diff options
| author | Jenkins <jenkins@review.openstack.org> | 2016-09-21 14:51:33 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2016-09-21 14:51:33 +0000 |
| commit | 1fd53460da1ddf5f566b8baf6085a5867ee849fb (patch) | |
| tree | 8febd6f05fb957740c2e168719714ec9c2e68569 | |
| parent | 9f52f47acd254933a6b922bf60adf76cdbd8fff1 (diff) | |
| parent | 2136ded582b507be111f06c4c7307c940ea3e375 (diff) | |
| download | ironic-python-agent-1fd53460da1ddf5f566b8baf6085a5867ee849fb.tar.gz | |
Merge "Enable SSH access to tinyipa"
| -rw-r--r-- | imagebuild/tinyipa/README.rst | 11 | ||||
| -rwxr-xr-x | imagebuild/tinyipa/build_files/bootlocal.sh | 6 | ||||
| -rwxr-xr-x | imagebuild/tinyipa/finalise-tinyipa.sh | 47 | ||||
| -rw-r--r-- | releasenotes/notes/tinyipa-ssh-e8a3a01a3f3ff5f4.yaml | 6 |
4 files changed, 70 insertions, 0 deletions
diff --git a/imagebuild/tinyipa/README.rst b/imagebuild/tinyipa/README.rst index e7d9e28f..aa216521 100644 --- a/imagebuild/tinyipa/README.rst +++ b/imagebuild/tinyipa/README.rst @@ -77,3 +77,14 @@ instead of loading some things at runtime (this results in a slightly bigger ramdisk), before running make or build-tinyipa.sh run:: export BUILD_AND_INSTALL_TINYIPA=true + +If you want to enable SSH access to the image, set ``ENABLE_SSH`` variable in +your shell before building the tinyipa:: + + export ENABLE_SSH=true + +By default it will use public RSA or DSA keys of the user running the build. +To provide other public SSH key, export path to it in your shell before +building tinyipa as follows:: + + export SSH_PUBLIC_KEY=<full-path-to-public-key> diff --git a/imagebuild/tinyipa/build_files/bootlocal.sh b/imagebuild/tinyipa/build_files/bootlocal.sh index f93a538b..244cc4f9 100755 --- a/imagebuild/tinyipa/build_files/bootlocal.sh +++ b/imagebuild/tinyipa/build_files/bootlocal.sh @@ -9,6 +9,12 @@ date export HOME=/root +# Start SSHd +if [ -f /usr/local/etc/init.d/openssh ]; then + echo "Starting OpenSSH server:" + /usr/local/etc/init.d/openssh start +fi + # Maybe save some RAM? #rm -rf /tmp/builtin diff --git a/imagebuild/tinyipa/finalise-tinyipa.sh b/imagebuild/tinyipa/finalise-tinyipa.sh index c24306a6..023130be 100755 --- a/imagebuild/tinyipa/finalise-tinyipa.sh +++ b/imagebuild/tinyipa/finalise-tinyipa.sh @@ -6,6 +6,8 @@ BUILDDIR="$WORKDIR/tinyipabuild" FINALDIR="$WORKDIR/tinyipafinal" BUILD_AND_INSTALL_TINYIPA=${BUILD_AND_INSTALL_TINYIPA:-true} TINYCORE_MIRROR_URL=${TINYCORE_MIRROR_URL:-"http://repo.tinycorelinux.net/"} +ENABLE_SSH=${ENABLE_SSH:-false} +SSH_PUBLIC_KEY=${SSH_PUBLIC_KEY:-} TC=1001 STAFF=50 @@ -16,6 +18,27 @@ TC_CHROOT_CMD="sudo chroot --userspec=$TC:$STAFF $FINALDIR /usr/bin/env -i PATH= echo "Finalising tinyipa:" +if $ENABLE_SSH ; then + echo "Validating location of public SSH key" + if [ -n "$SSH_PUBLIC_KEY" ]; then + if [ -f "$SSH_PUBLIC_KEY" ]; then + _found_ssh_key="$SSH_PUBLIC_KEY" + fi + else + for fmt in rsa dsa; do + if [ -f "$HOME/.ssh/id_$fmt.pub" ]; then + _found_ssh_key="$HOME/.ssh/id_$fmt.pub" + break + fi + done + fi + + if [ -z $_found_ssh_key ]; then + echo "Failed to find neither provided nor default SSH key" + exit 1 + fi +fi + sudo -v if [ -d "$FINALDIR" ]; then @@ -68,6 +91,30 @@ while read line; do $TC_CHROOT_CMD tce-load -wic $line done < $WORKDIR/build_files/finalreqs.lst +if $ENABLE_SSH ; then + # Install and configure bare minimum for SSH access + $TC_CHROOT_CMD tce-load -wic openssh + # Configure OpenSSH + $CHROOT_CMD cp /usr/local/etc/ssh/sshd_config.orig /usr/local/etc/ssh/sshd_config + echo "PasswordAuthentication no" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config + # Generate and configure host keys - RSA, DSA, Ed25519 + # NOTE(pas-ha) ECDSA host key will still be re-generated fresh on every image boot + $CHROOT_CMD ssh-keygen -t rsa -N "" -f /usr/local/etc/ssh/ssh_host_rsa_key + $CHROOT_CMD ssh-keygen -t dsa -N "" -f /usr/local/etc/ssh/ssh_host_dsa_key + $CHROOT_CMD ssh-keygen -t ed25519 -N "" -f /usr/local/etc/ssh/ssh_host_ed25519_key + echo "HostKey /usr/local/etc/ssh/ssh_host_rsa_key" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config + echo "HostKey /usr/local/etc/ssh/ssh_host_dsa_key" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config + echo "HostKey /usr/local/etc/ssh/ssh_host_ed25519_key" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config + + # setup user and SSH keys + $CHROOT_CMD mkdir -p /home/tc + $CHROOT_CMD chown -R tc.staff /home/tc + $TC_CHROOT_CMD mkdir -p /home/tc/.ssh + cat $_found_ssh_key | $TC_CHROOT_CMD tee /home/tc/.ssh/authorized_keys + $CHROOT_CMD chown tc.staff /home/tc/.ssh/authorized_keys + $TC_CHROOT_CMD chmod 600 /home/tc/.ssh/authorized_keys +fi + $TC_CHROOT_CMD tce-load -ic /tmp/builtin/optional/tgt.tcz $TC_CHROOT_CMD tce-load -ic /tmp/builtin/optional/qemu-utils.tcz diff --git a/releasenotes/notes/tinyipa-ssh-e8a3a01a3f3ff5f4.yaml b/releasenotes/notes/tinyipa-ssh-e8a3a01a3f3ff5f4.yaml new file mode 100644 index 00000000..74725464 --- /dev/null +++ b/releasenotes/notes/tinyipa-ssh-e8a3a01a3f3ff5f4.yaml @@ -0,0 +1,6 @@ +--- +other: + - When building the TinyIPA ramdisk, it is now possible to enable SSH + access to it. + Use ``ENABLE_SSH`` and ``SSH_PUBLIC_KEY`` environment variables + for that (see TinyIPA's README for more details). |