ceph-post-file: single command to upload a file to cephdrop

Use sftp to upload to a directory that only this user and ceph devs can
access.

Distribute an ssh key to connect to the account.  This will let us revoke
the key in the future if we feel the need.  Also distribute a known_hosts
file so that users have some confidence that they are connecting to the
real ceph drop account and not some third party.

Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Dan Mick <dan.mick@inktank.com>
(cherry picked from commit d08e05e463f1f7106a1f719d81b849435790a3b9)

13 files changed, 396 insertions, 4 deletions

diff --git a/Makefile.am b/Makefile.am
index e7dd86ee1ae..8e0c650bc23 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -12,8 +12,17 @@ EXTRA_DIST += \
 	udev/50-rbd.rules \
 	udev/60-ceph-partuuid-workaround.rules \
 	udev/95-ceph-osd.rules \
-	udev/95-ceph-osd-alt.rules
+	udev/95-ceph-osd-alt.rules \
+	share/known_hosts_drop.ceph.com \
+	share/id_dsa_drop.ceph.com \
+	share/id_dsa_drop.ceph.com.pub
 
+# why is it so hard to make autotools to this?
+install-data-local:
+	-mkdir -p $(DESTDIR)$(datadir)/ceph
+	-install -m 644 share/known_hosts_drop.ceph.com $(DESTDIR)$(datadir)/ceph/known_hosts_drop.ceph.com
+	-install -m 644 share/known_hosts_drop.ceph.com $(DESTDIR)$(datadir)/ceph/id_dsa_drop.ceph.com
+	-install -m 644 share/known_hosts_drop.ceph.com $(DESTDIR)$(datadir)/ceph/id_dsa_drop.ceph.com.pub
 
 all-local:
 if WITH_DEBUG
diff --git a/ceph.spec.in b/ceph.spec.in
index b1802c3d25d..9fdea422993 100644
--- a/ceph.spec.in
+++ b/ceph.spec.in
@@ -384,6 +384,9 @@ fi
 %dir %{_docdir}/ceph
 %{_docdir}/ceph/sample.ceph.conf
 %{_docdir}/ceph/sample.fetch_config
+%{_datadir}/ceph/known_hosts_drop.ceph.com
+%{_datadir}/ceph/id_dsa_drop.ceph.com
+%{_datadir}/ceph/id_dsa_drop.ceph.com.pub
 %{_bindir}/ceph
 %{_bindir}/cephfs
 %{_bindir}/ceph-conf
@@ -394,6 +397,7 @@ fi
 %{_bindir}/osdmaptool
 %{_bindir}/ceph-authtool
 %{_bindir}/ceph-syn
+%{_bindir}/ceph-post-file
 %{_bindir}/ceph-run
 %{_bindir}/ceph-mon
 %{_bindir}/ceph-mds
@@ -445,6 +449,7 @@ fi
 %{_mandir}/man8/mkcephfs.8*
 %{_mandir}/man8/ceph-run.8*
 %{_mandir}/man8/ceph-syn.8*
+%{_mandir}/man8/ceph-post-file.8*
 %{_mandir}/man8/ceph-dencoder.8*
 %{_mandir}/man8/ceph-rest-api.8*
 %{_mandir}/man8/crushtool.8*
diff --git a/debian/ceph-common.install b/debian/ceph-common.install
index 6c8af7c74b2..41453f5a646 100644
--- a/debian/ceph-common.install
+++ b/debian/ceph-common.install
@@ -8,11 +8,16 @@ usr/bin/ceph-rest-api
 usr/bin/ceph-syn
 usr/bin/rados
 usr/bin/rbd
+usr/bin/ceph-post-file
 usr/share/man/man8/ceph-authtool.8
 usr/share/man/man8/ceph-conf.8
 usr/share/man/man8/ceph-dencoder.8
 usr/share/man/man8/ceph-rest-api.8
 usr/share/man/man8/ceph-syn.8
+usr/share/man/man8/ceph-post-file.8
 usr/share/man/man8/ceph.8
 usr/share/man/man8/rados.8
 usr/share/man/man8/rbd.8
+usr/share/ceph/known_hosts_drop.ceph.com
+usr/share/ceph/id_dsa_drop.ceph.com
+usr/share/ceph/id_dsa_drop.ceph.com.pub
diff --git a/doc/man/8/ceph-debugpack.rst b/doc/man/8/ceph-debugpack.rst
index ecfafb1211f..d07f53dee72 100644
--- a/doc/man/8/ceph-debugpack.rst
+++ b/doc/man/8/ceph-debugpack.rst
@@ -45,3 +45,4 @@ See also
 ========
 
