apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug 8199: always update the keypairs on disk to account for multiple management servers

Browse Source
This commit is contained in:
Chiradeep Vittal 2011-01-28 12:24:00 -08:00
parent fd081dc5e7
commit cc0ed77fee
3 changed files with 135 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
scripts/vm/systemvm/injectkeys.sh
View File

@ -5,7 +5,7 @@
#set -x #set -x
TMP=/tmp TMP=${HOME}/tmp
SYSTEMVM_PATCH_DIR=../../../vms/ SYSTEMVM_PATCH_DIR=../../../vms/
MOUNTPATH=/mnt/cloud/systemvm MOUNTPATH=/mnt/cloud/systemvm
TMPDIR=${TMP}/cloud/systemvm TMPDIR=${TMP}/cloud/systemvm
@ -17,23 +17,23 @@ inject_into_iso() {
local backup=${isofile}.bak local backup=${isofile}.bak
local tmpiso=${TMP}/$1 local tmpiso=${TMP}/$1
[ ! -f $isofile ] && echo "$(basename $0): Could not find systemvm iso patch file $isofile" && return 1 [ ! -f $isofile ] && echo "$(basename $0): Could not find systemvm iso patch file $isofile" && return 1
mount -o loop $isofile $MOUNTPATH sudo mount -o loop $isofile $MOUNTPATH
[ $? -ne 0 ] && echo "$(basename $0): Failed to mount original iso $isofile" && return 1 [ $? -ne 0 ] && echo "$(basename $0): Failed to mount original iso $isofile" && return 1
diff -q $MOUNTPATH/authorized_keys $newpubkey &> /dev/null && return 0 diff -q $MOUNTPATH/authorized_keys $newpubkey &> /dev/null && return 0
cp -b $isofile $backup sudo cp -b $isofile $backup
[ $? -ne 0 ] && echo "$(basename $0): Failed to backup original iso $isofile" && return 1 [ $? -ne 0 ] && echo "$(basename $0): Failed to backup original iso $isofile" && return 1
rm -rf $TMPDIR rm -rf $TMPDIR
mkdir -p $TMPDIR mkdir -p $TMPDIR
[ ! -d $TMPDIR ] && echo "$(basename $0): Could not find/create temporary dir $TMPDIR" && return 1 [ ! -d $TMPDIR ] && echo "$(basename $0): Could not find/create temporary dir $TMPDIR" && return 1
cp -fr $MOUNTPATH/* $TMPDIR/ sudo cp -fr $MOUNTPATH/* $TMPDIR/
[ $? -ne 0 ] && echo "$(basename $0): Failed to copy from original iso $isofile" && return 1 [ $? -ne 0 ] && echo "$(basename $0): Failed to copy from original iso $isofile" && return 1
cp $newpubkey $TMPDIR/authorized_keys sudo cp $newpubkey $TMPDIR/authorized_keys
[ $? -ne 0 ] && echo "$(basename $0): Failed to copy key $newpubkey from original iso to new iso " && return 1 [ $? -ne 0 ] && echo "$(basename $0): Failed to copy key $newpubkey from original iso to new iso " && return 1
mkisofs -quiet -r -o $tmpiso $TMPDIR mkisofs -quiet -r -o $tmpiso $TMPDIR
[ $? -ne 0 ] && echo "$(basename $0): Failed to create new iso $tmpiso from $TMPDIR" && return 1 [ $? -ne 0 ] && echo "$(basename $0): Failed to create new iso $tmpiso from $TMPDIR" && return 1
umount $MOUNTPATH sudo umount $MOUNTPATH
[ $? -ne 0 ] && echo "$(basename $0): Failed to unmount old iso from $MOUNTPATH" && return 1 [ $? -ne 0 ] && echo "$(basename $0): Failed to unmount old iso from $MOUNTPATH" && return 1
cp -f $tmpiso $isofile sudo cp -f $tmpiso $isofile
[ $? -ne 0 ] && echo "$(basename $0): Failed to overwrite old iso $isofile with $tmpiso" && return 1 [ $? -ne 0 ] && echo "$(basename $0): Failed to overwrite old iso $isofile with $tmpiso" && return 1
rm -rf $TMPDIR rm -rf $TMPDIR
} }
@ -41,7 +41,7 @@ inject_into_iso() {
copy_priv_key() { copy_priv_key() {
local newprivkey=$1 local newprivkey=$1
diff -q $newprivkey $(dirname $0)/id_rsa.cloud && return 0 diff -q $newprivkey $(dirname $0)/id_rsa.cloud && return 0
cp -fb $newprivkey $(dirname $0)/id_rsa.cloud && chmod 0600 $(dirname $0)/id_rsa.cloud sudo cp -fb $newprivkey $(dirname $0)/id_rsa.cloud
return $? return $?
