Support SSH keys from config drive

Add kernel support for IDE CDROM drives, add a package for JSON
parsing, and updating the metadata script to look for SSH keys
on the config drive in addition to the metadata server.

Change-Id: Ic8f065bfd77dd4c533590a023bab8b1d32da1f53
This commit is contained in:
Ben Swartzlander 2017-01-27 14:03:51 -05:00
parent 33a1e25839
commit c533026ed7
3 changed files with 58 additions and 13 deletions

View File

@ -1,19 +1,42 @@
#!/bin/sh
check_net() {
url="http://169.254.169.254/2009-04-04/meta-data"
(
wget -q -O - -T 10 $url/public-keys 2> /dev/null || exit 1
echo
) | (
while read line
do
key=$(echo $line | sed 's/\([0-9]\+\)=.*/\1/')
key_url=$url/public-keys/$key/openssh-key
wget -q -O - -T 10 $key_url 2> /dev/null || exit 1
done
) >> authorized_keys
}
json_metadata() {
F=$1/ec2/2009-04-04/meta-data.json
[ -f $F ] || return
JSON.sh < $F | sed -n 's/^\["public-keys","[0-9]\+","openssh-key"\]\t"\(.*\)\\n"$/\1/p'
}
check_cd() {
[ -b /dev/sr0 ] || return
mkdir /tmp/cd
if mount /dev/sr0 /tmp/cd
then
json_metadata /tmp/cd >> authorized_keys
umount /tmp/cd
fi
rmdir /tmp/cd
}
mkdir -p /root/.ssh
cd /root/.ssh
chmod 700 .
[ -f authorized_keys ] || touch authorized_keys
chmod 600 authorized_keys
url="http://169.254.169.254/2009-04-04/meta-data"
(
wget -q -O - -T 10 $url/public-keys 2> /dev/null || exit 1
echo
) | (
while read line
do
key=$(echo $line | sed 's/\([0-9]\+\)=.*/\1/')
wget -q -O - -T 10 $url/public-keys/$key/openssh-key 2> /dev/null || exit 1
done
) >> /root/.ssh/authorized_keys
check_net
check_cd

View File

@ -17,10 +17,18 @@ CONFIG_SYN_COOKIES=y
CONFIG_DEVTMPFS=y
CONFIG_DEVTMPFS_MOUNT=y
CONFIG_VIRTIO_BLK=y
CONFIG_SCSI=y
CONFIG_BLK_DEV_SD=y
CONFIG_BLK_DEV_SR=y
CONFIG_CHR_DEV_SG=y
CONFIG_SCSI_VIRTIO=y
CONFIG_ATA=y
CONFIG_ATA_PIIX=y
CONFIG_PATA_OLDPIIX=y
CONFIG_PATA_SCH=y
CONFIG_PATA_VIA=y
CONFIG_PATA_MPIIX=y
CONFIG_ATA_GENERIC=y
CONFIG_PATA_LEGACY=y
CONFIG_NETDEVICES=y
CONFIG_VIRTIO_NET=y
# CONFIG_ETHERNET is not set
@ -45,6 +53,8 @@ CONFIG_EXT2_FS=y
CONFIG_EXT2_FS_XATTR=y
CONFIG_EXT2_FS_POSIX_ACL=y
CONFIG_EXT2_FS_SECURITY=y
CONFIG_ISO9660_FS=y
CONFIG_JOLIET=y
CONFIG_TMPFS=y
# CONFIG_MISC_FILESYSTEMS is not set
CONFIG_NFS_FS=y

View File

@ -9,17 +9,30 @@
./init-buildroot.sh
# Grab JSON.sh for json parsing
JSON_VERS=e05e69a0debdba68125a33ac786726cb860b2e7b
JSON_SH=https://raw.githubusercontent.com/dominictarr/JSON.sh/$JSON_VERS/JSON.sh
if [ ! -x download/JSON.sh ]
then
curl -s $JSON_SH > download/JSON.sh
chmod +x download/JSON.sh
fi
# Create the filesystem overlays
if [ ! -d overlay-client ]
then
mkdir overlay-client
cp -a common-files/* overlay-client
mkdir -p overlay-client/usr/bin
cp download/JSON.sh overlay-server/usr/bin
fi
if [ ! -d overlay-server ]
then
mkdir overlay-server
cp -a common-files/* overlay-server
cp -a server-files/* overlay-server
mkdir -p overlay-server/usr/bin
cp download/JSON.sh overlay-server/usr/bin
fi
# Copy the config files where they need to go (temporarily)
@ -45,4 +58,3 @@ do
make O=../output-${IMAGE} all
( cd .. ; ./make-bootable-disk.sh $IMAGE )
done