Merge branch 'master' into console_auth

itouri · itouri · commit ba2147459721 · 2017-06-13T10:35:32.000+09:00
diff --git a/.idea/libraries/GOPATH__openvdc_.xml b/.idea/libraries/GOPATH__openvdc_.xml
diff --git a/build.go b/build.go
@@ -186,7 +186,11 @@ Environment Variables:
 	// Build main binaries
 	cmd("go", "build", "-i", "./vendor/...")
 	cmd("go", "build", "-ldflags", LDFLAGS, "-v", "./cmd/openvdc")
-	cmd("go", "build", "-ldflags", LDFLAGS+"-X 'main.DefaultConfPath=/etc/openvdc/executor.toml'", "-v", "./cmd/openvdc-executor")
+	cmd("go", "build", "-ldflags", LDFLAGS+
+		" -X 'main.HostRsaKeyPath=/etc/openvdc/ssh/host_rsa_key'" +
+		" -X 'main.HostEcdsaKeyPath=/etc/openvdc/ssh/host_ecdsa_key'" +
+		" -X 'main.HostEd25519KeyPath=/etc/openvdc/ssh/host_ed25519_key'" +
+		" -X 'main.DefaultConfPath=/etc/openvdc/executor.toml'", "-v", "./cmd/openvdc-executor")
 	cmd("go", "build", "-ldflags", LDFLAGS+"-X 'main.DefaultConfPath=/etc/openvdc/scheduler.toml'", "-v", "./cmd/openvdc-scheduler")
 
 	//Build lxc-template
diff --git a/ci/citest/acceptance-test/tests/fixtures/lxc2.json b/ci/citest/acceptance-test/tests/fixtures/lxc2.json
@@ -0,0 +1,13 @@
+{
+  "title": "CentOS7",
+  "template": {
+    "type": "vm/lxc",
+    "lxc_template": {
+      "openvdc": {
+        "distro": "centos",
+        "release": "7"
+      }
+    }
+  }
+}
+
diff --git a/ci/citest/acceptance-test/tests/local_image_test.go b/ci/citest/acceptance-test/tests/local_image_test.go
@@ -3,20 +3,54 @@
 package tests
 
 import (
+	"fmt"
+	"path/filepath"
 	"strings"
 	"testing"
 	"time"
 )
 
+func init() {
+        if err := RestoreAssets("/var/tmp", "fixtures"); err != nil {
+                panic(err)
+        }
+}
+
 func TestLocalImage(t *testing.T) {
 
+	stdout, _, err := RunSsh(scheduler_ip, fmt.Sprintf("[ -f /var/www/html/images/centos/7/amd64/meta.tar.xz ] && echo meta.tar.xz found || echo meta.tar.xz not found"))
+
+        if err != nil {
+                t.Error(err)
+        }
+
+        t.Log(stdout.String())
+
 	// Use custom lxc-template.
-	stdout, _ := RunCmdAndReportFail(t, "openvdc", "run", "centos/7/lxc", `{"lxc_template":{"template":"openvdc"}, "node_groups":["linuxbr"]}`)
+	stdout, _ = RunCmdAndReportFail(t, "openvdc", "run", "/var/tmp/fixtures/lxc2.json", `{"node_groups":["linuxbr"]}`)
 	instance_id := strings.TrimSpace(stdout.String())
 
-	_, _ = RunCmdAndReportFail(t, "openvdc", "show", instance_id)
 	WaitInstance(t, 10*time.Minute, instance_id, "RUNNING", []string{"QUEUED", "STARTING"})
-	RunSshWithTimeoutAndReportFail(t, executor_lxc_ip, "sudo lxc-info -n "+instance_id, 10, 5)
+
+	configFile := filepath.Join("/var/lib/lxc/", instance_id, "config")
+	stdout, _, err = RunSsh(executor_lxc_ip, fmt.Sprintf("echo | sudo head -n 1 %s", configFile))
+
+	if err != nil {
+		t.Error(err)
+	}
+	if stdout.Len() == 0 {
+		t.Errorf("Couldn't read %s", configFile)
+	}
+
+	if testing.Verbose() {
+		t.Log(stdout.String())
+	}
+
+	s := strings.Split(strings.TrimSpace(stdout.String()), "/")
+	templateUsed := s[len(s)-1]
+	if templateUsed != "lxc-openvdc" {
+		t.Errorf("Expected templateUsed to be 'lxc-openvdc', got:  %s", templateUsed)
+	}
 