 :doc:`ceph <ceph>`\(8)
+:doc:`ceph-post-file <ceph-post-file>`\(8)
diff --git a/doc/man/8/ceph-post-file.rst b/doc/man/8/ceph-post-file.rst
new file mode 100644
index 00000000000..5625843eaa6
--- /dev/null
+++ b/doc/man/8/ceph-post-file.rst
@@ -0,0 +1,69 @@
+========================================
+ ceph-post-file -- post files for ceph developers
+========================================
+
+.. program:: ceph-post-file
+
+Synopsis
+========
+
+| **ceph-post-file** [-d *description] [-u *user*] *file or dir* ...
+
+
+Description
+===========
+
+**ceph-post-file** will upload files or directories to ceph.com for
+later analysis by Ceph developers.
+
+Each invocation uploads files or directories to a separate directory
+with a unique tag.  That tag can be passed to a developer or
+referenced in a bug report (http://tracker.ceph.com/).  Once the
+upload completes, the directory is marked non-readable and
+non-writeable to prevent access or modification by other users.
+
+Warning
+=======
+
+Basic measures are taken to make posted data be visible only to
+developers with access to ceph.com infrastructure. However, users
+should think twice and/or take appropriate precautions before
+posting potentially sensitive data (for example, logs or data
+directories that contain Ceph secrets).
+
+
+Options
+=======
+
+.. option:: -d *description*, --description *description*
+
+   Add a short description for the upload.  This is a good opportunity
+   to reference a bug number.  There is no default value.
+
+.. option:: -u *user*
+
+   Set the user metadata for the upload.  This defaults to `whoami`@`hostname -f`.
+
+Examples
+========
+
+To upload a single log::
+
+   ceph-post-file /var/log/ceph/ceph-mon.`hostname`.log
+
+To upload several directories::
+
+   ceph-post-file -d 'mon data directories' /var/log/ceph/mon/*
+
+
+Availability
+============
+
+**ceph-post-file** is part of the Ceph distributed file system. Please refer to
+the Ceph documentation at http://ceph.com/docs for more information.
+
+See also
+========
+
+:doc:`ceph <ceph>`\(8),
+:doc:`ceph-debugpack <ceph-debugpack>`\(8),
diff --git a/man/Makefile.am b/man/Makefile.am
index 5096022ab46..be071b17bb6 100644
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -26,4 +26,5 @@ dist_man_MANS = \
 	ceph-dencoder.8 \
 	ceph-rest-api.8 \
 	ceph-rbdnamer.8 \
+	ceph-post-file.8 \
 	rbd-fuse.8
diff --git a/man/ceph-post-file.8 b/man/ceph-post-file.8
new file mode 100644
index 00000000000..110f3c223b8
--- /dev/null
+++ b/man/ceph-post-file.8
