Updated anvil-daemon to enable root SSH access during startup

This is required as we need to be able to ssh into peer strikers and into nodes and DR hosts during initialization. Signed-off-by: digimer <mkelly@alteeve.ca>
11 months ago · bf693ed212
parent 943bf2e8d3
commit bf693ed212
4 changed files with 43 additions and 0 deletions
--- a/Anvil/Tools.pm
+++ b/Anvil/Tools.pm
@ -1079,6 +1079,7 @@ sub _set_paths
 				postfix_relay_password		=>	"/etc/postfix/relay_password",
 				'qemu.conf'			=>	"/etc/libvirt/qemu.conf",
 				ssh_config			=>	"/etc/ssh/ssh_config",
+				sshd_root_password		=>	"/etc/ssh/sshd_config.d/01-permitrootlogin.conf",
 				'type.striker'			=>	"/etc/anvil/type.striker",
 				'type.dr'			=>	"/etc/anvil/type.dr",
 				'type.node'			=>	"/etc/anvil/type.node",
--- a/share/words.xml
+++ b/share/words.xml
@ -3353,6 +3353,7 @@ proceeding.
 		<key name="message_0415">[ Note ] - Reconfiguring the network will break connections. Disconnecting from the database before starting. It might take a bit before this system reconnects and progress can be seen.</key>
 		<key name="message_0416">[ Note ] - The network has reconnected to the database, configuring will complete shortly.</key>
 		<key name="message_0417">[ Note ] - The old 'ifcfg' style config file: [#!variable!file!#] will be backed up and then removed!</key>
+		<key name="message_0418">[ Note ] - Updated the ssh daemon config file: [#!variable!file!#] to enable ssh access for the root user.</key>

 		<!-- Translate names (protocols, etc) -->
 		<key name="name_0001">Normal Password</key>	<!-- none in mail-server -->
--- a/tools/anvil-daemon
+++ b/tools/anvil-daemon
@ -1020,6 +1020,9 @@ sub run_once
 	# Check journald is configured for persistent storage.
 	check_journald($anvil);
 	
+	# Make sure root can ssh
+	chech_sshd($anvil);
+	
 	if ($anvil->data->{switches}{'startup-only'})
 	{
 		$anvil->nice_exit({exit_code => 0});
@ -1028,6 +1031,43 @@ sub run_once
 	return(0);
 }

+sub chech_sshd
+{
+	my ($anvil) = @_;
+	
+	$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 'path::configs::sshd_root_password' => $anvil->data->{path}{configs}{sshd_root_password} }});
+	if (not -f $anvil->data->{path}{configs}{sshd_root_password})
+	{
+		# Write it out
+		my $body = "# This file was added to enable root login by password, which is needed while
+# forming the Anvil! cluster. Once the cluster is formed, passwordless SSH 
+# should be enabled and you can disable this feature. Please remove during a
+# maintanence window or after testing in a lab environment.
+PermitRootLogin yes
+";
+		# Update the config
+		$anvil->Storage->write_file({
+			debug  => 2,
+			secure => 0, 
+			file   => $anvil->data->{path}{configs}{sshd_root_password}, 
+			body   => $body, 
+			mode   => "0644",
+		});
+		$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 0, key => "message_0418", variables => { file => $anvil->data->{path}{configs}{sshd_root_password} }});
+		
+		# Restart the journald service.
+		my $shell_call = $anvil->data->{path}{exe}{systemctl}." restart sshd.service";
+		$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }});
+		my ($output, $return_code) = $anvil->System->call({debug => 3, shell_call => $shell_call, source => $THIS_FILE, line => __LINE__});
+		$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 
+			output      => $output, 
+			return_code => $return_code,
+		}});
+	}
+	
+	return(0);
+}
+
 sub check_journald
 {
 	my ($anvil) = @_;
--- a/tools/striker-auto-initialize-all
+++ b/tools/striker-auto-initialize-all
@ -1288,6 +1288,7 @@ fi;
 						remote_user => "root",
 					}});
 					my ($host_uuid, $error, $return_code) = $anvil->Remote->call({
+						debug      => 2,
 						shell_call => $shell_call, 
 						target     => $ip,
 						password   => $anvil->data->{base}{password}{desired},