diff --git a/crmsh/bootstrap.py b/crmsh/bootstrap.py index a77fc3d97f..ac47ddb4aa 100644 --- a/crmsh/bootstrap.py +++ b/crmsh/bootstrap.py @@ -1039,6 +1039,7 @@ def generate_ssh_key_pair_on_remote( # which breaks shell expansion used in cmd cmd = ''' [ -f ~/.ssh/id_rsa ] || ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -C "Cluster internal on $(hostname)" -N '' +[ -f ~/.ssh/id_rsa.pub ] || ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub ''' result = utils.su_subprocess_run( local_sudoer, @@ -1049,6 +1050,7 @@ def generate_ssh_key_pair_on_remote( ) if result.returncode != 0: raise ValueError(codecs.decode(result.stdout, 'utf-8', 'replace')) + cmd = 'cat ~/.ssh/id_rsa.pub' result = utils.su_subprocess_run( local_sudoer, diff --git a/test/features/bootstrap_bugs.feature b/test/features/bootstrap_bugs.feature index 4ae2fed24a..8124de45e5 100644 --- a/test/features/bootstrap_bugs.feature +++ b/test/features/bootstrap_bugs.feature @@ -137,8 +137,8 @@ Feature: Regression test for bootstrap bugs When Run "crm cluster stop" on "hanode1" Then Service "corosync" is "stopped" on "hanode1" - @clean @skip_non_root + @clean Scenario: Passwordless for root, not for sudoer(bsc#1209193) Given Cluster service is "stopped" on "hanode1" And Cluster service is "stopped" on "hanode2" @@ -156,8 +156,29 @@ Feature: Regression test for bootstrap bugs And Run "test -f /tmp/1209193" on "hanode1" And Run "test -f /tmp/1209193" on "hanode2" + @skip_non_root @clean + Scenario: Missing public key + Given Cluster service is "stopped" on "hanode1" + And Cluster service is "stopped" on "hanode2" + When Run "crm cluster init -y" on "hanode1" + Then Cluster service is "started" on "hanode1" + When Run "crm cluster join -c hanode1 -y" on "hanode2" + Then Cluster service is "started" on "hanode2" + When Run "rm -f /root/.ssh/id_rsa.pub" on "hanode1" + When Run "rm -f /root/.ssh/id_rsa.pub" on "hanode2" + When Run "rm -f /var/lib/crmsh/upgrade_seq" on "hanode1" + When Run "rm -f /var/lib/crmsh/upgrade_seq" on "hanode2" + When Run "rm -rf /var/lib/heartbeat/cores/hacluster/.ssh" on "hanode1" + And Run "rm -rf /var/lib/heartbeat/cores/hacluster/.ssh" on "hanode2" + And Run "usermod -s /usr/sbin/nologin hacluster" on "hanode1" + And Run "usermod -s /usr/sbin/nologin hacluster" on "hanode2" + And Run "crm status" on "hanode1" + Then Check user shell for hacluster between "hanode1 hanode2" + Then Check passwordless for hacluster between "hanode1 hanode2" + @skip_non_root + @clean Scenario: Do upgrade job without root passwordless Given Cluster service is "stopped" on "hanode1" And Cluster service is "stopped" on "hanode2" diff --git a/test/features/bootstrap_sbd_normal.feature b/test/features/bootstrap_sbd_normal.feature index d98a5c4ce1..01a4a4c841 100644 --- a/test/features/bootstrap_sbd_normal.feature +++ b/test/features/bootstrap_sbd_normal.feature @@ -178,8 +178,8 @@ Feature: crmsh bootstrap sbd management Then Node "hanode2" is UNCLEAN Then Wait "60" seconds for "hanode2" successfully fenced - @clean @skip_non_root + @clean Scenario: Setup sbd and test fence node, use hacluster to fence Given Has disk "/dev/sda1" on "hanode1" Given Cluster service is "stopped" on "hanode1" diff --git a/test/unittests/test_bootstrap.py b/test/unittests/test_bootstrap.py index aa63493056..9737e88d26 100644 --- a/test/unittests/test_bootstrap.py +++ b/test/unittests/test_bootstrap.py @@ -385,6 +385,7 @@ def test_generate_ssh_key_pair_on_remote(self, mock_su: mock.MagicMock): 'ssh -o StrictHostKeyChecking=no remote_sudoer@remote_host sudo -H -u remote_user /bin/sh', input=''' [ -f ~/.ssh/id_rsa ] || ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -C "Cluster internal on $(hostname)" -N '' +[ -f ~/.ssh/id_rsa.pub ] || ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub '''.encode('utf-8'), stdout=subprocess.PIPE, stderr=subprocess.STDOUT,