geo-rep: Handle copying of common_secret.pem.pub to slave correctly.

Current Behaviour:
    1. Geo-replication gsec_create creates common_secret.pem.pub file
       containing public keys of the all the nodes of master cluster
       in the location /var/lib/glusterd/
    2. Geo-replication create push-pem copies the common_secret.pem.pub
       to the same location on all the slave nodes with same name.

Problem:
    Wrong public keys might get copied on to slave nodes in multiple
    geo-replication sessions simultaneosly.

     E.g.
      A geo-rep session is established between Node1(vol1:Master) to
      Node2 (vol2:Slave). And one more geo-rep session where
      Node2 (vol3) becomes master to Node3 (vol4) as below.

      Session1: Node1 (vol1) ---> Node2 (vol2)
      Session2: Node2 (vol3) ---> Node3 (vol4)

      If steps followed to create both geo-replication session is as
      follows, wrong public keys are copied on to Node3 from Node2.

      1. gsec_create is done on Node1 (vol1) -Session1
      2. gsec_create is done on Node2 (vol3) -Session2
      3. create push-pem is done Node1 - Session1.
          -This overwrites common_secret.pem.pub in Node2
           created by gsec_create in second step.
      4. create push-pem on Node2 (vol3) copies overwrited
         common_secret.pem.pub keys to Node3. -Session2

Consequence:
      Session2 fails to start with Permission denied because of wrong
      public keys

Solution:
      On geo-rep create push-pem, don't copy common_secret.pem.pub
      file with same name on to all slave nodes. Prefix master and
      slave volume names to the filename.

NOTE: This brings change in manual steps to be followed to setup
      non-root geo-replication (mountbroker). To copy ssh public
      keys, extra two arguments needs to be followed.

      set_geo_rep_pem_keys.sh <mountbroker_user> <master vol name> \
      <slave vol name>
      
      Path to set_geo_rep_pem_keys.sh:
      Source Installation: 
              /usr/local/libexec/glusterfs/set_geo_rep_pem_keys.sh
      Rpm Installatino: 
              /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh

Change-Id: If38cd4e6f58d674d5fe2d93da15803c73b660c33
BUG: 1183229
Signed-off-by: Kotresh HR <khiremat@redhat.com>
Reviewed-on: http://review.gluster.org/9460
Reviewed-by: Aravinda VK <avishwan@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Venky Shankar <vshankar@redhat.com>

extras/hook-scripts/S56glusterd-geo-rep-create-post.sh

@@ -4,6 +4,12 @@ key_val_pair1=`echo $2 | cut -d ',' -f 1`
 key_val_pair2=`echo $2 | cut -d ',' -f 2`
 key_val_pair3=`echo $2 | cut -d ',' -f 3`
 key_val_pair4=`echo $2 | cut -d ',' -f 4`
+key_val_pair5=`echo $2 | cut -d ',' -f 5`
+
+mastervol=`echo $1 | cut -d '=' -f 2`
+if [ "$mastervol" == "" ]; then
+    exit;
+fi
 
 key=`echo $key_val_pair1 | cut -d '=' -f 1`
 val=`echo $key_val_pair1 | cut -d '=' -f 2`
@@ -22,7 +28,10 @@ fi
 if [ "$val" == "" ]; then
     exit;
 fi
+
 pub_file=`echo $val`
+pub_file_bname="$(basename $pub_file)"
+pub_file_dname="$(dirname $pub_file)"
 pub_file_tmp=`echo $val`_tmp
 
 key=`echo $key_val_pair3 | cut -d '=' -f 1`
@@ -45,17 +54,27 @@ if [ "$val" == "" ]; then
 fi
 slave_ip=`echo $val`
 
+key=`echo $key_val_pair5 | cut -d '=' -f 1`
+val=`echo $key_val_pair5 | cut -d '=' -f 2`
+if [ "$key" != "slave_vol" ]; then
+    exit;
+fi
+if [ "$val" == "" ]; then
+    exit;
+fi
+slavevol=`echo $val`
+
 if [ -f $pub_file ]; then
     # For a non-root user copy the pub file to the user's home directory
     # For a root user copy the pub files to priv_dir->geo-rep.
     if [ "$slave_user" != "root" ]; then
         slave_user_home_dir=`ssh $slave_user@$slave_ip "getent passwd $slave_user | cut -d ':' -f 6"`
         scp $pub_file $slave_user@$slave_ip:$slave_user_home_dir/common_secret.pem.pub_tmp
-        ssh $slave_user@$slave_ip "mv $slave_user_home_dir/common_secret.pem.pub_tmp $slave_user_home_dir/common_secret.pem.pub"
+        ssh $slave_user@$slave_ip "mv $slave_user_home_dir/common_secret.pem.pub_tmp $slave_user_home_dir/${mastervol}_${slavevol}_common_secret.pem.pub"
     else
         scp $pub_file $slave_ip:$pub_file_tmp
-        ssh $slave_ip "mv $pub_file_tmp $pub_file"
-        ssh $slave_ip "gluster system:: copy file /geo-replication/common_secret.pem.pub > /dev/null"
-        ssh $slave_ip "gluster system:: execute add_secret_pub > /dev/null"
+        ssh $slave_ip "mv $pub_file_tmp ${pub_file_dname}/${mastervol}_${slavevol}_${pub_file_bname}"
+        ssh $slave_ip "gluster system:: copy file /geo-replication/${mastervol}_${slavevol}_common_secret.pem.pub > /dev/null"
+        ssh $slave_ip "gluster system:: execute add_secret_pub root $mastervol $slavevol > /dev/null"
     fi
 fi

