Hello community,
here is the log from the commit of package ha-cluster-bootstrap for
openSUSE:Factory checked in at 2014-08-16 15:37:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ha-cluster-bootstrap (Old)
and /work/SRC/openSUSE:Factory/.ha-cluster-bootstrap.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ha-cluster-bootstrap"
Changes:
--------
---
/work/SRC/openSUSE:Factory/ha-cluster-bootstrap/ha-cluster-bootstrap.changes
2014-06-30 21:50:27.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.ha-cluster-bootstrap.new/ha-cluster-bootstrap.changes
2014-08-16 15:38:14.000000000 +0200
@@ -1,0 +2,9 @@
+Fri Aug 15 12:01:14 UTC 2014 - [email protected]
+
+- Support non-RSA SSH keys when joining node to existing cluster (bnc#878080)
+- Remove merged patches:
+ - 0001-Make-check-for-no-quorum-policy-ignore-slighty-less-.patch
+ - 0002-Add-etc-drbd.conf-to-csync2-configuration-bnc-881683.patch
+- Upstream version cs:d4cddcc
+
+-------------------------------------------------------------------
Old:
----
0001-Make-check-for-no-quorum-policy-ignore-slighty-less-.patch
0002-Add-etc-drbd.conf-to-csync2-configuration-bnc-881683.patch
sleha-bootstrap-0.4+git.1396958965.7f1629a.tar.bz2
New:
----
sleha-bootstrap-0.4+git.1403274687.d4cddcc.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ha-cluster-bootstrap.spec ++++++
--- /var/tmp/diff_new_pack.rmfXbO/_old 2014-08-16 15:38:15.000000000 +0200
+++ /var/tmp/diff_new_pack.rmfXbO/_new 2014-08-16 15:38:15.000000000 +0200
@@ -18,17 +18,13 @@
Name: ha-cluster-bootstrap
-Version: 0.4+git.1396958965.7f1629a
+Version: 0.4+git.1403274687.d4cddcc
Release: 0
Summary: Pacemaker HA Cluster Bootstrap Tool
License: GPL-2.0
Group: Productivity/Clustering/HA
Url: https://github.com/tserong/sleha-bootstrap
Source: sleha-bootstrap-%{version}.tar.bz2
-# PATCH-FIX-UPSTREAM: Make check for no-quorum-policy=ignore less strict
-Patch1: 0001-Make-check-for-no-quorum-policy-ignore-slighty-less-.patch
-# PATCH-FIX-UPSTREAM: Add /etc/drbd.conf to csync2 configuration (bnc#881683)
-Patch2: 0002-Add-etc-drbd.conf-to-csync2-configuration-bnc-881683.patch
# PATCH-FIX: fix ha-cluster-init to init sbd configuration with new
style(bnc#881484)
Patch3: fix-ha-cluster-init-sbd-with-new-style-bnc-881484.patch
# PATCH-IMPROVE: improve ha-cluster-init to check sbd watchdog
@@ -53,8 +49,6 @@
%prep
%setup -n sleha-bootstrap-%{version}
-%patch1 -p1
-%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
++++++ _service ++++++
--- /var/tmp/diff_new_pack.rmfXbO/_old 2014-08-16 15:38:15.000000000 +0200
+++ /var/tmp/diff_new_pack.rmfXbO/_new 2014-08-16 15:38:15.000000000 +0200
@@ -4,7 +4,7 @@
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="versionformat">0.4+git.%ct.%h</param>
- <param name="revision">7f1629a</param>
+ <param name="revision">d4cddcc</param>
</service>
<service name="recompress" mode="disabled">
++++++ sleha-bootstrap-0.4+git.1396958965.7f1629a.tar.bz2 ->
sleha-bootstrap-0.4+git.1403274687.d4cddcc.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sleha-bootstrap-0.4+git.1396958965.7f1629a/scripts/ha-cluster-init
new/sleha-bootstrap-0.4+git.1403274687.d4cddcc/scripts/ha-cluster-init
--- old/sleha-bootstrap-0.4+git.1396958965.7f1629a/scripts/ha-cluster-init
2014-04-08 14:12:12.000000000 +0200
+++ new/sleha-bootstrap-0.4+git.1403274687.d4cddcc/scripts/ha-cluster-init
2014-08-15 14:00:11.000000000 +0200
@@ -95,6 +95,17 @@
append /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
}
+# This handles the slightly obscure case where the seed node has ssh keys,
+# but those keys aren't present in the seed node's authorized_keys file.
