This is required to avoid the
"Pseudo-terminal will not be allocated because stdin is not a terminal."
ssh error message in case a Ganeti script is run non-interactively.

Signed-off-by: Balazs Lecz <leczb@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

We also create a generic SECURE_DIR_MODE constant, rather than
hardcoding 0700 in the code.

Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Balazs Lecz <leczb@google.com>

Currently both CopyFileToNode and BuildCmd hardcode "-q" in the options.
This patch moves this setting as a configurable option to
_BuildSshOptions.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

Since we use the cluster name for the SSH known_hosts file, ssh will
always detect a changed IP (since we never connect to the cluster master
name, but the node names), and will complain about it/try to update the
user known hosts file (since that is /dev/null, it doesn't matter, but
it's not nice). So we disable the IP check.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: René Nussbaumer <rn@google.com>

This passes a full burnin with lots of instances, and should be safe as
we mostly to join a known root (various constants) to a run-time
variable.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

Signed-off-by: René Nussbaumer <rn@google.com>
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

In case we add a node with “--no-ssh-key-check”, this should override
any default yes/ask values in the system-wide (or user) ssh key check.

Currently this only works in batch mode, whereas in non-batch we only
override a 'no'. The patch fixes SshRunner such that in non-batch mode
we enforce the value of StrictHostKeyChecking in all cases.

Bug found and initial investigation by Theo Van Dinter.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

The cluster verify checks for fqdn are done via address lookups, and
there we actually use the FQDN. However, for the ssh hostname check
which is done at node add time, we rely on the default of the “hostname”
command. And Debian for example recently changed the default to return
the shortname unless one passes ‘--fqdn’.

This patch is imported from the Debian packaging.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

A newer version of pylint, more warnings…

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

Before, it used to say:

  ssh/hostname verification failed node1.example.com -> hostname mismatch, got
  node2

Now it says for wrong hostnames (maybe too verbose):

  ssh/hostname verification failed (checking from node1.example.com): hostname
  mismatch, expected node2.example.com but got node3

And for non-FQDN hostnames:

  ssh/hostname verification failed (checking from node1.example.com): hostname
  not FQDN: expected node2.example.com but got node2

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>

In case we fail without output from the ssh command, we should at least
add the exit code or any other failure reason to the error message, and
log it and the cmdline used to the node daemon log.

Reviewed-by: imsnah

Reviewed-by: iustinp

This only means most of our error paths in this module were not working
(and generating exceptions).

Reviewed-by: amishchenko

Reviewed-by: amishchenko

This patch should fix all outstanding epydoc parsing errors; as such, we
switch epydoc into verbose mode so that any new errors will be visible.

Reviewed-by: imsnah

Reviewed-by: imsnah

Currently the SshRunner uses a SimpleConfigReader instance, however this
is not best. We change it to use the cluster name directly (and its
constructor now takes this as parameter, instead of SCR), and its
callers are change to pass the name directly.

As a consequence, we can now remove the initialization of SCR in
gnt-cluster (copyfile and command), and instead we query the master for
the cluster name).

Reviewed-by: imsnah

Get rid of ssconf and convert to configuration instead.

Reviewed-by: iustinp

This will be used to add nodes without user interaction, specifically
in QA tests.

Reviewed-by: ultrotter

I'm going to add another option and it would make maintaining
them in constants even more complicated.

Reviewed-by: ultrotter

This patch changes SshRunner.Run to pass all arguments to
SshRunner.BuildCmd. They had the same arguments before
and should stay that way. This change makes it easier
to add new or change existing arguments.

Reviewed-by: ultrotter

If a node hasn't been part of the cluster before being added it'll not
have the cluster's SSH key. This patch makes sure to accept those by
not aliasing the machine name to the cluster name.

Reviewed-by: ultrotter

Reviewed-by: ultrotter

Reviewed-by: ultrotter

Reviewed-by: ultrotter

This allows callers to allocate a pseudo-TTY easily.

Reviewed-by: ultrotter

Reviewed-by: ultrotter

This renames some functions and does some minor codestyle cleanup.

Reviewed-by: ultrotter

The whole Ganeti cluster has a single SSH key. Its fingerprint is
written to Ganeti's known_hosts file, together with an alias. This
allows us to always use that alias instead of the real hostname,
making management of the known_hosts file much easier.

This patch does not handle an upgrade from an earlier version.

Reviewed-by: ultrotter

Reviewed-by: imsnah

The node's ssh keys filenames are now provided as constants; this should
allow easier customization.

Also, the user's ssh key computing has been abstracted into ssh.py

Reviewed-by: imsnah

Since modules are not directly executables, remove the shebang from
them. This helps with lintian warnings.

Also make the autogenerated _autoconf.py contain two comment lines at
the beginning, like the other modules.

Reviewed-by: ultrotter

Explanation: since we use lists and not a string, every argument we give
is passed unchanged to the remote shell. So, for example, passing
'/etc/init.d/ganeti restart' to the remote shell, it will try to run the
path /etc/init.d/ganeti\ restart. With the s space included. This
breaks, for example, gnt-node add and gnt-cluster command.

The original problem with the backup routines that led to the "'" change
is that they use a plain " ".join(list), but we don't need to quote the
whole ssh remote command for this. We can simply use the existing
utils.ShellQuoteCmd(list) which does the proper quoting of the ';' or
'&&' metacharacters.

With this change, both gnt-node add, gnt-cluster command and
export/import work.

This also improves the error-handling behaviour of one cat command by
making it conditional on the preceding mkdir.

Reviewed-by: ultrotter

This avoids forgetting some parameters, as it's happening right now 
(the correct known host file is not being passed)

In order to do so we split SSHCall into an auxiliary BuildSSHCmd which builds
the command but doesn't actually call it, and SSHCall itself which runs RunCmd
on top of BuildSSHCmd's result. BuildSSHCmd is then explicitely called by 
import/export who has to build a more complex command to be run later.

This changes:
  - cluster setup, we no longer edit /etc/ssh/ssh_known_hosts but our
    own file
  - node add, we no longer remove root's known_hosts (twice)
  - gnt-instance console, both the LU and the script: since now the ssh
    setup is not standard, we need to build the ssh cmdline in the LU
    (instead of manually building it in the script) with the correct
    parameters and use the command line as returned in the script
  - ssh.py, many changes, split options in module-level constants so
    that building the command line in different places is easier/more
    logical
  - backend.py, we no longer remove root's known_hosts in Add node, and
    we allow our own known_hosts file to be uploaded

Reviewed-by: imsnah

In case we use StrictHostKeyChecking=ask, also add HashKnownHosts=no so that
debugging is easier. The nodes to which we are connecting are anyway visible in
/etc/ssh/ssh_known_hosts.

This changes the raising of exceptions from:
  raise Exception, value
to
  raise Exception(value)

as the first form will be removed in python-3000 and the second form is
preferred now.

The changes also involve a few cases of changing from raising standard
exceptions and use our own ones.

The new version also fixes many pylint-generated warnings, especially in
ganeti-noded where I changed many methods to @staticmethod.

There is no functionality changed (barring any bugs).

Reviewed-by: iustinp