} }
@ -52,7 +52,6 @@ newpubkey=$1
newprivkey=$2 newprivkey=$2
[ ! -f $newpubkey ] && echo "$(basename $0): Could not open $newpubkey" && exit 3 [ ! -f $newpubkey ] && echo "$(basename $0): Could not open $newpubkey" && exit 3
[ ! -f $newprivkey ] && echo "$(basename $0): Could not open $newprivkey" && exit 3 [ ! -f $newprivkey ] && echo "$(basename $0): Could not open $newprivkey" && exit 3
[ $EUID -ne 0 ] && echo "$(basename $0): You have to be root to run this script" && exit 3
command -v mkisofs > /dev/null || (echo "$(basename $0): mkisofs not found, please install or ensure PATH is accurate" ; exit 4) command -v mkisofs > /dev/null || (echo "$(basename $0): mkisofs not found, please install or ensure PATH is accurate" ; exit 4)

65
scripts/vm/systemvm/injectkeys2.sh Executable file
View File

@ -0,0 +1,65 @@
#!/bin/bash
# Copies keys that enable SSH communication with system vms
# $1 = new public key
# $2 = new private key
set -x
TMP=${HOME}/tmp
SYSTEMVM_PATCH_DIR=../../../vms/
MOUNTPATH=/mnt/cloud/systemvm
TMPDIR=${TMP}/cloud/systemvm
inject_into_iso() {
local isofile=${SYSTEMVM_PATCH_DIR}/$1
local newpubkey=$2
local backup=${isofile}.bak
local tmpiso=${TMP}/$1
[ ! -f $isofile ] && echo "$(basename $0): Could not find systemvm iso patch file $isofile" && return 1
sudo mount -o loop $isofile $MOUNTPATH
[ $? -ne 0 ] && echo "$(basename $0): Failed to mount original iso $isofile" && return 1
diff -q $MOUNTPATH/authorized_keys $newpubkey &> /dev/null && return 0
sudo cp -b $isofile $backup
[ $? -ne 0 ] && echo "$(basename $0): Failed to backup original iso $isofile" && return 1
rm -rf $TMPDIR
mkdir -p $TMPDIR
[ ! -d $TMPDIR ] && echo "$(basename $0): Could not find/create temporary dir $TMPDIR" && return 1
sudo cp -fr $MOUNTPATH/* $TMPDIR/
[ $? -ne 0 ] && echo "$(basename $0): Failed to copy from original iso $isofile" && return 1
sudo cp $newpubkey $TMPDIR/authorized_keys
[ $? -ne 0 ] && echo "$(basename $0): Failed to copy key $newpubkey from original iso to new iso " && return 1
mkisofs -quiet -r -o $tmpiso $TMPDIR
[ $? -ne 0 ] && echo "$(basename $0): Failed to create new iso $tmpiso from $TMPDIR" && return 1
sudo umount $MOUNTPATH
[ $? -ne 0 ] && echo "$(basename $0): Failed to unmount old iso from $MOUNTPATH" && return 1
#cp -f $tmpiso $isofile
#[ $? -ne 0 ] && echo "$(basename $0): Failed to overwrite old iso $isofile with $tmpiso" && return 1
rm -rf $TMPDIR
}
copy_priv_key() {
local newprivkey=$1
diff -q $newprivkey $(dirname $0)/id_rsa.cloud && return 0
sudo cp -fb $newprivkey $(dirname $0)/id_rsa.cloud && sudo chmod 0600 $(dirname $0)/id_rsa.cloud
return $?
