Commit 052783ff authored by Michael Hanselmann's avatar Michael Hanselmann

Stop hardcoding root user

Some parts of the code still use a hardcoded user name: root. This patch
replaces all with a constant specified at build time. The end goal is to
make it possible to run a Ganeti cluster without any special privileges
(of course this will prevent some functionality from working).
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarIustin Pop <iustin@google.com>
parent 3d3f562b
......@@ -1201,6 +1201,8 @@ lib/_autoconf.py: Makefile | stamp-directories
echo "LOCALSTATEDIR = '$(localstatedir)'"; \
echo "SYSCONFDIR = '$(sysconfdir)'"; \
echo "SSH_CONFIG_DIR = '$(SSH_CONFIG_DIR)'"; \
echo "SSH_LOGIN_USER = '$(SSH_LOGIN_USER)'"; \
echo "SSH_CONSOLE_USER = '$(SSH_CONSOLE_USER)'"; \
echo "EXPORT_DIR = '$(EXPORT_DIR)'"; \
echo "OS_SEARCH_PATH = [$(OS_SEARCH_PATH)]"; \
echo "XEN_BOOTLOADER = '$(XEN_BOOTLOADER)'"; \
......
......@@ -176,6 +176,24 @@ AC_ARG_WITH([lvm-stripecount],
[lvm_stripecount="1"])
AC_SUBST(LVM_STRIPECOUNT, $lvm_stripecount)
# --with-ssh-login-user=...
AC_ARG_WITH([ssh-login-user],
[AS_HELP_STRING([--with-ssh-login-user=USERNAME],
[user to use for SSH logins within the cluster (default is root)]
)],
[ssh_login_user="$withval"],
[ssh_login_user=root])
AC_SUBST(SSH_LOGIN_USER, $ssh_login_user)
# --with-ssh-console-user=...
AC_ARG_WITH([ssh-console-user],
[AS_HELP_STRING([--with-ssh-console-user=USERNAME],
[user to use for SSH logins to access instance consoles (default is root)]
)],
[ssh_console_user="$withval"],
[ssh_console_user=root])
AC_SUBST(SSH_CONSOLE_USER, $ssh_console_user)
# --with-default-user=...
AC_ARG_WITH([default-user],
[AS_HELP_STRING([--with-default-user=USERNAME],
......
......@@ -497,7 +497,7 @@ def LeaveCluster(modify_ssh_setup):
if modify_ssh_setup:
try:
priv_key, pub_key, auth_keys = ssh.GetUserFiles(constants.GANETI_RUNAS)
priv_key, pub_key, auth_keys = ssh.GetUserFiles(constants.SSH_LOGIN_USER)
utils.RemoveAuthorizedKey(auth_keys, utils.ReadFile(pub_key))
......@@ -2039,7 +2039,7 @@ def BlockdevExport(disk, dest_node, dest_path, cluster_name):
" oflag=dsync", dest_path)
remotecmd = _GetSshRunner(cluster_name).BuildCmd(dest_node,
constants.GANETI_RUNAS,
constants.SSH_LOGIN_USER,
destcmd)
# all commands have been checked, so we're safe to combine them
......
......@@ -61,7 +61,7 @@ def _InitSSHSetup():
permitted hosts and adds the hostkey to its own known hosts.
"""
priv_key, pub_key, auth_keys = ssh.GetUserFiles(constants.GANETI_RUNAS)
priv_key, pub_key, auth_keys = ssh.GetUserFiles(constants.SSH_LOGIN_USER)
for name in priv_key, pub_key:
if os.path.exists(name):
......@@ -675,7 +675,7 @@ def SetupNodeDaemon(cluster_name, node, ssh_key_check):
mycommand = ("%s stop-all; %s start %s" %
(pathutils.DAEMON_UTIL, pathutils.DAEMON_UTIL, constants.NODED))
result = sshrunner.Run(node, "root", mycommand, batch=False,
result = sshrunner.Run(node, constants.SSH_LOGIN_USER, mycommand, batch=False,
ask_key=ssh_key_check,
use_cluster_key=True,
strict_host_check=ssh_key_check)
......
......@@ -2488,7 +2488,8 @@ class _RunWhileClusterStoppedHelper:
# No need to use SSH
result = utils.RunCmd(cmd)
else:
result = self.ssh.Run(node_name, "root", utils.ShellQuoteArgs(cmd))
result = self.ssh.Run(node_name, constants.SSH_LOGIN_USER,
utils.ShellQuoteArgs(cmd))
if result.failed:
errmsg = ["Failed to run command %s" % result.cmd]
......
......@@ -538,7 +538,7 @@ def RunClusterCommand(opts, args):
nodes.append(master_node)
for name in nodes:
result = srun.Run(name, "root", command)
result = srun.Run(name, constants.SSH_LOGIN_USER, command)
ToStdout("------------------------------------------------")
if opts.show_machine_names:
for line in result.output.splitlines():
......
