labs: rewrite enable_vagrant_ssh_keys.sh

Split the code into two functions: get_vagrant_key: download a Vagrant insecure key (if necessary) and copy it to ~/.ssh. authorize_vagrant_key: authorize a Vagrant insecure key for logins into the VM. Change-Id: Id420aa14a48aac9e9c2814e0b4cdcbded90f0560
2014-10-03 10:17:50 +02:00 · 2014-10-03 10:17:50 +02:00 · e87bc6f92a
commit e87bc6f92a
parent 46174a35d4
1 changed files with 38 additions and 20 deletions
--- a/labs/scripts/osbash/enable_vagrant_ssh_keys.sh
+++ b/labs/scripts/osbash/enable_vagrant_ssh_keys.sh
@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -o errexit -o nounset

-# This script installs the unsecure Vagrant ssh keys. This allows users to
+# This script installs the insecure Vagrant ssh keys. This allows users to
 # log into the VMs using these keys instead of a password.

 TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
@ -12,27 +12,45 @@ indicate_current_auto

 exec_logfile

-function install_vagrant_public_key {
-    local VAGRANT_KEY_NAME="vagrant.pub"
-    local KEY_URL=https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/$VAGRANT_KEY_NAME
-    local VAGRANT_KEY_DIR=$LIB_DIR/vagrant-ssh-keys
+mkdir -p "$HOME/.ssh"
+chmod 700 "$HOME/.ssh"

-    if [ ! -f "$VAGRANT_KEY_DIR/$VAGRANT_KEY_NAME" ]; then
-        wget --output-document "$VAGRANT_KEY_DIR/$VAGRANT_KEY_NAME" "$KEY_URL"
-        if [ $? -ne 0 ]; then
-            echo >&2 "Error when downloading $KEY_URL"
-            return 1
+# Install the requested Vagrant insecure key to $HOME/.ssh. Keep a copy in
+# $LIB_DIR/vagrant-ssh-keys (cache if the directory is shared with the host).
+function get_vagrant_key {
+    local key_name=$1
+    local key_url=https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/$key_name
+    local vagrant_key_dir=$LIB_DIR/vagrant-ssh-keys
+
+    if [ -f "$HOME/.ssh/$key_name" ]; then
+        echo "Vagrant insecure key already installed: $HOME/.ssh/$key_name."
+    else
+        if [ ! -f "$vagrant_key_dir/$key_name" ]; then
+            echo "Downloading Vagrant insecure key $key_name."
+            wget --output-document "$vagrant_key_dir/$key_name" "$key_url"
+            if [ $? -ne 0 ]; then
+                echo >&2 "Error when downloading $key_url"
+                return 1
+            fi
        fi
+        echo "Installing Vagrant insecure key $key_name."
+        cp -v "$vagrant_key_dir/$key_name" "$HOME/.ssh"
    fi
-
-    mkdir -p "$HOME/.ssh"
-    chmod 700 "$HOME/.ssh"
-    cat "$VAGRANT_KEY_DIR/$VAGRANT_KEY_NAME" >> "$HOME/.ssh/authorized_keys"
-    chmod 400 "$HOME/.ssh/authorized_keys"
 }

-if grep -qs "vagrant insecure public key" "$HOME/.ssh/authorized_keys"; then
-    echo "Vagrant insecure public key already installed"
-else
-    install_vagrant_public_key
-fi
+# Authorize named key for ssh logins into this VM.
+function authorize_vagrant_key {
+    local pub_key_path=$1
+    local auth_key_path=$HOME/.ssh/authorized_keys
+    if grep -qs "vagrant insecure public key" "$auth_key_path"; then
+        echo "Already authorized."
+    else
+        cat "$pub_key_path" >> "$auth_key_path"
+    fi
+}
+
+get_vagrant_key "vagrant.pub"
+chmod 444 "$HOME/.ssh/vagrant.pub"
+
+echo "Authorizing Vagrant public key (connections from host and other VMs)."
+authorize_vagrant_key "$HOME/.ssh/vagrant.pub"