Commit 5bdec716 authored by David Johnson's avatar David Johnson

Use `geni-get key` to setup experiment-wide root ssh.

parent 1189232d
......@@ -16,15 +16,40 @@ fi
# Grab our libs
. "`dirname $0`/setup-lib.sh"
# Make ourself a keypair; this gets copied to other roots' authorized_keys
if [ ! -f /root/.ssh/id_rsa ]; then
ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ''
KEYNAME=id_rsa
# Remove it if it exists...
rm -f ~/.ssh/${KEYNAME} ~/.ssh/${KEYNAME}.pub
##
## Figure out our strategy. Are we using the new geni_certificate and
## geni_key support to generate the same keypair on each host, or not.
##
geni-get key > $OURDIR/$KEYNAME
chmod 600 $OURDIR/${KEYNAME}
if [ -s $OURDIR/${KEYNAME} ] ; then
ssh-keygen -f $OURDIR/${KEYNAME} -y > $OURDIR/${KEYNAME}.pub
chmod 600 $OURDIR/${KEYNAME}.pub
mkdir -p ~/.ssh
chmod 600 ~/.ssh
cp -p $OURDIR/${KEYNAME} $OURDIR/${KEYNAME}.pub ~/.ssh/
cat $OURDIR/${KEYNAME}.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
exit 0
fi
##
## If geni calls are not available, make ourself a keypair; this gets copied
## to other roots' authorized_keys.
##
if [ ! -f /root/.ssh/${KEYNAME} ]; then
ssh-keygen -t rsa -f /root/.ssh/${KEYNAME} -N ''
fi
if [ "$SWAPPER" = "geniuser" ]; then
SHAREDIR=/proj/$EPID/exp/$EEID/tmp
cp /root/.ssh/id_rsa.pub $SHAREDIR/$HOSTNAME
cp /root/.ssh/${KEYNAME}.pub $SHAREDIR/$HOSTNAME
for node in $NODES ; do
while [ ! -f $SHAREDIR/$node ]; do
......@@ -39,7 +64,7 @@ else
fqdn="$node.$EEID.$EPID.$OURDOMAIN"
SUCCESS=1
while [ $SUCCESS -ne 0 ]; do
su -c "$SSH -l $SWAPPER $fqdn sudo tee -a /root/.ssh/authorized_keys" $SWAPPER < /root/.ssh/id_rsa.pub
su -c "$SSH -l $SWAPPER $fqdn sudo tee -a /root/.ssh/authorized_keys" $SWAPPER < /root/.ssh/${KEYNAME}.pub
SUCCESS=$?
sleep 1
done
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment