configure authorized_keys locally for --allinone

When running in --allinone mode, this patch creates a local ScriptRunner rather than a remote ScriptRunner, which permits the authorized_keys file to be configured even if PasswordAuthentication is disabled in /etc/ssh/sshd_config. Closes: rhbz#1111705 (https://bugzilla.redhat.com/show_bug.cgi?id=1111705) Change-Id: I728f507bf0a38e75b8e981864253718afa200ca1
2014-06-20 16:30:12 -04:00
parent 8e27961f05
commit 97d0b402bb
1 changed files with 25 additions and 14 deletions
--- a/packstack/plugins/prescript_000.py
+++ b/packstack/plugins/prescript_000.py
@@ -13,7 +13,7 @@ import uuid
 from packstack.installer import (basedefs, exceptions, processors, utils,
                                 validators)

-from packstack.modules.common import filtered_hosts
+from packstack.modules.common import filtered_hosts, is_all_in_one
 from packstack.modules.ospluginutils import (getManifestTemplate,
                                             appendManifestFile)

@@ -430,22 +430,33 @@ def initSequences(controller):

 #-------------------------- step functions --------------------------

+def install_keys_on_host(hostname, sshkeydata):
+    server = utils.ScriptRunner(hostname)
+    # TODO replace all that with ssh-copy-id
+    server.append("mkdir -p ~/.ssh")
+    server.append("chmod 500 ~/.ssh")
+    server.append("grep '%s' ~/.ssh/authorized_keys > /dev/null 2>&1 || "
+                  "echo %s >> ~/.ssh/authorized_keys"
+                  % (sshkeydata, sshkeydata))
+    server.append("chmod 400 ~/.ssh/authorized_keys")
+    server.append("restorecon -r ~/.ssh")
+    server.execute()
+
+
 def install_keys(config, messages):
    with open(config["CONFIG_SSH_KEY"]) as fp:
        sshkeydata = fp.read().strip()
-    for hostname in filtered_hosts(config):
-        if '/' in hostname:
-            hostname = hostname.split('/')[0]
-        server = utils.ScriptRunner(hostname)
-        # TODO replace all that with ssh-copy-id
-        server.append("mkdir -p ~/.ssh")
-        server.append("chmod 500 ~/.ssh")
-        server.append("grep '%s' ~/.ssh/authorized_keys > /dev/null 2>&1 || "
-                      "echo %s >> ~/.ssh/authorized_keys"
-                      % (sshkeydata, sshkeydata))
-        server.append("chmod 400 ~/.ssh/authorized_keys")
-        server.append("restorecon -r ~/.ssh")
-        server.execute()
+
+    # If this is a --allinone install *and* we are running as root,
+    # we can configure the authorized_keys file locally, avoid problems
+    # if PasswordAuthentication is disabled.
+    if is_all_in_one(config) and os.getuid() == 0:
+        install_keys_on_host(None, sshkeydata)
+    else:
+        for hostname in filtered_hosts(config):
+            if '/' in hostname:
+                hostname = hostname.split('/')[0]
+            install_keys_on_host(hostname, sshkeydata)


 def discover(config, messages):