install ssh key from seed file

Signed-off-by: davidplunkett <dp7642@att.com>
Change-Id: I1ecbf07336f0ff40b64689510f85de92382f5204
Signed-off-by: davidplunkett <dp7642@att.com>

diff --git a/firstboot-genesis.sh.template b/firstboot-genesis.sh.template
index 9f53d98..36a6750 100644 (file)
--- a/firstboot-genesis.sh.template
+++ b/firstboot-genesis.sh.template
@@ -65,6 +65,7 @@ for d in $devices
 do
    wipefs -a -f /dev/${d}
    parted -s /dev/${d} mklabel GPT
+   # parted -s -a optimal /dev/${d} -- mkpart primary ext4 1 -1s
 done
 partprobe
 sleep 5 #let udev settle down
@@ -98,12 +99,12 @@ END
     fi
 fi
 
-#Creating Calico Interface
+# Creating Calico Interface
 if [ -n "@@SRV_CALICO_VLAN@@" ]; then
     echo "Configuring Calico Interface in the server"
     tee -a /etc/network/interfaces << END
 
-#CALICO
+# CALICO
 auto $calico
 iface $calico inet static
     address @@SRV_CALICO_IP@@
@@ -125,7 +126,7 @@ if [ -n "@@SRV_NEUTRON_VLAN@@" ]; then
     echo "Configuring Neutron Interface in the server"
     tee -a /etc/network/interfaces << END
 
-#OVERLAY/NEUTRON
+# OVERLAY/NEUTRON
 auto $neutron
 iface $neutron inet static
     address @@SRV_NEUTRON_IP@@
@@ -146,10 +147,10 @@ if [ -n "@@SRV_PXE_INF@@" ]; then
     echo "Configuring PXE Interface in the server"
     tee -a /etc/network/interfaces << END
 
-#OVERLAY/NEUTRON
+# PXE
 auto @@SRV_PXE_INF@@
 iface @@SRV_PXE_INF@@ inet static
-address @@SRV_PXE_IP@@
+    address @@SRV_PXE_IP@@
     netmask 255.255.255.0
     mtu @@SRV_MTU@@
 END

diff --git a/install_server_os.sh b/install_server_os.sh
index 39b9fec..2b173c3 100755 (executable)
--- a/install_server_os.sh
+++ b/install_server_os.sh
@@ -100,7 +100,7 @@ fi
 echo "#######################################"
 echo "# USING INPUT FILE [$RCFILE]"
 echo "#######################################"
-sed -E 's/(^.*PWD=).*/\1###PASSWORD REMOVED####/g' $RCFILE
+sed -E 's/(^.*PWD=).*/\1###PASSWORD REMOVED###/g' $RCFILE
 echo "#######################################"
 
 # CHECK A FEW REQUIRED VARIABLES - BUT NOT ALL
@@ -171,6 +171,13 @@ if ! ping -c 3 $SRV_OOB_IP | grep time= ; then
     exit 1;
 fi
 
+## CREATE SSH KEYS IF THEY DO NOT EXIST
+echo "Setting up ssh keys for user [$USER] with home [$HOME]"
+if ! [ -f $HOME/.ssh/id_rsa ]; then
+    echo "  Creating rsa key [$HOME/.ssh/id_rsa]"
+    ssh-keygen -t rsa -f $HOME/.ssh/id_rsa -P ""
+fi
+
 ## COLLECT ANY ADDITIONAL SERVER DATA NEEDED - FOR EXAMPLE, LOOKUP MAC FOR DELL NIC
 SRV_OEM=$(curl --noproxy '*' --insecure https://$SRV_OOB_IP/redfish/v1/ | grep -Poe '(?<="Oem":{")[^"]*(?=")')
 echo "Identified server as OEM [$SRV_OEM] using oob [$SRV_OOB_IP]"
@@ -229,6 +236,7 @@ fi
 
 ## CREATE SERVER SEED FILE
 echo "Creating seed file [$WEB_ROOT/$SRV_NAME.seed] for server [$SRV_NAME]"
+SRV_RCKEY=$(cat ~/.ssh/id_rsa.pub | sed -e 's/[\/&]/\\&/g')
 cp -f $REDFISH_ROOT/ubuntu.seed.template $WEB_ROOT/$SRV_NAME.seed
 
 for VAR in $(set | grep -P "^SRV_|^BUILD_" | cut -f 1 -d'='); do
@@ -386,16 +394,8 @@ fi
 echo "Waiting for server to come back up..."
 (ping -i 5 $SRV_IP &) | awk '{print $0; fflush();} /time=/ {x++; if (x>3) {exit;}}'
 
