From: Frank Brehm Date: Thu, 11 Jun 2020 15:35:38 +0000 (+0200) Subject: Adding generation of authorized files of root X-Git-Tag: 2.1.2^2~9^2~31^2~53 X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=a28fa1bb6c66cb90c535e73bb6d10e6f6b75949b;p=pixelpark%2Fcreate-vmware-tpl.git Adding generation of authorized files of root --- diff --git a/kickstart/template-centos8.ks b/kickstart/template-centos8.ks index 3811d12..5aeb9b9 100644 --- a/kickstart/template-centos8.ks +++ b/kickstart/template-centos8.ks @@ -102,22 +102,21 @@ yum-utils # p7zip # screen -%post --interpreter=/usr/bin/bash +%post --interpreter=/usr/bin/bash --log=/var/log/post-install.log +### output to console +exec < /dev/tty6 > /dev/tty6 2> /dev/tty6 +chvt 6 +clear ###################################################################################### # Installation of pixelpark standard applications ###################################################################################### -### output to console -clear -POST_LOG="/var/log/post-install.log" -exec < /dev/console &> >(tee -a "$POST_LOG") - ### debug -set -x +# set -x echo "cobbler profile = $profile_name" echo @@ -150,6 +149,7 @@ export gateway="$gateway" export ip_address_eth0="$ip_address_eth0" export mac_address_eth0="$mac_address_eth0" export system_status="${SYSTEM_STATUS}" +export ws_rel_filesdir="${WS_REL_FILESDIR}" echo echo "hostname: '$hostname'" @@ -164,4 +164,9 @@ echo echo "Using snippet $basic_snippet" $SNIPPET($basic_snippet) +#set $authkeys_snippet = "per_status/" + $SYSTEM_STATUS + "/tpl.010.authkeys.sh" +echo +echo "Using snippet $authkeys_snippet" +$SNIPPET($authkeys_snippet) + %end diff --git a/lib/cr_vmware_tpl/cobbler.py b/lib/cr_vmware_tpl/cobbler.py index 880c088..424781b 100644 --- a/lib/cr_vmware_tpl/cobbler.py +++ b/lib/cr_vmware_tpl/cobbler.py @@ -37,7 +37,7 @@ from .config import CrTplConfiguration from .xlate import XLATOR -__version__ = '0.4.9' +__version__ = '0.4.10' LOG = logging.getLogger(__name__) @@ -644,6 +644,7 @@ class Cobbler(BaseHandler): ks_meta_list.append("ROOT_PWD_HASH={}".format(self.config.get_root_pwd_hash())) ks_meta_list.append("SWAP_SIZE_MB={}".format(self.config.swap_size_mb)) ks_meta_list.append("SYSTEM_STATUS={}".format(status)) + ks_meta_list.append("WS_REL_FILESDIR={}".format(self.config.cobbler_ws_rel_filesdir)) ks_meta = None if ks_meta_list: @@ -713,6 +714,19 @@ class Cobbler(BaseHandler): if proc.stderr: LOG.debug(_("Output on {}:").format('STDERR') + '\n' + proc.stderr) + # ------------------------------------------------------------------------- + def ensure_keys(self): + + local_keys_dir = self.base_dir / 'keys' + auth_keys_file = local_keys_dir / "auth_keys_pp_betrieb" + docroot = self.config.cobbler_ws_docroot / self.config.cobbler_ws_rel_filesdir + remote_dir = docroot / self.config.system_status / 'keys' + remote_file = remote_dir / "auth_keys_pp_betrieb" + + LOG.info(_("Ensuring currentness of authorized_keys file of root {!r}.").format( + str(remote_file))) + self.ensure_remote_file(auth_keys_file, remote_file) + # ============================================================================= if __name__ == "__main__": diff --git a/lib/cr_vmware_tpl/handler.py b/lib/cr_vmware_tpl/handler.py index 6378158..6501e3e 100644 --- a/lib/cr_vmware_tpl/handler.py +++ b/lib/cr_vmware_tpl/handler.py @@ -42,7 +42,7 @@ from .cobbler import CobblerError, Cobbler from .xlate import XLATOR -__version__ = '1.5.9' +__version__ = '1.5.10' LOG = logging.getLogger(__name__) TZ = pytz.timezone('Europe/Berlin') @@ -229,6 +229,7 @@ class