X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=deploy%2Fsite%2Fvm%2Fvm.sh;h=b35784d12a2796c034d6b0f8d77b3cbce543f192;hb=878ea0c739ece152793328a795780c734e4ac9b2;hp=477c4934a6cc37e9e735d7bc75e8b276e5ff87c9;hpb=211cdfe7f19bac21e170f42668562ce6b99edcfc;p=icn.git

diff --git a/deploy/site/vm/vm.sh b/deploy/site/vm/vm.sh
index 477c493..b35784d 100755
--- a/deploy/site/vm/vm.sh
+++ b/deploy/site/vm/vm.sh
@@ -15,15 +15,16 @@ SITE_BRANCH=${SITE_BRANCH:-"master"}
 SITE_PATH=${SITE_PATH:-"deploy/site/vm"}
 
 FLUX_SOPS_KEY_NAME=${FLUX_SOPS_KEY_NAME:-"icn-site-vm"}
+FLUX_SOPS_PRIVATE_KEY="${SCRIPTDIR}/../secrets/sops.asc"
 
 # !!!NOTE!!! THE KEYS USED BELOW ARE FOR TEST PURPOSES ONLY.  DO NOT
 # USE THESE OUTSIDE OF THIS ICN VIRTUAL TEST ENVIRONMENT.
 function build_source {
     # First decrypt the existing site YAML, otherwise we'll be
     # attempting to encrypt it twice below
-    if [[ -f ${SCRIPTDIR}/sops.asc ]]; then
-	gpg --import ${SCRIPTDIR}/sops.asc
-	sops_decrypt_site ${SCRIPTDIR}/site.yaml
+    if [[ -f ${FLUX_SOPS_PRIVATE_KEY} ]]; then
+	gpg --import ${FLUX_SOPS_PRIVATE_KEY}
+	sops_decrypt ${SCRIPTDIR}/site.yaml
     fi
 
     # Generate user password and authorized key in site YAML
@@ -38,14 +39,14 @@ function build_source {
 
     # Encrypt the site YAML
     create_gpg_key ${FLUX_SOPS_KEY_NAME}
-    sops_encrypt_site ${SCRIPTDIR}/site.yaml ${FLUX_SOPS_KEY_NAME}
+    sops_encrypt ${SCRIPTDIR}/site.yaml ${FLUX_SOPS_KEY_NAME}
 
     # ONLY FOR TEST ENVIRONMENT: save the private key used
-    export_gpg_private_key ${FLUX_SOPS_KEY_NAME} >${SCRIPTDIR}/sops.asc
+    export_gpg_private_key ${FLUX_SOPS_KEY_NAME} >${FLUX_SOPS_PRIVATE_KEY}
 }
 
 function deploy {
-    gpg --import ${SCRIPTDIR}/sops.asc
+    gpg --import ${FLUX_SOPS_PRIVATE_KEY}
     flux_create_site ${SITE_REPO} ${SITE_BRANCH} ${SITE_PATH} ${FLUX_SOPS_KEY_NAME}
 }
 
@@ -84,7 +85,12 @@ function insert_control_plane_network_identity_into_ssh_config {
     cat <<EOF >>${HOME}/.ssh/config
 Host ${host}
   IdentityFile ${SCRIPTDIR}/id_rsa
+  StrictHostKeyChecking no
+  UserKnownHostsFile /dev/null
 EOF
+    # Add the identity to authorized keys on this host to enable ssh
+    # logins via its control plane address
+    cat ${SCRIPTDIR}/id_rsa.pub >> ~/.ssh/authorized_keys
 }
 
 function wait_for_all_ready {