Fixed a bug in System->check_ssh_keys where the 'admin' user's RSA keys were owned by root.

Signed-off-by: Digimer <digimer@alteeve.ca>
main
Digimer 3 years ago
parent 6229a0f6b6
commit e37f487704
  1. 19
      Anvil/Tools/System.pm
  2. 1
      share/words.xml
  3. 6
      tools/anvil-daemon
  4. 2
      tools/anvil-join-anvil

@ -728,10 +728,29 @@ sub check_ssh_keys
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, key => "log_0270", variables => { user => $user }}); $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, key => "log_0270", variables => { user => $user }});
my ($output, $return_code) = $anvil->System->call({debug => $debug, shell_call => $anvil->data->{path}{exe}{'ssh-keygen'}." -t rsa -N \"\" -b 8191 -f ".$ssh_private_key_file}); my ($output, $return_code) = $anvil->System->call({debug => $debug, shell_call => $anvil->data->{path}{exe}{'ssh-keygen'}." -t rsa -N \"\" -b 8191 -f ".$ssh_private_key_file});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
output => $output,
return_code => $return_code,
}});
if (-e $ssh_public_key_file) if (-e $ssh_public_key_file)
{ {
# Success! # Success!
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, key => "log_0271", variables => { user => $user, output => $output }}); $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, key => "log_0271", variables => { user => $user, output => $output }});
# Set the ownership
foreach my $file ($ssh_private_key_file, $ssh_public_key_file)
{
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, key => "log_0682", variables => {
file => $file,
user => $user,
}});
$anvil->Storage->change_owner({
debug => 2,
path => $file,
user => $user,
group => $user,
});
}
} }
else else
{ {

@ -2073,6 +2073,7 @@ The file: [#!variable!file!#] needs to be updated. The difference is:
<key name="log_0679">Successfully built and installed the new DRBD kernel module!</key> <key name="log_0679">Successfully built and installed the new DRBD kernel module!</key>
<key name="log_0680">We were asked to resync the database, but this host is hosting: [#!variable!count!#] server(s). Resync is not allowed when servers are running to reduce the risk the kernel's out of memory handler shooting a VM if the resync consumes too much RAM. You can see which servers are running with 'virsh list' and look for servers whose states are "running", "paused", "in shutdown" or "pmsuspended".</key> <key name="log_0680">We were asked to resync the database, but this host is hosting: [#!variable!count!#] server(s). Resync is not allowed when servers are running to reduce the risk the kernel's out of memory handler shooting a VM if the resync consumes too much RAM. You can see which servers are running with 'virsh list' and look for servers whose states are "running", "paused", "in shutdown" or "pmsuspended".</key>
<key name="log_0681">Testing that our short host name resolves to one of our IP prior to starting the cluster.</key> <key name="log_0681">Testing that our short host name resolves to one of our IP prior to starting the cluster.</key>
<key name="log_0682">Changing the ownership of: [#!variable!file!#] to be owned by: [#!variable!user!#:#!variable!user!#].</key>
<!-- Messages for users (less technical than log entries), though sometimes used for logs, too. --> <!-- Messages for users (less technical than log entries), though sometimes used for logs, too. -->
<key name="message_0001">The host name: [#!variable!target!#] does not resolve to an IP address.</key> <key name="message_0001">The host name: [#!variable!target!#] does not resolve to an IP address.</key>

@ -441,7 +441,7 @@ sub handle_periodic_tasks
check_install_target($anvil); check_install_target($anvil);
# Check that the users we care about have ssh public keys and they're recorded in ssh_keys. # Check that the users we care about have ssh public keys and they're recorded in ssh_keys.
$anvil->System->check_ssh_keys({debug => 3}); $anvil->System->check_ssh_keys({debug => 2});
$anvil->System->update_hosts({debug => 3}); $anvil->System->update_hosts({debug => 3});
@ -837,7 +837,7 @@ sub run_once
# Check the ssh stuff. # Check the ssh stuff.
# NOTE: This actually runs again in the minutes tasks, but needs to run on boot as well. # NOTE: This actually runs again in the minutes tasks, but needs to run on boot as well.
$anvil->System->check_ssh_keys(); $anvil->System->check_ssh_keys({debug => 2});
# Check setuid wrappers # Check setuid wrappers
check_setuid_wrappers($anvil); check_setuid_wrappers($anvil);
@ -1265,7 +1265,7 @@ sub prep_database
### NOTE: This failed once, in case / until it happens again, we'll force log level 2 and secure logging. ### NOTE: This failed once, in case / until it happens again, we'll force log level 2 and secure logging.
my $shell_call = $anvil->data->{path}{exe}{'striker-prep-database'}." -vv --log-secure"; my $shell_call = $anvil->data->{path}{exe}{'striker-prep-database'}." -vv --log-secure";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }});
my ($database_output, $return_code) = $anvil->System->call({debug => 2, shell_call => , source => $THIS_FILE, line => __LINE__ }); my ($database_output, $return_code) = $anvil->System->call({debug => 2, shell_call => $shell_call, source => $THIS_FILE, line => __LINE__ });
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
database_output => $database_output, database_output => $database_output,
return_code => $return_code, return_code => $return_code,

@ -2190,7 +2190,7 @@ sub check_local_network
# Configure SSH by adding ours and our peer's SSH keys to ~/.ssh/known_hosts # Configure SSH by adding ours and our peer's SSH keys to ~/.ssh/known_hosts
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 3, key => "job_0113"}); $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 3, key => "job_0113"});
update_progress($anvil, ($anvil->data->{job}{progress} += 2), "job_0113"); update_progress($anvil, ($anvil->data->{job}{progress} += 2), "job_0113");
$anvil->System->check_ssh_keys({debug => 3}); $anvil->System->check_ssh_keys({debug => 2});
# Setup IPMI, if needed. # Setup IPMI, if needed.
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 3, key => "job_0114"}); $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, 'print' => 1, level => 3, key => "job_0114"});

Loading…
Cancel
Save