|
|
cb8e9e |
From f8708968fa4d08f0aa7329d20e68407e7f41af97 Mon Sep 17 00:00:00 2001
|
|
|
cb8e9e |
From: Kotresh HR <khiremat@redhat.com>
|
|
|
cb8e9e |
Date: Wed, 24 Jun 2015 20:00:11 +0530
|
|
|
cb8e9e |
Subject: [PATCH 138/190] geo-rep: Fix ssh issue in geo-rep
|
|
|
cb8e9e |
|
|
|
cb8e9e |
In geo-rep mountbroker setup, workers fails with
|
|
|
cb8e9e |
'Permission Denied' even though the public keys
|
|
|
cb8e9e |
are shared to all the slave nodes. The issue
|
|
|
cb8e9e |
is with selinux context not being set for .ssh
|
|
|
cb8e9e |
and .ssh/authorizedkeys. Doing restorecon on
|
|
|
cb8e9e |
these entries to set default selinux security
|
|
|
cb8e9e |
context fixes the issue.
|
|
|
cb8e9e |
|
|
|
cb8e9e |
BUG: 1224199
|
|
|
cb8e9e |
Change-Id: I272172b78f0d28e7f14420918a2f1206e52a58a7
|
|
|
cb8e9e |
Reviewed-on: http://review.gluster.org/11383
|
|
|
cb8e9e |
Reviewed-on: http://review.gluster.org/11384
|
|
|
cb8e9e |
Reviewed-by: Aravinda VK <avishwan@redhat.com>
|
|
|
cb8e9e |
Reviewed-by: darshan n <dnarayan@redhat.com>
|
|
|
cb8e9e |
Reviewed-by: Venky Shankar <vshankar@redhat.com>
|
|
|
cb8e9e |
Signed-off-by: Kotresh HR <khiremat@redhat.com>
|
|
|
cb8e9e |
Reviewed-on: https://code.engineering.redhat.com/gerrit/51607
|
|
|
cb8e9e |
Tested-by: Venky Shankar <vshankar@redhat.com>
|
|
|
cb8e9e |
---
|
|
|
cb8e9e |
extras/peer_add_secret_pub.in | 7 +++++++
|
|
|
cb8e9e |
1 files changed, 7 insertions(+), 0 deletions(-)
|
|
|
cb8e9e |
|
|
|
cb8e9e |
diff --git a/extras/peer_add_secret_pub.in b/extras/peer_add_secret_pub.in
|
|
|
cb8e9e |
index e3a9aa2..c9674af 100644
|
|
|
cb8e9e |
--- a/extras/peer_add_secret_pub.in
|
|
|
cb8e9e |
+++ b/extras/peer_add_secret_pub.in
|
|
|
cb8e9e |
@@ -53,6 +53,13 @@ if [ ! -d $authorized_keys_file ]; then
|
|
|
cb8e9e |
chown $user: $authorized_keys_file;
|
|
|
cb8e9e |
fi
|
|
|
cb8e9e |
|
|
|
cb8e9e |
+# Restore SELinux security contexts. This is required
|
|
|
cb8e9e |
+# for passwdless SSH to work.
|
|
|
cb8e9e |
+
|
|
|
cb8e9e |
+if type restorecon >/dev/null 2>&1; then
|
|
|
cb8e9e |
+ restorecon -F $ssh_dir $authorized_keys_file;
|
|
|
cb8e9e |
+fi
|
|
|
cb8e9e |
+
|
|
|
cb8e9e |
# Add to authorized_keys file only if not exists already
|
|
|
cb8e9e |
while read line
|
|
|
cb8e9e |
do
|
|
|
cb8e9e |
--
|
|
|
cb8e9e |
1.7.1
|
|
|
cb8e9e |
|