From 05676783f2a5e88df400df8aa4d6c6c02301cda4 Mon Sep 17 00:00:00 2001 From: sayalilunkad Date: Tue, 24 Feb 2015 17:53:40 +0530 Subject: [PATCH] Modifies osbash files to use osbash ssh keys This patch makes use of the osbash public and private keys to ssh to VM rather than the vagrant keys. This also removes the vagrant keys directory from the repository. Change-Id: I939274f188a02469c7e2cf9f9502510ea00d514e --- labs/config/credentials | 7 +-- labs/config/scripts.ubuntu_base | 2 +- labs/config/scripts.ubuntu_cluster | 6 +- labs/lib/README.rst | 5 +- labs/lib/functions.guest | 2 +- labs/lib/osbash/functions.host | 29 ++++----- labs/lib/vagrant-ssh-keys/README.rst | 4 -- labs/scripts/README.rst | 5 +- labs/scripts/osbash/enable_osbash_ssh_keys.sh | 50 ++++++++++++++++ .../scripts/osbash/enable_vagrant_ssh_keys.sh | 60 ------------------- labs/scripts/shutdown_controller.sh | 2 +- 11 files changed, 75 insertions(+), 97 deletions(-) delete mode 100644 labs/lib/vagrant-ssh-keys/README.rst create mode 100755 labs/scripts/osbash/enable_osbash_ssh_keys.sh delete mode 100755 labs/scripts/osbash/enable_vagrant_ssh_keys.sh diff --git a/labs/config/credentials b/labs/config/credentials index 15a3465f..59f82642 100644 --- a/labs/config/credentials +++ b/labs/config/credentials @@ -2,10 +2,9 @@ # by OpenStack applications and related software running in the VMs. # Note that the VM shell user and its password are not set here. By default, -# those are hard-coded in the preseed/kickstart files or in the Vagrant base -# box. The scripts get the shell user name from deploy.{osbash,vagrant} and -# don't need a password (they use password-less sudo and -- if configured -- -# ssh keys). +# those are hard-coded in the preseed/kickstart files. The scripts get the +# shell user name from deploy.{osbash} and don't need a password +# (they use password-less sudo and -- if configured -- ssh keys). # Used for MySQL or whatever other DBMS is configured : ${DATABASE_PASSWORD:=secrete} diff --git a/labs/config/scripts.ubuntu_base b/labs/config/scripts.ubuntu_base index c80bea42..9743a7c0 100644 --- a/labs/config/scripts.ubuntu_base +++ b/labs/config/scripts.ubuntu_base @@ -2,4 +2,4 @@ cmd queue ubuntu/apt_init.sh cmd queue ubuntu/apt_upgrade.sh cmd queue ubuntu/apt_pre-download.sh -cmd queue osbash/enable_vagrant_ssh_keys.sh +cmd queue osbash/enable_osbash_ssh_keys.sh diff --git a/labs/config/scripts.ubuntu_cluster b/labs/config/scripts.ubuntu_cluster index 351abc6b..cb06f223 100644 --- a/labs/config/scripts.ubuntu_cluster +++ b/labs/config/scripts.ubuntu_cluster @@ -3,7 +3,7 @@ cmd init_node -n controller cmd queue etc_hosts.sh -cmd queue osbash/enable_vagrant_ssh_keys.sh +cmd queue osbash/enable_osbash_ssh_keys.sh cmd snapshot_cycle -n controller controller_node_init cmd queue ubuntu/apt_install_mysql.sh @@ -41,7 +41,7 @@ cmd boot -n controller cmd init_node -n compute cmd queue etc_hosts.sh -cmd queue osbash/enable_vagrant_ssh_keys.sh +cmd queue osbash/enable_osbash_ssh_keys.sh cmd snapshot_cycle -n compute compute_node_init cmd queue ubuntu/setup_nova_compute.sh @@ -63,7 +63,7 @@ cmd boot -n controller cmd init_node -n network cmd queue etc_hosts.sh -cmd queue osbash/enable_vagrant_ssh_keys.sh +cmd queue osbash/enable_osbash_ssh_keys.sh cmd snapshot_cycle -n network network_node_init cmd queue ubuntu/setup_neutron_network.sh diff --git a/labs/lib/README.rst b/labs/lib/README.rst index 7c226dac..a72fc822 100644 --- a/labs/lib/README.rst +++ b/labs/lib/README.rst @@ -3,8 +3,7 @@ This directory contains bash libraries used by scripts. Configuration files for kickstart (Fedora) and preseed (Ubuntu) are in osbash/netboot. -The vagrant-ssh-keys from the Vagrant project can be automatically installed -into osbash VMs to make them accessible like Vagrant VMs without having -to install yet another set of ssh keys. +The osbash-ssh-keys can be automatically installed into osbash +VMs to make them accessible. The templates used to