mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-11-30 15:02:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(qemu_template): Provide SSH keys via config drive

Browse Source 
Moving away from our old behavior of loading 'authorized_keys' on virtfs
volumes. Still using virtfs to avoid depending on mkisofs or similar.
This commit is contained in:
Michael Marineau 2014-04-03 19:23:18 -07:00
parent 0d0c7c7578
commit 150ab005e0
1 changed files with 40 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
build_library/qemu_template.sh
View File

@ -56,34 +56,49 @@ while [ $# -ge 1 ]; do
done done
METADATA=$(mktemp -t -d coreos-meta-data.XXXXXXXXXX) find_ssh_keys() {
if [ $? -ne 0 ] || [ ! -d "$METADATA" ]; then
echo "$0: mktemp -d failed!" >&2
exit 1
fi
trap "rm -rf '$METADATA'" EXIT
# Do our best to create an authorized_keys file
if [ -n "$SSH_KEYS" ]; then
if [ ! -f "$SSH_KEYS" ]; then
echo "$0: SSH keys file not found: $SSH_KEYS" >&2
exit 1
elif ! cp "$SSH_KEYS" "${METADATA}/authorized_keys"; then
echo "$0: Failed to copy SSH keys from $SSH_KEYS" >&2
exit 1
fi
else
# Nothing provided, try fetching from ssh-agent and the local fs
if [ -S "$SSH_AUTH_SOCK" ]; then if [ -S "$SSH_AUTH_SOCK" ]; then
ssh-add -L >> "${METADATA}/authorized_keys" ssh-add -L
fi fi
for default_key in ~/.ssh/id_*.pub; do for default_key in ~/.ssh/id_*.pub; do
if [ ! -f "$default_key" ]; then if [ ! -f "$default_key" ]; then
continue continue
fi fi
cat "$default_key" >> "${METADATA}/authorized_keys" cat "$default_key"
done done
}
write_ssh_keys() {
echo "#cloud-config"
echo "ssh_authorized_keys:"
sed -e 's/^/ - /'
}
CONFIG_DRIVE=$(mktemp -t -d coreos-configdrive.XXXXXXXXXX)
if [ $? -ne 0 ] || [ ! -d "$CONFIG_DRIVE" ]; then
echo "$0: mktemp -d failed!" >&2
exit 1
fi
trap "rm -rf '$CONFIG_DRIVE'" EXIT
mkdir -p "${CONFIG_DRIVE}/openstack/latest"
if [ -n "$SSH_KEYS" ]; then
if [ ! -f "$SSH_KEYS" ]; then
echo "$0: SSH keys file not found: $SSH_KEYS" >&2
exit 1
fi
SSH_KEYS_TEXT=$(cat "$SSH_KEYS")
if [ $? -ne 0 ] || [ -z "$SSH_KEYS_TEXT" ]; then
echo "$0: Failed to read SSH keys from $SSH_KEYS" >&2
exit 1
fi
echo "$SSH_KEYS_TEXT" | write_ssh_keys > \
"${CONFIG_DRIVE}/openstack/latest/user_data"
else
find_ssh_keys | write_ssh_keys > \
"${CONFIG_DRIVE}/openstack/latest/user_data"
fi fi
# Start assembling our default command line arguments # Start assembling our default command line arguments
@ -116,20 +131,20 @@ if [ -n "${VM_CDROM}" ]; then
fi fi
# Default to KVM, fall back on full emulation # Default to KVM, fall back on full emulation
# ${METADATA} will be mounted in CoreOS as /media/metadata # ${CONFIG_DRIVE} will be mounted in CoreOS as /media/configdrive
qemu-system-x86_64 \ qemu-system-x86_64 \
-name "$VM_NAME" \ -name "$VM_NAME" \
-m ${VM_MEMORY} \ -m ${VM_MEMORY} \
-machine accel=kvm:tcg \ -machine accel=kvm:tcg \
-net nic,vlan=0,model=virtio \ -net nic,vlan=0,model=virtio \
-net user,vlan=0,hostfwd=tcp::"${SSH_PORT}"-:22 \ -net user,vlan=0,hostfwd=tcp::"${SSH_PORT}"-:22 \
-fsdev local,id=metadata,security_model=none,readonly,path="${METADATA}" \ -fsdev local,id=conf,security_model=none,readonly,path="${CONFIG_DRIVE}" \
-device virtio-9p-pci,fsdev=metadata,mount_tag=metadata \ -device virtio-9p-pci,fsdev=conf,mount_tag=config-2 \
"$@" "$@"
RET=$? RET=$?
# Cleanup! # Cleanup!
rm -rf "${METADATA}" rm -rf "${CONFIG_DRIVE}"
trap - EXIT trap - EXIT
exit ${RET} exit ${RET}