[Chart] support ssh private key

- Add support for optionally mounting a
  private key for the maas user to access
  remote hosts via ssh (e.g. virsh)
- Add libvirt-bin to the rack controller

Change-Id: I18efb6a6947a5a5f91800bf6494b7d9d15d8aaf2
This commit is contained in:
Scott Hussey 2018-04-27 14:10:41 -05:00
parent 3e4849e132
commit 791e49c519
6 changed files with 65 additions and 3 deletions

View File

@ -19,4 +19,10 @@ set -ex
# show env
env > /tmp/env
exec /bin/systemd --system
if [[ -d ~maas/.ssh ]]
then
chown -R maas:maas ~maas/.ssh
fi
chsh -s /bin/bash maas
exec /bin/systemd --system

View File

@ -87,8 +87,23 @@ spec:
mountPath: /lib/systemd/system/register-rack-controller.service
subPath: register-rack-controller.service
readOnly: true
{{- if .Values.manifests.secret_ssh_key }}
- name: maas-ssh
mountPath: /var/lib/maas/.ssh
- name: priv-key
subPath: PRIVATE_KEY
mountPath: /var/lib/maas/.ssh/id_rsa
{{- end }}
{{ if $mounts_maas_rack.volumeMounts }}{{ toYaml $mounts_maas_rack.volumeMounts | indent 12 }}{{ end }}
volumes:
{{- if .Values.manifests.secret_ssh_key }}
- name: maas-ssh
emptyDir: {}
- name: priv-key
secret:
secretName: {{ .Release.Name}}-{{ .Values.secrets.ssh_key }}
defaultMode: 0400
{{- end }}
- name: maas-bin
configMap:
name: maas-bin

View File

@ -0,0 +1,29 @@
{{/*
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
{{- if .Values.manifests.secret_ssh_key }}
{{- $secretName := .Values.secrets.ssh_key }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name}}-{{ $secretName }}
type: Opaque
data:
PRIVATE_KEY: |-
{{ .Values.conf.ssh.private_key | b64enc | indent 4 }}
...
{{- end }}

View File

@ -1,5 +1,5 @@
{{/*
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

View File

@ -66,6 +66,7 @@ manifests:
region_statefulset: true
rack_deployment: true
test_maas_api: true
secret_ssh_key: false
images:
tags:
@ -113,6 +114,13 @@ network:
db_service_target: 5432
conf:
ssh:
# A SSH private key strings to mount
# to allow MaaS access virsh over SSH
# The corresponding public key should be
# added to a authorized_keys file to a user
# in the libvirt group on the hypervisors
private_key: null
bind:
override:
append:
@ -202,6 +210,7 @@ secrets:
maas_region:
name: maas-region-secret
value: 3858f62230ac3c915f300c664312c63f
ssh_key: ssh-private-key
pod:
affinity:

View File

@ -16,7 +16,10 @@ RUN systemctl set-default multi-user.target
# everything else below is to setup maas into the systemd initialized
# container based on ubuntu 16.04
RUN apt-get -qq update && \
apt-get -y install sudo software-properties-common
apt-get -y install \
sudo \
software-properties-common \
libvirt-bin
# TODO(alanmeadows)
# we need systemd 231 per https://github.com/systemd/systemd/commit/a1350640ba605cf5876b25abfee886488a33e50b