Merge "Use the dynamically generated ssh key in Ubuntu based bootstrap image"

fuel-bootstrap-image-builder/bin/fuel-bootstrap-image

@@ -15,7 +15,6 @@ global_conf="/etc/fuel-bootstrap-image.conf"
 [ -z "$KERNEL_FLAVOR" ] && KERNEL_FLAVOR="-generic-lts-trusty"
 [ -z "$ARCH" ] && ARCH="amd64"
 [ -z "$DESTDIR" ] && DESTDIR="/var/www/nailgun/bootstrap/ubuntu"
-[ -z "$BOOTSTRAP_SSH_KEYS" ] && BOOTSTRAP_SSH_KEYS="$datadir/ubuntu/files/root/.ssh/authorized_keys"
 
 # Packages required for the master node to discover a bootstrap node
 BOOTSTRAP_FUEL_PKGS_DFLT="openssh-client openssh-server ntp mcollective nailgun-agent nailgun-mcagents nailgun-net-check fuel-agent"
@@ -343,7 +342,14 @@ build_image ()
 	install_packages "$root" $BOOTSTRAP_PKGS $BOOTSTRAP_FUEL_PKGS
 	recompress_initramfs "$root"
 	copy_conf_files "$root"
-	install_ssh_keys "$root" $BOOTSTRAP_SSH_KEYS
+	if [ -n "$BOOTSTRAP_SSH_KEYS" ]; then
+		install_ssh_keys "$root" $BOOTSTRAP_SSH_KEYS
+	else
+		cat >&2 <<-EOF
+		$MYSELF: Warning: no ssh keys specified
+		$MYSELF: bootstrap nodes won't be available via ssh
+		EOF
+	fi
 	restore_resolv_conf "$root"
 	cleanup_chroot "$root"
 	mk_squashfs_image "$root"

fuel-bootstrap-image-builder/share/fuel-bootstrap-image/ubuntu/files/root/.ssh/authorized_keys

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDtrVTSM8tGd4E8khJn2gfN/2fymnX/0YKAGSVZTWDNIcYL5zXTlSwrccn/8EgmnNsJNxucJRT+oWqrDGaFaehuwlY/IBqm50KJVaUr5QYzOUpqVpFIpoX3UwETCxcSB1LiQYbCvrJcqOPQ4Zu9fMhMGKaAX1ohzOumn4czuLDYIvCnPnoU5RDWt7g1GaFFlzGU3JFooj7/aWFJMqJLinvay3vr2vFpBvO1y29nKu+zgpZkzzJCc0ndoVqvB+W9DY6QtgTSWfd3ZE/8vg4h8QV8H+xxqL/uWCxDkv2Y3rviAHivR/V+1YCSQH0NBJrNSkRjd+1roLhcEGT7/YEnbgVV nailgun@bootstrap

iso/bootstrap_admin_node.docker.sh

@@ -57,18 +57,43 @@ fi
 . /etc/sysconfig/network
 hostname "$HOSTNAME"
 
-# Need to build bootstrap image early enough so cobbler can create
-# the `bootstrap' profile
-bootstrap_img_failed='yes'
-bootstrap_img_max_attempts=3
+# XXX: ssh keys which should be included into the bootstrap image are
+# generated during containers deployment. However cobbler checkfs for
+# a kernel and initramfs when creating a profile, which poses chicken
+# and egg problem. Fortunately cobbler is pretty happy with empty files
+# so it's easy to break the loop.
+make_ubuntu_bootstrap_stub () {
+	local bootstrap_dir='/var/www/nailgun/bootstrap/ubuntu'
+	mkdir -p $bootstrap_dir
+	for item in linux initramfs.img; do
+		touch "$bootstrap_dir/$item"
+	done
+}
 
-for n in `seq 1 $bootstrap_img_max_attempts`; do
-	echo "Bulding bootstrap image, attempt $n" >&2
-	if fuel-bootstrap-image 2>>/var/log/fuel-bootstrap-image-build.log; then
-		bootstrap_img_failed=''
-		break
+# Actually build the bootstrap image
+build_ubuntu_bootstrap () {
+	local ret=1
+	local max_attempts=3
+	local config='/etc/fuel-bootstrap-image.conf'
+	local log='/var/log/fuel-bootstrap-image-build.log'
+	if ! grep -qE '^BOOTSTRAP_SSH_KEYS' "$config"; then
+		# FIXME: config file generated by fuelmenu has no trailing newline
+		echo >> "$config"
+		cat >> "$config" <<-EOF
+		BOOTSTRAP_SSH_KEYS=/root/.ssh/id_rsa.pub
+		EOF
 	fi
-done
+	for n in `seq 1 $max_attempts`; do
+		echo "Bulding bootstrap image, attempt $n" >&2
+		if fuel-bootstrap-image >>"$log" 2>&1; then
+			ret=0
+			break
+		fi
+	done
+	return $ret
+}
+
+make_ubuntu_bootstrap_stub
 
 service docker start
 
@@ -115,11 +140,23 @@ puppet apply --detailed-exitcodes -d -v /etc/puppet/modules/nailgun/examples/hos
 if [ $? -ge 4 ];then
   fail
 fi
+
 rmdir /var/log/remote && ln -s /var/log/docker-logs/remote /var/log/remote
 
 dockerctl check || fail
 bash /etc/rc.local
 
+bootstrap_img_failed=''
+if build_ubuntu_bootstrap; then
+	dockerctl shell cobbler cobbler sync
+	# XXX: sometimes dnsmasq fails to restart after cobbler sync
+	if ! dockerctl shell cobbler service dnsmasq status 2>/dev/null; then
+		dockerctl shell cobbler service dnsmasq restart
+	fi
+else
+	bootstrap_img_failed='yes'
+fi
+
 # Enable updates repository
 cat > /etc/yum.repos.d/mos${FUEL_RELEASE}-updates.repo << EOF
 [mos${FUEL_RELEASE}-updates]