You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by wi...@apache.org on 2014/05/27 12:18:07 UTC
[1/2] git commit: updated refs/heads/master to 6f244f3
Repository: cloudstack
Updated Branches:
refs/heads/master 19668713e -> 6f244f3ea
tools: Various fixes to set guest sshkeys script
The script would for example overwrite all existing keys in the
authorized_keys file
Some things in the bash script are also simplified
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6f244f3e
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6f244f3e
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6f244f3e
Branch: refs/heads/master
Commit: 6f244f3eac5201bef26c29e57f316378aed18953
Parents: 37874a3
Author: Wido den Hollander <wi...@widodh.nl>
Authored: Tue May 27 12:16:54 2014 +0200
Committer: Wido den Hollander <wi...@widodh.nl>
Committed: Tue May 27 12:17:45 2014 +0200
----------------------------------------------------------------------
setup/bindir/cloud-set-guest-sshkey.in | 55 ++++++++++++-----------------
1 file changed, 22 insertions(+), 33 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6f244f3e/setup/bindir/cloud-set-guest-sshkey.in
----------------------------------------------------------------------
diff --git a/setup/bindir/cloud-set-guest-sshkey.in b/setup/bindir/cloud-set-guest-sshkey.in
index 68a209f..4955dea 100755
--- a/setup/bindir/cloud-set-guest-sshkey.in
+++ b/setup/bindir/cloud-set-guest-sshkey.in
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash
#
# Init file for SSH Public Keys Download Client
#
@@ -12,9 +12,9 @@
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@@ -31,21 +31,17 @@ DHCP_FOLDERS="/var/lib/dhclient/* /var/lib/dhcp3/*"
keys_received=0
file_count=0
-for DHCP_FILE in $DHCP_FOLDERS
-do
- if [ -f $DHCP_FILE ]
- then
+for DHCP_FILE in $DHCP_FOLDERS; do
+ if [ -f $DHCP_FILE ]; then
file_count=$((file_count+1))
SSHKEY_SERVER_IP=$(grep dhcp-server-identifier $DHCP_FILE | tail -1 | awk '{print $NF}' | tr -d '\;')
- if [ -n "$SSHKEY_SERVER_IP" ]
- then
+ if [ -n "$SSHKEY_SERVER_IP" ]; then
logger -t "cloud" "Sending request to ssh key server at $SSHKEY_SERVER_IP"
- publickey=$(wget -t 3 -T 20 -O - http://$SSHKEY_SERVER_IP/latest/public-keys 2>/dev/null)
+ publickey=$(wget -q -t 3 -T 20 -O - http://$SSHKEY_SERVER_IP/latest/public-keys)
- if [ $? -eq 0 ]
- then
+ if [ $? -eq 0 ]; then
logger -t "cloud" "Got response from server at $SSHKEY_SERVER_IP"
keys_received=1
break
@@ -56,11 +52,10 @@ do
fi
done
-if [ "$keys_received" == "0" ]
-then
+if [ "$keys_received" == "0" ]; then
SSHKEY_SERVER_IP=$(nslookup data-server | grep Address |tr '\n' ' '| awk '{print $4}')
logger -t "cloud" "Sending request to ssh key server at $SSHKEY_SERVER_IP"
- publickey=$(wget -t 3 -T 20 -O - http://data-server/latest/public-keys 2>/dev/null)
+ publickey=$(wget -q -t 3 -T 20 -O - http://data-server/latest/public-keys)
if [ $? -eq 0 ]
then
logger -t "cloud" "Got response from server at $SSHKEY_SERVER_IP"
@@ -70,39 +65,33 @@ then
fi
fi
-# did we find the keys anywhere?
-if [ "$keys_received" == "0" ]
-then
+if [ "$keys_received" == "0" ]; then
logger -t "cloud" "Failed to get ssh keys from any server"
exit 1
fi
+if [ -z "$publickey" ]; then
+ logger -t "cloud" "Did not receive any keys from any server"
+ exit 1
+fi
-
-# set ssh public key
homedir=$(grep ^$user /etc/passwd|awk -F ":" '{print $6}')
sshdir=$homedir/.ssh
authorized=$sshdir/authorized_keys
-restorecon=/sbin/restorecon
-
-if [ ! -e $sshdir ]
-then
+if [ ! -e $sshdir ]; then
mkdir $sshdir
+ chmod 700 $sshdir
fi
-if [ ! -e $authorized ]
-then
+if [ ! -e $authorized ]; then
touch $authorized
+ chmod 600 $authorized
fi
-cat $authorized|grep -v "$publickey" > $authorized
+cat $authorized|grep -v "$publickey"|tee $authorized > /dev/null
echo "$publickey" >> $authorized
-if [ -e $restorecon ]
-then
- $restorecon -R -v $sshdir
-fi
-
-exit 0
+which restorecon && restorecon -R -v $sshdir
+exit 0
\ No newline at end of file
[2/2] git commit: updated refs/heads/master to 6f244f3
Posted by wi...@apache.org.
tools: Various fixes to password set script
The exit status of wget was not checked properly since it would
check the exit status of the 'echo' command.
