FYI, I resend the patches that were already commented on and needed changes. Thanks to Petr and Klaus for reviewing them so far.
I am still waiting for LGTMS for patches 05, 10, 11 (which I resent today) and 12-25 (where I sent the current version on Sep 2). Thanks, Helga On Tue, Sep 2, 2014 at 4:20 PM, Helga Velroyen <[email protected]> wrote: > (resending, because some mails got lost last time) > > > On Tue, Sep 2, 2014 at 4:19 PM, Helga Velroyen <[email protected]> wrote: > >> >> (Update: This is an updated and rebased version of the >> patch series after the first round of comments.) >> >> This is approximately the first half of the implemenation >> of the SSH related part of 'design-node-security.rst'. >> The goal of this patch series was to switch from one >> SSH key for all nodes to the following situation: >> - Every node now gets an individual SSH key. >> - SSH key distribution is only done via SSH itself, >> relying as little as possible on RPC security. >> - 'authorized_keys' files of all nodes contain only >> their own public key and the public keys of >> the master candidates. This way, SSH (and therefore >> root) access is limited to master candidates only. >> - SSH key distribution and removal is done properly >> for adding/removing/promotion/demotion of nodes. >> - Additional verification steps are added to check >> the SSH key setup. >> >> Note a few things: >> - This patch series as a whole complies our QA. However, >> it was impossible to ensure that after every single >> patch. >> - This does not cover the complete SSH part of the >> design doc yet. The biggest part yet to come is >> the implemenation of RAPI security wrt to the SSH >> keys. >> >> Whoever will review this might wonder what >> 'potential master candidates' are. Those are nodes that >> are not master candidates yet, but which could be >> made master candidates using the respective RAPI >> command. As this patch series does not fully implement >> the RAPI part yet, the potential master candidates >> in this patch series are all normal nodes. >> >> Helga Velroyen (25): >> Removing unused imports from watcher >> Move InitSSH from bootstrap.py to ssh.py >> Move Ssh related code to ssh.py >> Infrastructure to manage public key file >> Init public key file and transfer authorized keys on node join >> Retrieve public SSH key from new node >> ssh.py: clear + overide pubkey + query all >> Introducing the 'ssh_update' tool >> Config: retrieve SSH ports and potential master candidates >> Key handling when adding a node >> Key removal in ssh.py and ssh_update.py >> Handling SSH keys on node removal >> Removing old SSH key when readding a node >> Generate individual SSH keys >> Verify SSH setup >> Handle SSH keys on node promotion and demotion >> Reduce number of statements in ClusterVerifyGroup >> Add key parameter to renew crypto opcode >> Unit test for InitSSHSetup >> Add option to "InitSSHSetup" to create additional keys >> Move function to fetch public keys to ssh >> Move GenerateRootSshKeys to tools/common >> Renew SSH keys and upgrade >> Mention SSH changes in NEWS file >> Use WriteFile when possible in ssh.py >> >> .gitignore | 1 + >> Makefile.am | 13 +- >> NEWS | 17 + >> UPGRADE | 21 + >> lib/backend.py | 464 ++++++++++++- >> lib/bootstrap.py | 130 +--- >> lib/cli.py | 24 + >> lib/client/gnt_cluster.py | 72 +- >> lib/client/gnt_node.py | 32 +- >> lib/cmdlib/cluster.py | 161 ++++- >> lib/cmdlib/node.py | 95 ++- >> lib/config.py | 62 +- >> lib/errors.py | 6 + >> lib/pathutils.py | 2 + >> lib/rpc_defs.py | 32 + >> lib/server/noded.py | 38 ++ >> lib/ssh.py | 731 >> ++++++++++++++++++++- >> lib/tools/common.py | 108 +++ >> lib/tools/prepare_node_join.py | 101 +-- >> lib/tools/ssh_update.py | 219 ++++++ >> lib/utils/io.py | 89 --- >> lib/watcher/__init__.py | 2 - >> qa/qa_cluster.py | 7 +- >> src/Ganeti/Constants.hs | 34 + >> src/Ganeti/OpCodes.hs | 4 +- >> src/Ganeti/OpParams.hs | 14 + >> test/hs/Test/Ganeti/OpCodes.hs | 3 +- >> test/py/cmdlib/cluster_unittest.py | 67 +- >> test/py/ganeti.backend_unittest.py | 447 +++++++++++++ >> test/py/ganeti.client.gnt_cluster_unittest.py | 108 +++ >> test/py/ganeti.mcpu_unittest.py | 1 - >> test/py/ganeti.ssh_unittest.py | 308 +++++++++ >> test/py/ganeti.tools.prepare_node_join_unittest.py | 75 ++- >> test/py/ganeti.tools.ssh_update_unittest.py | 163 +++++ >> test/py/ganeti.utils.io_unittest.py | 68 -- >> test/py/testutils.py | 15 + >> tools/post-upgrade | 8 + >> 37 files changed, 3268 insertions(+), 474 deletions(-) >> create mode 100644 lib/tools/common.py >> create mode 100644 lib/tools/ssh_update.py >> create mode 100755 test/py/ganeti.tools.ssh_update_unittest.py >> >> -- >> 2.1.0.rc2.206.gedb03e5 >> >> > > > -- > Helga Velroyen | Software Engineer | [email protected] | > > Google Germany GmbH > Dienerstr. 12 > 80331 München > > Registergericht und -nummer: Hamburg, HRB 86891 > Sitz der Gesellschaft: Hamburg > Geschäftsführer: Graham Law, Christine Elizabeth Flores > -- Helga Velroyen | Software Engineer | [email protected] | Google Germany GmbH Dienerstr. 12 80331 München Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores
