cas | 15 ++++-------- cas.conf | 4 +++ doc/_sources/index.txt | 3 ++ doc/index.html | 2 + doc/index.rst | 3 ++ doc/searchindex.js | 2 - lib/cas/network.py | 61 +++++++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 80 insertions(+), 10 deletions(-) New commits: commit 0844bc4787be57c8deaa1848b3a57dd58834b2db Author: adam stokes <uzr(a)jak.rebo&gt; Date: Thu Oct 15 14:23:48 2009 -0400 - reworked ssh authentication to used transport and allows for multiple command execution diff --git a/cas b/cas index 36d40c4..a142f79 100755 --- a/cas +++ b/cas @@ -25,7 +25,7 @@ import paramiko from cas.cas_subprocess import Popen, PIPE from datetime import datetime -from cas.network import Download, CasNetworkException +from cas.network import Download, Executor, CasNetworkException from cas.core import CoreBase, CoreException from cas.db import CasStorage, CasStorageException from cas.util import UtilBase, Logging @@ -273,14 +273,11 @@ class CasApplication(object): # TODO: Randomize server selection self.casLog.info("Machine %s found, processing " \ "crash output" % (hostname,)) - cmd = "cd " + os.path.join(self.storagePath) + " && ./crash -i crash.in > crash.out" - try: - ssh_obj.connect(hostname, port=port, username=settings["CASUSER"]) - except: - raise SystemExit(self.casLog.debug("Failed to connect to %s" % (hostname,))) - ssh_obj.exec_command(cmd) - if stderr: - self.casLog.debug(stderr) + cmd = ["cd " + os.path.join(self.storagePath) + "\n", + "&& ./crash -i crash.in > crash.out\n"] + Executor(settings["SSHKEY"], hostname, + port, settings["CASUSER"], + cmd).run() break else: self.casLog.info("No servers available for arch and current system not "\ diff --git a/cas.conf b/cas.conf index 880a2db..004d0f5 100644 --- a/cas.conf +++ b/cas.conf @@ -13,6 +13,10 @@ # Set the user you wish to run cas as. casuser=root +# Set keytype for user authentication +# Options: RSA/DSS +sshkey=dss + # Where kernel-debuginfo packages are stored # NOTE: this _can_ include symlinked directories, just be careful they are # indefinately recursive diff --git a/doc/_sources/index.txt b/doc/_sources/index.txt index dfd0563..087eb68 100644 --- a/doc/_sources/index.txt +++ b/doc/_sources/index.txt @@ -52,6 +52,7 @@ each section and describe its meaning:: [settings] casuser=root + sshkey=dss kernels=/mnt/kernels rpmFilter=.*kerne.+-debuginfo-[0-9].*\.rpm debugs=/cores/debugs @@ -68,6 +69,8 @@ each section and describe its meaning:: ``casuser``: (**Required**) User to run cas, recommended to run as someone other than root. +``sshkey``: (**Required**) Used for ssh negotiation, these are generated with ``ssh-keygen``. + ``kernels``: (**Required**) Describes the location of where kernel-debuginfo packages are to be stored. This can range anywhere from an nfs mount, samba share, local disk or any other type of media the cas server can access. diff --git a/doc/index.html b/doc/index.html index 36220de..c0f1ba7 100644 --- a/doc/index.html +++ b/doc/index.html @@ -85,6 +85,7 @@ The overall contents of this file is shown below, further down we will break up each section and describe its meaning:</p> <div class="highlight-python"><pre>[settings] casuser=root +sshkey=dss kernels=/mnt/kernels rpmFilter=.*kerne.+-debuginfo-[0-9].*\.rpm debugs=/cores/debugs @@ -100,6 +101,7 @@ autoPurge=Yes # buffersize=None</pre> </div> <p><tt class="docutils literal"><span class="pre">casuser</span></tt>: (<strong>Required</strong>) User to run cas, recommended to run as someone other than root.</p> +<p><tt class="docutils literal"><span class="pre">sshkey</span></tt>: (<strong>Required</strong>) Used for ssh negotiation, these are generated with <tt class="docutils literal"><span class="pre">ssh-keygen</span></tt>.</p> <p><tt class="docutils literal"><span class="pre">kernels</span></tt>: (<strong>Required</strong>) Describes the location of where kernel-debuginfo packages are to be stored. This can range anywhere from an nfs mount, samba share, local disk or any other type of media the cas server can access.</p> diff --git a/doc/index.rst b/doc/index.rst index dfd0563..087eb68 100644 --- a/doc/index.rst +++ b/doc/index.rst @@ -52,6 +52,7 @@ each section and describe its meaning:: [settings] casuser=root + sshkey=dss kernels=/mnt/kernels rpmFilter=.*kerne.+-debuginfo-[0-9].*\.rpm debugs=/cores/debugs @@ -68,6 +69,8 @@ each section and describe its meaning:: ``casuser``: (**Required**) User to run cas, recommended to run as someone other than root. +``sshkey``: (**Required**) Used for ssh negotiation, these are generated with ``ssh-keygen``. + ``kernels``: (**Required**) Describes the location of where kernel-debuginfo packages are to be stored. This can range anywhere from an nfs mount, samba share, local disk or any other type of media the cas server can access. diff --git a/doc/searchindex.js b/doc/searchindex.js index ae7ddbe..ae8a507 100644 --- a/doc/searchindex.js +++ b/doc/searchindex.js @@ -1 +1 @@ -Search.setIndex({desctypes:{},terms:{all:0,mnt:0,snip:0,abil:0,follow:0,disk:0,depend:0,wish:0,do_dlm_lock:0,those:0,aris:0,worth:0,sent:0,r14:0,r15:0,r12:0,r13:0,r10:0,r11:0,faq:0,ffffffff8010e789:0,vmcore:0,upstream:0,octob:0,ticket:0,relev:0,administr:0,level:0,die:0,list:0,prepar:0,pleas:0,x86_64:0,core:0,direct:0,pass:0,download:0,further:0,rbp:0,sub:0,section:0,abl:0,access:0,version:0,hostkei:0,autogener:0,gener:0,here:0,address:0,path:0,sinc:0,valu:0,ffffffff80110bf5:0,rdx:0,amount:0,typic:0,rdi:0,smp_call_function_interrupt:0,chanc:0,"0000010001073f48":0,repositori:0,modul:0,prefer:0,crash_32:0,filenam:0,id_dsa:0,instal:0,from:0,describ:0,would:0,memori:0,doubl:0,visit:0,two:0,next:0,few:0,usr:0,recommend:0,type:0,tell:0,more:0,sort:0,wrapper:0,share:0,ffffffff803e9b80:0,"1tb":0,must:0,none:0,retriev:0,hous:0,setup:0,work:0,uniqu:0,can:0,root:0,sqlite:0,tar:0,process:0,smtp:0,accept:0,want:0,occur:0,multipl:0,anoth:0,snippet:0,how:0,error_exit:0,purg:0,opt:0,verifi:0,perspect:0,ffffffff80528000:0,resourc:0,passwordless:0,"00000102000a4780":0,clone:0,reflect:0,date:0,data:0,physic:0,essenti:0,issu:0,inform:0,environ:0,suggest:0,order:0,help:0,over:0,major:0,i386:0,hierarchi:0,paramet:0,"100f57cb030":0,requir:0,mail:0,main:0,alter:0,crash:0,thei:0,python:0,auto:0,overal:0,dai:0,initi:0,"break":0,mention:0,itanium:0,now:0,introduct:0,name:0,edit:0,troubleshoot:0,authent:0,kern:0,each:0,debug:0,mean:0,mai:0,continu:0,happen:0,extract:0,buffers:0,out:0,shown:0,network:0,ffffffff8014cc1d:0,ffffffff8011d191:0,content:0,fffffffffffffffa:0,dsa:0,advanc:0,orig_rax:0,given:0,base:0,releas:0,org:0,ffffffff80110e1d:0,traceback:0,keep:0,vmlinux:0,thing:0,yum:0,isn:0,assign:0,first:0,origin:0,rang:0,onc:0,number:0,swapper:0,instruct:0,done:0,least:0,rflag:0,differ:0,script:0,associ:0,interact:0,system:0,messag:0,ffffffff80112058:0,statement:0,ffffffff8047a0a0:0,"final":0,boil:0,editor:0,option:0,debuginfo:0,tool:0,copi:0,specifi:0,hassl:0,exactli:0,rsp:0,than:0,provid:0,emac:0,structur:0,store:0,stale:0,"function":0,ani:0,fail:0,have:0,call_function_interrupt:0,"101f3658030":0,rax:0,rsi:0,packag:0,engin:0,bz2:0,lib:0,note:0,also:0,client:0,build:0,which:0,begin:0,normal:0,buffer:0,previou:0,compress:0,most:0,regular:0,deploi:0,"101f21efb80":0,gather:0,place:0,determin:0,irq:0,usual:0,show:0,text:0,fine:0,find:0,current:0,onli:0,locat:0,configur:0,solut:0,state:0,should:0,analyz:0,local:0,variou:0,cvjf:0,express:0,autom:0,repo:0,mainten:0,ssh:0,ellargesmp:0,enabl:0,organ:0,cleanli:0,contain:0,where:0,wiki:0,kernel:0,set:0,dump:0,"10001073f48":0,see:0,result:0,arg:0,corrupt:0,subject:0,ffffffffa03183ff:0,detect:0,purgelimit:0,kei:0,databas:0,someth:0,enough:0,between:0,approach:0,email:0,altern:0,assumpt:0,extend:0,cpu_idl:0,default_idl:0,job:0,come:0,tue:0,addit:0,last:0,admin:0,fault:0,etc:0,instanc:0,mani:0,com:0,improp:0,load:0,simpli:0,point:0,"1000107bfb0":0,rpm:0,casus:0,coredump:0,been:0,mark:0,much:0,popul:0,quickli:0,largesmp:0,anywher:0,try_crashdump:0,"0000000000000e86":0,present:0,therefor:0,look:0,rbx:0,solid:0,mount:0,keygen:0,defin:0,abov:0,error:0,"101f21efb20":0,ffffffff8047a0b0:0,timefram:0,rip:0,need:0,archiv:0,uncom:0,conf:0,fedorahost:0,sever:0,fedora:0,author:0,media:0,same:0,binari:0,timestamp:0,x86:0,someon:0,temporari:0,user:0,"500gb":0,stack:0,task:0,"10001073e98":0,entri:0,do_invalid_op:0,exampl:0,command:0,thi:0,filesystem:0,gzip:0,everyth:0,latest:0,identifi:0,execut:0,workdirectori:0,heavili:0,previous:0,samba:0,except:0,valid:0,match:0,bin:0,read:0,kmem:0,debuglevel:0,smtphost:0,mod:0,"1000107bfa0":0,resid:0,like:0,specif:0,anyon:0,manual:0,resolv:0,server:0,collect:0,necessari:0,either:0,"101f21efb60":0,"101f21efc40":0,output:0,some:0,back:0,gfs_quotad:0,proper:0,tmp:0,assum:0,ffffffff80529f08:0,exit:0,machin:0,intial:0,who:0,run:0,reach:0,usag:0,host:0,prerequisit:0,prove:0,unfortun:0,primarili:0,within:0,automat:0,down:0,"101f21efb50":0,chang:0,start_disk_dump:0,storag:0,git:0,rcx:0,log:0,wai:0,area:0,support:0,question:0,avail:0,includ:0,suit:0,"var":0,rhel:0,analysi:0,properli:0,form:0,pwd:0,line:0,analyst:0,info:0,commun:0,made:0,possibl:0,"default":0,checkout:0,below:0,ffffffff80111c90:0,otherwis:0,problem:0,similar:0,epel:0,later:0,certain:0,dure:0,pid:0,incomplet:0,exist:0,file:0,cvzf:0,fill:0,bzip2:0,"00000100f57cb030":0,when:0,other:0,ffffffff8010e7a9:0,architectur:0,corefil:0,benefici:0,autopurg:0,ffffffff80529fb8:0,stoke:0,directori:0,descript:0,adam:0,time:0,ffffffff8010e81c:0,rpmfilter:0,cpu:0},titles:["Core Analysis System"],modules:{},descrefs:{},filenames:["index"]}) \ No newline at end of file +Search.setIndex({desctypes:{},terms:{all:0,mnt:0,dss:0,snip:0,abil:0,follow:0,disk:0,depend:0,do_dlm_lock:0,those:0,aris:0,worth:0,sent:0,r14:0,r15:0,r12:0,r13:0,r10:0,r11:0,faq:0,ffffffff8010e789:0,vmcore:0,upstream:0,octob:0,ticket:0,relev:0,administr:0,level:0,die:0,list:0,prepar:0,pleas:0,x86_64:0,intial:0,direct:0,pass:0,download:0,further:0,keygen:0,sub:0,section:0,abl:0,access:0,version:0,hostkei:0,autogener:0,gener:0,here:0,address:0,path:0,sinc:0,valu:0,ffffffff80110bf5:0,rdx:0,amount:0,typic:0,rdi:0,smp_call_function_interrupt:0,chanc:0,"0000010001073f48":0,prerequisit:0,modul:0,prefer:0,crash_32:0,filenam:0,id_dsa:0,instal:0,from:0,describ:0,would:0,memori:0,doubl:0,visit:0,two:0,next:0,few:0,usr:0,recommend:0,type:0,tell:0,more:0,sort:0,wrapper:0,share:0,ffffffff803e9b80:0,"1tb":0,must:0,none:0,retriev:0,hous:0,setup:0,work:0,uniqu:0,can:0,root:0,sqlite:0,tar:0,process:0,smtp:0,accept:0,want:0,occur:0,multipl:0,anoth:0,snippet:0,how:0,error_exit:0,purg:0,verifi:0,negoti:0,perspect:0,ffffffff80528000:0,resourc:0,passwordless:0,"00000102000a4780":0,clone:0,reflect:0,mai:0,associ:0,physic:0,essenti:0,issu:0,inform:0,environ:0,media:0,order:0,help:0,over:0,major:0,i386:0,hierarchi:0,paramet:0,"100f57cb030":0,ellargesmp:0,bin:0,mail:0,main:0,alter:0,crash:0,thei:0,python:0,auto:0,overal:0,dai:0,initi:0,"break":0,mention:0,itanium:0,now:0,introduct:0,name:0,edit:0,troubleshoot:0,authent:0,kern:0,each:0,debug:0,mean:0,continu:0,happen:0,extract:0,buffers:0,out:0,shown:0,network:0,ffffffff8014cc1d:0,ffffffff8011d191:0,content:0,fffffffffffffffa:0,dsa:0,advanc:0,orig_rax:0,given:0,base:0,releas:0,org:0,ffffffff80110e1d:0,traceback:0,keep:0,vmlinux:0,thing:0,yum:0,isn:0,assign:0,first:0,origin:0,rang:0,onc:0,number:0,swapper:0,instruct:0,done:0,least:0,rflag:0,differ:0,script:0,data:0,interact:0,system:0,messag:0,ffffffff80112058:0,statement:0,ffffffff8047a0a0:0,"final":0,store:0,includ:0,option:0,debuginfo:0,tool:0,copi:0,specifi:0,"var":0,checkout:0,exactli:0,rsp:0,than:0,provid:0,see:0,structur:0,boil:0,stale:0,analysi:0,ani:0,fail:0,have:0,call_function_interrupt:0,"101f3658030":0,rax:0,rsi:0,packag:0,date:0,bz2:0,lib:0,note:0,also:0,exampl:0,build:0,which:0,begin:0,normal:0,buffer:0,previou:0,compress:0,most:0,regular:0,deploi:0,"101f21efb80":0,gather:0,place:0,determin:0,irq:0,latest:0,show:0,text:0,fine:0,find:0,current:0,onli:0,locat:0,configur:0,solut:0,state:0,should:0,analyz:0,local:0,variou:0,cvjf:0,express:0,autom:0,repo:0,mainten:0,ssh:0,requir:0,enabl:0,organ:0,cleanli:0,contain:0,where:0,wiki:0,kernel:0,set:0,dump:0,"10001073f48":0,emac:0,result:0,arg:0,corrupt:0,subject:0,ffffffffa03183ff:0,detect:0,purgelimit:0,extend:0,databas:0,someth:0,enough:0,between:0,approach:0,email:0,altern:0,assumpt:0,kei:0,cpu_idl:0,default_idl:0,job:0,come:0,tue:0,addit:0,last:0,admin:0,fault:0,etc:0,instanc:0,mani:0,com:0,improp:0,load:0,simpli:0,point:0,"1000107bfb0":0,rpm:0,casus:0,coredump:0,been:0,mark:0,much:0,sshkei:0,popul:0,quickli:0,largesmp:0,anywher:0,try_crashdump:0,"0000000000000e86":0,present:0,therefor:0,look:0,rbx:0,solid:0,mount:0,rbp:0,defin:0,abov:0,error:0,"101f21efb20":0,ffffffff8047a0b0:0,timefram:0,rip:0,need:0,archiv:0,uncom:0,conf:0,fedorahost:0,sever:0,fedora:0,author:0,suggest:0,same:0,binari:0,timestamp:0,x86:0,someon:0,temporari:0,user:0,"500gb":0,engin:0,stack:0,task:0,"10001073e98":0,entri:0,do_invalid_op:0,client:0,command:0,thi:0,filesystem:0,gzip:0,everyth:0,usual:0,identifi:0,execut:0,workdirectori:0,heavili:0,previous:0,samba:0,except:0,other:0,match:0,opt:0,read:0,kmem:0,debuglevel:0,smtphost:0,mod:0,"1000107bfa0":0,resid:0,like:0,specif:0,anyon:0,manual:0,resolv:0,server:0,collect:0,necessari:0,either:0,"101f21efb60":0,"101f21efc40":0,output:0,some:0,back:0,gfs_quotad:0,proper:0,tmp:0,assum:0,ffffffff80529f08:0,exit:0,machin:0,core:0,who:0,run:0,reach:0,usag:0,host:0,repositori:0,prove:0,unfortun:0,primarili:0,within:0,automat:0,down:0,"101f21efb50":0,chang:0,start_disk_dump:0,storag:0,git:0,rcx:0,log:0,wai:0,area:0,support:0,question:0,avail:0,editor:0,suit:0,hassl:0,rhel:0,"function":0,properli:0,form:0,pwd:0,line:0,analyst:0,info:0,commun:0,made:0,possibl:0,"default":0,wish:0,below:0,ffffffff80111c90:0,otherwis:0,problem:0,similar:0,epel:0,later:0,certain:0,dure:0,pid:0,incomplet:0,exist:0,file:0,cvzf:0,fill:0,bzip2:0,"00000100f57cb030":0,when:0,valid:0,ffffffff8010e7a9:0,architectur:0,corefil:0,benefici:0,autopurg:0,ffffffff80529fb8:0,stoke:0,directori:0,descript:0,adam:0,time:0,ffffffff8010e81c:0,rpmfilter:0,cpu:0},titles:["Core Analysis System"],modules:{},descrefs:{},filenames:["index"]}) \ No newline at end of file diff --git a/lib/cas/network.py b/lib/cas/network.py index 1371730..fdf591b 100644 --- a/lib/cas/network.py +++ b/lib/cas/network.py @@ -12,6 +12,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>;. import sys +import socket import os import urlparse import urlgrabber.grabber as grabber @@ -66,3 +67,63 @@ class Download(object): url.close() return self.output + +class Executor(object): + """ execute remote ssh + """ + def __init__(self, key_type, username, hostname, port, cmdlist): + self.key_type = key_type + self.username = username + self.hostname = hostname + + def run(self): + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.connect((self.hostname, self.port)) + except Exception, e: + raise CasNetworkException(e) + + # build transport + transport = paramiko.Transport(sock) + try: + transport.start_client() + except paramiko.SSHException: + raise CasNetworkException("SSH negotiation failed") + + try: + keys = paramiko.util.load_host_keys(os.path.expanduser("~/.ssh/known_hosts")) + except IOError: + raise CasNetworkException("Unable to load $HOME/.ssh/known_hosts") + + # check remote server key + key = transport.get_remote_server_key() + if not keys.has_key(hostname): + raise CasNetworkException("Unknown host key") + elif not keys[self.hostname].has_key(key.get_name()): + raise CasNetworkException("Unknown host key") + elif keys[self.hostname][key.get_name()] != key: + raise CasNetworkException("Host key has changed") + else: + pass + + # grab rsa/dss key + if self.key_type = 'dss': + priv_key = paramiko.DSSKey.from_private_key_file(os.path.expanduser("~/.ssh/id_dsa")) + transport.auth_publickey(self.username, priv_key) + elif self.key_type = 'rsa': + priv_key = paramiko.RSAKey.from_private_key_file(os.path.expanduser("~/.ssh/id_dsa")) + transport.auth_publickey(self.username, priv_key) + else: + raise CasNetworkException("Unable to determine key file") + + channel = transport.open_session() + channel.exec_command('bash -s') + for cmd in cmdlist: + channel.send_ready() + channel.send(cmd) + channel.recv_ready() + channel.close() + transport.close() + + return +