From e8c2c18f0abeebedb10ce85b0f799a69c983317b Mon Sep 17 00:00:00 2001 From: Dmitry Bogun Date: Mon, 27 Feb 2017 15:27:54 +0200 Subject: [PATCH] Add method to inject root password and ssh key For debug purposes we need to inject root password(in case we will have access to console) or root ssh key or both of them. Change-Id: I822df209a4100ac65d4628ca4e3d0954878815c9 --- centos-bareon/install.d/60-bareon-install | 12 +++++++++--- .../install.d/files.ironic/root/.ssh/authorized_keys | 1 - centos-bareon/post-install.d/80-bareon | 1 + centos-bareon/root.d/10-create-repo | 1 - centos-bareon/root.d/60-bareon-inject-data | 11 +++++++++++ 5 files changed, 21 insertions(+), 5 deletions(-) delete mode 100644 centos-bareon/install.d/files.ironic/root/.ssh/authorized_keys create mode 100755 centos-bareon/root.d/60-bareon-inject-data diff --git a/centos-bareon/install.d/60-bareon-install b/centos-bareon/install.d/60-bareon-install index d046c08..7be60c9 100755 --- a/centos-bareon/install.d/60-bareon-install +++ b/centos-bareon/install.d/60-bareon-install @@ -29,12 +29,18 @@ else rpm -qi bareon >> $RELEASE_FILE fi -# TODO(lobur): generate this key and publish together with image -install -D -g root -o root -m 0600 ${SCRIPTDIR}/files.ironic/root/.ssh/authorized_keys /root/.ssh/authorized_keys -chmod 0700 /root/.ssh/ install -D -g root -o root -m 0600 ${SCRIPTDIR}/files.ironic/etc/ssh/sshd_config /etc/ssh/sshd_config install -D -g root -o root -m 0664 ${SCRIPTDIR}/files.ironic/etc/network /etc/sysconfig/network install -D -g root -o root -m 0644 ${SCRIPTDIR}/files.ironic/usr/lib/systemd/system/ironic-callback.service /usr/lib/systemd/system/ironic-callback.service install -D -g root -o root -m 0644 ${SCRIPTDIR}/files.ironic/etc/bareon/bareon.conf /etc/bareon/bareon.conf +install -d -g root -o root -m 0700 /root/.ssh +if [ -n "$DIB_BAREON_ROOT_PASSWORD" ]; then + echo "root:$DIB_BAREON_ROOT_PASSWORD" | chpasswd +fi +if [ -f /tmp/bareon-build/inject-ssh-key.pub ]; then + (umask 0077; touch /root/.ssh/authorized_keys) + cat "/tmp/bareon-build/inject-ssh-key.pub" > /root/.ssh/authorized_keys +fi + systemctl enable ironic-callback.service diff --git a/centos-bareon/install.d/files.ironic/root/.ssh/authorized_keys b/centos-bareon/install.d/files.ironic/root/.ssh/authorized_keys deleted file mode 100644 index 4a91b0c..0000000 --- a/centos-bareon/install.d/files.ironic/root/.ssh/authorized_keys +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDtrVTSM8tGd4E8khJn2gfN/2fymnX/0YKAGSVZTWDNIcYL5zXTlSwrccn/8EgmnNsJNxucJRT+oWqrDGaFaehuwlY/IBqm50KJVaUr5QYzOUpqVpFIpoX3UwETCxcSB1LiQYbCvrJcqOPQ4Zu9fMhMGKaAX1ohzOumn4czuLDYIvCnPnoU5RDWt7g1GaFFlzGU3JFooj7/aWFJMqJLinvay3vr2vFpBvO1y29nKu+zgpZkzzJCc0ndoVqvB+W9DY6QtgTSWfd3ZE/8vg4h8QV8H+xxqL/uWCxDkv2Y3rviAHivR/V+1YCSQH0NBJrNSkRjd+1roLhcEGT7/YEnbgVV nailgun@bootstrap diff --git a/centos-bareon/post-install.d/80-bareon b/centos-bareon/post-install.d/80-bareon index af16172..0e7494d 100755 --- a/centos-bareon/post-install.d/80-bareon +++ b/centos-bareon/post-install.d/80-bareon @@ -7,3 +7,4 @@ set -eu set -o pipefail rm -rf /tmp/bareon +rm -r /tmp/bareon-build diff --git a/centos-bareon/root.d/10-create-repo b/centos-bareon/root.d/10-create-repo index bd97b81..76d2625 100755 --- a/centos-bareon/root.d/10-create-repo +++ b/centos-bareon/root.d/10-create-repo @@ -11,4 +11,3 @@ set -e sudo mkdir -p $TARGET_ROOT/etc/yum.repos.d sudo cp /etc/yum.repos.d/*.repo $TARGET_ROOT/etc/yum.repos.d/ sudo cp /etc/pki/rpm-gpg/* $TARGET_ROOT/etc/pki/rpm-gpg/ - diff --git a/centos-bareon/root.d/60-bareon-inject-data b/centos-bareon/root.d/60-bareon-inject-data new file mode 100755 index 0000000..fc2849f --- /dev/null +++ b/centos-bareon/root.d/60-bareon-inject-data @@ -0,0 +1,11 @@ +#!/bin/bash + +if [ ${DIB_DEBUG_TRACE:-1} -gt 0 ]; then + set -x +fi + +# inject files into future chroot +install -m 0700 -d "$TARGET_ROOT/tmp/bareon-build" +if [ -n "$DIB_BAREON_INJECT_SSH_KEY" ]; then + cp "$DIB_BAREON_INJECT_SSH_KEY" "$TARGET_ROOT/tmp/bareon-build/inject-ssh-key.pub" +fi