kvm: set authorized_file to download into guest vm

software/kvm/common.cfg

@@ -50,6 +50,7 @@ eggs =
   erp5.util
   cns.recipe.symlink
   collective.recipe.template
+  plone.recipe.command
 
 [http-proxy]
 # https://github.com/nodejitsu/node-http-proxy
@@ -94,7 +95,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/instance-kvm.cfg.jinja2
 mode = 644
-md5sum = ba2be2e288c662b1566550132c0ca6a7
+md5sum = 679c350a9570252dad1079ea1c80a6ec
 download-only = true
 on-update = true
 
@@ -102,7 +103,7 @@ on-update = true
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/instance-kvm-cluster.cfg.jinja2.in
 mode = 644
-md5sum = c0c839198bd4450885de865570b6f406
+md5sum = ea4302330452cb00c76f8a52e7e952eb
 download-only = true
 on-update = true
 

software/kvm/instance-kvm-cluster-input-schema.json

@@ -122,6 +122,11 @@
       },
       "type": "object"
     },
+    "authorized-key": {
+      "title": "Public key to put in all virtual machines.",
+      "description": "Set the public key to add in your virtual machine. The public key file will be available in the VM via url http://10.0.2.100/authorized_key if you keep the NAT interface enabled",
+      "type": "string"
+    },
     "kvm-partition-dict": {
       "title": "kvm instances definition",
       "description": "kvm instances definition",

software/kvm/instance-kvm-cluster.cfg.jinja2.in

@@ -30,6 +30,7 @@ config-frontend-instance-name = {{ instance_name ~ ' VNC Frontend' }}
 config-frontend-software-type = {{ dumps(frontend_dict.get('software-type', 'frontend')) }}
 config-frontend-software-url = {{ dumps(frontend_dict.get('software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/refs/tags/slapos-0.92:/software/kvm/software.cfg')) }}
 config-frontend-instance-guid = {{ dumps(frontend_dict.get('instance-guid', '')) }}
+config-authorized-key = {{ dumps(slapparameter_dict.get('authorized-key', '')) }}
 config-nbd-port = {{ dumps(kvm_parameter_dict.get('nbd-port', 1024)) }}
 config-nbd-host = {{ dumps(kvm_parameter_dict.get('nbd-host', '')) }}
 config-nbd2-port = {{ dumps(kvm_parameter_dict.get('nbd-port2', 1024)) }}

software/kvm/instance-kvm-input-schema.json

@@ -136,6 +136,11 @@
       "description": "List of rules for NAT of QEMU user mode network stack, as comma-separated list of ports. For each port specified, it will redirect port x of the VM (example: 80) to the port x + 10000 of the public IPv6 (example: 10080). Defaults to \"22 80 443\". Ignored if \"use-tap\" parameter is enabled.",
       "type": "string"
     },
+    "authorized-key": {
+      "title": "Public key to put in all virtual machines.",
+      "description": "Set the public key to add in your virtual machine. The public key file will be available in the VM via url http://10.0.2.100/authorized_keys if you keep the NAT interface enabled",
+      "type": "string"
+    },
     "frontend-instance-guid": {
       "title": "Frontend Instance ID",
       "description": "Unique identifier of the frontend instance, like \"SOFTINST-11031\".",

software/kvm/instance-kvm.cfg.jinja2

+{% set enable_http = slapparameter_dict.get('enable-http-server', 'False') -%}
 #############################
 #
 # Instanciate kvm
@@ -18,6 +19,7 @@ parts =
 {% if slapparameter_dict.get('enable-http-server', 'False') == 'True' %}
   httpd
   httpd-promise
+  get-authorized-key
 
 extends = 
   {{ template_httpd_cfg }}
@@ -272,13 +274,26 @@ nat-rule-url-{{port}} = [${slap-network-information:global-ipv6}]:{{external_por
 {% if slapparameter_dict.get('use-tap', 'False') == 'True' -%}
 tap-ipv4 = ${slap-network-information:tap-ipv4}
 {% endif -%}
+
+{% set kvm_http = 'http://${slap-network-information:local-ipv4}:' ~ slapparameter_dict.get('httpd-port', 8081) -%}
+{% if enable_http == 'True' %}
+{%   if slapparameter_dict.get('use-nat', 'True') == 'True' -%}
+{%     set kvm_http = 'http://10.0.2.100' -%}
+{%   endif %}
+{%   if slapparameter_dict.get('authorized-key', '') -%}
+7_info = Get the publick key file in your VM with the command: wget {{ kvm_http }}/${get-authorized-key:filename}
+{%   endif %}
+{% endif %}
+
 {% if slapparameter_dict.get('use-tap', 'False') == 'True' and tap_network_dict.has_key('ipv4') -%}
 1_info = Use these configurations below to configure interface {{ iface }} in your VM.
 2_info = ${network-config:ifconfig}
 3_info = ${network-config:route-iface}
 4_info = ${network-config:route-network}
 5_info = ${network-config:route-default}
-6_info = In your VM you can run the command: wget -O- http://10.0.2.100/netconfig.sh | /bin/sh -
+{% if enable_http == 'True' %}
+6_info = Or run in your VM the command: wget -O- {{ kvm_http }}/netconfig.sh | /bin/sh -
+{% endif %}
 
 [network-config]
 recipe = plone.recipe.command
@@ -290,6 +305,8 @@ route-network = route add -net ${slap-network-information:tap-network} netmask $
 route-default = route add default gw ${slap-network-information:tap-gateway}
 {%   elif global_ipv4_prefix -%}
 route-default = ip route add {{ global_ipv4_prefix }} via ${slap-network-information:tap-gateway} dev {{ iface }} src ${slap-network-information:tap-ipv4}
+{% else -%}
+route-default =
 {%   endif -%}
 command = 
   echo "#!/bin/sh" > ${:path}
@@ -298,8 +315,19 @@ command =
   echo "${:route-iface}" >> ${:path}
   echo "${:route-network}" >> ${:path}
   echo "${:route-default}" >> ${:path}
+update-command = ${:command}
 {% endif -%}
 
+[get-authorized-key]
+recipe = plone.recipe.command
+filename = authorized_keys
+path = ${directory:public}/${:filename}
+public-key = {{ slapparameter_dict.get('authorized-key', '') }}
+command = 
+  rm -f ${:path}
+  authorizedkey="${:public-key}"
+  echo "$authorizedkey" > ${:path}
+update-command = ${:command}
 
 [slap-parameter]
 # Default values if not specified
@@ -334,5 +362,8 @@ external-disk-number = 0
 external-disk-size = 20
 external-disk-format = qcow2
 
+# Help to get some configuration files into the vm from http
 enable-http-server = False
 httpd-port = 8081
+# for auto config, the public key file will be available in the VM via url http://10.0.2.100/authorized_key if use-nat = True
+authorized-key =