build Windows batch files are in the wbatch subdirectory. diff --git a/labs/lib/functions.guest b/labs/lib/functions.guest index e752e10a..27dfbb8f 100644 --- a/labs/lib/functions.guest +++ b/labs/lib/functions.guest @@ -377,7 +377,7 @@ function no_chk_ssh { # ssh from one node VM to another node in the cluster function node_ssh { - no_chk_ssh -i "$HOME/.ssh/vagrant" "$@" + no_chk_ssh -i "$HOME/.ssh/osbash_key" "$@" } #------------------------------------------------------------------------------- diff --git a/labs/lib/osbash/functions.host b/labs/lib/osbash/functions.host index 2fe7b3ec..00806575 100644 --- a/labs/lib/osbash/functions.host +++ b/labs/lib/osbash/functions.host @@ -52,20 +52,15 @@ function get_distro_name { # ssh #------------------------------------------------------------------------------- -# Download Vagrant insecure private key if necessary -function check_vagrant_private_key { - local key_name="vagrant" - local key_url=https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/$key_name - local vagrant_key_dir=$LIB_DIR/vagrant-ssh-keys - local vagrant_key_path=$vagrant_key_dir/$key_name +# Check permission for osbash insecure private key +function check_osbash_private_key { + local key_name="osbash_key" + local osbash_key_dir=$LIB_DIR/osbash-ssh-keys + local osbash_key_path=$osbash_key_dir/$key_name - if [ ! -f "$vagrant_key_path" ]; then - download "$key_url" "$vagrant_key_dir" $key_name - fi - - if ! ls -l "$vagrant_key_path"|grep -q "^-r--------"; then - echo "Adjusting permissions for $vagrant_key_path" - chmod 400 "$vagrant_key_path" + if ! ls -l "$osbash_key_path"|grep -q "^-r--------"; then + echo "Adjusting permissions for $osbash_key_path" + chmod 400 "$osbash_key_path" fi } @@ -79,7 +74,7 @@ function vm_scp_to_vm { local ssh_port=$1 shift - check_vagrant_private_key + check_osbash_private_key while (($#)); do local src_path=$1 @@ -88,7 +83,7 @@ function vm_scp_to_vm { local target_dir=$(dirname "$target_path") vm_ssh "$ssh_port" "mkdir -p $target_dir" scp -q -r \ - -i "$LIB_DIR/vagrant-ssh-keys/vagrant" \ + -i "$LIB_DIR/osbash-ssh-keys/osbash_key" \ -o "UserKnownHostsFile /dev/null" \ -o "StrictHostKeyChecking no" \ -P "$ssh_port" \ @@ -101,13 +96,13 @@ function vm_ssh { local ssh_port=$1 shift - check_vagrant_private_key + check_osbash_private_key # Some operating systems (e.g., Mac OS X) export locale settings to the # target that cause some Python clients to fail. Override with a standard # setting (LC_ALL=C). LC_ALL=C ssh -q \ - -i "$LIB_DIR/vagrant-ssh-keys/vagrant" \ + -i "$LIB_DIR/osbash-ssh-keys/osbash_key" \ -o "UserKnownHostsFile /dev/null" \ -o "StrictHostKeyChecking no" \ -p "$ssh_port" \ diff --git a/labs/lib/vagrant-ssh-keys/README.rst b/labs/lib/vagrant-ssh-keys/README.rst deleted file mode 100644 index 2014f657..00000000 --- a/labs/lib/vagrant-ssh-keys/README.rst +++ /dev/null @@ -1,4 +0,0 @@ -This directory may contain cached copies of the insecure Vagrant keys from -https://github.com/mitchellh/vagrant/tree/master/keys. - -They allow ssh access to Vagrant VMs or (if enabled) osbash VMs. diff --git a/labs/scripts/README.rst b/labs/scripts/README.rst index 81c290fb..3b1f0775 100644 --- a/labs/scripts/README.rst +++ b/labs/scripts/README.rst @@ -3,6 +3,5 @@ All scripts in this directory run within the VMs. They install and configure OpenStack components and any other required software (such as databases). -Before these generic scripts run, scripts from the osbash (or vagrant, -depending on the installation method) subdirectory set up the VM and -configure basic networking. +Before these generic scripts run, scripts from the osbash subdirectory +set up the VM and configure basic networking. diff --git a/labs/scripts/osbash/enable_osbash_ssh_keys.sh b/labs/scripts/osbash/enable_osbash_ssh_keys.sh new file mode 100755 index 00000000..f1112a94 --- /dev/null +++ b/labs/scripts/osbash/enable_osbash_ssh_keys.