@@ -0,0 +1,130 @@
+.\" Man page generated from reStructuredText.
+.
+.TH "CEPH-POST-FILE" "8" "August 14, 2013" "dev" "Ceph"
+.SH NAME
+ceph-post-file \- post files for ceph developers
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.SH SYNOPSIS
+.nf
+\fBceph\-post\-file\fP [\-d \fIdescription] [\-u *user\fP] \fIfile or dir\fP ...
+.fi
+.sp
+.SH DESCRIPTION
+.sp
+\fBceph\-post\-file\fP will upload files or directories to ceph.com for
+later analysis by Ceph developers.
+.sp
+Each invocation uploads files or directories to a separate directory
+with a unique tag.  That tag can be passed to a developer or
+referenced in a bug report (\fI\%http://tracker.ceph.com/\fP).  Once the
+upload completes, the directory is marked non\-readable and
+non\-writeable to prevent access or modification by other users.
+.SH WARNING
+.sp
+Basic measures are taken to make posted data be visible only to
+developers with access to ceph.com infrastructure. However, users
+should think twice and/or take appropriate precautions before
+posting potentially sensitive data (for example, logs or data
+directories that contain Ceph secrets).
+.SH OPTIONS
+.INDENT 0.0
+.TP
+.B \-d *description*, \-\-description *description*
+Add a short description for the upload.  This is a good opportunity
+to reference a bug number.  There is no default value.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-u *user*
+Set the user metadata for the upload.  This defaults to \fIwhoami\(ga@\(gahostname \-f\fP\&.
+.UNINDENT
+.SH EXAMPLES
+.sp
+To upload a single log:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+ceph\-post\-file /var/log/ceph/ceph\-mon.\(gahostname\(ga.log
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+To upload several directories:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+ceph\-post\-file \-d \(aqmon data directories\(aq /var/log/ceph/mon/*
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SH AVAILABILITY
+.sp
+\fBceph\-post\-file\fP is part of the Ceph distributed file system. Please refer to
+the Ceph documentation at \fI\%http://ceph.com/docs\fP for more information.
+.SH SEE ALSO
+.sp
+\fBceph\fP(8),
+\fBceph\-debugpack\fP(8),
+.SH COPYRIGHT
+2010-2013, Inktank Storage, Inc. and contributors. Licensed under Creative Commons BY-SA
+.\" Generated by docutils manpage writer.
+.
diff --git a/share/id_dsa_drop.ceph.com b/share/id_dsa_drop.ceph.com
new file mode 100644
index 00000000000..3efc985a129
--- /dev/null
+++ b/share/id_dsa_drop.ceph.com
