brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From henev...@apache.org
Subject [03/21] incubator-brooklyn git commit: add extraSshPublicKeys options to jclouds
Date Tue, 27 Jan 2015 17:45:10 GMT
add extraSshPublicKeys options to jclouds

allows extra public keys to be supplied to authorized_keys on provisioned vm's


Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/50395595
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/50395595
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/50395595

Branch: refs/heads/master
Commit: 50395595f9a808af254a715516adce6b1ae5d93c
Parents: c3828fb
Author: Alex Heneveld <alex.heneveld@cloudsoftcorp.com>
Authored: Thu Jan 22 20:42:08 2015 +0000
Committer: Alex Heneveld <alex.heneveld@cloudsoftcorp.com>
Committed: Thu Jan 22 20:56:04 2015 +0000

----------------------------------------------------------------------
 .../location/jclouds/JcloudsLocation.java       | 24 +++++++++++++++-----
 .../location/jclouds/JcloudsLocationConfig.java |  6 ++++-
 2 files changed, 23 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/50395595/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
----------------------------------------------------------------------
diff --git a/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
b/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
index ec76330..0916b21 100644
--- a/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
+++ b/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
@@ -111,7 +111,9 @@ import brooklyn.location.jclouds.templates.PortableTemplateBuilder;
 import brooklyn.location.jclouds.zone.AwsAvailabilityZoneExtension;
 import brooklyn.management.AccessController;
 import brooklyn.util.ResourceUtils;
+import brooklyn.util.collections.MutableList;
 import brooklyn.util.collections.MutableMap;
+import brooklyn.util.collections.MutableSet;
 import brooklyn.util.config.ConfigBag;
 import brooklyn.util.crypto.SecureKeys;
 import brooklyn.util.exceptions.CompoundRuntimeException;
@@ -180,8 +182,6 @@ public class JcloudsLocation extends AbstractCloudMachineProvisioningLocation
im
 
     // TODO test (and fix) ability to set config keys from flags
 
-    // TODO need a way to define imageId (and others?) with a specific location
-
     // TODO we say config is inherited, but it isn't the case for many "deep" / jclouds properties
     // e.g. when we pass getRawLocalConfigBag() in and decorate it with additional flags
     // (inheritance only works when we call getConfig in this class)
@@ -760,6 +760,17 @@ public class JcloudsLocation extends AbstractCloudMachineProvisioningLocation
im
                     List<String> cmds = ImmutableList.of(IptablesCommands.iptablesServiceStop(),
IptablesCommands.iptablesServiceStatus());
                     sshMachineLocation.execCommands("Stopping iptables", cmds);
                 }
+                
+                List<String> extraKeyUrlsToAuth = setup.get(EXTRA_PUBLIC_KEYS_TO_AUTH);
+                if (extraKeyUrlsToAuth!=null && !extraKeyUrlsToAuth.isEmpty()) {
+                    List<String> extraKeyDataToAuth = MutableList.of();
+                    for (String keyUrl: extraKeyUrlsToAuth) {
+                        extraKeyDataToAuth.add(ResourceUtils.create().getResourceAsString(keyUrl));
+                    }
+                    sshMachineLocation.execCommands("Authorizing ssh keys", 
+                        MutableList.of(new AuthorizeRSAPublicKeys(extraKeyDataToAuth).render(org.jclouds.scriptbuilder.domain.OsFamily.UNIX)));
+                }
+
             } else {
                 // Otherwise we have deliberately not waited to be ssh'able, so don't try
now to 
                 // ssh to exec these commands!
@@ -775,8 +786,8 @@ public class JcloudsLocation extends AbstractCloudMachineProvisioningLocation
im
             LOG.info("Finished VM "+setup.getDescription()+" creation:"
                     + " "+sshMachineLocation.getUser()+"@"+sshMachineLocation.getAddress()+":"+sshMachineLocation.getPort()
                     + (Boolean.TRUE.equals(setup.get(LOG_CREDENTIALS))
-                              ? "password=" + (userCredentials.getOptionalPassword().isPresent()
? userCredentials.getOptionalPassword() : "<absent>")
-                                      + " && key=" + (userCredentials.getOptionalPrivateKey().isPresent()
? userCredentials.getOptionalPrivateKey() : "<absent>")
+                              ? "password=" + userCredentials.getOptionalPassword().or("<absent>")
+                                      + " && key=" + userCredentials.getOptionalPrivateKey().or("<absent>")
                               : "")
                     + " ready after "+Duration.of(provisioningStopwatch).toStringRounded()
                     + " ("+template+" template built in "+Duration.of(templateTimestamp).toStringRounded()+";"
@@ -1435,8 +1446,9 @@ public class JcloudsLocation extends AbstractCloudMachineProvisioningLocation
im
             // (we build the creds below)
             adminBuilder.installAdminPrivateKey(false).adminPrivateKey(Identifiers.makeRandomId(12)+"-ignored");
             
-            // lock SSH (key only) iff there is a public key and no password supplied
-            adminBuilder.lockSsh(useKey && !config.get(JcloudsLocationConfig.DISABLE_ROOT_AND_PASSWORD_SSH));
+            // lock SSH means no root login and no passwordless login
+            // if we're using a password or we don't have sudo, then don't do this!
+            adminBuilder.lockSsh(useKey && grantUserSudo && !config.get(JcloudsLocationConfig.DISABLE_ROOT_AND_PASSWORD_SSH));
             
             statements.add(adminBuilder.build());
             

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/50395595/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocationConfig.java
----------------------------------------------------------------------
diff --git a/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocationConfig.java
b/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocationConfig.java
index 91a47dd..4e57fa2 100644
--- a/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocationConfig.java
+++ b/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocationConfig.java
@@ -19,6 +19,7 @@
 package brooklyn.location.jclouds;
 
 import java.util.Collection;
+import java.util.List;
 import java.util.concurrent.Semaphore;
 
 import org.jclouds.Constants;
@@ -71,7 +72,10 @@ public interface JcloudsLocationConfig extends CloudLocationConfig {
     public static final ConfigKey<String> LOGIN_USER_PRIVATE_KEY_FILE = ConfigKeys.newStringConfigKey("loginUser.privateKeyFile",
             "Custom private key for the user who logs in initially", null); 
     public static final ConfigKey<String> EXTRA_PUBLIC_KEY_DATA_TO_AUTH = ConfigKeys.newStringConfigKey("extraSshPublicKeyData",
-            "Additional public key data to add to authorized_keys", null);
+        "Additional public key data to add to authorized_keys", null);
+    @SuppressWarnings("serial")
+    public static final ConfigKey<List<String>> EXTRA_PUBLIC_KEYS_TO_AUTH = ConfigKeys.newConfigKey(new
TypeToken<List<String>>() {}, 
+        "extraSshPublicKeys", "Additional public keys (files or URLs) to add to authorized_keys",
null);
     
     public static final ConfigKey<Boolean> DONT_CREATE_USER = ConfigKeys.newBooleanConfigKey("dontCreateUser",

             "Whether to skip creation of 'user' when provisioning machines (default false)",
false);


Mime
View raw message