Merge pull request #1153 from liangxin1300/20230323_missing_public_key

 Dev: bootstrap: Generate the public key on the remote if it does not exist

crmsh/bootstrap.py

@@ -1039,6 +1039,7 @@ def generate_ssh_key_pair_on_remote(
     # which breaks shell expansion used in cmd
     cmd = '''
 [ -f ~/.ssh/id_rsa ] || ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -C "Cluster internal on $(hostname)" -N ''
+[ -f ~/.ssh/id_rsa.pub ] || ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
 '''
     result = utils.su_subprocess_run(
         local_sudoer,
@@ -1049,6 +1050,7 @@ def generate_ssh_key_pair_on_remote(
     )
     if result.returncode != 0:
         raise ValueError(codecs.decode(result.stdout, 'utf-8', 'replace'))
+
     cmd = 'cat ~/.ssh/id_rsa.pub'
     result = utils.su_subprocess_run(
         local_sudoer,

test/features/bootstrap_bugs.feature

@@ -137,8 +137,8 @@ Feature: Regression test for bootstrap bugs
     When    Run "crm cluster stop" on "hanode1"
     Then    Service "corosync" is "stopped" on "hanode1"
 
-  @clean
   @skip_non_root
+  @clean
   Scenario: Passwordless for root, not for sudoer(bsc#1209193)
     Given   Cluster service is "stopped" on "hanode1"
     And     Cluster service is "stopped" on "hanode2"
@@ -156,8 +156,29 @@ Feature: Regression test for bootstrap bugs
     And     Run "test -f /tmp/1209193" on "hanode1"
     And     Run "test -f /tmp/1209193" on "hanode2"
 
+  @skip_non_root
   @clean
+  Scenario: Missing public key
+    Given   Cluster service is "stopped" on "hanode1"
+    And     Cluster service is "stopped" on "hanode2"
+    When    Run "crm cluster init -y" on "hanode1"
+    Then    Cluster service is "started" on "hanode1"
+    When    Run "crm cluster join -c hanode1 -y" on "hanode2"
+    Then    Cluster service is "started" on "hanode2"
+    When    Run "rm -f /root/.ssh/id_rsa.pub" on "hanode1"
+    When    Run "rm -f /root/.ssh/id_rsa.pub" on "hanode2"
+    When    Run "rm -f /var/lib/crmsh/upgrade_seq" on "hanode1"
+    When    Run "rm -f /var/lib/crmsh/upgrade_seq" on "hanode2"
+    When    Run "rm -rf /var/lib/heartbeat/cores/hacluster/.ssh" on "hanode1"
+    And     Run "rm -rf /var/lib/heartbeat/cores/hacluster/.ssh" on "hanode2"
+    And     Run "usermod -s /usr/sbin/nologin hacluster" on "hanode1"
+    And     Run "usermod -s /usr/sbin/nologin hacluster" on "hanode2"
+    And     Run "crm status" on "hanode1"
+    Then    Check user shell for hacluster between "hanode1 hanode2"
+    Then    Check passwordless for hacluster between "hanode1 hanode2"
+
   @skip_non_root
+  @clean
   Scenario: Do upgrade job without root passwordless
     Given   Cluster service is "stopped" on "hanode1"
     And     Cluster service is "stopped" on "hanode2"

test/features/bootstrap_sbd_normal.feature

@@ -178,8 +178,8 @@ Feature: crmsh bootstrap sbd management
     Then    Node "hanode2" is UNCLEAN
     Then    Wait "60" seconds for "hanode2" successfully fenced
 
-  @clean
   @skip_non_root
+  @clean
   Scenario: Setup sbd and test fence node, use hacluster to fence
     Given   Has disk "/dev/sda1" on "hanode1"
     Given   Cluster service is "stopped" on "hanode1"

test/unittests/test_bootstrap.py

@@ -385,6 +385,7 @@ def test_generate_ssh_key_pair_on_remote(self, mock_su: mock.MagicMock):
                 'ssh -o StrictHostKeyChecking=no remote_sudoer@remote_host sudo -H -u remote_user /bin/sh',
                 input='''
 [ -f ~/.ssh/id_rsa ] || ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -C "Cluster internal on $(hostname)" -N ''
+[ -f ~/.ssh/id_rsa.pub ] || ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
 '''.encode('utf-8'),
                 stdout=subprocess.PIPE,
                 stderr=subprocess.STDOUT,