}
mkdir -p $MOUNTPATH
[ $# -ne 2 ] && echo "Usage: $(basename $0) <new public key file> <new private key file>" && exit 3
newpubkey=$1
newprivkey=$2
[ ! -f $newpubkey ] && echo "$(basename $0): Could not open $newpubkey" && exit 3
[ ! -f $newprivkey ] && echo "$(basename $0): Could not open $newprivkey" && exit 3
command -v mkisofs > /dev/null || (echo "$(basename $0): mkisofs not found, please install or ensure PATH is accurate" ; exit 4)
inject_into_iso systemvm.iso $newpubkey
#inject_into_iso systemvm-premium.iso $newpubkey
[ $? -ne 0 ] && exit 5
copy_priv_key $newprivkey
exit $?

78
server/src/com/cloud/server/ConfigurationServerImpl.java
View File

@ -22,6 +22,8 @@ import java.io.DataInputStream;
import java.io.EOFException; import java.io.EOFException;
import java.io.File; import java.io.File;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException; import java.io.IOException;
import java.math.BigInteger; import java.math.BigInteger;
import java.net.NetworkInterface; import java.net.NetworkInterface;
@ -30,6 +32,7 @@ import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.sql.PreparedStatement; import java.sql.PreparedStatement;
import java.sql.SQLException; import java.sql.SQLException;
import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Properties; import java.util.Properties;
@ -393,29 +396,28 @@ public class ConfigurationServerImpl implements ConfigurationServer {
s_logger.info("Processing updateKeyPairs"); s_logger.info("Processing updateKeyPairs");
} }
String already = _configDao.getValue("ssh.privatekey"); String already = _configDao.getValue("ssh.privatekey");
String homeDir = Script.runSimpleBashScript("echo ~");
String userid = System.getProperty("user.name");
if (homeDir == "~") {
s_logger.error("No home directory was detected. Set the HOME environment variable to point to your user profile or home directory.");
throw new CloudRuntimeException("No home directory was detected. Set the HOME environment variable to point to your user profile or home directory.");
}
File privkeyfile = new File(homeDir + "/.ssh/id_rsa");
File pubkeyfile = new File(homeDir + "/.ssh/id_rsa.pub");
if (already == null || already.isEmpty()) { if (already == null || already.isEmpty()) {
if (s_logger.isInfoEnabled()) { if (s_logger.isInfoEnabled()) {
s_logger.info("Need to store in the database"); s_logger.info("Need to store in the database");
} }
Script.runSimpleBashScript("if [ -f ~/.ssh/id_rsa ] ; then true ; else yes '' | ssh-keygen -t rsa -q ; fi");
String homeDir = Script.runSimpleBashScript("echo ~");
if (homeDir == "~") {
s_logger.error("No home directory was detected. Set the HOME environment variable to point to your user profile or home directory.");
throw new RuntimeException("No home directory was detected. Set the HOME environment variable to point to your user profile or home directory.");
}
String keygenOutput = Script.runSimpleBashScript("if [ -f ~/.ssh/id_rsa ] ; then true ; else yes '' | ssh-keygen -t rsa -q ; fi");
File privkeyfile = new File(homeDir + "/.ssh/id_rsa");
File pubkeyfile = new File(homeDir + "/.ssh/id_rsa.pub");
byte[] arr1 = new byte[4094]; // configuration table column value size byte[] arr1 = new byte[4094]; // configuration table column value size
try { try {
new DataInputStream(new FileInputStream(privkeyfile)).readFully(arr1); new DataInputStream(new FileInputStream(privkeyfile)).readFully(arr1);
} catch (EOFException e) { } catch (EOFException e) {
} catch (Exception e) { } catch (Exception e) {
s_logger.error("Cannot read the private key file",e); s_logger.error("Cannot read the private key file",e);
throw new RuntimeException("Cannot read the private key file"); throw new CloudRuntimeException("Cannot read the private key file");
} }
String privateKey = new String(arr1).trim(); String privateKey = new String(arr1).trim();
byte[] arr2 = new byte[4094]; // configuration table column value size byte[] arr2 = new byte[4094]; // configuration table column value size
