Provide for more hostnames

This permits ssh infrastructure
to have multihomed nodes
handled more effeectively.

confluent_server/confluent/config/attributes.py

@@ -425,6 +425,10 @@ node = {
         'description': 'The hardware address, aka MAC address of the interface indicated, generally populated by the '
                        'PXE discovery mechanism'
     },
+    'net.hostname': {
+        'description': 'Used to specify hostnames per interface. Can be a '
+                       'comma delimited list to indicate aliases'
+    },
     # 'net.pxe': { 'description': 'Whether pxe will be used on this interface'
     # TODO(jjohnson2):  Above being 'true' will control whether mac addresses
     # are stored in this nics attribute on pxe-client discovery, since

confluent_server/confluent/selfservice.py

@@ -18,6 +18,23 @@ currtzvintage = None
 def yamldump(input):
     return yaml.safe_dump(input, default_flow_style=False)
 
+def get_extra_names(nodename, cfg):
+    names = set([])
+    dnsinfo = cfg.get_node_attributes(nodename, ('dns.*', 'net.*hostname'))
+    dnsinfo = dnsinfo.get(nodename, {})
+    domain = dnsinfo.get('dns.domain', {}).get('value', None)
+    if domain and domain not in nodename:
+        names.add('{0}.{1}'.formatdomain)
+    for keyname in dnsinfo:
+        if keyname.endswith('hostname'):
+            currnames = dnsinfo[keyname].get('value', None)
+            if currnames:
+                currnames = currnames.split(',')
+                for currname in currnames:
+                    pals.add(currname)
+                    if domain not in currname:
+                        names.add('{0}.{1}'.format(currname, domain))
+    return names
 
 def handle_request(env, start_response):
     global currtz
@@ -152,22 +169,15 @@ def handle_request(env, start_response):
             start_response('500 Unconfigured', ())
             yield 'CA is not configured on this system (run ...)'
             return
-        dnsinfo = cfg.get_node_attributes(nodename, ('dns.*'))
-        dnsinfo = dnsinfo.get(nodename, {}).get('dns.domain', {}).get('value',
-                  None)
-        if dnsinfo and dnsinfo in nodename:
-            dnsinfo = ''
-        cert = sshutil.sign_host_key(reqbody, nodename, [dnsinfo])
+        pals = get_extra_names(nodename, cfg)
+        cert = sshutil.sign_host_key(reqbody, nodename, pals)
         start_response('200 OK', (('Content-Type', 'text/plain'),))
         yield cert
     elif env['PATH_INFO'] == '/self/nodelist':
         nodes = set(cfg.list_nodes())
-        domaininfo = cfg.get_node_attributes(nodes, 'dns.domain')
         for node in list(util.natural_sort(nodes)):
-            domain = domaininfo.get(node, {}).get('dns.domain', {}).get(
-                'value', None)
-            if domain and domain not in node:
-                nodes.add('{0}.{1}'.format(node, domain))
+            for extraname in get_extra_names(node, cfg):
+                nodes.add(extraname)
         for mgr in configmanager.list_collective():
             nodes.add(mgr)
             if domain and domain not in mgr:

confluent_server/confluent/sshutil.py

@@ -41,16 +41,15 @@ def initialize_ca():
     #    newent = '@cert-authority * ' + capub.read()
 
 
-def sign_host_key(pubkey, nodename, domains=()):
+def sign_host_key(pubkey, nodename, principals=()):
     tmpdir = tempfile.mkdtemp()
     try:
         pkeyname = os.path.join(tmpdir, 'hostkey.pub')
         with open(pkeyname, 'wb') as pubfile:
             pubfile.write(pubkey)
-        principals = [nodename]
-        for domain in domains:
-            principals.append('{0}.{1}'.format(nodename, domain))
-        principals = ','.join(principals)
+        principals = set(principals)
+        principals.add(nodename)
+        principals = ','.join(sorted(principals))
         subprocess.check_call(
             ['ssh-keygen', '-s', '/etc/confluent/ssh/ca', '-I', nodename,
              '-n', principals, '-h', pkeyname])