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQDv8F/WToUDOc2HRWUOqtq5ilORE+5P53yZUo7ugr8XD3wM0H7Q
+IIl9F9fizwUtL2gh3n1BnBxmPhkVU6VYsiDpn1P3dWvRmf+jyqPuk+b185L0Erb8
+QsExADv6v33Yyd+9i5oTI988Rm1VWY6QhP7neW6yMPt2noi1TwleLm6z2wIVAKHL
+ciT2S0w/dbTFQDFHSEOCAif3AoGAHwOYd8YEInrcBrXPFJuPFbQKr8ceO3/ItY0r
+/W/L92nXUJbdl1JEt2KfkdwaxkBhlYT7E1JR5MRoTNBTEMCFjHxemZCdH+03+Jzq
++RAQ28p77przbqOFaMuZuQoGlqMy3gYrhnPRGEJGjh+pkhMePqUPCCKFtRntNzlH
+lDh4uOACgYBLGpqu3Pthhd4fnawv8Md16gc/p1Vg/5vyAzi9Gshhgf1hXvFHdeJv
+AN/5mgE/Ekg7fqeNUhui9LYkuuOMgP267naGkAAgxV3bbiy439Vj8SzXdOQk4agA
+YgebWkmJrdMtUSzeBYBkqBZTZODvQwCmYdR6INuNuZtA+rHgKwiAHQIUZak7aJD8
+y4kap9GmduDYmp6/JxU=
+-----END DSA PRIVATE KEY-----
diff --git a/share/id_dsa_drop.ceph.com.pub b/share/id_dsa_drop.ceph.com.pub
new file mode 100644
index 00000000000..e7e53834434
--- /dev/null
+++ b/share/id_dsa_drop.ceph.com.pub
@@ -0,0 +1 @@
+ssh-dss AAAAB3NzaC1kc3MAAACBAO/wX9ZOhQM5zYdFZQ6q2rmKU5ET7k/nfJlSju6CvxcPfAzQftAgiX0X1+LPBS0vaCHefUGcHGY+GRVTpViyIOmfU/d1a9GZ/6PKo+6T5vXzkvQStvxCwTEAO/q/fdjJ372LmhMj3zxGbVVZjpCE/ud5brIw+3aeiLVPCV4ubrPbAAAAFQChy3Ik9ktMP3W0xUAxR0hDggIn9wAAAIAfA5h3xgQietwGtc8Um48VtAqvxx47f8i1jSv9b8v3addQlt2XUkS3Yp+R3BrGQGGVhPsTUlHkxGhM0FMQwIWMfF6ZkJ0f7Tf4nOr5EBDbynvumvNuo4Voy5m5CgaWozLeBiuGc9EYQkaOH6mSEx4+pQ8IIoW1Ge03OUeUOHi44AAAAIBLGpqu3Pthhd4fnawv8Md16gc/p1Vg/5vyAzi9Gshhgf1hXvFHdeJvAN/5mgE/Ekg7fqeNUhui9LYkuuOMgP267naGkAAgxV3bbiy439Vj8SzXdOQk4agAYgebWkmJrdMtUSzeBYBkqBZTZODvQwCmYdR6INuNuZtA+rHgKwiAHQ== public_ceph_post_key_2013-08-16
diff --git a/share/known_hosts_drop.ceph.com b/share/known_hosts_drop.ceph.com
new file mode 100644
index 00000000000..862df67aeef
--- /dev/null
+++ b/share/known_hosts_drop.ceph.com
@@ -0,0 +1 @@
+drop.ceph.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjl2XzIpS92snr4SymcBVQx7y6d/ZjzCKJAlGZYkgknWWf+JBEpXp+cOoMk2Td5pIPkOdn72pGAuuPzL9HSJpN/o75tzbv0mAd//3t9D5/Kpnd+tWIDDgj+RIz8ZKRxSR8lnVjsUHlTrwQwaUkZ3KDiVgtQXDp0+1rU1+02cEkeBStoMLQt/6xw1hmPGSIAMH2HRkyge+/I8RwK7jbTwwcxh61Vxe0qMGkDO6vUVXw+K6hoXV4uGaqZ9/B2GirXJPz6ulvLC/mtEdgtfKS3eiMTaJS5Cpne6rJw2Wm7kHfQPstJaUq06BJiRe6R+JHC897NVZd0yc1bZe+BI0PmQJL
diff --git a/src/.gitignore b/src/.gitignore
index 5c52f6c4f42..4c98529bd87 100644
--- a/src/.gitignore
+++ b/src/.gitignore
@@ -12,6 +12,7 @@ Makefile
 /ceph-conf
 /ceph-coverage
 /ceph-debugpack
+/ceph-post-file
 /ceph-dencoder
 /ceph-fuse
 /ceph-mds
diff --git a/src/Makefile.am b/src/Makefile.am
index a9bbde32686..97c9e7a963d 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -39,7 +39,7 @@ ceph_sbin_SCRIPTS = \
 sbin_SCRIPTS = \
 	mount.fuse.ceph
 
