[pve-devel] r6435 - in pve-cluster/trunk: . data data/PVE debian

svn-commits at proxmox.com svn-commits at proxmox.com
Tue Aug 9 08:22:18 CEST 2011 

Author: dietmar
Date: 2011-08-09 08:22:17 +0200 (Tue, 09 Aug 2011)
New Revision: 6435

Modified:
   pve-cluster/trunk/Makefile
   pve-cluster/trunk/data/ChangeLog
   pve-cluster/trunk/data/PVE/Cluster.pm
   pve-cluster/trunk/data/PVE/pvecm
   pve-cluster/trunk/debian/changelog
   pve-cluster/trunk/debian/postinst
Log:
 * also handle ssh known_hosts file



Modified: pve-cluster/trunk/Makefile
===================================================================
--- pve-cluster/trunk/Makefile	2011-08-09 04:24:26 UTC (rev 6434)
+++ pve-cluster/trunk/Makefile	2011-08-09 06:22:17 UTC (rev 6435)
@@ -2,7 +2,7 @@
 
 PACKAGE=pve-cluster
 PKGVER=1.0
-PKGREL=3
+PKGREL=4
 
 ARCH:=$(shell dpkg-architecture -qDEB_BUILD_ARCH)
 

Modified: pve-cluster/trunk/data/ChangeLog
===================================================================
--- pve-cluster/trunk/data/ChangeLog	2011-08-09 04:24:26 UTC (rev 6434)
+++ pve-cluster/trunk/data/ChangeLog	2011-08-09 06:22:17 UTC (rev 6435)
@@ -1,5 +1,8 @@
 2011-08-09  Proxmox Support Team  <support at proxmox.com>
 
+	* PVE/Cluster.pm (ssh_merge_known_hosts): also manage known_hosts
+	file.
+
 	* PVE/pvecm (backup_database): revert pervious change - do not
 	pass IP to addnode. Instead we run gen_pve_node_files in 'add'
 	after we get quorum.

Modified: pve-cluster/trunk/data/PVE/Cluster.pm
===================================================================
--- pve-cluster/trunk/data/PVE/Cluster.pm	2011-08-09 04:24:26 UTC (rev 6434)
+++ pve-cluster/trunk/data/PVE/Cluster.pm	2011-08-09 06:22:17 UTC (rev 6435)
@@ -39,6 +39,15 @@
 # and is used for CSRF prevention
 my $pvewww_key_fn = "$basedir/pve-www.key";
 
+# ssh related files
+my $ssh_rsa_id_priv = "/root/.ssh/id_rsa";
+my $ssh_rsa_id = "/root/.ssh/id_rsa.pub";
+my $sshrootknownhosts = "/root/.ssh/known_hosts";
+my $sshknownhosts = "/etc/pve/priv/known_host";
+my $sshauthkeys = "/etc/pve/priv/authorized_keys";
+my $rootsshauthkeys = "/root/.ssh/authorized_keys";
+
+
 my $observed = {
     'storage.cfg' => 1,
     'cluster.cfg' => 1,
@@ -298,6 +307,8 @@
     $force = 1 if $opt_force;
 
