setup-root-ssh.sh 1.89 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
#!/bin/sh

##
## Setup a root ssh key on the calling node, and broadcast it to all the
## other nodes' authorized_keys file.
##

set -x

# Gotta know the rules!
if [ $EUID -ne 0 ] ; then
    echo "This script must be run as root" 1>&2
    exit 1
fi

# Grab our libs
. "`dirname $0`/setup-lib.sh"

19 20
logtstart "root-ssh"

21 22 23
KEYNAME=id_rsa

# Remove it if it exists...
24
rm -f /root/.ssh/${KEYNAME} /root/.ssh/${KEYNAME}.pub
25 26 27 28 29 30 31 32 33 34

##
## Figure out our strategy.  Are we using the new geni_certificate and
## geni_key support to generate the same keypair on each host, or not.
##
geni-get key > $OURDIR/$KEYNAME
chmod 600 $OURDIR/${KEYNAME}
if [ -s $OURDIR/${KEYNAME} ] ; then
    ssh-keygen -f $OURDIR/${KEYNAME} -y > $OURDIR/${KEYNAME}.pub
    chmod 600 $OURDIR/${KEYNAME}.pub
35 36 37 38 39 40
    mkdir -p /root/.ssh
    chmod 600 /root/.ssh
    cp -p $OURDIR/${KEYNAME} $OURDIR/${KEYNAME}.pub /root/.ssh/
    ps axwww > $OURDIR/ps.txt
    cat $OURDIR/${KEYNAME}.pub >> /root/.ssh/authorized_keys
    chmod 600 /root/.ssh/authorized_keys
41
    logtend "root-ssh"
42 43 44 45 46 47 48 49 50
    exit 0
fi

##
## If geni calls are not available, make ourself a keypair; this gets copied
## to other roots' authorized_keys.
##
if [ ! -f /root/.ssh/${KEYNAME} ]; then
    ssh-keygen -t rsa -f /root/.ssh/${KEYNAME} -N ''
51 52
fi

53 54 55 56 57
if [ -f $SETTINGS ]; then
    . $SETTINGS
fi

if [ $GENIUSER -eq 1 ]; then
58 59
    SHAREDIR=/proj/$EPID/exp/$EEID/tmp

60
    cp /root/.ssh/${KEYNAME}.pub $SHAREDIR/$HOSTNAME
61

62
    for node in $NODES ; do
63 64 65 66 67 68 69
	while [ ! -f $SHAREDIR/$node ]; do
            sleep 1
	done
	echo $node is up
	cat $SHAREDIR/$node >> /root/.ssh/authorized_keys
    done
else
70
    for node in $NODES ; do
71
	if [ "$node" != "$HOSTNAME" ]; then 
David Johnson's avatar
David Johnson committed
72
	    fqdn=`getfqdn $node`
73 74
	    SUCCESS=1
	    while [ $SUCCESS -ne 0 ]; do
75
		su -c "$SSH  -l $SWAPPER $fqdn sudo tee -a /root/.ssh/authorized_keys" $SWAPPER < /root/.ssh/${KEYNAME}.pub
76 77 78
		SUCCESS=$?
		sleep 1
	    done
79 80 81 82
	fi
    done
fi

83 84
logtend "root-ssh"

85
exit 0