-## SETUP SSH KEYS
-echo "Setting up ssh keys for user [$USER] with home [$HOME]"
-if ! dpkg -l | grep "sshpass " > /dev/null; then
-    echo "  Installing sshpass"
-    apt-get install -y sshpass 2>&1 || echo "ERROR: sshpass is required to complete the build"; exit 1;
-fi
-if ! [ -f $HOME/.ssh/id_rsa ]; then
-    echo "  Creating rsa key [$HOME/.ssh/id_rsa]"
-    ssh-keygen -t rsa -f $HOME/.ssh/id_rsa -P ""
-fi
+## SETUP KNOW_HOST SSH KEYS
+echo "Setting up ssh access for user [$USER] with home [$HOME]"
 echo "  Removing any old host keys for [$SRV_IP]"
 ls -l $HOME/.ssh/
 chown $USER:$USER $HOME/.ssh/known_hosts
@@ -407,15 +407,10 @@ echo "  Getting new host keys for [$SRV_IP]"
 sleep 5
 ssh-keyscan -t rsa -H $SRV_IP >> $HOME/.ssh/known_hosts
 
-echo "  copying user key to [root@$SRV_IP]"
-sleep 5
-export SSHPASS=$SRV_PWD
-sshpass -e ssh-copy-id -i $HOME/.ssh/id_rsa root@$SRV_IP
-
 ## RUN FIRSTBOOT SCRIPT
 echo "Running first boot script"
 sleep 5
-sshpass -e ssh -i $HOME/.ssh/id_rsa root@$SRV_IP /root/$SRV_NAME.firstboot.sh
+ssh -i $HOME/.ssh/id_rsa root@$SRV_IP /root/$SRV_NAME.firstboot.sh
 if [ "$?" -ne 0 ]; then
     echo "FAILED:  Unable to run firstboot script on new server"
     exit 1

diff --git a/ubuntu.seed.template b/ubuntu.seed.template
index 5849168..5fbee58 100644 (file)
--- a/ubuntu.seed.template
+++ b/ubuntu.seed.template
@@ -165,6 +165,8 @@ d-i preseed/late_command string \
     in-target /bin/bash -c 'echo -n -e "    bond-miimon 100\n    bond-slaves @@SRV_SLAVE1@@ @@SRV_SLAVE2@@\n    mtu @@SRV_MTU@@\n\n" >> /etc/network/interfaces'; \
     in-target /bin/bash -c 'echo -n -e "auto @@SRV_BOND@@.@@SRV_VLAN@@\niface @@SRV_BOND@@.@@SRV_VLAN@@ inet static\n    address @@SRV_IP@@\n    netmask @@SRV_NETMASK@@\n" >> /etc/network/interfaces'; \
     in-target /bin/bash -c 'echo -n -e "    gateway @@SRV_GATEWAY@@\n    dns-nameservers @@SRV_DNS@@\n    dns-search @@SRV_DNSSEARCH@@\n    vlan-raw-device @@SRV_BOND@@\n    mtu @@SRV_MTU@@\n" >> /etc/network/interfaces'; \
+    in-target /bin/bash -c 'mkdir -p /root/.ssh'; \
+    in-target /bin/bash -c '/bin/echo "@@SRV_RCKEY@@" >> /root/.ssh/authorized_keys'; \
     in-target /bin/bash -c 'curl --noproxy "*" http://@@BUILD_WEBIP@@:@@BUILD_WEBPORT@@/sources.list > /etc/apt/sources.list'; \
     in-target /bin/bash -c 'curl --noproxy "*" http://@@BUILD_WEBIP@@:@@BUILD_WEBPORT@@/@@SRV_NAME@@.firstboot.sh > /root/@@SRV_NAME@@.firstboot.sh; chmod +x /root/@@SRV_NAME@@.firstboot.sh'; \
     in-target /bin/bash -c 'sed -i "s/GRUB_CMDLINE_LINUX=\"[^\"]*/& @@SRV_KERNEL_PARAMS@@/g" /etc/default/grub'; \