kvm: allow to set more than one public key to add to authorized_keys file

1e9162cb · Alain Takoudjou · 0a0bd8da · 1e9162cb · 1e9162cb · 1e9162cb
Commit 1e9162cb authored May 05, 2015 by Alain Takoudjou
7 changed files
--- a/software/kvm/common.cfg
+++ b/software/kvm/common.cfg
@@ -87,7 +87,7 @@ command =
 [template]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance.cfg.in
-md5sum = ba30f71c132c600d7d5a884d2090b36b
+md5sum = c5fd8ed5878901233d39d006093a6b17
 output = ${buildout:directory}/template.cfg
 mode = 0644
@@ -95,7 +95,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/instance-kvm.cfg.jinja2
 mode = 644
-md5sum = 2bd53e4ea24ec94a3bde46ec0cbcc1e2
+md5sum = 42763900fce72f13bf23341774e5d097
 download-only = true
 on-update = true
@@ -103,7 +103,7 @@ on-update = true
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/instance-kvm-cluster.cfg.jinja2.in
 mode = 644
-md5sum = 84d4462570bedb289a2bbda1a9acb872
+md5sum = c20056662fe3aa0fa6ff7ae9a950f325
 download-only = true
 on-update = true
@@ -177,6 +177,15 @@ md5sum = 91f05377aff35ffbac7f2687e90b5dcc
 download-only = true
 on-update = true
+[template-content]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/template/template-content.in
+mode = 644
+filename = template-content.in
+md5sum = 47d492dafe5cb314bdc49bf013d21ead
+download-only = true
+on-update = true
 [template-httpd]
 recipe = slapos.recipe.template:jinja2
 filename = template-httpd.cfg

--- a/software/kvm/instance-kvm-cluster-input-schema.json
+++ b/software/kvm/instance-kvm-cluster-input-schema.json
@@ -123,9 +123,9 @@
      "type": "object"
    },
    "authorized-key": {
-      "title": "Public key to put in all virtual machines.",
+      "title": "Public keys for virtual machines.",
-      "description": "Set the public key to add in your virtual machine. The public key file will be available in the VM via url http://10.0.2.100/authorized_key if you keep the NAT interface enabled",
+      "description": "Set the list of public keys to add in your virtual machine. The public key file will be available in the VM via url http://10.0.2.100/authorized_keys if you keep the NAT interface enabled",
-      "type": "string"
+      "type": "array"
    },
    "kvm-partition-dict": {
      "title": "kvm instances definition",

--- a/software/kvm/instance-kvm-cluster.cfg.jinja2.in
+++ b/software/kvm/instance-kvm-cluster.cfg.jinja2.in
@@ -31,7 +31,9 @@ config-frontend-software-type = {{ dumps(frontend_dict.get('software-type', 'fro
 config-frontend-software-url = {{ dumps(frontend_dict.get('software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/refs/tags/slapos-0.92:/software/kvm/software.cfg')) }}
 config-frontend-instance-guid = {{ dumps(frontend_dict.get('instance-guid', '')) }}
 config-name = {{ instance_name }}
-config-authorized-key = {{ dumps(slapparameter_dict.get('authorized-key', '')) }}
+{% if slapparameter_dict.get('authorized-key', []) -%}
+config-authorized-key = {{ slapparameter_dict.get('authorized-key') | join('##') }}
+{% endif -%}
 config-nbd-port = {{ dumps(kvm_parameter_dict.get('nbd-port', 1024)) }}
 config-nbd-host = {{ dumps(kvm_parameter_dict.get('nbd-host', '')) }}
 config-nbd2-port = {{ dumps(kvm_parameter_dict.get('nbd-port2', 1024)) }}

--- a/software/kvm/instance-kvm-input-schema.json
+++ b/software/kvm/instance-kvm-input-schema.json
@@ -137,8 +137,8 @@
      "type": "string"
    },
    "authorized-key": {
-      "title": "Public key to put in all virtual machines.",
+      "title": "Public keys to get from all virtual machines.",
-      "description": "Set the public key to add in your virtual machine. The public key file will be available in the VM via url http://10.0.2.100/authorized_keys if you keep the NAT interface enabled",
+      "description": "Set the public keys to add in your virtual machine. Keys are separated with '##'. The public key file will be available in the VM via url http://10.0.2.100/authorized_keys if you keep the NAT interface enabled",
      "type": "string"
    },
    "frontend-instance-guid": {

--- a/software/kvm/instance-kvm.cfg.jinja2
+++ b/software/kvm/instance-kvm.cfg.jinja2
@@ -19,7 +19,6 @@ parts =
 {% if slapparameter_dict.get('enable-http-server', 'False') == 'True' %}
  httpd
  httpd-promise
-  get-authorized-key
  publish-host-config
 extends = 
@@ -320,15 +319,14 @@ update-command = ${:command}
 {% endif -%}
 [get-authorized-key]
-recipe = plone.recipe.command
+recipe = slapos.recipe.template:jinja2
+template = {{ template_content }}
 filename = authorized_keys
-path = ${directory:public}/${:filename}
+rendered = ${directory:public}/${:filename}
 public-key = {{ slapparameter_dict.get('authorized-key', '') }}
-command = 
+context =
-  rm -f ${:path}
+    key content_list :public-key
-  authorizedkey="${:public-key}"
+    raw sep ##
-  echo "$authorizedkey" > ${:path}
-update-command = ${:command}
 [publish-host-config]
 recipe = plone.recipe.command

--- a/software/kvm/instance.cfg.in
+++ b/software/kvm/instance.cfg.in
@@ -89,6 +89,7 @@ context =
    raw qemu_img_executable_location ${kvm:location}/bin/qemu-img
    raw sixtunnel_executable_location ${6tunnel:location}/bin/6tunnel
    raw template_httpd_cfg ${template-httpd:rendered}
+    raw template_content ${template-content:location}/${template-content:filename}
    raw websockify_executable_location ${buildout:directory}/bin/websockify
 template-parts-destination = ${template-parts:destination}
 template-replicated-destination = ${template-replicated:destination}

--- a/software/kvm/template/template-content.in
+++ b/software/kvm/template/template-content.in
+{% for content in content_list.split(sep) -%}
+{{ content }}
+{% endfor -%}
\ No newline at end of file