mirror of
https://github.com/ceph/ceph
synced 2025-01-19 17:41:39 +00:00
cephadm: Allow users to provide ssh keys during bootstrap
Fixes: https://tracker.ceph.com/issues/45629 Signed-off-by: Ricardo Marques <rimarques@suse.com>
This commit is contained in:
Ricardo Marques
parent
cc7a234628
commit
ad75937489
@ -61,7 +61,9 @@ Synopsis
|
||||
| [--initial-dashboard-user INITIAL_DASHBOARD_USER]
|
||||
| [--initial-dashboard-password INITIAL_DASHBOARD_PASSWORD]
|
||||
| [--dashboard-key DASHBOARD_KEY]
|
||||
| [--dashboard-crt DASHBOARD_CRT] [--skip-mon-network]
|
||||
| [--dashboard-crt DASHBOARD_CRT]
|
||||
| [--ssh-private-key SSH_PRIVATE_KEY]
|
||||
| [--ssh-public-key SSH_PUBLIC_KEY] [--skip-mon-network]
|
||||
| [--skip-dashboard] [--dashboard-password-noupdate]
|
||||
| [--no-minimize-config] [--skip-ping-check]
|
||||
| [--skip-pull] [--skip-firewalld] [--allow-overwrite]
|
||||
@ -198,6 +200,8 @@ Arguments:
|
||||
* [--initial-dashboard-password INITIAL_DASHBOARD_PASSWORD] Initial password for the initial dashboard user
|
||||
* [--dashboard-key DASHBOARD_KEY] Dashboard key
|
||||
* [--dashboard-crt DASHBOARD_CRT] Dashboard certificate
|
||||
* [--ssh-private-key SSH_PRIVATE_KEY] SSH private key
|
||||
* [--ssh-public-key SSH_PUBLIC_KEY] SSH public key
|
||||
* [--skip-mon-network] set mon public_network based on bootstrap mon ip
|
||||
* [--skip-dashboard] do not enable the Ceph Dashboard
|
||||
* [--dashboard-password-noupdate] stop forced dashboard password change
|
||||
|
||||
@ -2562,31 +2562,40 @@ def command_bootstrap():
|
||||
logger.info('Setting orchestrator backend to cephadm...')
|
||||
cli(['orch', 'set', 'backend', 'cephadm'])
|
||||
|
||||
logger.info('Generating ssh key...')
|
||||
cli(['cephadm', 'generate-key'])
|
||||
ssh_pub = cli(['cephadm', 'get-pub-key'])
|
||||
if args.ssh_private_key and args.ssh_public_key:
|
||||
logger.info('Using provided ssh keys...')
|
||||
mounts = {
|
||||
pathify(args.ssh_private_key.name): '/tmp/cephadm-ssh-key:z',
|
||||
pathify(args.ssh_public_key.name): '/tmp/cephadm-ssh-key.pub:z'
|
||||
}
|
||||
cli(['cephadm', 'set-priv-key', '-i', '/tmp/cephadm-ssh-key'], extra_mounts=mounts)
|
||||
cli(['cephadm', 'set-pub-key', '-i', '/tmp/cephadm-ssh-key.pub'], extra_mounts=mounts)
|
||||
else:
|
||||
logger.info('Generating ssh key...')
|
||||
cli(['cephadm', 'generate-key'])
|
||||
ssh_pub = cli(['cephadm', 'get-pub-key'])
|
||||
|
||||
with open(args.output_pub_ssh_key, 'w') as f:
|
||||
f.write(ssh_pub)
|
||||
logger.info('Wrote public SSH key to to %s' % args.output_pub_ssh_key)
|
||||
with open(args.output_pub_ssh_key, 'w') as f:
|
||||
f.write(ssh_pub)
|
||||
logger.info('Wrote public SSH key to to %s' % args.output_pub_ssh_key)
|
||||
|
||||
logger.info('Adding key to root@localhost\'s authorized_keys...')
