Skip to content
  • Leigh B Stoller's avatar
    Add a new localize_mfs script (based on stuff that was in the mfs · e894ec36
    Leigh B Stoller authored
    install script, but I pulled out to create an independent script).
    This works on both freebsd and linux based MFSs. The intent is to do
    all of the localization automcatically for site admins, so that they
    can import new MFSs more easily. This is also used from the new
    install code to bring in the initial MFSs and localize them.
    Here is what we localize:
    * The timezone is copied from boss:/etc/localtime to mfs:/etc. Ryan
      says the upcoming version of the linux MFS will actually use
    * Copy boss:/usr/testbed/etc/{emulab.pem,client.pem} to mfs:/etc/emulab. 
      The former is for TPM, the later for the ssl version of tmcc.
    * Copy out boss root ssh keys (pub) to mfs:/root/.ssh/authorized_keys.
      In an ElabInElab we take care to combine with outer boss keys.
    * Copy out the image ssh host keys. These are the keys that we put on
      every image to avoid the ssh host key change sillyness. See notes
      below on how these keys are initialized on an existing emulab. The
      keys are copied from boss:/usr/testbed/etc/image_hostkeys to
      mfs:/etc/ssh directory.
    * Initialize the root and toor passwords from a new sitevar named
      images/root_password (which is the encryption hash, not plain
      text). See notes below on how this sitevar is initialized on an
      existing emulab.
    About initializing the host keys and the root password hash ... I
    added a new update script (27) that will go out to the current frisbee
    MFS and mount it, grab the current keys and password hash, and put
    them into place on boss. At the moment I only look for a FreeBSD
    frisbee MFS, since not too many people are running the linux mfs, and
    this was hard enough as it is!
    For a new installation, a new install phase script will build the them
    and install into /usr/testbed/etc/image_hostkeys. I have not dealt
    with the password yet.