initial vm-{net,ssh} features
A virtual machine isn't very useful if there are no means to access it; let's bring up the basic networking and provide root SSH access via pre-existing public key. As the remote access with known default credentials is roughly equivalent to just lending one's VMs to anyone with network access to it, the fallback root password is now exterminated; you have to provide one (or a long enough random string if you plan to use keys only, see e.g. apg utility).
This commit is contained in:
parent
3f21b6b01c
commit
09be84beee
@ -4,4 +4,10 @@ ifeq (vm,$(IMAGE_CLASS))
|
||||
# NB: use/x11 employs some installer-feature packages
|
||||
vm/icewm: vm/bare use/cleanup/installer use/x11/xdm +icewm; @:
|
||||
|
||||
vm/net: vm/bare use/vm-net/dhcp use/vm-ssh; @:
|
||||
|
||||
vm/net-static: vm/bare use/vm-net/static use/vm-ssh
|
||||
@$(call set,VM_NET_IPV4ADDR,10.0.2.16/24)
|
||||
@$(call set,VM_NET_IPV4GW,10.0.2.2)
|
||||
|
||||
endif
|
||||
|
@ -30,6 +30,8 @@ endef
|
||||
|
||||
else
|
||||
|
||||
export BUILDDIR
|
||||
|
||||
include $(BUILDDIR)/distcfg.mk
|
||||
|
||||
# first rsync what's static, and make backups (*~) --
|
||||
|
@ -1,7 +1,11 @@
|
||||
#!/bin/sh
|
||||
|
||||
ROOTPW="${GLOBAL_ROOTPW:-root}"
|
||||
|
||||
if type -t chpasswd >&/dev/null; then
|
||||
echo "root:$ROOTPW" | chpasswd
|
||||
if [ -n "$GLOBAL_ROOTPW" ]; then
|
||||
if type -t chpasswd >&/dev/null; then
|
||||
echo "root:$GLOBAL_ROOTPW" | chpasswd
|
||||
else
|
||||
echo "** warning: chpasswd binary missing" >&2
|
||||
fi
|
||||
else
|
||||
echo "** warning: no root password provided, you're on your own" >&2
|
||||
fi
|
||||
|
@ -11,6 +11,10 @@ IMAGE_PACKAGES = $(SYSTEM_PACKAGES) \
|
||||
VM_TARBALL := $(IMAGE_OUTDIR)/$(IMAGE_NAME).tar
|
||||
VM_RAWDISK := $(IMAGE_OUTDIR)/$(IMAGE_NAME).raw
|
||||
|
||||
ifeq (,$(ROOTPW))
|
||||
$(error please provide root password via ROOTPW)
|
||||
endif
|
||||
|
||||
check-sudo:
|
||||
@if ! type -t sudo >&/dev/null; then \
|
||||
echo "** error: sudo not available, see doc/vm.txt" >&2; \
|
||||
|
@ -1,5 +1,6 @@
|
||||
#!/bin/sh -efu
|
||||
# remove temporary packages from the installed system
|
||||
|
||||
### FIXME: need to proxy CLEANUP_PACKAGES -> GLOBAL_CLEANUP_PACKAGES somewhere
|
||||
list="$(rpmquery -a --qf='%{NAME}\n' $GLOBAL_CLEANUP_PACKAGES)"
|
||||
[ -z "$list" ] || apt-get remove -f -y -- $list
|
||||
|
3
features.in/vm-net/README
Normal file
3
features.in/vm-net/README
Normal file
@ -0,0 +1,3 @@
|
||||
Эта фича добавляет базовую поддержку сети в создаваемый образ
|
||||
виртуальной машины. Принимаются предложения по усовершенствованию
|
||||
статической конфигурации.
