openstack/ironic-python-agent
Code Issues Proposed changes

Enable SSH access to tinyipa

Browse Source 
might be useful sometimes,
for example debugging in normal terminal is usually more pleasant
than in QEMU console.

Add env variables `ENABLE_SSH` and `SSH_PUBLIC_KEY`,
documentation is amended accordingly.

Change-Id: I71352c2087e1fb9a7174affb78fe695932a924d7
This commit is contained in:
Pavlo Shchelokovskyy 2016-09-16 22:23:04 +03:00 committed by Pavlo Shchelokovskyy
parent dd69ef3cd5
commit 2136ded582
4 changed files with 70 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
imagebuild/tinyipa/README.rst
View File

@ -77,3 +77,14 @@ instead of loading some things at runtime (this results in a slightly bigger
ramdisk), before running make or build-tinyipa.sh run:: ramdisk), before running make or build-tinyipa.sh run::
export BUILD_AND_INSTALL_TINYIPA=true export BUILD_AND_INSTALL_TINYIPA=true
If you want to enable SSH access to the image, set ``ENABLE_SSH`` variable in
your shell before building the tinyipa::
export ENABLE_SSH=true
By default it will use public RSA or DSA keys of the user running the build.
To provide other public SSH key, export path to it in your shell before
building tinyipa as follows::
export SSH_PUBLIC_KEY=<full-path-to-public-key>

6
imagebuild/tinyipa/build_files/bootlocal.sh
View File

@ -9,6 +9,12 @@ date
export HOME=/root export HOME=/root
# Start SSHd
if [ -f /usr/local/etc/init.d/openssh ]; then
echo "Starting OpenSSH server:"
/usr/local/etc/init.d/openssh start
fi
# Maybe save some RAM? # Maybe save some RAM?
#rm -rf /tmp/builtin #rm -rf /tmp/builtin

47
imagebuild/tinyipa/finalise-tinyipa.sh
View File

@ -6,6 +6,8 @@ BUILDDIR="$WORKDIR/tinyipabuild"
FINALDIR="$WORKDIR/tinyipafinal" FINALDIR="$WORKDIR/tinyipafinal"
BUILD_AND_INSTALL_TINYIPA=${BUILD_AND_INSTALL_TINYIPA:-true} BUILD_AND_INSTALL_TINYIPA=${BUILD_AND_INSTALL_TINYIPA:-true}
TINYCORE_MIRROR_URL=${TINYCORE_MIRROR_URL:-"http://repo.tinycorelinux.net/"} TINYCORE_MIRROR_URL=${TINYCORE_MIRROR_URL:-"http://repo.tinycorelinux.net/"}
ENABLE_SSH=${ENABLE_SSH:-false}
SSH_PUBLIC_KEY=${SSH_PUBLIC_KEY:-}
TC=1001 TC=1001
STAFF=50 STAFF=50
@ -16,6 +18,27 @@ TC_CHROOT_CMD="sudo chroot --userspec=$TC:$STAFF $FINALDIR /usr/bin/env -i PATH=
echo "Finalising tinyipa:" echo "Finalising tinyipa:"
if $ENABLE_SSH ; then
echo "Validating location of public SSH key"
if [ -n "$SSH_PUBLIC_KEY" ]; then
if [ -f "$SSH_PUBLIC_KEY" ]; then
_found_ssh_key="$SSH_PUBLIC_KEY"
fi
else
for fmt in rsa dsa; do
if [ -f "$HOME/.ssh/id_$fmt.pub" ]; then
_found_ssh_key="$HOME/.ssh/id_$fmt.pub"
break
fi
done
fi
if [ -z $_found_ssh_key ]; then
echo "Failed to find neither provided nor default SSH key"
exit 1
fi
fi
sudo -v sudo -v
if [ -d "$FINALDIR" ]; then if [ -d "$FINALDIR" ]; then
@ -68,6 +91,30 @@ while read line; do
$TC_CHROOT_CMD tce-load -wic $line $TC_CHROOT_CMD tce-load -wic $line
done < $WORKDIR/build_files/finalreqs.lst done < $WORKDIR/build_files/finalreqs.lst
if $ENABLE_SSH ; then
# Install and configure bare minimum for SSH access
$TC_CHROOT_CMD tce-load -wic openssh
# Configure OpenSSH
$CHROOT_CMD cp /usr/local/etc/ssh/sshd_config.orig /usr/local/etc/ssh/sshd_config
echo "PasswordAuthentication no" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config
# Generate and configure host keys - RSA, DSA, Ed25519
# NOTE(pas-ha) ECDSA host key will still be re-generated fresh on every image boot
$CHROOT_CMD ssh-keygen -t rsa -N "" -f /usr/local/etc/ssh/ssh_host_rsa_key
$CHROOT_CMD ssh-keygen -t dsa -N "" -f /usr/local/etc/ssh/ssh_host_dsa_key
$CHROOT_CMD ssh-keygen -t ed25519 -N "" -f /usr/local/etc/ssh/ssh_host_ed25519_key
echo "HostKey /usr/local/etc/ssh/ssh_host_rsa_key" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config
echo "HostKey /usr/local/etc/ssh/ssh_host_dsa_key" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config
echo "HostKey /usr/local/etc/ssh/ssh_host_ed25519_key" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config
# setup user and SSH keys
$CHROOT_CMD mkdir -p /home/tc
$CHROOT_CMD chown -R tc.staff /home/tc
$TC_CHROOT_CMD mkdir -p /home/tc/.ssh
cat $_found_ssh_key | $TC_CHROOT_CMD tee /home/tc/.ssh/authorized_keys
$CHROOT_CMD chown tc.staff /home/tc/.ssh/authorized_keys
$TC_CHROOT_CMD chmod 600 /home/tc/.ssh/authorized_keys
fi
$TC_CHROOT_CMD tce-load -ic /tmp/builtin/optional/tgt.tcz $TC_CHROOT_CMD tce-load -ic /tmp/builtin/optional/tgt.tcz
$TC_CHROOT_CMD tce-load -ic /tmp/builtin/optional/qemu-utils.tcz $TC_CHROOT_CMD tce-load -ic /tmp/builtin/optional/qemu-utils.tcz

6
releasenotes/notes/tinyipa-ssh-e8a3a01a3f3ff5f4.yaml Normal file
View File

@ -0,0 +1,6 @@
---
other:
- When building the TinyIPA ramdisk, it is now possible to enable SSH
access to it.
Use ``ENABLE_SSH`` and ``SSH_PUBLIC_KEY`` environment variables
for that (see TinyIPA's README for more details).