ceph-post-file: single command to upload a file to cephdrop

Use sftp to upload to a directory that only this user and ceph devs can
access.

Distribute an ssh key to connect to the account.  This will let us revoke
the key in the future if we feel the need.  Also distribute a known_hosts
file so that users have some confidence that they are connecting to the
real ceph drop account and not some third party.

Signed-off-by: Sage Weil <[email protected]>
Reviewed-by: Dan Mick <[email protected]>

Makefile.am

@@ -12,8 +12,17 @@ EXTRA_DIST += \
 	udev/50-rbd.rules \
 	udev/60-ceph-partuuid-workaround.rules \
 	udev/95-ceph-osd.rules \
-	udev/95-ceph-osd-alt.rules
+	udev/95-ceph-osd-alt.rules \
+	share/known_hosts_drop.ceph.com \
+	share/id_dsa_drop.ceph.com \
+	share/id_dsa_drop.ceph.com.pub
 
+# why is it so hard to make autotools to this?
+install-data-local:
+	-mkdir -p $(DESTDIR)$(datadir)/ceph
+	-install -m 644 share/known_hosts_drop.ceph.com $(DESTDIR)$(datadir)/ceph/known_hosts_drop.ceph.com
+	-install -m 644 share/known_hosts_drop.ceph.com $(DESTDIR)$(datadir)/ceph/id_dsa_drop.ceph.com
+	-install -m 644 share/known_hosts_drop.ceph.com $(DESTDIR)$(datadir)/ceph/id_dsa_drop.ceph.com.pub
 
 all-local:
 if WITH_DEBUG

ceph.spec.in

@@ -384,6 +384,9 @@ fi
 %dir %{_docdir}/ceph
 %{_docdir}/ceph/sample.ceph.conf
 %{_docdir}/ceph/sample.fetch_config
+%{_datadir}/ceph/known_hosts_drop.ceph.com
+%{_datadir}/ceph/id_dsa_drop.ceph.com
+%{_datadir}/ceph/id_dsa_drop.ceph.com.pub
 %{_bindir}/ceph
 %{_bindir}/cephfs
 %{_bindir}/ceph-conf
@@ -394,6 +397,7 @@ fi
 %{_bindir}/osdmaptool
 %{_bindir}/ceph-authtool
 %{_bindir}/ceph-syn
+%{_bindir}/ceph-post-file
 %{_bindir}/ceph-run
 %{_bindir}/ceph-mon
 %{_bindir}/ceph-mds
@@ -445,6 +449,7 @@ fi
 %{_mandir}/man8/mkcephfs.8*
 %{_mandir}/man8/ceph-run.8*
 %{_mandir}/man8/ceph-syn.8*
+%{_mandir}/man8/ceph-post-file.8*
 %{_mandir}/man8/ceph-dencoder.8*
 %{_mandir}/man8/ceph-rest-api.8*
 %{_mandir}/man8/crushtool.8*

debian/ceph-common.install

@@ -8,11 +8,16 @@ usr/bin/ceph-rest-api
 usr/bin/ceph-syn
 usr/bin/rados
 usr/bin/rbd
+usr/bin/ceph-post-file
 usr/share/man/man8/ceph-authtool.8
 usr/share/man/man8/ceph-conf.8
 usr/share/man/man8/ceph-dencoder.8
 usr/share/man/man8/ceph-rest-api.8
 usr/share/man/man8/ceph-syn.8
+usr/share/man/man8/ceph-post-file.8
 usr/share/man/man8/ceph.8
 usr/share/man/man8/rados.8
 usr/share/man/man8/rbd.8
+usr/share/ceph/known_hosts_drop.ceph.com
+usr/share/ceph/id_dsa_drop.ceph.com
+usr/share/ceph/id_dsa_drop.ceph.com.pub

doc/man/8/ceph-debugpack.rst

@@ -45,3 +45,4 @@ See also
 ========
 
 :doc:`ceph <ceph>`\(8)
+:doc:`ceph-post-file <ceph-post-file>`\(8)

