINDENT +.UNINDENT +.SH AVAILABILITY +.sp +\fBceph\-post\-file\fP is part of the Ceph distributed file system. Please refer to +the Ceph documentation at \fI\%http://ceph.com/docs\fP for more information. +.SH SEE ALSO +.sp +\fBceph\fP(8), +\fBceph\-debugpack\fP(8), +.SH COPYRIGHT +2010-2013, Inktank Storage, Inc. and contributors. Licensed under Creative Commons BY-SA +.\" Generated by docutils manpage writer. +. diff --git a/share/id_dsa_drop.ceph.com b/share/id_dsa_drop.ceph.com new file mode 100644 index 000000000000..3efc985a129e --- /dev/null +++ b/share/id_dsa_drop.ceph.com @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBugIBAAKBgQDv8F/WToUDOc2HRWUOqtq5ilORE+5P53yZUo7ugr8XD3wM0H7Q +IIl9F9fizwUtL2gh3n1BnBxmPhkVU6VYsiDpn1P3dWvRmf+jyqPuk+b185L0Erb8 +QsExADv6v33Yyd+9i5oTI988Rm1VWY6QhP7neW6yMPt2noi1TwleLm6z2wIVAKHL +ciT2S0w/dbTFQDFHSEOCAif3AoGAHwOYd8YEInrcBrXPFJuPFbQKr8ceO3/ItY0r +/W/L92nXUJbdl1JEt2KfkdwaxkBhlYT7E1JR5MRoTNBTEMCFjHxemZCdH+03+Jzq ++RAQ28p77przbqOFaMuZuQoGlqMy3gYrhnPRGEJGjh+pkhMePqUPCCKFtRntNzlH +lDh4uOACgYBLGpqu3Pthhd4fnawv8Md16gc/p1Vg/5vyAzi9Gshhgf1hXvFHdeJv +AN/5mgE/Ekg7fqeNUhui9LYkuuOMgP267naGkAAgxV3bbiy439Vj8SzXdOQk4agA +YgebWkmJrdMtUSzeBYBkqBZTZODvQwCmYdR6INuNuZtA+rHgKwiAHQIUZak7aJD8 +y4kap9GmduDYmp6/JxU= +-----END DSA PRIVATE KEY----- diff --git a/share/id_dsa_drop.ceph.com.pub b/share/id_dsa_drop.ceph.com.pub new file mode 100644 index 000000000000..e7e538344345 --- /dev/null +++ b/share/id_dsa_drop.ceph.com.pub @@ -0,0 +1 @@ +ssh-dss AAAAB3NzaC1kc3MAAACBAO/wX9ZOhQM5zYdFZQ6q2rmKU5ET7k/nfJlSju6CvxcPfAzQftAgiX0X1+LPBS0vaCHefUGcHGY+GRVTpViyIOmfU/d1a9GZ/6PKo+6T5vXzkvQStvxCwTEAO/q/fdjJ372LmhMj3zxGbVVZjpCE/ud5brIw+3aeiLVPCV4ubrPbAAAAFQChy3Ik9ktMP3W0xUAxR0hDggIn9wAAAIAfA5h3xgQietwGtc8Um48VtAqvxx47f8i1jSv9b8v3addQlt2XUkS3Yp+R3BrGQGGVhPsTUlHkxGhM0FMQwIWMfF6ZkJ0f7Tf4nOr5EBDbynvumvNuo4Voy5m5CgaWozLeBiuGc9EYQkaOH6mSEx4+pQ8IIoW1Ge03OUeUOHi44AAAAIBLGpqu3Pthhd4fnawv8Md16gc/p1Vg/5vyAzi9Gshhgf1hXvFHdeJvAN/5mgE/Ekg7fqeNUhui9LYkuuOMgP267naGkAAgxV3bbiy439Vj8SzXdOQk4agAYgebWkmJrdMtUSzeBYBkqBZTZODvQwCmYdR6INuNuZtA+rHgKwiAHQ== public_ceph_post_key_2013-08-16 diff --git a/share/known_hosts_drop.ceph.com b/share/known_hosts_drop.ceph.com new file mode 100644 index 000000000000..862df67aeeff --- /dev/null +++ b/share/known_hosts_drop.ceph.com @@ -0,0 +1 @@ +drop.ceph.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjl2XzIpS92snr4SymcBVQx7y6d/ZjzCKJAlGZYkgknWWf+JBEpXp+cOoMk2Td5pIPkOdn72pGAuuPzL9HSJpN/o75tzbv0mAd//3t9D5/Kpnd+tWIDDgj+RIz8ZKRxSR8lnVjsUHlTrwQwaUkZ3KDiVgtQXDp0+1rU1+02cEkeBStoMLQt/6xw1hmPGSIAMH2HRkyge+/I8RwK7jbTwwcxh61Vxe0qMGkDO6vUVXw+K6hoXV4uGaqZ9/B2GirXJPz6ulvLC/mtEdgtfKS3eiMTaJS5Cpne6rJw2Wm7kHfQPstJaUq06BJiRe6R+JHC897NVZd0yc1bZe+BI0PmQJL diff --git a/src/.gitignore b/src/.gitignore index 5c52f6c4f421..4c98529bd87d 100644 --- a/src/.gitignore +++ b/src/.gitignore @@ -12,6 +12,7 @@ Makefile /ceph-conf /ceph-coverage /ceph-debugpack +/ceph-post-file /ceph-dencoder /ceph-fuse /ceph-mds diff --git a/src/Makefile.am b/src/Makefile.am index a9bbde326860..97c9e7a963dc 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -39,7 +39,7 @@ ceph_sbin_SCRIPTS = \ sbin_SCRIPTS = \ mount.fuse.ceph -bin_SCRIPTS = ceph ceph-run ceph-rest-api ceph-clsinfo ceph-debugpack ceph-rbdnamer +bin_SCRIPTS = ceph ceph-run ceph-rest-api ceph-clsinfo ceph-debugpack ceph-rbdnamer ceph-post-file dist_bin_SCRIPTS = # C/C++ tests to build will be appended to this check_PROGRAMS = @@ -184,7 +184,7 @@ base: ceph-mon ceph-osd ceph-mds \ ceph-syn \ rados radosgw librados-config \ ceph-conf monmaptool osdmaptool crushtool ceph-authtool \ - init-ceph mkcephfs mon_store_converter + init-ceph mkcephfs mon_store_converter ceph-post-file # fuse targets? @@ -1271,7 +1271,7 @@ editpaths = sed \ -e 's|@prefix[@]|$(prefix)|g' \ -e 's|@@GCOV_PREFIX_STRIP[@][@]|$(GCOV_PREFIX_STRIP)|g' -shell_scripts = init-ceph mkcephfs ceph-debugpack ceph-coverage +shell_scripts = init-ceph mkcephfs ceph-debugpack ceph-coverage ceph-post-file $(shell_scripts): Makefile diff --git a/src/ceph-post-file.in b/src/ceph-post-file.in new file mode 100755 index 000000000000..27fea287fc6a --- /dev/null +++ b/src/ceph-post-file.in @@ -0,0 +1,157 @@ +#!/bin/bash -e + +# if we start up as ./$0, assume we are running from a source +# checkout. +if [ `dirname $0` = "." ] && [ $PWD != "/usr/bin" ]; then + known_hosts=../share/known_hosts_drop.ceph.com + ssh_key=../share/id_dsa_drop.ceph.com +else + known_hosts=@datadir@/known_hosts_drop.ceph.com + ssh_key=@datadir@/id_dsa_drop.ceph.com +fi + +usage() { + echo "Usage: $0 [options] file1 [dir2 ...] + +Easily upload files or directories to ceph.com for analysis by Ceph +developers. + +Each invocation uploads files or directories to a separate directory +with a unique tag. That tag can be passed to a developer or +referenced in a bug report (http://tracker.ceph.com/). Once the +upload completes, the directory is marked non-readable and +non-writeable to prevent access or modification by other users. + +WARNING: + Basic measures are taken to make posted data be visible only to + developers with access to ceph.com infrastructure. However, users + should think twice and/or take appropriate precautions before + posting potentially sensitive data (for example, logs or data + directories that contain Ceph secrets). + +Options: + -d Description for this post + [Default: none] + -u User identifier + [Default: \`whoami\`@\`hostname -f\`] + -r Remote to upload to + [Default: postfile@drop.ceph.com] + -k known_hosts file + [Default: /usr/share/ceph/known_hosts_drop.ceph.com] + -i Ssh identity file + [Default: /usr/share/ceph/id_dsa_drop.ceph.com] + -h Show this usage information +" +} + +if [ -z "$*" ]; then + usage + exit 1 +fi + +description="" +user="`whoami`@`hostname -f`" +remote="postfile@drop.ceph.com" +case $1 in + -d | --description) + description="$2" + shift + shift + ;; + -u | --user) + user="$2" + shift + shift + ;; + -h | --help) + usage + exit 0 + ;; + -k | --known-hosts) + known_hosts="$1" + shift + shift + ;; + -i) + ssh_key="$1" + shift + shift + ;; + -r | --remote) + remote="$1" + shift + shift + ;; +esac + +# this id should be shared +id=`uuidgen` +echo "$0: upload tag $id" + +# this is secret goop we add to the directory so that $id is not +# enough to find the data using the shared user; only ceph developers +# who have access to the server and can read the post directory can +# find the uploaded data. +nonce=`uuidgen` + +# stick the user info in the dir too +dir="${id}_${user}_${nonce}" + +t1=$(tempfile) || exit +t2=$(tempfile) || exit +t3=$(tempfile) || exit +t4=$(tempfile) || exit +trap "rm -f -- '$t1' '$t2' '$t3' '$t4'" EXIT +cat > $t1 < $t3 <> $t1 + +if [ -n "$description" ]; then + echo "$0: description: $description" + cat > $t2 <> $t1 +fi + +while [ -n "$*" ]; do + if [ -d "$1" ]; then + echo $0: will upload directory $1 + bn=`basename "$1"` + cat >> $t1 <> $t1 <