Support SSH keys from config drive
Add kernel support for IDE CDROM drives, add a package for JSON parsing, and updating the metadata script to look for SSH keys on the config drive in addition to the metadata server. Change-Id: Ic8f065bfd77dd4c533590a023bab8b1d32da1f53
This commit is contained in:
parent
33a1e25839
commit
c533026ed7
@ -1,11 +1,6 @@
|
||||
#!/bin/sh
|
||||
|
||||
mkdir -p /root/.ssh
|
||||
cd /root/.ssh
|
||||
chmod 700 .
|
||||
[ -f authorized_keys ] || touch authorized_keys
|
||||
chmod 600 authorized_keys
|
||||
|
||||
check_net() {
|
||||
url="http://169.254.169.254/2009-04-04/meta-data"
|
||||
(
|
||||
wget -q -O - -T 10 $url/public-keys 2> /dev/null || exit 1
|
||||
@ -14,6 +9,34 @@ url="http://169.254.169.254/2009-04-04/meta-data"
|
||||
while read line
|
||||
do
|
||||
key=$(echo $line | sed 's/\([0-9]\+\)=.*/\1/')
|
||||
wget -q -O - -T 10 $url/public-keys/$key/openssh-key 2> /dev/null || exit 1
|
||||
key_url=$url/public-keys/$key/openssh-key
|
||||
wget -q -O - -T 10 $key_url 2> /dev/null || exit 1
|
||||
done
|
||||
) >> /root/.ssh/authorized_keys
|
||||
) >> authorized_keys
|
||||
}
|
||||
|
||||
json_metadata() {
|
||||
F=$1/ec2/2009-04-04/meta-data.json
|
||||
[ -f $F ] || return
|
||||
JSON.sh < $F | sed -n 's/^\["public-keys","[0-9]\+","openssh-key"\]\t"\(.*\)\\n"$/\1/p'
|
||||
}
|
||||
|
||||
check_cd() {
|
||||
[ -b /dev/sr0 ] || return
|
||||
mkdir /tmp/cd
|
||||
if mount /dev/sr0 /tmp/cd
|
||||
then
|
||||
json_metadata /tmp/cd >> authorized_keys
|
||||
umount /tmp/cd
|
||||
fi
|
||||
rmdir /tmp/cd
|
||||
}
|
||||
|
||||
mkdir -p /root/.ssh
|
||||
cd /root/.ssh
|
||||
chmod 700 .
|
||||
[ -f authorized_keys ] || touch authorized_keys
|
||||
chmod 600 authorized_keys
|
||||
|
||||
check_net
|
||||
check_cd
|
||||
|
@ -17,10 +17,18 @@ CONFIG_SYN_COOKIES=y
|
||||
CONFIG_DEVTMPFS=y
|
||||
CONFIG_DEVTMPFS_MOUNT=y
|
||||
CONFIG_VIRTIO_BLK=y
|
||||
CONFIG_SCSI=y
|
||||
CONFIG_BLK_DEV_SD=y
|
||||
CONFIG_BLK_DEV_SR=y
|
||||
CONFIG_CHR_DEV_SG=y
|
||||
CONFIG_SCSI_VIRTIO=y
|
||||
CONFIG_ATA=y
|
||||
CONFIG_ATA_PIIX=y
|
||||
CONFIG_PATA_OLDPIIX=y
|
||||
CONFIG_PATA_SCH=y
|
||||
CONFIG_PATA_VIA=y
|
||||
CONFIG_PATA_MPIIX=y
|
||||
CONFIG_ATA_GENERIC=y
|
||||
CONFIG_PATA_LEGACY=y
|
||||
CONFIG_NETDEVICES=y
|
||||
CONFIG_VIRTIO_NET=y
|
||||
# CONFIG_ETHERNET is not set
|
||||
@ -45,6 +53,8 @@ CONFIG_EXT2_FS=y
|
||||
CONFIG_EXT2_FS_XATTR=y
|
||||
CONFIG_EXT2_FS_POSIX_ACL=y
|
||||
CONFIG_EXT2_FS_SECURITY=y
|
||||
CONFIG_ISO9660_FS=y
|
||||
CONFIG_JOLIET=y
|
||||
CONFIG_TMPFS=y
|
||||
# CONFIG_MISC_FILESYSTEMS is not set
|
||||
CONFIG_NFS_FS=y
|
||||
|
@ -9,17 +9,30 @@
|
||||
|
||||
./init-buildroot.sh
|
||||
|
||||
# Grab JSON.sh for json parsing
|
||||
JSON_VERS=e05e69a0debdba68125a33ac786726cb860b2e7b
|
||||
JSON_SH=https://raw.githubusercontent.com/dominictarr/JSON.sh/$JSON_VERS/JSON.sh
|
||||
if [ ! -x download/JSON.sh ]
|
||||
then
|
||||
curl -s $JSON_SH > download/JSON.sh
|
||||
chmod +x download/JSON.sh
|
||||
fi
|
||||
|
||||
# Create the filesystem overlays
|
||||
if [ ! -d overlay-client ]
|
||||
then
|
||||
mkdir overlay-client
|
||||
cp -a common-files/* overlay-client
|
||||
mkdir -p overlay-client/usr/bin
|
||||
cp download/JSON.sh overlay-server/usr/bin
|
||||
fi
|
||||
if [ ! -d overlay-server ]
|
||||
then
|
||||
mkdir overlay-server
|
||||
cp -a common-files/* overlay-server
|
||||
cp -a server-files/* overlay-server
|
||||
mkdir -p overlay-server/usr/bin
|
||||
cp download/JSON.sh overlay-server/usr/bin
|
||||
fi
|
||||
|
||||
# Copy the config files where they need to go (temporarily)
|
||||
@ -45,4 +58,3 @@ do
|
||||
make O=../output-${IMAGE} all
|
||||
( cd .. ; ./make-bootable-disk.sh $IMAGE )
|
||||
done
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user