initial vm-{net,ssh} features

A virtual machine isn't very useful if there are no means
to access it; let's bring up the basic networking and provide
root SSH access via pre-existing public key.

As the remote access with known default credentials is roughly
equivalent to just lending one's VMs to anyone with network
access to it, the fallback root password is now exterminated;
you have to provide one (or a long enough random string
if you plan to use keys only, see e.g. apg utility).
This commit is contained in:
Michael Shigorin 2012-06-21 21:39:37 +03:00
parent 3f21b6b01c
commit 09be84beee
12 changed files with 87 additions and 4 deletions

View File

@ -4,4 +4,10 @@ ifeq (vm,$(IMAGE_CLASS))
# NB: use/x11 employs some installer-feature packages
vm/icewm: vm/bare use/cleanup/installer use/x11/xdm +icewm; @:
vm/net: vm/bare use/vm-net/dhcp use/vm-ssh; @:
vm/net-static: vm/bare use/vm-net/static use/vm-ssh
@$(call set,VM_NET_IPV4ADDR,10.0.2.16/24)
@$(call set,VM_NET_IPV4GW,10.0.2.2)
endif

View File

@ -30,6 +30,8 @@ endef
else
export BUILDDIR
include $(BUILDDIR)/distcfg.mk
# first rsync what's static, and make backups (*~) --

View File

@ -1,7 +1,11 @@
#!/bin/sh
ROOTPW="${GLOBAL_ROOTPW:-root}"
if type -t chpasswd >&/dev/null; then
echo "root:$ROOTPW" | chpasswd
if [ -n "$GLOBAL_ROOTPW" ]; then
if type -t chpasswd >&/dev/null; then
echo "root:$GLOBAL_ROOTPW" | chpasswd
else
echo "** warning: chpasswd binary missing" >&2
fi
else
echo "** warning: no root password provided, you're on your own" >&2
fi

View File

@ -11,6 +11,10 @@ IMAGE_PACKAGES = $(SYSTEM_PACKAGES) \
VM_TARBALL := $(IMAGE_OUTDIR)/$(IMAGE_NAME).tar
VM_RAWDISK := $(IMAGE_OUTDIR)/$(IMAGE_NAME).raw
ifeq (,$(ROOTPW))
$(error please provide root password via ROOTPW)
endif
check-sudo:
@if ! type -t sudo >&/dev/null; then \
echo "** error: sudo not available, see doc/vm.txt" >&2; \

View File

@ -1,5 +1,6 @@
#!/bin/sh -efu
# remove temporary packages from the installed system
### FIXME: need to proxy CLEANUP_PACKAGES -> GLOBAL_CLEANUP_PACKAGES somewhere
list="$(rpmquery -a --qf='%{NAME}\n' $GLOBAL_CLEANUP_PACKAGES)"
[ -z "$list" ] || apt-get remove -f -y -- $list

View File

@ -0,0 +1,3 @@
Эта фича добавляет базовую поддержку сети в создаваемый образ
виртуальной машины. Принимаются предложения по усовершенствованию
статической конфигурации.

View File

@ -0,0 +1,11 @@
use/vm-net:
@$(call add_feature)
@$(call add,THE_PACKAGES,etcnet)
use/vm-net/dhcp: use/vm-net
@$(call add,THE_PACKAGES,dhcpcd)
@$(call set,VM_NET,dhcp)
# need to further add VM_NET_IPV4ADDR and VM_NET_IPV4GW
use/vm-net/static: use/vm-net
@$(call set,VM_NET,static)

View File

@ -0,0 +1,26 @@
ifdef BUILDDIR
include $(BUILDDIR)/distcfg.mk
all: dir = $(BUILDDIR)/files/etc/net/ifaces/eth0
all:
@write_static() { \
echo "$(VM_NET_IPV4ADDR)" > "$(dir)/ipv4address"; \
echo "default via $(VM_NET_IPV4GW)" > "$(dir)/ipv4route"; \
}; \
if [ -n "$(VM_NET)" ] && mkdir -p "$(dir)"; then \
case "$(VM_NET)" in \
dhcp) ;; \
static) write_static;; \
*) \
echo "** error: unknown value of $(VM_NET)" >&2; \
exit 1;; \
esac; \
{ \
echo "TYPE=eth"; \
echo "DISABLED=no"; \
echo "BOOTPROTO=$(VM_NET)"; \
} > "$(dir)/options"; \
fi
endif

View File

@ -0,0 +1,6 @@
Эта фича предназначена для добавления в образ виртуальной машины
поддержки SSH: добавляется клиент и конфигурируется сервер
(требуется задание пути к существующему публичному ключу
посредством переменной SSH_KEY).
Фактически требует один из вариантов use/vm-net для осмысленности.

View File

@ -0,0 +1,3 @@
use/vm-ssh:
@$(call add_feature)
@$(call add,THE_LISTS,openssh)

View File

@ -0,0 +1,12 @@
ifdef BUILDDIR
include $(BUILDDIR)/distcfg.mk
# prepare the provided public SSH key to be carried over into the VM image
all: SSH_DIR = $(BUILDDIR)/files/root/.ssh
all:
@if [ -s "$(SSH_KEY)" ]; then \
install -pD "$(SSH_KEY)" "$(SSH_DIR)/authorized_keys"; \
fi
endif

View File

@ -0,0 +1,5 @@
#!/bin/sh
# tighten up permissions just in case
[ ! -d /root/.ssh ] || chmod 700 /root/.ssh
[ ! -f /root/.ssh/authorized_keys ] || chmod 600 /root/.ssh/authorized_keys