CrTplHandler(BaseHandler): self.cobbler.ensure_root_authkeys() self.cobbler.ensure_system_ks() self.cobbler.ensure_snippets() + self.cobbler.ensure_keys() self.vsphere.get_about() self.vsphere.get_clusters() @@ -285,10 +286,10 @@ class CrTplHandler(BaseHandler): self.cobbler.add_system( name=tpl_sysname, fqdn=self.tpl_vm_fqdn, mac_address=self.tpl_macaddress) -# self.vsphere.poweron_vm(self.tpl_vm, max_wait=self.config.max_wait_for_poweron_vm) -# self.ts_start_install = time.time() -# self.wait_for_finish_install() -# + self.vsphere.poweron_vm(self.tpl_vm, max_wait=self.config.max_wait_for_poweron_vm) + self.ts_start_install = time.time() + self.wait_for_finish_install() + # self.get_postinstall_error() # if self.abort: # LOG.warn(_("Aborting after creation of template VM.")) diff --git a/snippets/tpl.001.basics.sh b/snippets/tpl.001.basics.sh index 15e9720..86473d5 100644 --- a/snippets/tpl.001.basics.sh +++ b/snippets/tpl.001.basics.sh @@ -2,6 +2,7 @@ #raw HASH_LINE="#######################################################################################" +COBBLER_URL="http://cobbler.pixelpark.com" echo "$(date --rfc-3339=seconds): Das ist das Post-Install-Script '$0'." echo @@ -17,5 +18,28 @@ if [[ -z "${ip_address_eth0}" ]] ; then ip_address_eth0="${IP_ADDRESS_ETH0}" fi +POSTFIX_MYORIGIN='pixelpark.net' +POSTFIX_RELAYHOST='[mx.pixelpark.com]' + +ERROR_POINTER="/root/postinst-error.txt" + +echo +echo "Some information:" +echo " \$hostname: $hostname" +echo " \$system_name: $system_name" +echo " \$gateway: $gateway" +echo " \$mac_address_eth0: $mac_address_eth0" +echo " \$ip_address_eth0: $ip_address_eth0" +echo " \$IP_ADDRESS_ETH0: $IP_ADDRESS_ETH0" +echo " \$SIMPLE_HOSTNAME: $SIMPLE_HOSTNAME" +echo " \$DOMAIN: $DOMAIN" + +#----------------------------------------------------------- +log() { + + echo "$(date --rfc-3339=seconds): $*" + echo "$*" >/dev/console +} + #end raw ## vim: ts=4 et list diff --git a/snippets/tpl.010.authkeys.sh b/snippets/tpl.010.authkeys.sh new file mode 100644 index 0000000..3e7ef50 --- /dev/null +++ b/snippets/tpl.010.authkeys.sh @@ -0,0 +1,32 @@ +## !/bin/bash +#raw + +#----------------------------------------------------------- +create_authkeys() { + + echo + echo "${HASH_LINE}" + echo "Calling create_authkeys() ..." + echo + local url="${COBBLER_URL}/${ws_rel_filesdir}/${system_status}/keys/auth_keys_pp_betrieb" + + log "Creating /root/.ssh ..." + mkdir -pv /root/.ssh + chmod -v 0700 /root/.ssh + + log "Creating /root/.ssh/authorized_keys ..." + echo "${HASH_LINE}" >> /root/.ssh/authorized_keys + echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZ3QNzqiDE6jUzmXnOzIM93mZBPZtSDbCgYQd8xwOz9ZROxqLcckr8qIvyLFDv/fedwQlLDTg90LGX/zHHAB0T+0DB2dMFOWeSloIMMp+0WwG9i6H0ty6NUVSktvG6h4jbgkhMhHGUEHhxgR2LgxTjq8fpcMOLJ4HLLGW9W3BQOVtoi8hiffKm5DB9Au0HgNvXP/UrCQkBtFzMyhRb7D7aFyDyU/7SuM6m17DIYNx1cg79AH3mjRTQXaOVBrOBJ4uaqy6srbGzWs5FSIMMbgOrcmZRw5GilrG5dBbT/OQSN+sHlECx216pyLrbSWcwG1Fo11iI53pnColRUljMIPJ+XRffxT2yINEfyvfr0GGMKi4c5fcDumgYwT2+foefy72sBhNwKhzjuGySPgRU/1PH8oIcu4TJWyW1xi0AfVZnJhjU5RKeWQ9VMhh1nDntpRdD5z+0FrAL+9AINW4Bjboc6OisikIABBeoT9mbYNNGdHA7rpdJwURycJDpJDhyr0voNnmQ15JF6KZebM0+OW9apTxdotKPKYJ8pFBRGXrTENSVvFNIBbYD55IJ2MlOD2eX6XX2/tnHMdZHCE9Gi22Y8p1oiahLtCU3Th8WwazQlh4H9xAJzK0jp7MOpI3Y553i8zBU47VpO5juELH2bCNwChpdbZbY0i6MxQF61d2iJw== create-vmware-tpl@pixelpark.com" >> /root/.ssh/authorized_keys + + local tmp_file=$( mktemp ) + wget -O "${tmp_file}" --dns-timeout=2 --connect-timeout=3 --read-timeout=3 "${url}" || true + if [[ -s "${tmp_file}" ]] ; then + cat "${tmp_file}" >> /root/.ssh/authorized_keys + fi + rm -v "${tmp_file}" +} + +create_authkeys + +#end raw +## vim: ts=4 et list