From a820ca78c3e5ca7b9416bb02577b13dca57e9ba7 Mon Sep 17 00:00:00 2001 From: davidplunkett Date: Thu, 31 Oct 2019 07:29:13 +0000 Subject: [PATCH] install ssh key from seed file Signed-off-by: davidplunkett Change-Id: I1ecbf07336f0ff40b64689510f85de92382f5204 Signed-off-by: davidplunkett --- firstboot-genesis.sh.template | 11 ++++++----- install_server_os.sh | 29 ++++++++++++----------------- ubuntu.seed.template | 2 ++ 3 files changed, 20 insertions(+), 22 deletions(-) diff --git a/firstboot-genesis.sh.template b/firstboot-genesis.sh.template index 9f53d98..36a6750 100644 --- a/firstboot-genesis.sh.template +++ b/firstboot-genesis.sh.template @@ -65,6 +65,7 @@ for d in $devices do wipefs -a -f /dev/${d} parted -s /dev/${d} mklabel GPT + # parted -s -a optimal /dev/${d} -- mkpart primary ext4 1 -1s done partprobe sleep 5 #let udev settle down @@ -98,12 +99,12 @@ END fi fi -#Creating Calico Interface +# Creating Calico Interface if [ -n "@@SRV_CALICO_VLAN@@" ]; then echo "Configuring Calico Interface in the server" tee -a /etc/network/interfaces << END -#CALICO +# CALICO auto $calico iface $calico inet static address @@SRV_CALICO_IP@@ @@ -125,7 +126,7 @@ if [ -n "@@SRV_NEUTRON_VLAN@@" ]; then echo "Configuring Neutron Interface in the server" tee -a /etc/network/interfaces << END -#OVERLAY/NEUTRON +# OVERLAY/NEUTRON auto $neutron iface $neutron inet static address @@SRV_NEUTRON_IP@@ @@ -146,10 +147,10 @@ if [ -n "@@SRV_PXE_INF@@" ]; then echo "Configuring PXE Interface in the server" tee -a /etc/network/interfaces << END -#OVERLAY/NEUTRON +# PXE auto @@SRV_PXE_INF@@ iface @@SRV_PXE_INF@@ inet static -address @@SRV_PXE_IP@@ + address @@SRV_PXE_IP@@ netmask 255.255.255.0 mtu @@SRV_MTU@@ END diff --git a/install_server_os.sh b/install_server_os.sh index 39b9fec..2b173c3 100755 --- a/install_server_os.sh +++ b/install_server_os.sh @@ -100,7 +100,7 @@ fi echo "#######################################" echo "# USING INPUT FILE [$RCFILE]" echo "#######################################" -sed -E 's/(^.*PWD=).*/\1###PASSWORD REMOVED####/g' $RCFILE +sed -E 's/(^.*PWD=).*/\1###PASSWORD REMOVED###/g' $RCFILE echo "#######################################" # CHECK A FEW REQUIRED VARIABLES - BUT NOT ALL @@ -171,6 +171,13 @@ if ! ping -c 3 $SRV_OOB_IP | grep time= ; then exit 1; fi +## CREATE SSH KEYS IF THEY DO NOT EXIST +echo "Setting up ssh keys for user [$USER] with home [$HOME]" +if ! [ -f $HOME/.ssh/id_rsa ]; then + echo " Creating rsa key [$HOME/.ssh/id_rsa]" + ssh-keygen -t rsa -f $HOME/.ssh/id_rsa -P "" +fi + ## COLLECT ANY ADDITIONAL SERVER DATA NEEDED - FOR EXAMPLE, LOOKUP MAC FOR DELL NIC SRV_OEM=$(curl --noproxy '*' --insecure https://$SRV_OOB_IP/redfish/v1/ | grep -Poe '(?<="Oem":{")[^"]*(?