......@@ -101,6 +101,8 @@ CONFD_USER = _autoconf.CONFD_USER
CONFD_GROUP = _autoconf.CONFD_GROUP
NODED_USER = _autoconf.NODED_USER
NODED_GROUP = _autoconf.NODED_GROUP
SSH_LOGIN_USER = _autoconf.SSH_LOGIN_USER
SSH_CONSOLE_USER = _autoconf.SSH_CONSOLE_USER
# cpu pinning separators and constants
CPU_PINNING_SEP = ":"
......@@ -551,7 +553,6 @@ IP4_FAMILY = socket.AF_INET
IP6_FAMILY = socket.AF_INET6
TCP_PING_TIMEOUT = 10
GANETI_RUNAS = "root"
DEFAULT_VG = "xenvg"
DEFAULT_DRBD_HELPER = "/bin/true"
MIN_VG_SIZE = 20480
......
......@@ -273,7 +273,7 @@ class ChrootManager(hv_base.BaseHypervisor):
return objects.InstanceConsole(instance=instance.name,
kind=constants.CONS_SSH,
host=instance.primary_node,
user=constants.GANETI_RUNAS,
user=constants.SSH_CONSOLE_USER,
command=["chroot", root_dir])
def Verify(self):
......
......@@ -1833,7 +1833,7 @@ class KVMHypervisor(hv_base.BaseHypervisor):
return objects.InstanceConsole(instance=instance.name,
kind=constants.CONS_SSH,
host=instance.primary_node,
user=constants.GANETI_RUNAS,
user=constants.SSH_CONSOLE_USER,
command=cmd)
vnc_bind_address = hvparams[constants.HV_VNC_BIND_ADDRESS]
......
......@@ -395,7 +395,7 @@ class LXCHypervisor(hv_base.BaseHypervisor):
return objects.InstanceConsole(instance=instance.name,
kind=constants.CONS_SSH,
host=instance.primary_node,
user=constants.GANETI_RUNAS,
user=constants.SSH_CONSOLE_USER,
command=["lxc-console", "-n", instance.name])
def Verify(self):
......
......@@ -421,7 +421,7 @@ class XenHypervisor(hv_base.BaseHypervisor):
return objects.InstanceConsole(instance=instance.name,
kind=constants.CONS_SSH,
host=instance.primary_node,
user=constants.GANETI_RUNAS,
user=constants.SSH_CONSOLE_USER,
command=[pathutils.XM_CONSOLE_WRAPPER,
instance.name])
......
......@@ -271,7 +271,7 @@ class SshRunner:
"else"
" echo \"$GANETI_HOSTNAME\";"
"fi")
retval = self.Run(node, "root", cmd, quiet=False)
retval = self.Run(node, constants.SSH_LOGIN_USER, cmd, quiet=False)
if retval.failed:
msg = "ssh problem"
......
......@@ -818,7 +818,7 @@ class TestInstanceQuery(unittest.TestCase):
consinfo["inst7"] = \
objects.InstanceConsole(instance="inst7", kind=constants.CONS_SSH,
host=instbyname["inst7"].primary_node,
user=constants.GANETI_RUNAS,
user="root",
command=["hostname"]).ToDict()
iqd = query.InstanceQueryData(instances, cluster, disk_usage,
......
......@@ -183,7 +183,7 @@ def SetupSSH(transport):
@param transport: The paramiko transport instance
"""
priv_key, pub_key, auth_keys = ssh.GetUserFiles(constants.GANETI_RUNAS)
priv_key, pub_key, auth_keys = ssh.GetUserFiles(constants.SSH_LOGIN_USER)
keyfiles = [
(pathutils.SSH_HOST_DSA_PRIV, 0600),
(pathutils.SSH_HOST_DSA_PUB, 0644),
......@@ -234,13 +234,13 @@ def ParseOptions():
"""
program = os.path.basename(sys.argv[0])
(default_key, _, _) = ssh.GetUserFiles(constants.SSH_LOGIN_USER)
parser = optparse.OptionParser(usage=("%prog [--debug|--verbose] [--force]"
" <node> <node...>"), prog=program)
parser.add_option(cli.DEBUG_OPT)
parser.add_option(cli.VERBOSE_OPT)
parser.add_option(cli.NOSSH_KEYCHECK_OPT)
default_key = ssh.GetUserFiles(constants.GANETI_RUNAS)[0]
parser.add_option(optparse.Option("-f", dest="private_key",
default=default_key,
help="The private key to (try to) use for"
......@@ -382,7 +382,7 @@ def LoadKnownHosts():
@return: paramiko.util.load_host_keys dict
"""
homedir = utils.GetHomeDir(constants.GANETI_RUNAS)
homedir = utils.GetHomeDir(constants.SSH_LOGIN_USER)
known_hosts = os.path.join(homedir, ".ssh", "known_hosts")
try:
......@@ -429,7 +429,7 @@ def main():
all_keys = LoadPrivateKeys(options)
passwd = None
username = constants.GANETI_RUNAS
username = constants.SSH_LOGIN_USER
ssh_port = netutils.GetDaemonPort("ssh")
host_keys = LoadKnownHosts()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment