From f8c3d9d711ec06e0c4f358724a008789c9bd9e44 Mon Sep 17 00:00:00 2001 From: ahothan Date: Thu, 30 Apr 2015 16:11:59 -0700 Subject: [PATCH] Remove VMTP key pair and use user's key pair instead make --controler-node callable refactor SSH management code standardize on ssh access argument format Change-Id: Ie0b422f2381a735621bb732686a167dc1a4ca3b5 --- cfg.default.yaml | 21 ++-- compute.py | 24 +++- credentials.py | 2 +- doc/source/setup.rst | 32 +++-- doc/source/usage.rst | 75 ++++++----- instance.py | 45 +++---- perf_instance.py | 4 +- ssh/id_rsa | 27 ---- ssh/id_rsa.pub | 1 - sshutils.py | 109 ++++++++++++---- vmtp.py | 293 +++++++++++++++++++++++-------------------- 11 files changed, 363 insertions(+), 270 deletions(-) delete mode 100644 ssh/id_rsa delete mode 100644 ssh/id_rsa.pub diff --git a/cfg.default.yaml b/cfg.default.yaml index d7dba59..a5e1c37 100644 --- a/cfg.default.yaml +++ b/cfg.default.yaml @@ -99,17 +99,17 @@ internal_cidr: ['192.168.1.0/24' , '192.168.2.0/24'] # Default CIDRs to use for data network for ipv6 internal_cidr_v6: ['2001:45::/64','2001:46::/64'] -# The public key to use to ssh to all targets (VMs, containers, hosts) -# If starting with './' is relative to the location of the VMTP script -# else can be an absolute path -public_key_file: './ssh/id_rsa.pub' +# The public and private keys to use to ssh to all targets (VMs, containers, hosts) +# By default the SSH library will try several methods to authenticate: +# - password if provided on the command line +# - user's own key pair (under the home directory $HOME) if already setup +# - the below key pair if not empty +# If you want to use a specific key pair, specify the key pair files here. +# This can be a pathname that is absolute or relative to the current directory +public_key_file: +private_key_file: -# File containing the private key to use along with the publick key -# If starting with './' is relative to the location of the script -# else can be an absolute path -private_key_file: './ssh/id_rsa' - -# Name of the P&S public key in OpenStack +# Name of the P&S public key in OpenStack to create for all test VMs public_key_name: 'pns_public_key' # name of the server VM @@ -122,6 +122,7 @@ vm_name_client: 'TestClient' security_group_name: 'pns-security' # Location to the performance test tools. +# If relative, is relative to the vmtp directory perf_tool_path: './tools' # ping variables diff --git a/compute.py b/compute.py index 13dadbf..dcbfebc 100644 --- a/compute.py +++ b/compute.py @@ -114,11 +114,12 @@ class Compute(object): def create_keypair(self, name, private_key_pair_file): self.remove_public_key(name) keypair = self.novaclient.keypairs.create(name) - # Now write the keypair to the file - kpf = os.open(private_key_pair_file, - os.O_WRONLY | os.O_CREAT, 0o600) - with os.fdopen(kpf, 'w') as kpf: - kpf.write(keypair.private_key) + # Now write the keypair to the file if requested + if private_key_pair_file: + kpf = os.open(private_key_pair_file, + os.O_WRONLY | os.O_CREAT, 0o600) + with os.fdopen(kpf, 'w') as kpf: + kpf.write(keypair.private_key) return keypair # Add an existing public key to openstack @@ -133,10 +134,21 @@ class Compute(object): print 'ERROR: Cannot open public key file %s: %s' % \ (public_key_file, exc) return None - print 'Adding public key %s' % (name) keypair = self.novaclient.keypairs.create(name, public_key) return keypair + def init_key_pair(self, kp_name, ssh_access): + '''Initialize the key pair for all test VMs + if a key pair is specified in access, use that key pair else + create a temporary key pair + ''' + if ssh_access.public_key_file: + return self.add_public_key(kp_name, ssh_access.public_key_file) + else: + keypair = self.create_keypair(kp_name, None) + ssh_access.private_key = keypair.private_key + return keypair + def find_network(self, label): net = self.novaclient.networks.find(label=label) return net diff --git a/credentials.py b/credentials.py index f07287b..ddb62b2 100644 --- a/credentials.py +++ b/credentials.py @@ -88,7 +88,7 @@ class Credentials(object): # just check that they are present for varname in ['OS_USERNAME', 'OS_AUTH_URL', 'OS_TENANT_NAME']: if varname not in os.environ: - print 'Warning: %s is missing' % (varname) + # print 'Warning: %s is missing' % (varname) success = False if success: self.rc_username = os.environ['OS_USERNAME'] diff --git a/doc/source/setup.rst b/doc/source/setup.rst index 9030142..3edfea9 100644 --- a/doc/source/setup.rst +++ b/doc/source/setup.rst @@ -2,18 +2,32 @@ Setup ===== -Public Cloud ------------- -Public clouds are special because they may not expose all OpenStack APIs and may not allow all types of operations. Some public clouds have limitations in the way virtual networks can be used or require the use of a specific external router. Running VMTP against a public cloud will require a specific configuration file that takes into account those specificities. +SSH Authentication +------------------ -Refer to the provided public cloud sample configuration files for more information. +VMTP can optionally SSH to the following hosts: +- OpenStack controller node (if the --controller-node option is used) +- External host for cloud upload/download performance test (if the --external-host option is used) +- Native host throughput (if the --host option is used) + +To connect to these hosts, the SSH library used by VMTP will try a number of authentication methods: +- if provided at the command line, try the provided password (e.g. --controller-node localadmin@10.1.1.78:secret) +- user's personal private key (~/.ssh/id_rsa) +- if provided in the configuration file, a specific private key file (private_key_file variable) + +SSH to the test VMs is always based on key pairs with the following precedence: +- if provided in the passed configuration file, use the configured key pair (private_key_file and public_key_file variables), +- otherwise use the user's personal key pair (~/.ssh/id_rsa and ~/.ssh/id_rsa.pub) +- otherwise if there is no personal key pair configured, create a temporary key pair to access all test VMs + +To summarize: +- if you have a personal key pair configured in your home directory, VMTP will use that key pair for all SSH connections (including to the test VMs) +- if you want to use your personal key pair, there is nothing to do other than making sure that the targeted hosts have been configured with the associated public key + +In any case make sure you specify the correct username. +If there is a problem, you should see an error message and stack trace after the SSH library times out. -SSH Password-less Access ------------------------- -For host throughput (*--host*), VMTP expects the target hosts to be pre-provisioned with a public key in order to allow password-less SSH. -Test VMs are created through OpenStack by VMTP with the appropriate public key to allow password-less ssh. By default, VMTP uses a default VMTP public key located in ssh/id_rsa.pub, simply append the content of that file into the .ssh/authorized_keys file under the host login home directory). -**Note:** This default VMTP public key should only be used for transient test VMs and **MUST NOT** be used to provision native hosts since the corresponding private key is open to anybody! To use alternate key pairs, the 'private_key_file' variable in the configuration file must be overridden to point to the file containing the private key to use to connect with SSH. diff --git a/doc/source/usage.rst b/doc/source/usage.rst index 3ce202e..51a0207 100644 --- a/doc/source/usage.rst +++ b/doc/source/usage.rst @@ -9,19 +9,19 @@ VMTP Usage usage: vmtp.py [-h] [-c ] [-r ] [-m [:]] [-p ] [-t