 	_, _ = RunCmdAndReportFail(t, "openvdc", "stop", instance_id)
 
diff --git a/cmd/lxc-openvdc/main.go b/cmd/lxc-openvdc/main.go
@@ -127,8 +127,8 @@ func PrepareCache() error {
 
 func GenerateConfig() error {
 	if lxcPath == "" {
-                return errors.New("lxcPath not set.")
-        }
+		return errors.New("lxcPath not set.")
+	}
 
 	lxcCfgPath := filepath.Join(lxcPath, "config")
 	cfgPath := filepath.Join(containerPath, "config")
@@ -179,7 +179,7 @@ func GetFile(fileName string) error {
 	}
 
 	if res.StatusCode != 200 {
-		return errors.New(fmt.Sprintf("Http status code: %s", res.StatusCode))
+		return errors.Errorf("Url: %s Http status code: %s", downloadUrl, res.StatusCode)
 	}
 
 	defer res.Body.Close()
diff --git a/cmd/openvdc-executor/sshd.go b/cmd/openvdc-executor/sshd.go
@@ -2,20 +2,15 @@ package main
 
 import (
 	"crypto"
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/rand"
-	"crypto/rsa"
 	"fmt"
 	"io"
 	"net"
-
 	log "github.com/Sirupsen/logrus"
 	"github.com/axsh/openvdc/hypervisor"
 	"github.com/axsh/openvdc/model"
 	"github.com/pkg/errors"
-	"golang.org/x/crypto/ed25519"
 	"golang.org/x/crypto/ssh"
+	"io/ioutil"
 	"golang.org/x/net/context"
 )
 
@@ -40,31 +35,29 @@ func NewSSHServer(provider hypervisor.HypervisorProvider, ctx context.Context) *
 
 type HostKeyGen func(rand io.Reader) (crypto.Signer, error)
 
-var KeyGenList = []HostKeyGen{
-	func(rand io.Reader) (crypto.Signer, error) {
-		_, priv, err := ed25519.GenerateKey(rand)
-		return priv, err
-	},
-	func(rand io.Reader) (crypto.Signer, error) {
-		return ecdsa.GenerateKey(elliptic.P521(), rand)
-	},
-	func(rand io.Reader) (crypto.Signer, error) {
-		return rsa.GenerateKey(rand, 2048)
-	},
-}
+var HostRsaKeyPath string
+var HostEcdsaKeyPath string
+var HostEd25519KeyPath string
 
+var KeyGenPathList = []string{
+	HostRsaKeyPath,
+	HostEcdsaKeyPath,
+	HostEd25519KeyPath,
+}
 func (sshd *SSHServer) Setup() error {
 	if model.GetBackendCtx(sshd.ctx) == nil {
 		return errors.New("Context does not have model connection")
 	}
-	for _, gen := range KeyGenList {
-		priv, err := gen(rand.Reader)
+	for _, path := range KeyGenPathList {
+		// Reading key file
+		buf, err := ioutil.ReadFile(path)
 		if err != nil {
-			return errors.Wrap(err, "Failed to generate host key")
+			return errors.Wrap(err, path + " doesn't exist")
 		}
-		sshSigner, err := ssh.NewSignerFromSigner(priv)
+		// Check integrity of pem file
+		sshSigner, err := ssh.ParsePrivateKey(buf)
 		if err != nil {
-			return errors.Wrap(err, "Failed to convert to ssh.Signer")
+			return errors.Wrap(err, path + " is not a valid pem file")
 		}
 		sshd.config.AddHostKey(sshSigner)
 	}
diff --git a/pkg/rhel/openvdc.spec b/pkg/rhel/openvdc.spec
@@ -50,6 +50,7 @@ mkdir -p "$RPM_BUILD_ROOT"/opt/axsh/openvdc/bin
 mkdir -p "$RPM_BUILD_ROOT"%{_unitdir}
 mkdir -p "$RPM_BUILD_ROOT"/etc/openvdc
 mkdir -p "$RPM_BUILD_ROOT"/etc/openvdc/scripts
+mkdir -p "$RPM_BUILD_ROOT"/etc/openvdc/ssh
 mkdir -p "$RPM_BUILD_ROOT"/usr/bin
 ln -sf /opt/axsh/openvdc/bin/openvdc  "$RPM_BUILD_ROOT"/usr/bin
 cp openvdc "$RPM_BUILD_ROOT"/opt/axsh/openvdc/bin
@@ -93,6 +94,12 @@ OpenVDC executor common package.
 /opt/axsh/openvdc/share/mesos-slave/attributes.lxc
 /opt/axsh/openvdc/share/lxc-templates/lxc-openvdc
 %dir /etc/openvdc
+%dir /etc/openvdc/ssh
+
+%post executor
+test ! -f /etc/openvdc/ssh/host_rsa_key && /usr/bin/ssh-keygen -q -t rsa -f /etc/openvdc/ssh/host_rsa_key -b 4096 -C '' -N '' >&/dev/null;
+test ! -f /etc/openvdc/ssh/host_ecdsa_key && /usr/bin/ssh-keygen -q -t ecdsa -f /etc/openvdc/ssh/host_ecdsa_key -C '' -N '' >&/dev/null;
+test ! -f /etc/openvdc/ssh/host_ed25519_key && /usr/bin/ssh-keygen -q -t ed25519 -f /etc/openvdc/ssh/host_ed25519_key -C '' -N '' >&/dev/null;
 
 %package executor-null
 Summary: OpenVDC executor (null driver)
diff --git a/templates/centos/7/lxc2.json b/templates/centos/7/lxc2.json
@@ -0,0 +1,12 @@
+{
+  "title": "CentOS7",
+  "template": {
+    "type": "vm/lxc",
+    "lxc_template": {
+      "openvdc": {
+        "distro": "centos",
+        "release": "7"
+      }
+    }
+  }
+}
