From bfd963630a1a252d502db3d008d5d2b98bff9b65 Mon Sep 17 00:00:00 2001 From: John Garbutt Date: Tue, 30 Jul 2013 12:14:20 +0100 Subject: [PATCH] xenapi: allow non rsa key injection Currently if you attempt to inject a dsa key into a server, you are unable to start the server because the saving of the password will always fail. This ensures the saving of the password is only attempted when injecting an rsa based key. Fixes bug 1206458 Change-Id: I85e259c7d61182d32d2661662483237e7ad8feed --- nova/tests/virt/xenapi/test_xenapi.py | 35 ++++++++++++++++++++++++--- nova/virt/xenapi/agent.py | 2 +- 2 files changed, 33 insertions(+), 4 deletions(-) diff --git a/nova/tests/virt/xenapi/test_xenapi.py b/nova/tests/virt/xenapi/test_xenapi.py index f7f98eeff10a..655339b214d0 100644 --- a/nova/tests/virt/xenapi/test_xenapi.py +++ b/nova/tests/virt/xenapi/test_xenapi.py @@ -1005,18 +1005,47 @@ class XenAPIVMTestCase(stubs.XenAPITestBase): '_plugin_agent_inject_file', fake_inject_file) def fake_encrypt_text(sshkey, new_pass): - self.assertEqual("fake_keydata", sshkey) + self.assertEqual("ssh-rsa fake_keydata", sshkey) return "fake" self.stubs.Set(crypto, 'ssh_encrypt_text', fake_encrypt_text) expected_data = ('\n# The following ssh key was injected by ' - 'Nova\nfake_keydata\n') + 'Nova\nssh-rsa fake_keydata\n') injected_files = [('/root/.ssh/authorized_keys', expected_data)] self._test_spawn(IMAGE_VHD, None, None, os_type="linux", architecture="x86-64", - key_data='fake_keydata') + key_data='ssh-rsa fake_keydata') + self.assertEquals(actual_injected_files, injected_files) + + def test_spawn_ssh_key_injection_non_rsa(self): + # Test spawning with key_data on an instance. Should use + # agent file injection. + self.flags(xenapi_use_agent_default=True) + actual_injected_files = [] + + def fake_inject_file(self, method, args): + path = base64.b64decode(args['b64_path']) + contents = base64.b64decode(args['b64_contents']) + actual_injected_files.append((path, contents)) + return jsonutils.dumps({'returncode': '0', 'message': 'success'}) + + self.stubs.Set(stubs.FakeSessionForVMTests, + '_plugin_agent_inject_file', fake_inject_file) + + def fake_encrypt_text(sshkey, new_pass): + raise NotImplementedError("Should not be called") + + self.stubs.Set(crypto, 'ssh_encrypt_text', fake_encrypt_text) + + expected_data = ('\n# The following ssh key was injected by ' + 'Nova\nssh-dsa fake_keydata\n') + + injected_files = [('/root/.ssh/authorized_keys', expected_data)] + self._test_spawn(IMAGE_VHD, None, None, + os_type="linux", architecture="x86-64", + key_data='ssh-dsa fake_keydata') self.assertEquals(actual_injected_files, injected_files) def test_spawn_injected_files(self): diff --git a/nova/virt/xenapi/agent.py b/nova/virt/xenapi/agent.py index ee44757ebad1..4554d589bcb5 100644 --- a/nova/virt/xenapi/agent.py +++ b/nova/virt/xenapi/agent.py @@ -195,7 +195,7 @@ class XenAPIBasedAgent(object): def _save_instance_password_if_sshkey_present(self, new_pass): sshkey = self.instance.get('key_data') - if sshkey: + if sshkey and sshkey.startswith("ssh-rsa"): ctxt = context.get_admin_context() enc = crypto.ssh_encrypt_text(sshkey, new_pass) sys_meta = utils.instance_sys_meta(self.instance)