add new stack sshd to simplify deployment of sshd server on every instance

stack/sshd/bash_profile.in

+# Beware, this file is automatically processed by slapgrid
+# Do not modify it, your changes will be lost
+# If you want to load your custom bash configuration, please use a .bashrc file
+
+cd {{ workdir }}
+export PATH={{- path }}
+export PS1="$ "
+
+if [ -f "$HOME/.bashrc" ] ; then
+  source $HOME/.bashrc
+fi
+
+# If not running interactively, don't do anything
+case $- in
+    *i*) ;;
+      *) return;;
+esac
+
+# enable color support
+if [ -x /usr/bin/dircolors ]; then
+    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='ls --color=auto'
+fi
+
+# some more ls aliases
+alias ll='ls -l'
+alias la='ls -A'
+alias l='ls -CF'
+
+echo "Welcome to SlapOS slaprunner shell"
+echo 
+# TODO: how to run slapos ?
+#echo "You can use the following slapos CLI commands:"
+#echo "slapos node software"
+#echo "slapos node instance"
+#echo "slapos request"
+#echo ""
+# XXX for now we can use:
+#echo ~/bin/supervisorctl -c ~/etc/supervisorctl.conf
+#echo ~/bin/supervisorctl -c ~/srv/runner/instance/etc/supervisorctl.conf
+

stack/sshd/buildout.cfg

+[buildout]
+
+extends =
+  ../../component/openssh/buildout.cfg
+  ../../component/bash/buildout.cfg
+  ../../component/vim/buildout.cfg
+  ../../component/curl/buildout.cfg
+
+parts = 
+  template-instance-sshd
+
+[template-instance-sshd]
+recipe = slapos.recipe.template:jinja2
+template = ${:_profile_base_location_}/instance-sshd.cfg.jinja2
+rendered = ${buildout:directory}/template-sshd.cfg
+md5sum = d7a96ec018b78688d74b395058273f20
+context =
+  raw bash_executable_location ${bash:location}/bin/bash
+  raw curl_location ${curl:location}
+  raw openssh_location ${openssh:location}
+  raw template_bash_profile ${template-bash-profile:location}/${template-bash-profile:filename}
+  raw vim_location ${vim:location}
+
+[template-bash-profile]
+recipe = hexagonit.recipe.download
+ignore-existing = true
+download-only = true
+url = ${:_profile_base_location_}/${:filename}
+filename = bash_profile.in
+mode = 0644
\ No newline at end of file

