rfe: enhance geo-replication to consume a separate ssh key to call ssh.

[amarts]

For 2 reasons:

• Mainly for the automated tests: It is very hard to have passwordless ssh in a machine with default key for root, but a separate key is much easier to provide.
• Also, it makes sense as a feature, because admins can identify the connections with different keys, and some better control can be given with this approach of having separate keys.

[aravindavk]

+1

Geo-replication already uses seperate key (/var/lib/glusterd/geo-replication/secret.pem), for all its command. Currently Passwordless SSH is required between one master node to one slave node till the session is created. This can be revoked once Geo-rep create is successful. (Required again while running geo-rep create force command after adding new node)

Alternate setup tools are not using passwordless SSH

• gluster-georep-setup tool will not require passwordless SSH but it accepts one slave nodes root password during setup.
• Gdeploy integration will not use this passwordless SSH during geo-rep session setup

The enhancement required only for Geo-rep create command. It should accept custom pem key path.
(Note: Change also required in hook scripts and gverify script)

gluster volume geo-replication <mastervol> <slavehost>::<slavevol> create push-pem ssh-key <georep_setup_key.pem>

Note: Even this pem key can be removed/revoked once session is created.

[kotreshhr]

With patch https://review.gluster.org/#/c/18024/ , this is supported in a different way.
The user has to export the path of ssh-key as GR_SSH_IDENTITY_KEY environment variable and it will work.

I think we should close this issue ?

[amarts]

Please document this (for version 4.0) and then close this.

I would like it to be a mention in 4.0 Release notes as well.

@ShyamsundarR (mention for the tracker).

[aravindavk]

I prefer documenting like below instead of adding that env var in bashrc

GR_SSH_IDENTITY_KEY=/root/georep-key.pem gluster volume geo-replication <master> slavehost>::<slavevol> create push-pem

[kotreshhr]

The infra to support this is in place via environment variable as mentioned in above comment. But this is not feasible as a running glusterd wouldn't get the updated environment variable. So we need to provide a cli hook for this. Moving this out of 4.0

[amarts]

A good candidate for release-8 / GlusterX ?

[stale]

Thank you for your contributions.
Noticed that this issue is not having any activity in last ~6 months! We are marking this issue as stale because it has not had recent activity.
It will be closed in 2 weeks if no one responds with a comment here.

[stale]

Closing this issue as there was no update since my last update on issue. If this is an issue which is still valid, feel free to open it.