@ -424,7 +426,7 @@ public class ConfigurationServerImpl implements ConfigurationServer {
} catch (EOFException e) { } catch (EOFException e) {
} catch (Exception e) { } catch (Exception e) {
s_logger.warn("Cannot read the public key file",e); s_logger.warn("Cannot read the public key file",e);
throw new RuntimeException("Cannot read the public key file"); throw new CloudRuntimeException("Cannot read the public key file");
} }
String publicKey = new String(arr2).trim(); String publicKey = new String(arr2).trim();
@ -442,7 +444,7 @@ public class ConfigurationServerImpl implements ConfigurationServer {
} }
} catch (SQLException ex) { } catch (SQLException ex) {
s_logger.error("SQL of the private key failed",ex); s_logger.error("SQL of the private key failed",ex);
throw new RuntimeException("SQL of the private key failed"); throw new CloudRuntimeException("SQL of the private key failed");
} }
try { try {
@ -453,19 +455,62 @@ public class ConfigurationServerImpl implements ConfigurationServer {
} }
} catch (SQLException ex) { } catch (SQLException ex) {
s_logger.error("SQL of the public key failed",ex); s_logger.error("SQL of the public key failed",ex);
throw new RuntimeException("SQL of the public key failed"); throw new CloudRuntimeException("SQL of the public key failed");
} }
injectSshKeyIntoSystemVmIsoPatch(pubkeyfile.getAbsolutePath());
if (s_logger.isDebugEnabled()) { if (s_logger.isDebugEnabled()) {
s_logger.debug("Public key inserted into systemvm iso"); s_logger.debug("Public key inserted into systemvm iso");
} }
} else { } else {
s_logger.info("Keypairs already in database"); s_logger.info("Keypairs already in database");
if (userid.startsWith("cloud")) {
s_logger.info("Keypairs already in database, updating local copy");
updateKeyPairsOnDisk(homeDir);
}
}
if (userid.startsWith("cloud")){
s_logger.info("Going to update systemvm iso with generated keypairs if needed");
injectSshKeysIntoSystemVmIsoPatch(pubkeyfile.getAbsolutePath(), privkeyfile.getAbsolutePath());
} }
} }
private void writeKeyToDisk(String key, String keyPath) {
protected void injectSshKeyIntoSystemVmIsoPatch(String publicKeyPath) { File keyfile = new File( keyPath);
if (!keyfile.exists()) {
try {
keyfile.createNewFile();
} catch (IOException e) {
s_logger.warn("Failed to create file: " + e.toString());
throw new CloudRuntimeException("Failed to update keypairs on disk: cannot create key file " + keyPath);
}
}
if (keyfile.exists()) {
try {
FileOutputStream kStream = new FileOutputStream(keyfile);
kStream.write(key.getBytes());
kStream.close();
} catch (FileNotFoundException e) {
s_logger.warn("Failed to write key to " + keyfile.getAbsolutePath());
throw new CloudRuntimeException("Failed to update keypairs on disk: cannot find key file " + keyPath);
} catch (IOException e) {
s_logger.warn("Failed to write key to " + keyfile.getAbsolutePath());
throw new CloudRuntimeException("Failed to update keypairs on disk: cannot write to key file " + keyPath);
}
}
}
private void updateKeyPairsOnDisk(String homeDir ) {
String pubKey = _configDao.getValue("ssh.publickey");
String prvKey = _configDao.getValue("ssh.privatekey");
writeKeyToDisk(homeDir + "/.ssh/id_rsa", prvKey);
writeKeyToDisk(homeDir + "/.ssh/id_rsa.pub", pubKey);
}
protected void injectSshKeysIntoSystemVmIsoPatch(String publicKeyPath, String privKeyPath) {
String injectScript = "scripts/vm/systemvm/injectkeys.sh"; String injectScript = "scripts/vm/systemvm/injectkeys.sh";
String scriptPath = Script.findScript("" , injectScript); String scriptPath = Script.findScript("" , injectScript);
if ( scriptPath == null ) { if ( scriptPath == null ) {
@ -473,6 +518,7 @@ public class ConfigurationServerImpl implements ConfigurationServer {
} }
final Script command = new Script(scriptPath, s_logger); final Script command = new Script(scriptPath, s_logger);
command.add(publicKeyPath); command.add(publicKeyPath);
command.add(privKeyPath);
final String result = command.execute(); final String result = command.execute();
if (result != null) { if (result != null) {