stack/sshd/instance-sshd.cfg.jinja2

+[buildout]
+parts =
+  instance-sshd
+
+[slap-configuration]
+recipe = slapos.cookbook:slapconfiguration.serialised
+computer = ${slap-connection:computer-id}
+partition = ${slap-connection:partition-id}
+url = ${slap-connection:server-url}
+key = ${slap-connection:key-file}
+cert = ${slap-connection:cert-file}
+
+[directory]
+recipe = slapos.cookbook:mkdirectory
+etc = ${buildout:directory}/etc
+bin = ${buildout:directory}/bin
+srv = ${buildout:directory}/srv
+var = ${buildout:directory}/var
+run = ${:var}/run
+log = ${:var}/log
+scripts = ${:etc}/run
+services = ${:etc}/service
+promises = ${:etc}/promise
+ssh = ${:etc}/ssh/
+sshkeys = ${:srv}/sshkeys
+authorized-key-dir = ${buildout:directory}/.ssh
+
+# Deploy openssh-server
+[instance-sshd-port]
+recipe = slapos.cookbook:free_port
+minimum = 22222
+maximum = 22231
+ip = ${slap-configuration:ipv6-random}
+
+[instance-sshd-config]
+recipe = slapos.recipe.template:jinja2
+rendered = ${directory:etc}/instance-sshd.conf
+path_pid = ${directory:run}/instance-sshd.pid
+host_key = ${directory:ssh}/instance_server_key.rsa
+template = inline:
+  PidFile ${:path_pid}
+  Port ${instance-sshd-port:port}
+  ListenAddress ${slap-configuration:ipv6-random}
+  Protocol 2
+  UsePrivilegeSeparation no
+  HostKey ${:host_key}
+  PasswordAuthentication no
+  PubkeyAuthentication yes
+  AuthorizedKeysFile ${buildout:directory}/.ssh/authorized_keys
+  ForceCommand if [ -z "$SSH_ORIGINAL_COMMAND" ]; then {{ bash_executable_location }} -l; else eval "$SSH_ORIGINAL_COMMAND"; fi
+  Subsystem sftp {{ openssh_location }}/libexec/sftp-server
+
+[instance-sshd-raw-server]
+recipe = slapos.cookbook:wrapper
+host = ${slap-configuration:ipv6-random}
+rsa-keyfile = ${instance-sshd-config:host_key}
+home = ${directory:ssh}
+command-line = {{ openssh_location }}/sbin/sshd -D -e -f ${instance-sshd-config:rendered}
+wrapper-path = ${directory:bin}/instance_raw_sshd
+
+[instance-sshd-server]
+recipe = collective.recipe.template
+log = ${directory:log}/instance-sshd.log
+input = inline:#!/bin/sh
+    exec ${instance-sshd-raw-server:wrapper-path} >> ${:log} 2>&1
+
+output = ${directory:bin}/instance_raw_sshd_log
+mode = 700
+
+[instance-sshd-graceful]
+recipe = slapos.cookbook:wrapper
+command-line = ${directory:bin}/killpidfromfile ${instance-sshd-config:path_pid} SIGHUP
+wrapper-path = ${directory:scripts}/instance-sshd-graceful
+
+[instance-sshkeys-directory]
+recipe = slapos.cookbook:mkdirectory
+requests = ${directory:sshkeys}/instance-requests/
+keys = ${directory:sshkeys}/instance-keys/
+
+[instance-sshkeys-authority]
+recipe = slapos.cookbook:sshkeys_authority
+request-directory = ${instance-sshkeys-directory:requests}
+keys-directory = ${instance-sshkeys-directory:keys}
+wrapper = ${directory:services}/sshkeys_authority
+keygen-binary = {{ openssh_location }}/bin/ssh-keygen
+
+[instance-sshd]
+<= instance-sshkeys-authority
+recipe = slapos.cookbook:sshkeys_authority.request
+name = sshd
+type = rsa
+executable = ${instance-sshd-server:output}
+public-key = ${instance-sshd-raw-server:rsa-keyfile}.pub
+private-key = ${instance-sshd-raw-server:rsa-keyfile}
+wrapper = ${directory:services}/instance-sshd
+
+depend-list = 
+  ${instance-sshd-graceful:wrapper-path}
+  ${instance-sshkeys-authority:wrapper}
+  ${instance-sshd-promise:path}
+  ${bash-profile:rendered}
+#  ${instance-sshd-add-authorized-key:home}
+# Authorized key will not be added here
+
+ssh-command = ssh ${user-info:pw-name}@${slap-configuration:ipv6-random} -p ${instance-sshd-port:port}
+authorized-key-file = ${directory:authorized-key-dir}/authorized_keys
+
+[instance-sshd-add-authorized-key]
+recipe = slapos.cookbook:dropbear.add_authorized_key
+home = ${buildout:directory}
+key = ${slap-parameter:user-authorized-key}
+
+[instance-sshd-promise]
+recipe = slapos.cookbook:check_port_listening
+path = ${directory:promises}/instance-sshd
+hostname = ${slap-configuration:ipv6-random}
+port = ${instance-sshd-port:port}
+
+[user-info]
+recipe = slapos.cookbook:userinfo
+
+[bash-profile]
+recipe = slapos.recipe.template:jinja2
+template = {{ template_bash_profile }}
+rendered = ${buildout:directory}/.bash_profile
+context =
+    raw path $PATH:{{ vim_location }}/bin:{{ curl_location }}/bin
+    key workdir buildout:directory
+
+[slap-parameter]
+user-authorized-key =
\ No newline at end of file