doc/man/8/ceph-post-file.rst

@@ -0,0 +1,69 @@
+========================================
+ ceph-post-file -- post files for ceph developers
+========================================
+
+.. program:: ceph-post-file
+
+Synopsis
+========
+
+| **ceph-post-file** [-d *description] [-u *user*] *file or dir* ...
+
+
+Description
+===========
+
+**ceph-post-file** will upload files or directories to ceph.com for
+later analysis by Ceph developers.
+
+Each invocation uploads files or directories to a separate directory
+with a unique tag.  That tag can be passed to a developer or
+referenced in a bug report (http://tracker.ceph.com/).  Once the
+upload completes, the directory is marked non-readable and
+non-writeable to prevent access or modification by other users.
+
+Warning
+=======
+
+Basic measures are taken to make posted data be visible only to
+developers with access to ceph.com infrastructure. However, users
+should think twice and/or take appropriate precautions before
+posting potentially sensitive data (for example, logs or data
+directories that contain Ceph secrets).
+
+
+Options
+=======
+
+.. option:: -d *description*, --description *description*
+
+   Add a short description for the upload.  This is a good opportunity
+   to reference a bug number.  There is no default value.
+
+.. option:: -u *user*
+
+   Set the user metadata for the upload.  This defaults to `whoami`@`hostname -f`.
+
+Examples
+========
+
+To upload a single log::
+
+   ceph-post-file /var/log/ceph/ceph-mon.`hostname`.log
+
+To upload several directories::
+
+   ceph-post-file -d 'mon data directories' /var/log/ceph/mon/*
+
+
+Availability
+============
+
+**ceph-post-file** is part of the Ceph distributed file system. Please refer to
+the Ceph documentation at http://ceph.com/docs for more information.
+
+See also
+========
+
+:doc:`ceph <ceph>`\(8),
+:doc:`ceph-debugpack <ceph-debugpack>`\(8),

man/Makefile.am

@@ -26,4 +26,5 @@ dist_man_MANS = \
 	ceph-dencoder.8 \
 	ceph-rest-api.8 \
 	ceph-rbdnamer.8 \
+	ceph-post-file.8 \
 	rbd-fuse.8

man/ceph-post-file.8

@@ -0,0 +1,130 @@
+.\" Man page generated from reStructuredText.
+.
+.TH "CEPH-POST-FILE" "8" "August 14, 2013" "dev" "Ceph"
+.SH NAME
+ceph-post-file \- post files for ceph developers
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.SH SYNOPSIS
+.nf
+\fBceph\-post\-file\fP [\-d \fIdescription] [\-u *user\fP] \fIfile or dir\fP ...
+.fi
+.sp
+.SH DESCRIPTION
+.sp
+\fBceph\-post\-file\fP will upload files or directories to ceph.com for
+later analysis by Ceph developers.
+.sp
+Each invocation uploads files or directories to a separate directory
+with a unique tag.  That tag can be passed to a developer or
+referenced in a bug report (\fI\%http://tracker.ceph.com/\fP).  Once the
+upload completes, the directory is marked non\-readable and
+non\-writeable to prevent access or modification by other users.
+.SH WARNING
+.sp
+Basic measures are taken to make posted data be visible only to
+developers with access to ceph.com infrastructure. However, users
+should think twice and/or take appropriate precautions before
+posting potentially sensitive data (for example, logs or data
+directories that contain Ceph secrets).
+.SH OPTIONS
+.INDENT 0.0
+.TP
+.B \-d *description*, \-\-description *description*
+Add a short description for the upload.  This is a good opportunity
+to reference a bug number.  There is no default value.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-u *user*
+Set the user metadata for the upload.  This defaults to \fIwhoami\(ga@\(gahostname \-f\fP\&.
+.UNINDENT
+.SH EXAMPLES
+.sp
+To upload a single log:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+ceph\-post\-file /var/log/ceph/ceph\-mon.\(gahostname\(ga.log
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+To upload several directories:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+ceph\-post\-file \-d \(aqmon data directories\(aq /var/log/ceph/mon/*
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SH AVAILABILITY
+.sp
+\fBceph\-post\-file\fP is part of the Ceph distributed file system. Please refer to
+the Ceph documentation at \fI\%http://ceph.com/docs\fP for more information.
+.SH SEE ALSO
+.sp
+\fBceph\fP(8),
+\fBceph\-debugpack\fP(8),
+.SH COPYRIGHT
+2010-2013, Inktank Storage, Inc. and contributors. Licensed under Creative Commons BY-SA
+.\" Generated by docutils manpage writer.
+.

share/id_dsa_drop.ceph.com

@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQDv8F/WToUDOc2HRWUOqtq5ilORE+5P53yZUo7ugr8XD3wM0H7Q
+IIl9F9fizwUtL2gh3n1BnBxmPhkVU6VYsiDpn1P3dWvRmf+jyqPuk+b185L0Erb8
+QsExADv6v33Yyd+9i5oTI988Rm1VWY6QhP7neW6yMPt2noi1TwleLm6z2wIVAKHL
+ciT2S0w/dbTFQDFHSEOCAif3AoGAHwOYd8YEInrcBrXPFJuPFbQKr8ceO3/ItY0r
+/W/L92nXUJbdl1JEt2KfkdwaxkBhlYT7E1JR5MRoTNBTEMCFjHxemZCdH+03+Jzq
++RAQ28p77przbqOFaMuZuQoGlqMy3gYrhnPRGEJGjh+pkhMePqUPCCKFtRntNzlH
+lDh4uOACgYBLGpqu3Pthhd4fnawv8Md16gc/p1Vg/5vyAzi9Gshhgf1hXvFHdeJv
+AN/5mgE/Ekg7fqeNUhui9LYkuuOMgP267naGkAAgxV3bbiy439Vj8SzXdOQk4agA
+YgebWkmJrdMtUSzeBYBkqBZTZODvQwCmYdR6INuNuZtA+rHgKwiAHQIUZak7aJD8
+y4kap9GmduDYmp6/JxU=
+-----END DSA PRIVATE KEY-----