     gen_pve_ssl_cert($force, $nodename, $ip);
+
+    ssh_merge_known_hosts();
 }
 
 my $versions = {};
@@ -907,3 +918,120 @@
 
     return undef;
 }
+
+# ssh related utility functions
+
+sub ssh_merge_keys {
+    # remove duplicate keys in $sshauthkeys
+    # ssh-copy-id simply add keys, so the file can grow to large
+
+    # always add ourself
+    my $pub = PVE::Tools::file_get_contents($ssh_rsa_id);
+    chomp($pub);
+
+    my $data = PVE::Tools::file_get_contents($sshauthkeys, 128*1024);
+    chomp($data);
+
+    $data .= "\n$pub\n";
+
+    my $newdata = "";
+    my $vhash = {};
+    while ($data && $data =~ s/^((.*?)(\n|$))//) {
+	my $line = "$2\n";
+	if ($line =~ m/^ssh-rsa\s+\S+\s+(\S+)$/) {
+	    $vhash->{$1} = $line;
+	} else {
+	    $newdata .= $line;
+	}
+    }
+    
+    $newdata .= join("", values(%$vhash));
+
+    PVE::Tools::file_set_contents($sshauthkeys, $newdata, 0600);
+}
+
+sub setup_ssh_keys {
+
+    # create ssh key if it does not exist
+    if (! -f $ssh_rsa_id) {
+	mkdir '/root/.ssh/';
+	system ("echo|ssh-keygen -t rsa -N '' -b 2048 -f ${ssh_rsa_id_priv}");
+    }
+
+    mkdir $authdir;
+
+    if (! -f $sshauthkeys) {
+	my $fh = IO::File->new ($sshauthkeys, O_CREAT|O_WRONLY|O_EXCL, 0400);
+	close($fh);
+    }
+
+    warn "can't create shared ssh key database '$sshauthkeys'\n" 
+	if ! -f $sshauthkeys;
+
+    if (-f $rootsshauthkeys) {
+	system("mv '$rootsshauthkeys' '$rootsshauthkeys.org'");
+    }
+
+    if (! -l $rootsshauthkeys) {
+	symlink $sshauthkeys, $rootsshauthkeys;
+    }
+    warn "can't create symlink for ssh keys '$rootsshauthkeys' -> '$sshauthkeys'\n" 
+	if ! -l $rootsshauthkeys;
+
+}
+
+sub ssh_merge_known_hosts {
+
+    return if -l $sshrootknownhosts;
+
+    mkdir $authdir;
+
+    if (! -f $sshknownhosts) {
+	if (my $fh = IO::File->new($sshknownhosts, O_CREAT|O_WRONLY|O_EXCL, 0600)) {
+	    close($fh);
+	}
+    }
+
+    my $old = PVE::Tools::file_get_contents($sshknownhosts, 128*1024); 
+    
+    my $new = PVE::Tools::file_get_contents($sshrootknownhosts, 128*1024);
+
+    my $data = '';
+
+    my $vhash = {};
+    while ($old && $old =~ s/^((.*?)(\n|$))//) {
+	my $line = "$2\n";
+	next if $line =~ m/^\s*$/; # skip empty lines
+	next if $line =~ m/^#/; # skip comments
+	if ($line =~ m/^(\S+)\sssh-rsa\s.*$/) {
+	    if (!$vhash->{$1}) {
+		$vhash->{$1} = 1;
+		$data .= $line;
+	    }
+	} else {
+	    $data .= $line;
+	}
+    }
+
+    while ($new && $new =~ s/^((.*?)(\n|$))//) {
+	my $line = "$2\n";
+	next if $line =~ m/^\s*$/; # skip empty lines
+	next if $line =~ m/^#/; # skip comments
+
+	if ($line =~ m/^(\S+)\sssh-rsa\s.*$/) {
+	    if (!$vhash->{$1}) {
+		$vhash->{$1} = 1;
+		$data .= $line;
+	    }
+	}
+    }
+
+    PVE::Tools::file_set_contents($sshknownhosts, $data);
+
+    unlink $sshrootknownhosts;
+    symlink $sshknownhosts, $sshrootknownhosts;
+ 
+    warn "can't create symlink for ssh known hosts '$sshrootknownhosts' -> '$sshknownhosts'\n" 
+	if ! -l $sshrootknownhosts;
+
+}

Modified: pve-cluster/trunk/data/PVE/pvecm
===================================================================
--- pve-cluster/trunk/data/PVE/pvecm	2011-08-09 04:24:26 UTC (rev 6434)
+++ pve-cluster/trunk/data/PVE/pvecm	2011-08-09 06:22:17 UTC (rev 6435)
@@ -24,68 +24,13 @@
 my $local_ip_address = PVE::Cluster::remote_node_ip($nodename);
 
 my $basedir = "/etc/pve";
-my $ssh_rsa_id_priv = "/root/.ssh/id_rsa";
-my $ssh_rsa_id = "/root/.ssh/id_rsa.pub";
-my $sshauthkeys = "/etc/pve/priv/authorized_keys";
-my $rootsshauthkeys = "/root/.ssh/authorized_keys";
 my $clusterconf = "$basedir/cluster.conf";
 my $libdir = "/var/lib/pve-cluster";
 my $backupdir = "/var/lib/pve-cluster/backup";
 my $dbfile = "$libdir/config.db";
 my $authfile = "$libdir/corosync.authkey";
 