|
||||
if not os.path.exists('/root/.ssh'):
|
||||
os.mkdir('/root/.ssh', 0o700)
|
||||
auth_keys_file = '/root/.ssh/authorized_keys'
|
||||
add_newline = False
|
||||
if os.path.exists(auth_keys_file):
|
||||
with open(auth_keys_file, 'r') as f:
|
||||
f.seek(0, os.SEEK_END)
|
||||
if f.tell() > 0:
|
||||
f.seek(f.tell()-1, os.SEEK_SET) # go to last char
|
||||
if f.read() != '\n':
|
||||
add_newline = True
|
||||
with open(auth_keys_file, 'a') as f:
|
||||
os.fchmod(f.fileno(), 0o600) # just in case we created it
|
||||
if add_newline:
|
||||
f.write('\n')
|
||||
f.write(ssh_pub.strip() + '\n')
|
||||
logger.info('Adding key to root@localhost\'s authorized_keys...')
|
||||
if not os.path.exists('/root/.ssh'):
|
||||
os.mkdir('/root/.ssh', 0o700)
|
||||
auth_keys_file = '/root/.ssh/authorized_keys'
|
||||
add_newline = False
|
||||
if os.path.exists(auth_keys_file):
|
||||
with open(auth_keys_file, 'r') as f:
|
||||
f.seek(0, os.SEEK_END)
|
||||
if f.tell() > 0:
|
||||
f.seek(f.tell()-1, os.SEEK_SET) # go to last char
|
||||
if f.read() != '\n':
|
||||
add_newline = True
|
||||
with open(auth_keys_file, 'a') as f:
|
||||
os.fchmod(f.fileno(), 0o600) # just in case we created it
|
||||
if add_newline:
|
||||
f.write('\n')
|
||||
f.write(ssh_pub.strip() + '\n')
|
||||
|
||||
host = get_hostname()
|
||||
logger.info('Adding host %s...' % host)
|
||||
@ -4464,6 +4473,15 @@ def _get_parser():
|
||||
'--dashboard-crt',
|
||||
help='Dashboard certificate')
|
||||
|
||||
parser_bootstrap.add_argument(
|
||||
'--ssh-private-key',
|
||||
type=argparse.FileType('r'),
|
||||
help='SSH private key')
|
||||
parser_bootstrap.add_argument(
|
||||
'--ssh-public-key',
|
||||
type=argparse.FileType('r'),
|
||||
help='SSH public key')
|
||||
|
||||
parser_bootstrap.add_argument(
|
||||
'--skip-mon-network',
|
||||
action='store_true',
|
||||
|
||||
@ -747,6 +747,28 @@ class CephadmOrchestrator(orchestrator.Orchestrator, MgrModule):
|
||||
self._reconfig_ssh()
|
||||
return 0, '', ''
|
||||
|
||||
@orchestrator._cli_write_command(
|
||||
'cephadm set-priv-key',
|
||||
desc='Set cluster SSH private key (use -i <private_key>)')
|
||||
def _set_priv_key(self, inbuf=None):
|
||||
if inbuf is None or len(inbuf) == 0:
|
||||
return -errno.EINVAL, "", "empty private ssh key provided"
|
||||
self.set_store("ssh_identity_key", inbuf)
|
||||
self.log.info('Set ssh private key')
|
||||
self._reconfig_ssh()
|
||||
return 0, "", ""
|
||||
|
||||
@orchestrator._cli_write_command(
|
||||
'cephadm set-pub-key',
|
||||
desc='Set cluster SSH public key (use -i <public_key>)')
|
||||
def _set_pub_key(self, inbuf=None):
|
||||
if inbuf is None or len(inbuf) == 0:
|
||||
return -errno.EINVAL, "", "empty public ssh key provided"
|
||||
self.set_store("ssh_identity_pub", inbuf)
|
||||
self.log.info('Set ssh public key')
|
||||
self._reconfig_ssh()
|
||||
return 0, "", ""
|
||||
|
||||
@orchestrator._cli_write_command(
|
||||
'cephadm clear-key',
|
||||
desc='Clear cluster SSH key')
|
||||
|
||||
Loading…
Reference in New Issue
Block a user