share/id_dsa_drop.ceph.com.pub

@@ -0,0 +1 @@
+ssh-dss AAAAB3NzaC1kc3MAAACBAO/wX9ZOhQM5zYdFZQ6q2rmKU5ET7k/nfJlSju6CvxcPfAzQftAgiX0X1+LPBS0vaCHefUGcHGY+GRVTpViyIOmfU/d1a9GZ/6PKo+6T5vXzkvQStvxCwTEAO/q/fdjJ372LmhMj3zxGbVVZjpCE/ud5brIw+3aeiLVPCV4ubrPbAAAAFQChy3Ik9ktMP3W0xUAxR0hDggIn9wAAAIAfA5h3xgQietwGtc8Um48VtAqvxx47f8i1jSv9b8v3addQlt2XUkS3Yp+R3BrGQGGVhPsTUlHkxGhM0FMQwIWMfF6ZkJ0f7Tf4nOr5EBDbynvumvNuo4Voy5m5CgaWozLeBiuGc9EYQkaOH6mSEx4+pQ8IIoW1Ge03OUeUOHi44AAAAIBLGpqu3Pthhd4fnawv8Md16gc/p1Vg/5vyAzi9Gshhgf1hXvFHdeJvAN/5mgE/Ekg7fqeNUhui9LYkuuOMgP267naGkAAgxV3bbiy439Vj8SzXdOQk4agAYgebWkmJrdMtUSzeBYBkqBZTZODvQwCmYdR6INuNuZtA+rHgKwiAHQ== public_ceph_post_key_2013-08-16

share/known_hosts_drop.ceph.com

@@ -0,0 +1 @@
+drop.ceph.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjl2XzIpS92snr4SymcBVQx7y6d/ZjzCKJAlGZYkgknWWf+JBEpXp+cOoMk2Td5pIPkOdn72pGAuuPzL9HSJpN/o75tzbv0mAd//3t9D5/Kpnd+tWIDDgj+RIz8ZKRxSR8lnVjsUHlTrwQwaUkZ3KDiVgtQXDp0+1rU1+02cEkeBStoMLQt/6xw1hmPGSIAMH2HRkyge+/I8RwK7jbTwwcxh61Vxe0qMGkDO6vUVXw+K6hoXV4uGaqZ9/B2GirXJPz6ulvLC/mtEdgtfKS3eiMTaJS5Cpne6rJw2Wm7kHfQPstJaUq06BJiRe6R+JHC897NVZd0yc1bZe+BI0PmQJL

src/.gitignore

@@ -12,6 +12,7 @@ Makefile
 /ceph-conf
 /ceph-coverage
 /ceph-debugpack
+/ceph-post-file
 /ceph-dencoder
 /ceph-fuse
 /ceph-mds

src/Makefile.am

@@ -39,7 +39,7 @@ ceph_sbin_SCRIPTS = \
 sbin_SCRIPTS = \
 	mount.fuse.ceph
 
-bin_SCRIPTS = ceph ceph-run ceph-rest-api ceph-clsinfo ceph-debugpack ceph-rbdnamer
+bin_SCRIPTS = ceph ceph-run ceph-rest-api ceph-clsinfo ceph-debugpack ceph-rbdnamer ceph-post-file
 dist_bin_SCRIPTS =
 # C/C++ tests to build will be appended to this
 check_PROGRAMS =
@@ -184,7 +184,7 @@ base: ceph-mon ceph-osd ceph-mds \
 	ceph-syn \
 	rados radosgw librados-config \
 	ceph-conf monmaptool osdmaptool crushtool ceph-authtool \
-	init-ceph mkcephfs mon_store_converter
+	init-ceph mkcephfs mon_store_converter ceph-post-file
 
 
 # fuse targets?
@@ -1287,7 +1287,7 @@ editpaths = sed \
 	-e 's|@prefix[@]|$(prefix)|g' \
 	-e 's|@@GCOV_PREFIX_STRIP[@][@]|$(GCOV_PREFIX_STRIP)|g'
 
-shell_scripts = init-ceph mkcephfs ceph-debugpack ceph-coverage
+shell_scripts = init-ceph mkcephfs ceph-debugpack ceph-coverage ceph-post-file
 
 $(shell_scripts): Makefile