-bin_SCRIPTS = ceph ceph-run ceph-rest-api ceph-clsinfo ceph-debugpack ceph-rbdnamer
+bin_SCRIPTS = ceph ceph-run ceph-rest-api ceph-clsinfo ceph-debugpack ceph-rbdnamer ceph-post-file
 dist_bin_SCRIPTS =
 # C/C++ tests to build will be appended to this
 check_PROGRAMS =
@@ -184,7 +184,7 @@ base: ceph-mon ceph-osd ceph-mds \
 	ceph-syn \
 	rados radosgw librados-config \
 	ceph-conf monmaptool osdmaptool crushtool ceph-authtool \
-	init-ceph mkcephfs mon_store_converter
+	init-ceph mkcephfs mon_store_converter ceph-post-file
 
 
 # fuse targets?
@@ -1271,7 +1271,7 @@ editpaths = sed \
 	-e 's|@prefix[@]|$(prefix)|g' \
 	-e 's|@@GCOV_PREFIX_STRIP[@][@]|$(GCOV_PREFIX_STRIP)|g'
 
-shell_scripts = init-ceph mkcephfs ceph-debugpack ceph-coverage
+shell_scripts = init-ceph mkcephfs ceph-debugpack ceph-coverage ceph-post-file
 
 $(shell_scripts): Makefile
 
diff --git a/src/ceph-post-file.in b/src/ceph-post-file.in
new file mode 100755
index 00000000000..27fea287fc6
--- /dev/null
+++ b/src/ceph-post-file.in
@@ -0,0 +1,157 @@
+#!/bin/bash -e
+
+# if we start up as ./$0, assume we are running from a source
+# checkout.
+if [ `dirname $0` = "." ] && [ $PWD != "/usr/bin" ]; then
+    known_hosts=../share/known_hosts_drop.ceph.com
+    ssh_key=../share/id_dsa_drop.ceph.com
+else
+    known_hosts=@datadir@/known_hosts_drop.ceph.com
+    ssh_key=@datadir@/id_dsa_drop.ceph.com
+fi
+
+usage() {
+    echo "Usage: $0 [options] file1 [dir2 ...]
+
+Easily upload files or directories to ceph.com for analysis by Ceph
+developers.
+
+Each invocation uploads files or directories to a separate directory
+with a unique tag.  That tag can be passed to a developer or
+referenced in a bug report (http://tracker.ceph.com/).  Once the
+upload completes, the directory is marked non-readable and
+non-writeable to prevent access or modification by other users.
+
+WARNING:
+  Basic measures are taken to make posted data be visible only to
+  developers with access to ceph.com infrastructure. However, users
+  should think twice and/or take appropriate precautions before
+  posting potentially sensitive data (for example, logs or data
+  directories that contain Ceph secrets).
+
+Options:
+  -d <description>  Description for this post
+                      [Default: none]
+  -u <user>         User identifier
+                      [Default: \`whoami\`@\`hostname -f\`]
+  -r <user@host>    Remote to upload to
+                      [Default: postfile@drop.ceph.com]
+  -k <path>         known_hosts file
+                      [Default: /usr/share/ceph/known_hosts_drop.ceph.com]
+  -i <path>         Ssh identity file
+                      [Default: /usr/share/ceph/id_dsa_drop.ceph.com]
+  -h                Show this usage information
+"
+}
+
+if [ -z "$*" ]; then
+    usage
+    exit 1
+fi
+
+description=""
+user="`whoami`@`hostname -f`"
+remote="postfile@drop.ceph.com"
+case $1 in
+    -d | --description)
+	description="$2"
+	shift
+	shift
+	;;
+    -u | --user)
+	user="$2"
+	shift
+	shift
+	;;
+    -h | --help)
+	usage
+	exit 0
+	;;
+    -k | --known-hosts)
+	known_hosts="$1"
+	shift
+	shift
+	;;
+    -i)
+	ssh_key="$1"
+	shift
+	shift
+	;;
+    -r | --remote)
+	remote="$1"
+	shift
+	shift
+	;;
+esac
+
+# this id should be shared
+id=`uuidgen`
+echo "$0: upload tag $id"
+
+# this is secret goop we add to the directory so that $id is not
+# enough to find the data using the shared user; only ceph developers
+# who have access to the server and can read the post directory can
+# find the uploaded data.
+nonce=`uuidgen`
+
+# stick the user info in the dir too
+dir="${id}_${user}_${nonce}"
+
+t1=$(tempfile) || exit
+t2=$(tempfile) || exit
+t3=$(tempfile) || exit
+t4=$(tempfile) || exit
+trap "rm -f -- '$t1' '$t2' '$t3' '$t4'" EXIT
+cat > $t1 <<EOF
+mkdir post/$dir
+cd post/$dir
+EOF
+
+echo "$0: user: $user"
+cat > $t3 <<EOF
+$user
+EOF
+echo put $t3 user >> $t1
+
+if [ -n "$description" ]; then
+    echo "$0: description: $description"
+    cat > $t2 <<EOF
+$description
+EOF
+    echo put $t2 description >> $t1
+fi
+
+while [ -n "$*" ]; do
+    if [ -d "$1" ]; then
+	echo $0: will upload directory $1
+	bn=`basename "$1"`
+	cat >> $t1 <<EOF
+mkdir $bn
+put -r $1
+EOF
+    else
+	echo $0: will upload file $1
+	cat >> $t1 <<EOF
+put $1
+EOF
+    fi
+    shift
+done
+
+# no UserKnownHostsFile so that we don't try to record the IP hash key
+# GLobalKnownHostsFile so that we are verifying that this is the real drop.ceph.com
+
+cp "$ssh_key" "$t4"
+cp "${ssh_key}.pub" "$t4.pub"
+
+sftp -i $t4 \
+    -C \
+    -oCheckHostIP=no \
+    -oGlobalKnownHostsFile=$known_hosts \
+    -oBatchMode=no \
+    -b $t1 -- $remote
+
+echo "$0: copy the upload id below to share with a dev:
+
+ceph-post-file: $id
+"