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +set -o errexit -o nounset + +# This script installs the insecure osbash ssh keys. This allows users to +# log into the VMs using these keys instead of a password. + +TOP_DIR=$(cd $(dirname "$0")/.. && pwd) +source "$TOP_DIR/config/paths" +source "$LIB_DIR/functions.guest" + +indicate_current_auto + +exec_logfile + +mkdir -p "$HOME/.ssh" +chmod 700 "$HOME/.ssh" + +# Install the requested osbash insecure key to $HOME/.ssh. +function get_osbash_key { + local key_name=$1 + local osbash_key_dir=$LIB_DIR/osbash-ssh-keys + + if [ -f "$HOME/.ssh/$key_name" ]; then + echo "osbash insecure key already installed: $HOME/.ssh/$key_name." + else + echo "Installing osbash insecure key $key_name." + cp -v "$osbash_key_dir/$key_name" "$HOME/.ssh" + fi +} + +# Authorize named key for ssh logins into this VM. +function authorize_osbash_key { + local pub_key_path=$1 + local auth_key_path=$HOME/.ssh/authorized_keys + if grep -qs "osbash insecure public key" "$auth_key_path"; then + echo "Already authorized." + else + cat "$pub_key_path" >> "$auth_key_path" + fi +} + +echo "Installing osbash insecure private key (connections to other VMs)." +get_osbash_key "osbash_key" +chmod 400 "$HOME/.ssh/osbash_key" + +get_osbash_key "osbash_key.pub" +chmod 444 "$HOME/.ssh/osbash_key.pub" + +echo "Authorizing osbash public key (connections from host and other VMs)." +authorize_osbash_key "$HOME/.ssh/osbash_key.pub" diff --git a/labs/scripts/osbash/enable_vagrant_ssh_keys.sh b/labs/scripts/osbash/enable_vagrant_ssh_keys.sh deleted file mode 100755 index 947afaf0..00000000 --- a/labs/scripts/osbash/enable_vagrant_ssh_keys.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/bin/env bash -set -o errexit -o nounset - -# This script installs the insecure Vagrant ssh keys. This allows users to -# log into the VMs using these keys instead of a password. - -TOP_DIR=$(cd $(dirname "$0")/.. && pwd) -source "$TOP_DIR/config/paths" -source "$LIB_DIR/functions.guest" - -indicate_current_auto - -exec_logfile - -mkdir -p "$HOME/.ssh" -chmod 700 "$HOME/.ssh" - -# Install the requested Vagrant insecure key to $HOME/.ssh. Keep a copy in -# $LIB_DIR/vagrant-ssh-keys (cache if the directory is shared with the host). -function get_vagrant_key { - local key_name=$1 - local key_url=https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/$key_name - local vagrant_key_dir=$LIB_DIR/vagrant-ssh-keys - - if [ -f "$HOME/.ssh/$key_name" ]; then - echo "Vagrant insecure key already installed: $HOME/.ssh/$key_name." - else - if [ ! -f "$vagrant_key_dir/$key_name" ]; then - echo "Downloading Vagrant insecure key $key_name." - wget --output-document "$vagrant_key_dir/$key_name" "$key_url" - if [ $? -ne 0 ]; then - echo >&2 "Error when downloading $key_url" - return 1 - fi - fi - echo "Installing Vagrant insecure key $key_name." - cp -v "$vagrant_key_dir/$key_name" "$HOME/.ssh" - fi -} - -# Authorize named key for ssh logins into this VM. -function authorize_vagrant_key { - local pub_key_path=$1 - local auth_key_path=$HOME/.ssh/authorized_keys - if grep -qs "vagrant insecure public key" "$auth_key_path"; then - echo "Already authorized." - else - cat "$pub_key_path" >> "$auth_key_path" - fi -} - -echo "Installing Vagrant insecure private key (connections to other VMs)." -get_vagrant_key "vagrant" -chmod 400 "$HOME/.ssh/vagrant" - -get_vagrant_key "vagrant.pub" -chmod 444 "$HOME/.ssh/vagrant.pub" - -echo "Authorizing Vagrant public key (connections from host and other VMs)." -authorize_vagrant_key "$HOME/.ssh/vagrant.pub" diff --git a/labs/scripts/shutdown_controller.sh b/labs/scripts/shutdown_controller.sh index 7d5909a2..45670ba3 100755 --- a/labs/scripts/shutdown_controller.sh +++ b/labs/scripts/shutdown_controller.sh @@ -27,6 +27,6 @@ echo "Shutting down the controller node." ssh \ -o "UserKnownHostsFile /dev/null" \ -o "StrictHostKeyChecking no" \ - -i "$HOME/.ssh/vagrant" \ + -i "$HOME/.ssh/osbash_key" \ controller-mgmt \ sudo /sbin/shutdown -P now