+init_ssh_remote()
+{
+ for key in id_rsa id_dsa id_ecdsa id_ed25519 ; do
+ [ -f /root/.ssh/$key ] || continue
+ grep -q -s "$(cat /root/.ssh/$key.pub)"
/root/.ssh/authorized_keys \
+ || append /root/.ssh/$key.pub /root/.ssh/authorized_keys
+ done
+}
+
init_csync2()
{
status "Configuring csync2"
@@ -127,6 +138,7 @@
include /etc/csync2/csync2.cfg;
include /etc/csync2/key_hagroup;
include /etc/ctdb/nodes;
+ include /etc/drbd.conf;
include /etc/drbd.d;
include /etc/ha.d/ldirectord.cf;
include /etc/lvm/lvm.conf;
@@ -594,12 +606,12 @@
rc=$?
if [ "$stage" == "vgfs" ]; then
[ $rc -ne 0 ] && error "Cluster is inactive - can't run vgfs stage"
-elif [ "$stage" != "ssh" -a "$stage" != "csync2" -a "$stage" !=
"csync2_remote" ]; then
+elif [ "$stage" != "ssh" -a "$stage" != "ssh_remote" -a "$stage" != "csync2"
-a "$stage" != "csync2_remote" ]; then
[ $rc -eq 0 ] && error "Cluster is currently active - can't run"
fi
-# Need hostname resolution to work, want NTP (but don't block csync2_remote)
-if [ "$stage" != "csync2_remote" ]; then
+# Need hostname resolution to work, want NTP (but don't block ssh_remote or
csync2_remote)
+if [ "$stage" != "ssh_remote" -a "$stage" != "csync2_remote" ]; then
check_prereqs
fi
@@ -610,7 +622,7 @@
esac
case $stage in
-ssh|csync2|csync2_remote|corosync|storage|sbd|cluster|vgfs)
+ssh|ssh_remote|csync2|csync2_remote|corosync|storage|sbd|cluster|vgfs)
init
# $2 == nasty hack to pick up IP arg to csync2_remote (not strictly
# necessary currently, as we're not auto-updating /etc/hosts)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sleha-bootstrap-0.4+git.1396958965.7f1629a/scripts/ha-cluster-join
new/sleha-bootstrap-0.4+git.1403274687.d4cddcc/scripts/ha-cluster-join
--- old/sleha-bootstrap-0.4+git.1396958965.7f1629a/scripts/ha-cluster-join
2014-04-08 13:44:34.000000000 +0200
+++ new/sleha-bootstrap-0.4+git.1403274687.d4cddcc/scripts/ha-cluster-join
2014-08-15 14:00:11.000000000 +0200
@@ -56,21 +56,48 @@
{
[ -n "$SEED_HOST" ] || error "No existing IP/hostname specified (use -c
option)"
+ local -i got_keys=0
+
start_service sshd.service
invoke mkdir -m 700 -p /root/.ssh
- if [ -f /root/.ssh/id_rsa ]; then
- confirm \
- '/root/.ssh/id_rsa already exists - overwrite?' ||
return
- fi
+ local tmp_dir=/tmp/ha-cluster-ssh.$$
+ invoke mkdir -p $tmp_dir || error "Can't create temporary directory
$tmp_dir"
+ invoke rm -f $tmp_dir/*
status "Retrieving SSH keys from $SEED_HOST"
invoke scp -oStrictHostKeyChecking=no \
- root@$SEED_HOST:'/root/.ssh/id_rsa*' /root/.ssh/ \
+ root@$SEED_HOST:'/root/.ssh/id_*' $tmp_dir/ \
|| error "Can't retrieve SSH keys from $SEED_HOST"
- grep -q -s "$(cat /root/.ssh/id_rsa.pub)" /root/.ssh/authorized_keys \
- || append /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
+
+ # This supports all SSH key types, for the case where ha-cluster-init
+ # wasn't used to set up the seed node, and the user has manually
+ # created, for example, DSA keys (bnc#878080)
+ for key in id_rsa id_dsa id_ecdsa id_ed25519 ; do
+ [ -f $tmp_dir/$key ] || continue
+ if [ -f /root/.ssh/$key ]; then
+ confirm \
+ "/root/.ssh/$key already exists - overwrite?"
|| continue
+ fi
+ invoke mv $tmp_dir/$key* /root/.ssh/
+ grep -q -s "$(cat /root/.ssh/$key.pub)"
/root/.ssh/authorized_keys \
+ || append /root/.ssh/$key.pub /root/.ssh/authorized_keys
+ let got_keys=$got_keys+1
+ done
+
+ invoke rm -r $tmp_dir
+
+ [ $got_keys -eq 0 ] && status "No new SSH keys installed"
+ [ $got_keys -eq 1 ] && status "One new SSH key installed"
+ [ $got_keys -gt 1 ] && status "$got_keys new SSH keys installed"
+
+ # This makes sure the seed host has its own SSH keys in its own
+ # authorized_keys file (again, to help with the case where the
+ # user has done manual initial setup without the assistance of
+ # ha-cluster-init).
+ invoke ssh root@$SEED_HOST ha-cluster-init ssh_remote \
+ || error "Can't invoke ha-cluster-init ssh_remote on $SEED_HOST"
}
join_csync2()
@@ -192,7 +219,7 @@
invoke corosync-cfgtool -R
# Ditch no-quorum-policy=ignore if we're going over two nodes
- if [ $new_quorum -gt 2 ] && crm configure show | grep -q
no-quorum-policy=ignore ; then
+ if [ $new_quorum -gt 2 ] && crm configure show | grep -q
'no-quorum-policy=.*ignore' ; then
invoke crm_attribute --attr-name no-quorum-policy --delete-attr
fi
}
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
