andy/glusterfs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
491ff40a7a
glusterfs/extras/peer_add_secret_pub.in
Kotresh HR f1139ca4f8 geo-rep: Fix ssh issue in geo-rep 
In geo-rep mountbroker setup, workers fails with
'Permission Denied' even though the public keys
are shared to all the slave nodes. The issue
is with selinux context not being set for .ssh
and .ssh/authorizedkeys. Doing restorecon on
these entries to set default selinux security
context fixes the issue.

Change-Id: I75e16d22f7a168de6c13b0c7571a7ab75761ae0d
BUG: 1235359
Signed-off-by: Kotresh HR <khiremat@redhat.com>
Reviewed-on: http://review.gluster.org/11383
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Aravinda VK <avishwan@redhat.com>
Reviewed-by: darshan n <dnarayan@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
2015-06-25 04:48:31 -07:00

71 lines
1.7 KiB
Bash
Raw Blame History

#!/bin/bash
user=$1
pub_file=$2
if [ "$user" == "" ]; then
echo "Invalid User";
exit 1;
fi
if [ "$pub_file" == "" ]; then
echo "Invalid pub file";
exit 1;
fi
home_dir=`getent passwd $user | cut -d ':' -f 6`;
if [ "$home_dir" == "" ]; then
echo "Invalid home dir";
exit 1;
fi
authorized_keys_file=$(cat /etc/ssh/sshd_config | \
grep -e "^AuthorizedKeysFile" | \
awk '{print $2}' | tail -1);
# If not set, use default location
if [ "x$authorized_keys_file" == "x" ]; then
authorized_keys_file="%h/.ssh/authorized_keys"
fi
# If default location
if [ "$authorized_keys_file" == ".ssh/authorized_keys" ]; then
authorized_keys_file="%h/$authorized_keys_file"
fi
# Replace %u with user name (ex: /etc/ssh/keys/%u/authorized_keys)
authorized_keys_file="${authorized_keys_file//%u/$user}";
# Replace %h with home dir (ex: %h/.ssh/authorized_keys)
authorized_keys_file="${authorized_keys_file//%h/$home_dir}";
ssh_dir=$(dirname $authorized_keys_file);
if [ ! -d $ssh_dir ]; then
mkdir $ssh_dir;
chmod 700 $ssh_dir;
chown $user: $ssh_dir;
fi
if [ ! -d $authorized_keys_file ]; then
touch $authorized_keys_file;
chmod 600 $authorized_keys_file;
chown $user: $authorized_keys_file;
fi
# Restore SELinux security contexts. This is required
# for passwdless SSH to work.
if type restorecon >/dev/null 2>&1; then
restorecon -F $ssh_dir $authorized_keys_file;
fi
# Add to authorized_keys file only if not exists already
while read line
do
grep -Fxq "$line" $authorized_keys_file;
[ $? -ne 0 ] && echo "$line" >> $authorized_keys_file;
done < "$GLUSTERD_WORKDIR"/$pub_file;
exit 0;
Reference in New Issue View Git Blame Copy Permalink