[node-patches] Change in ovirt-node[master]: hooks: Add on-boot hook validate-owner-ssh-keys

dougsland at redhat.com dougsland at redhat.com
Fri Feb 20 00:05:50 UTC 2015 

Douglas Schilling Landgraf has uploaded a new change for review.

Change subject: hooks: Add on-boot hook validate-owner-ssh-keys
......................................................................

hooks: Add on-boot hook validate-owner-ssh-keys

During upgrades between releases of node may have
a different gid for ssh_keys group making the
registration or ssh connection impossible.

This patch adds a boot hook into ovirt-node to verify
if ssh_keys group exists and fix the permissions if required.

Change-Id: Iaafad60288d87a41470dae581e6a2c6bc77369cd
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1192523
Signed-off-by: Douglas Schilling Landgraf <dougsland at redhat.com>
---
M Makefile.am
M configure.ac
A hooks/Makefile.am
A hooks/README
A hooks/on-boot/03-validate-owner-ssh-keys
5 files changed, 69 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/93/37993/1

diff --git a/Makefile.am b/Makefile.am
index 49dfbb8..12930b5 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -23,6 +23,7 @@
   data \
   dracut \
   images \
+  hooks \
   recipe \
   scripts \
   src \
diff --git a/configure.ac b/configure.ac
index a648c47..7a988c4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -116,6 +116,7 @@
                 data/Makefile
                 dracut/Makefile
                 images/Makefile
+                hooks/Makefile
                 scripts/Makefile
                 registration/Makefile
                 tools/Makefile
diff --git a/hooks/Makefile.am b/hooks/Makefile.am
new file mode 100644
index 0000000..f008d35
--- /dev/null
+++ b/hooks/Makefile.am
@@ -0,0 +1,22 @@
+# Copyright (C) 2015 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA  02110-1301, USA.  A copy of the GNU General Public License is
+# also available at http://www.gnu.org/copyleft/gpl.html.
+
+onbootdir = $(libexecdir)/ovirt-node/hooks/on-boot
+
+dist_onboot_SCRIPTS = \
+	on-boot/03-validate-owner-ssh-keys \
+	$(NULL)
diff --git a/hooks/README b/hooks/README
new file mode 100644
index 0000000..b544b01
--- /dev/null
+++ b/hooks/README
@@ -0,0 +1,2 @@
+on-boot dir contains scripts that will run during the boot.
+
diff --git a/hooks/on-boot/03-validate-owner-ssh-keys b/hooks/on-boot/03-validate-owner-ssh-keys
new file mode 100755
index 0000000..0258585
--- /dev/null
+++ b/hooks/on-boot/03-validate-owner-ssh-keys
@@ -0,0 +1,43 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# 03-validate-owner-ssh-keys - Copyright (C) 2015 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+import grp
+import os
+import pwd
+
+_GROUP_SSH_KEYS = "ssh_keys"
+_PATH_KEYS = ("/etc/ssh/ssh_host_rsa_key",
+              "/etc/ssh/ssh_host_key",
+              "/etc/ssh/ssh_host_dsa_key",
+              "/etc/ssh/ssh_host_ecdsa_key")
+
+
+def main():
+    try:
+        for key in _PATH_KEYS:
+            if os.path.exists(key) and \
+                              grp.getgrnam(_GROUP_SSH_KEYS).gr_gid:
+                stat_info = os.stat(key)
+                user = pwd.getpwuid(stat_info.st_uid)[0]
+                group = grp.getgrgid(stat_info.st_gid)[0]
+
+                if user != "root" or group != _GROUP_SSH_KEYS:
+                    os.chown(key,
+                        pwd.getpwnam("root").pw_uid,
+                        grp.getgrnam(_GROUP_SSH_KEYS).gr_gid)
+    except KeyError:
+        # No ssh_keys group, nothing to do
+        pass
+
+if __name__ == "__main__":
+    main()


-- 
To view, visit http://gerrit.ovirt.org/37993
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iaafad60288d87a41470dae581e6a2c6bc77369cd
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Douglas Schilling Landgraf <dougsland at redhat.com>

More information about the node-patches mailing list