dockerctl: Update authorized_keys in bootstrap images during restore
After backup-reinstall-restore Fuel uses bootstrap with wrong ssh keys.
dockerctl backup procedure does not save the bootstrap's root
filesystem, which holds the list of authorized keys that should be
matching the private key located in /root/.ssh on the master.
It would result in inaccessible nodes from a new master installation
(which has bootstrap images regenerated with a new key, not matching
the original one, restored from the backup).
This patch updates authorized_keys inside squashfsed bootstrap images,
so it will be retained during backup-reinstall-restore procedure, if
user has not requested a full backup. Full backups already contain a
full copy of /var/www/nailgun, so no changes are needed.
User should carefully restore from non-full backups - only active
bootstrap will have its ssh keys updated. To propagate ssh keys to
already running nodes, you can use something like:
mco rpc --agent execute_shell_command --action execute --arg cmd="echo '$(cat /root/.ssh/id_rsa.pub)' >> /root/.ssh/authorized_keys" -v
Reviewed: https:/ /review. openstack. org/276323 /git.openstack. org/cgit/ openstack/ fuel-library/ commit/ ?id=7574a70511d b2ac7d98d820e98 6cbfec659d6a1e
Committed: https:/
Submitter: Jenkins
Branch: stable/8.0
commit 7574a70511db2ac 7d98d820e986cbf ec659d6a1e
Author: Dmitry Bilunov <email address hidden>
Date: Thu Feb 4 01:16:50 2016 +0300
dockerctl: Update authorized_keys in bootstrap images during restore
After backup- reinstall- restore Fuel uses bootstrap with wrong ssh keys.
dockerctl backup procedure does not save the bootstrap's root
filesystem, which holds the list of authorized keys that should be
matching the private key located in /root/.ssh on the master.
It would result in inaccessible nodes from a new master installation
(which has bootstrap images regenerated with a new key, not matching
the original one, restored from the backup).
This patch updates authorized_keys inside squashfsed bootstrap images, reinstall- restore procedure, if
so it will be retained during backup-
user has not requested a full backup. Full backups already contain a
full copy of /var/www/nailgun, so no changes are needed.
User should carefully restore from non-full backups - only active shell_command --action execute --arg cmd="echo '$(cat /root/. ssh/id_ rsa.pub) ' >> /root/. ssh/authorized_ keys" -v
bootstrap will have its ssh keys updated. To propagate ssh keys to
already running nodes, you can use something like:
mco rpc --agent execute_
Closes-Bug: #1536198 2a7955f164d9404 ecb28dc9a3a
DocImpact
Change-Id: I06d8720b05096a