=")') echo "Identified server as OEM [$SRV_OEM] using oob [$SRV_OOB_IP]" @@ -229,6 +236,7 @@ fi ## CREATE SERVER SEED FILE echo "Creating seed file [$WEB_ROOT/$SRV_NAME.seed] for server [$SRV_NAME]" +SRV_RCKEY=$(cat ~/.ssh/id_rsa.pub | sed -e 's/[\/&]/\\&/g') cp -f $REDFISH_ROOT/ubuntu.seed.template $WEB_ROOT/$SRV_NAME.seed for VAR in $(set | grep -P "^SRV_|^BUILD_" | cut -f 1 -d'='); do @@ -386,16 +394,8 @@ fi echo "Waiting for server to come back up..." (ping -i 5 $SRV_IP &) | awk '{print $0; fflush();} /time=/ {x++; if (x>3) {exit;}}' -## SETUP SSH KEYS -echo "Setting up ssh keys for user [$USER] with home [$HOME]" -if ! dpkg -l | grep "sshpass " > /dev/null; then - echo " Installing sshpass" - apt-get install -y sshpass 2>&1 || echo "ERROR: sshpass is required to complete the build"; exit 1; -fi -if ! [ -f $HOME/.ssh/id_rsa ]; then - echo " Creating rsa key [$HOME/.ssh/id_rsa]" - ssh-keygen -t rsa -f $HOME/.ssh/id_rsa -P "" -fi +## SETUP KNOW_HOST SSH KEYS +echo "Setting up ssh access for user [$USER] with home [$HOME]" echo " Removing any old host keys for [$SRV_IP]" ls -l $HOME/.ssh/ chown $USER:$USER $HOME/.ssh/known_hosts @@ -407,15 +407,10 @@ echo " Getting new host keys for [$SRV_IP]" sleep 5 ssh-keyscan -t rsa -H $SRV_IP >> $HOME/.ssh/known_hosts -echo " copying user key to [root@$SRV_IP]" -sleep 5 -export SSHPASS=$SRV_PWD -sshpass -e ssh-copy-id -i $HOME/.ssh/id_rsa root@$SRV_IP - ## RUN FIRSTBOOT SCRIPT echo "Running first boot script" sleep 5 -sshpass -e ssh -i $HOME/.ssh/id_rsa root@$SRV_IP /root/$SRV_NAME.firstboot.sh +ssh -i $HOME/.ssh/id_rsa root@$SRV_IP /root/$SRV_NAME.firstboot.sh if [ "$?" -ne 0 ]; then echo "FAILED: Unable to run firstboot script on new server" exit 1 diff --git a/ubuntu.seed.template b/ubuntu.seed.template index 5849168..5fbee58 100644 --- a/ubuntu.seed.template +++ b/ubuntu.seed.template @@ -165,6 +165,8 @@ d-i preseed/late_command string \ in-target /bin/bash -c 'echo -n -e " bond-miimon 100\n bond-slaves @@SRV_SLAVE1@@ @@SRV_SLAVE2@@\n mtu @@SRV_MTU@@\n\n" >> /etc/network/interfaces'; \ in-target /bin/bash -c 'echo -n -e "auto @@SRV_BOND@@.@@SRV_VLAN@@\niface @@SRV_BOND@@.@@SRV_VLAN@@ inet static\n address @@SRV_IP@@\n netmask @@SRV_NETMASK@@\n" >> /etc/network/interfaces'; \ in-target /bin/bash -c 'echo -n -e " gateway @@SRV_GATEWAY@@\n dns-nameservers @@SRV_DNS@@\n dns-search @@SRV_DNSSEARCH@@\n vlan-raw-device @@SRV_BOND@@\n mtu @@SRV_MTU@@\n" >> /etc/network/interfaces'; \ + in-target /bin/bash -c 'mkdir -p /root/.ssh'; \ + in-target /bin/bash -c '/bin/echo "@@SRV_RCKEY@@" >> /root/.ssh/authorized_keys'; \ in-target /bin/bash -c 'curl --noproxy "*" http://@@BUILD_WEBIP@@:@@BUILD_WEBPORT@@/sources.list > /etc/apt/sources.list'; \ in-target /bin/bash -c 'curl --noproxy "*" http://@@BUILD_WEBIP@@:@@BUILD_WEBPORT@@/@@SRV_NAME@@.firstboot.sh > /root/@@SRV_NAME@@.firstboot.sh; chmod +x /root/@@SRV_NAME@@.firstboot.sh'; \ in-target /bin/bash -c 'sed -i "s/GRUB_CMDLINE_LINUX=\"[^\"]*/& @@SRV_KERNEL_PARAMS@@/g" /etc/default/grub'; \ -- 2.16.6