-sub ssh_remove_duplicate_keys {
-    # remove duplicate keys in $sshauthkeys
-    # ssh-copy-id simply add keys, so the file can grow to large
 
-    my $data = PVE::Tools::file_get_contents($sshauthkeys, 128*1024);
-
-    my $newdata = "";
-    my $vhash = {};
-    while ($data =~ s/^(.*?\n)//m) {
-	my $line = $1;
-	if ($line =~ m/^ssh-rsa\s+\S+\s+(\S+)$/) {
-	    $vhash->{$1} = $line;
-	} else {
-	    $newdata .= $line;
-	}
-    }
-    
-    $newdata .= join("", values(%$vhash));
-
-    PVE::Tools::file_set_contents($sshauthkeys, $newdata, 0600);
-}
-
-sub setup_ssh_keys {
-
-    # create ssh key if it does not exist
-    if (! -f $ssh_rsa_id) {
-	mkdir '/root/.ssh/';
-	system ("echo|ssh-keygen -t rsa -N '' -b 2048 -f ${ssh_rsa_id_priv}");
-    }
-
-    mkdir "$basedir/priv";
-
-    if (! -f $sshauthkeys) {
-	my $fh = IO::File->new ($sshauthkeys, O_CREAT|O_WRONLY|O_EXCL, 0400);
-	close($fh);
-    }
-
-    warn "can't create shared ssh key database '$sshauthkeys'\n" 
-	if ! -f $sshauthkeys;
-
-    if (-f $rootsshauthkeys) {
-	system("mv '$rootsshauthkeys' '$rootsshauthkeys.org'");
-    }
-
-    if (! -l $rootsshauthkeys) {
-	symlink $sshauthkeys, $rootsshauthkeys;
-    }
-    warn "can't create symlink for ssh keys '$rootsshauthkeys' -> '$sshauthkeys'\n" 
-	if ! -l $rootsshauthkeys;
-
-}
-
 sub backup_database {
 
     print "backup old database\n";
@@ -254,9 +199,7 @@
 ;
 	PVE::Tools::file_set_contents($clusterconf, $config);
 
-	# add ourself to authorized keys (use by other nodes)
-	my $pub = PVE::Tools::file_get_contents($ssh_rsa_id);
-	PVE::Tools::file_set_contents($sshauthkeys, $pub);
+	PVE::Cluster::ssh_merge_keys();
 
 	PVE::Cluster::gen_pve_node_files($nodename, $local_ip_address);
 
@@ -307,7 +250,7 @@
 	    die "cluster not ready - no quorum?\n";
 	}
 
-	eval { ssh_remove_duplicate_keys(); };
+	eval { ssh_merge_keys(); };
 	warn $@ if $@;
 
 	my $lst = lsnode();
@@ -643,7 +586,7 @@
  
 PVE::Cluster::check_cfs_is_mounted();
 
-setup_ssh_keys();
+PVE::Cluster::setup_ssh_keys();
 
 PVE::Cluster::cfs_update();
 

Modified: pve-cluster/trunk/debian/changelog
===================================================================
--- pve-cluster/trunk/debian/changelog	2011-08-09 04:24:26 UTC (rev 6434)
+++ pve-cluster/trunk/debian/changelog	2011-08-09 06:22:17 UTC (rev 6435)
@@ -1,3 +1,9 @@
+pve-cluster (1.0-4) unstable; urgency=low
+
+  * also handle ssh known_hosts file
+
+ -- Proxmox Support Team <support at proxmox.com>  Tue, 09 Aug 2011 08:21:12 +0200
+
 pve-cluster (1.0-3) unstable; urgency=low
 
   * new virtual file to enabe/disable debugging

Modified: pve-cluster/trunk/debian/postinst
===================================================================
--- pve-cluster/trunk/debian/postinst	2011-08-09 04:24:26 UTC (rev 6434)
+++ pve-cluster/trunk/debian/postinst	2011-08-09 06:22:17 UTC (rev 6435)
@@ -27,7 +27,7 @@
 	if test ! -e /proxmox_install_mode; then
 	    invoke-rc.d pve-cluster restart
 	    invoke-rc.d rsyslog restart
-	    pvecert
+	    pvecert --silent 
 	fi
     ;;

More information about the pve-devel mailing list