Also fix some indentation in the script and remove whitespace
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/37874a3f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/37874a3f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/37874a3f
Branch: refs/heads/master
Commit: 37874a3fa86e1e644bf1ff1353d3504025a19ebf
Parents: 1966871
Author: Wido den Hollander <wi...@widodh.nl>
Authored: Tue May 27 11:36:20 2014 +0200
Committer: Wido den Hollander <wi...@widodh.nl>
Committed: Tue May 27 12:17:45 2014 +0200
----------------------------------------------------------------------
setup/bindir/cloud-set-guest-password.in | 84 ++++++++++++---------------
1 file changed, 38 insertions(+), 46 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/37874a3f/setup/bindir/cloud-set-guest-password.in
----------------------------------------------------------------------
diff --git a/setup/bindir/cloud-set-guest-password.in b/setup/bindir/cloud-set-guest-password.in
index 3215894..4c7c575 100755
--- a/setup/bindir/cloud-set-guest-password.in
+++ b/setup/bindir/cloud-set-guest-password.in
@@ -12,9 +12,9 @@
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@@ -28,49 +28,46 @@ user=root
# Add your DHCP lease folders here
DHCP_FOLDERS="/var/lib/dhclient/* /var/lib/dhcp3/* /var/lib/dhcp/*"
+PASSWORD_SERVER_PORT=8080
password_received=0
file_count=0
error_count=0
-for DHCP_FILE in $DHCP_FOLDERS
-do
- if [ -f $DHCP_FILE ]
- then
+for DHCP_FILE in $DHCP_FOLDERS; do
+ if [ -f $DHCP_FILE ]; then
file_count=$((file_count+1))
PASSWORD_SERVER_IP=$(grep dhcp-server-identifier $DHCP_FILE | tail -1 | awk '{print $NF}' | tr -d '\;')
- if [ -n "$PASSWORD_SERVER_IP" ]
- then
+ if [ -n "$PASSWORD_SERVER_IP" ]; then
logger -t "cloud" "Found password server IP $PASSWORD_SERVER_IP in $DHCP_FILE"
logger -t "cloud" "Sending request to password server at $PASSWORD_SERVER_IP"
- password=$(wget -q -t 3 -T 20 -O - --header "DomU_Request: send_my_password" $PASSWORD_SERVER_IP:8080)
- password=$(echo $password | tr -d '\r')
- if [ $? -eq 0 ]
- then
+ password=$(wget -q -t 3 -T 20 -O - --header "DomU_Request: send_my_password" $PASSWORD_SERVER_IP:$PASSWORD_SERVER_PORT)
+
+ if [ $? -eq 0 ]; then
+ password=$(echo $password | tr -d '\r')
logger -t "cloud" "Got response from server at $PASSWORD_SERVER_IP"
case $password in
-
- "") logger -t "cloud" "Password server at $PASSWORD_SERVER_IP did not have any password for the VM"
- continue
- ;;
-
- "bad_request") logger -t "cloud" "VM sent an invalid request to password server at $PASSWORD_SERVER_IP"
- error_count=$((error_count+1))
- continue
- ;;
-
- "saved_password") logger -t "cloud" "VM has already saved a password from the password server at $PASSWORD_SERVER_IP"
- continue
- ;;
-
- *) logger -t "cloud" "VM got a valid password from server at $PASSWORD_SERVER_IP"
- password_received=1
- break
- ;;
-
- esac
+ "")
+ logger -t "cloud" "Password server at $PASSWORD_SERVER_IP did not have any password for the VM"
+ continue
+ ;;
+ "bad_request")
+ logger -t "cloud" "VM sent an invalid request to password server at $PASSWORD_SERVER_IP"
+ error_count=$((error_count+1))
+ continue
+ ;;
+ "saved_password")
+ logger -t "cloud" "VM has already saved a password from the password server at $PASSWORD_SERVER_IP"
+ continue
+ ;;
+ *)
+ logger -t "cloud" "VM got a valid password from server at $PASSWORD_SERVER_IP"
+ password_received=1
+ break
+ ;;
+ esac
else
logger -t "cloud" "Failed to send request to password server at $PASSWORD_SERVER_IP"
error_count=$((error_count+1))
@@ -82,10 +79,8 @@ do
fi
done
-if [ "$password_received" == "0" ]
-then
- if [ "$error_count" == "$file_count" ]
- then
+if [ "$password_received" == "0" ]; then
+ if [ "$error_count" == "$file_count" ]; then
logger -t "cloud" "Failed to get password from any server"
exit 1
else
@@ -94,23 +89,20 @@ then
fi
fi
-logger -t "cloud" "Changing password ..."
+logger -t "cloud" "Changing password for user $user"
echo $user:$password | chpasswd
-
-if [ $? -gt 0 ]
-then
+
+if [ $? -gt 0 ]; then
usermod -p `mkpasswd -m SHA-512 $password` $user
-
- if [ $? -gt 0 ]
- then
+
+ if [ $? -gt 0 ]; then
logger -t "cloud" "Failed to change password for user $user"
exit 1
else
logger -t "cloud" "Successfully changed password for user $user"
fi
fi
-
+
logger -t "cloud" "Sending acknowledgment to password server at $PASSWORD_SERVER_IP"
-wget -t 3 -T 20 -O - --header "DomU_Request: saved_password" $PASSWORD_SERVER_IP:8080
+wget -q -t 3 -T 20 -O - --header "DomU_Request: saved_password" $PASSWORD_SERVER_IP:$PASSWORD_SERVER_PORT
exit 0
-