new: add ssh private key mdata option for root user

We would like to store the public and private ssh key for the root user in mdata. This allow us to have that information after reprovision a zone. The only valid key must be an rsa key and the public key ist mostly not required by the system.
skylime · Oct 7, 2014 · af2d57f · af2d57f
1 parent 70332a6
commit af2d57f
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -15,6 +15,14 @@ Configure ssh public key for root user via `mdata` variable.
 
 - `root_authorized_keys`: ssh public key for the root user
 
+### root ssh public private key
+
+Configure ssh public and private key pair for root user via `mdata`. We only
+support rsa keys.
+
+- `root_ssh_rsa`: private ssh rsa key for root user
+- `root_ssh_rsa_pub`: public ssh key for root user (mostly not required)
+
 ### munin
 
 List of ip addresses of the munin master server that is allowed to connect. The ip addresses should be seperated by whitespace or newline.

diff --git a/copy/opt/core/var/mdata-setup/includes/02-root-ssh-keys.sh b/copy/opt/core/var/mdata-setup/includes/02-root-ssh-keys.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+# Configure ssh public and private key for root user in mdata variable
+
+if mdata-get root_ssh_rsa 1>/dev/null 2>&1; then
+	mkdir -p /root/.ssh
+	echo "# This file is managed by mdata-get root_ssh_rsa" \
+		> /root/.ssh/id_rsa
+	mdata-get root_ssh_rsa >> /root/.ssh/id_rsa
+
+	# Mostly not required but we only support it with privat key
+	if mdata-get root_ssh_rsa_pub 1>/dev/null 2>&1; then
+		echo "# This file is managed by mdata-get root_ssh_rsa_pub" \
+			> /root/.ssh/id_rsa.pub
+		mdata-get root_ssh_rsa_pub >> /root/.ssh/id_rsa.pub
+	fi
+
+	# Set correct permissions
+	chmod 700 /root/.ssh
+	chmod 600 /root/.ssh/id_rsa*
+fi