|
11
features.in/vm-net/config.mk
Normal file
11
features.in/vm-net/config.mk
Normal file
@ -0,0 +1,11 @@
|
||||
use/vm-net:
|
||||
@$(call add_feature)
|
||||
@$(call add,THE_PACKAGES,etcnet)
|
||||
|
||||
use/vm-net/dhcp: use/vm-net
|
||||
@$(call add,THE_PACKAGES,dhcpcd)
|
||||
@$(call set,VM_NET,dhcp)
|
||||
|
||||
# need to further add VM_NET_IPV4ADDR and VM_NET_IPV4GW
|
||||
use/vm-net/static: use/vm-net
|
||||
@$(call set,VM_NET,static)
|
26
features.in/vm-net/generate.mk
Normal file
26
features.in/vm-net/generate.mk
Normal file
@ -0,0 +1,26 @@
|
||||
ifdef BUILDDIR
|
||||
|
||||
include $(BUILDDIR)/distcfg.mk
|
||||
|
||||
all: dir = $(BUILDDIR)/files/etc/net/ifaces/eth0
|
||||
all:
|
||||
@write_static() { \
|
||||
echo "$(VM_NET_IPV4ADDR)" > "$(dir)/ipv4address"; \
|
||||
echo "default via $(VM_NET_IPV4GW)" > "$(dir)/ipv4route"; \
|
||||
}; \
|
||||
if [ -n "$(VM_NET)" ] && mkdir -p "$(dir)"; then \
|
||||
case "$(VM_NET)" in \
|
||||
dhcp) ;; \
|
||||
static) write_static;; \
|
||||
*) \
|
||||
echo "** error: unknown value of $(VM_NET)" >&2; \
|
||||
exit 1;; \
|
||||
esac; \
|
||||
{ \
|
||||
echo "TYPE=eth"; \
|
||||
echo "DISABLED=no"; \
|
||||
echo "BOOTPROTO=$(VM_NET)"; \
|
||||
} > "$(dir)/options"; \
|
||||
fi
|
||||
|
||||
endif
|
6
features.in/vm-ssh/README
Normal file
6
features.in/vm-ssh/README
Normal file
@ -0,0 +1,6 @@
|
||||
Эта фича предназначена для добавления в образ виртуальной машины
|
||||
поддержки SSH: добавляется клиент и конфигурируется сервер
|
||||
(требуется задание пути к существующему публичному ключу
|
||||
посредством переменной SSH_KEY).
|
||||
|
||||
Фактически требует один из вариантов use/vm-net для осмысленности.
|
3
features.in/vm-ssh/config.mk
Normal file
3
features.in/vm-ssh/config.mk
Normal file
@ -0,0 +1,3 @@
|
||||
use/vm-ssh:
|
||||
@$(call add_feature)
|
||||
@$(call add,THE_LISTS,openssh)
|
12
features.in/vm-ssh/generate.mk
Normal file
12
features.in/vm-ssh/generate.mk
Normal file
@ -0,0 +1,12 @@
|
||||
ifdef BUILDDIR
|
||||
|
||||
include $(BUILDDIR)/distcfg.mk
|
||||
|
||||
# prepare the provided public SSH key to be carried over into the VM image
|
||||
all: SSH_DIR = $(BUILDDIR)/files/root/.ssh
|
||||
all:
|
||||
@if [ -s "$(SSH_KEY)" ]; then \
|
||||
install -pD "$(SSH_KEY)" "$(SSH_DIR)/authorized_keys"; \
|
||||
fi
|
||||
|
||||
endif
|
5
features.in/vm-ssh/image-scripts.d/50-.ssh-perms
Executable file
5
features.in/vm-ssh/image-scripts.d/50-.ssh-perms
Executable file
@ -0,0 +1,5 @@
|
||||
#!/bin/sh
|
||||
# tighten up permissions just in case
|
||||
|
||||
[ ! -d /root/.ssh ] || chmod 700 /root/.ssh
|
||||
[ ! -f /root/.ssh/authorized_keys ] || chmod 600 /root/.ssh/authorized_keys
|
Loading…
Reference in New Issue
Block a user