geo-replication/src/peer_add_secret_pub.in

@@ -1,18 +1,26 @@
 #!/bin/bash
 
-if [ "$1" == "" ]; then
-    user="root"
-    home_dir=`getent passwd root | cut -d ':' -f 6`;
-else
-    user=$1
-    home_dir=`getent passwd $1 | cut -d ':' -f 6`;
-fi
+user=$1
+mastervol=$2
+slavevol=$3
 
 if [ "$user" == "" ]; then
     echo "Invalid User";
     exit 1;
 fi
 
+if [ "$mastervol" == "" ]; then
+    echo "Invalid master volume";
+    exit 1;
+fi
+
+if [ "$slavevol" == "" ]; then
+    echo "Invalid slave volume";
+    exit 1;
+fi
+
+home_dir=`getent passwd $user | cut -d ':' -f 6`;
+
 if [ "$home_dir" == "" ]; then
     echo "Invalid home dir";
     exit 1;
@@ -30,4 +38,4 @@ if [ ! -d $home_dir/.ssh/authorized_keys ]; then
     chown $user: $home_dir/.ssh/authorized_keys;
 fi
 
-cat "$GLUSTERD_WORKDIR"/geo-replication/common_secret.pem.pub >> $home_dir/.ssh/authorized_keys;
+cat "$GLUSTERD_WORKDIR"/geo-replication/${mastervol}_${slavevol}_common_secret.pem.pub >> $home_dir/.ssh/authorized_keys;

geo-replication/src/set_geo_rep_pem_keys.sh

@@ -10,11 +10,26 @@
 function main()
 {
     user=$1
+    master_vol=$2
+    slave_vol=$3
+
     if [ "$user" == "" ];  then
         echo "Please enter the user's name"
         exit 1;
     fi
 
+    if [ "$master_vol" == "" ]; then
+        echo "Invalid master volume name"
+        exit 1;
+    fi
+
+    if [ "$slave_vol" == "" ]; then
+        echo "Invalid slave volume name"
+        exit 1;
+    fi
+
+    COMMON_SECRET_PEM_PUB=${master_vol}_${slave_vol}_common_secret.pem.pub
+
     if [ "$user" == "root" ]; then
         echo "This script is not needed for root"
         exit 1;
@@ -27,10 +42,10 @@ function main()
         exit 1;
     fi
 
-    if [ -f $home_dir/common_secret.pem.pub ]; then
-        cp $home_dir/common_secret.pem.pub ${GLUSTERD_WORKDIR}/geo-replication/
-        gluster system:: copy file /geo-replication/common_secret.pem.pub
-        gluster system:: execute add_secret_pub $user
+    if [ -f $home_dir/${COMMON_SECRET_PEM_PUB} ]; then
+        cp $home_dir/${COMMON_SECRET_PEM_PUB} ${GLUSTERD_WORKDIR}/geo-replication/
+        gluster system:: copy file /geo-replication/${COMMON_SECRET_PEM_PUB}
+        gluster system:: execute add_secret_pub $user ${master_vol} ${slave_vol}
     else
         echo "$home_dir/common_secret.pem.pub not present. Please run geo-replication command on master with push-pem option to generate the file"
         exit 1;

xlators/mgmt/glusterd/src/glusterd-geo-rep.c

@@ -5294,9 +5294,9 @@ glusterd_op_gsync_create (dict_t *dict, char **op_errstr, dict_t *rsp_dict)
                         is_pem_push = 0;
 
                 snprintf(hooks_args, sizeof(hooks_args),
-                         "is_push_pem=%d,pub_file=%s,slave_user=%s,slave_ip=%s",
-                         is_pem_push, common_pem_file, slave_user, slave_ip);
-
+                         "is_push_pem=%d,pub_file=%s,slave_user=%s,slave_ip=%s,"
+                         "slave_vol=%s", is_pem_push, common_pem_file,
+                         slave_user, slave_ip, slave_vol);
         } else
                 snprintf(hooks_args, sizeof(hooks_args),
                          "This argument will stop the hooks script");