From f8708968fa4d08f0aa7329d20e68407e7f41af97 Mon Sep 17 00:00:00 2001

From: Kotresh HR <khiremat@redhat.com>

Date: Wed, 24 Jun 2015 20:00:11 +0530

Subject: [PATCH 138/190] geo-rep: Fix ssh issue in geo-rep

In geo-rep mountbroker setup, workers fails with

'Permission Denied' even though the public keys

are shared to all the slave nodes. The issue

is with selinux context not being set for .ssh

and .ssh/authorizedkeys. Doing restorecon on

these entries to set default selinux security

context fixes the issue.

BUG: 1224199

Change-Id: I272172b78f0d28e7f14420918a2f1206e52a58a7

Reviewed-on: http://review.gluster.org/11383

Reviewed-on: http://review.gluster.org/11384

Reviewed-by: Aravinda VK <avishwan@redhat.com>

Reviewed-by: darshan n <dnarayan@redhat.com>

Reviewed-by: Venky Shankar <vshankar@redhat.com>

Signed-off-by: Kotresh HR <khiremat@redhat.com>

Reviewed-on: https://code.engineering.redhat.com/gerrit/51607

Tested-by: Venky Shankar <vshankar@redhat.com>

---

 extras/peer_add_secret_pub.in |    7 +++++++

 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/extras/peer_add_secret_pub.in b/extras/peer_add_secret_pub.in

index e3a9aa2..c9674af 100644

--- a/extras/peer_add_secret_pub.in

+++ b/extras/peer_add_secret_pub.in

@@ -53,6 +53,13 @@ if [ ! -d $authorized_keys_file ]; then

     chown $user: $authorized_keys_file;

 fi

+# Restore SELinux security contexts. This is required

+# for passwdless SSH to work.

+

+if type restorecon >/dev/null 2>&1; then

+    restorecon -F $ssh_dir $authorized_keys_file;

+fi

+

 # Add to authorized_keys file only if not exists already

 while read line

 do

-- 

1.7.1