From 0b5284c4146bc67ebee0d2fbf7eec52fcb183f5f Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Mon, 30 Sep 2019 13:51:12 -0500 Subject: [PATCH] ceph-daemon: store ssh identity in mon config-key store Signed-off-by: Sage Weil --- src/ceph-daemon | 82 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 54 insertions(+), 28 deletions(-) diff --git a/src/ceph-daemon b/src/ceph-daemon index d3814fa821d73..291af3835d6a7 100755 --- a/src/ceph-daemon +++ b/src/ceph-daemon @@ -566,34 +566,6 @@ def command_bootstrap(): mgr_c = get_container(fsid, 'mgr', mgr_id) deploy_daemon(fsid, 'mgr', mgr_id, mgr_c, uid, gid, config, mgr_keyring) - # ssh - if not args.skip_ssh: - logging.info('Generating ssh key...') - (ssh_key, ssh_pub) = gen_ssh_key(fsid) - ssh_config = ('Host *\n' - 'IdentifyFile /var/lib/ceph/ssh/id_rsa\n' - 'User root\n' - 'StrictHostKeyChecking no\n') - mgr_dir = get_data_dir(args.data_dir, fsid, 'mgr', mgr_id) - makedirs(os.path.join(mgr_dir, 'ssh')) - os.chown(os.path.join(mgr_dir, 'ssh'), uid, gid) - with open(os.path.join(mgr_dir, 'ssh', 'config'), 'w') as f: - os.fchown(f.fileno(), uid, gid) - f.write(ssh_config) - with open(os.path.join(mgr_dir, 'ssh', 'id_rsa'), 'w') as f: - os.fchown(f.fileno(), uid, gid) - os.fchmod(f.fileno(), 0o600) - f.write(ssh_key) - with open(os.path.join(mgr_dir, 'ssh', 'id_rsa.pub'), 'w') as f: - os.fchown(f.fileno(), uid, gid) - os.fchmod(f.fileno(), 0o600) - f.write(ssh_pub) - - logging.info('Adding key to root@localhost\'s authorized_keys...') - with open('/root/.ssh/authorized_keys', 'a') as f: - os.fchmod(f.fileno(), 0o600) # just in case we created it - f.write(ssh_pub + '\n') - # output files if args.output_keyring: with open(args.output_keyring, 'w') as f: @@ -606,6 +578,60 @@ def command_bootstrap(): f.write(config) logging.info('wrote config to %s' % args.output_config) + # ssh + if not args.skip_ssh: + logging.info('Generating ssh key...') + (ssh_key, ssh_pub) = gen_ssh_key(fsid) + + tmp_key = tempfile.NamedTemporaryFile(mode='w') + os.fchmod(tmp_key.fileno(), 0o600) + os.fchown(tmp_key.fileno(), uid, gid) + tmp_key.write(ssh_key) + tmp_key.flush() + tmp_pub = tempfile.NamedTemporaryFile(mode='w') + os.fchmod(tmp_pub.fileno(), 0o600) + os.fchown(tmp_pub.fileno(), uid, gid) + tmp_pub.write(ssh_pub) + tmp_pub.flush() + + CephContainer( + image=args.image, + entrypoint='/usr/bin/ceph', + args=[ + '-n', 'mon.', + '-k', '/var/lib/ceph/mon/ceph-%s/keyring' % mon_id, + '-c', '/var/lib/ceph/mon/ceph-%s/config' % mon_id, + 'config-key', + 'set', + 'mgr/ssh/ssh_identity_key', + '-i', '/tmp/key'], + volume_mounts={ + mon_dir: '/var/lib/ceph/mon/ceph-%s:z' % (mon_id), + tmp_key.name: '/tmp/key:z', + }, + ).run() + CephContainer( + image=args.image, + entrypoint='/usr/bin/ceph', + args=[ + '-n', 'mon.', + '-k', '/var/lib/ceph/mon/ceph-%s/keyring' % mon_id, + '-c', '/var/lib/ceph/mon/ceph-%s/config' % mon_id, + 'config-key', + 'set', + 'mgr/ssh/ssh_identity_pub', + '-i', '/tmp/pub'], + volume_mounts={ + mon_dir: '/var/lib/ceph/mon/ceph-%s:z' % (mon_id), + tmp_pub.name: '/tmp/pub:z', + }, + ).run() + + logging.info('Adding key to root@localhost\'s authorized_keys...') + with open('/root/.ssh/authorized_keys', 'a') as f: + os.fchmod(f.fileno(), 0o600) # just in case we created it + f.write(ssh_pub + '\n') + return 0 ################################## -- 2.39.5