From d07afa97b8eafa2b9bf37aa2fbeaf1fc6395e28d Mon Sep 17 00:00:00 2001 From: Jonathan Cobb Date: Tue, 14 Jan 2020 23:56:27 -0500 Subject: [PATCH] install admin ssh key early on --- automation/roles/bubble/tasks/main.yml | 4 ++-- .../bubble/service/cloud/StandardNetworkService.java | 10 +++++++++- .../src/main/resources/ansible/install_local.sh.hbs | 8 +++++++- bubble-web | 2 +- 4 files changed, 19 insertions(+), 5 deletions(-) diff --git a/automation/roles/bubble/tasks/main.yml b/automation/roles/bubble/tasks/main.yml index 62b2eabe..a7ccea44 100644 --- a/automation/roles/bubble/tasks/main.yml +++ b/automation/roles/bubble/tasks/main.yml @@ -136,8 +136,8 @@ - name: Install refresh_bubble_ssh_keys monitor copy: - src: "refresh_bubble_ssh_keys.sh" - dest: "/usr/local/sbin/refresh_bubble_ssh_keys.sh" + src: "refresh_bubble_ssh_keys_monitor.sh" + dest: "/usr/local/sbin/refresh_bubble_ssh_keys_monitor.sh" owner: root group: root mode: 0500 diff --git a/bubble-server/src/main/java/bubble/service/cloud/StandardNetworkService.java b/bubble-server/src/main/java/bubble/service/cloud/StandardNetworkService.java index 2910fd92..c256c55e 100644 --- a/bubble-server/src/main/java/bubble/service/cloud/StandardNetworkService.java +++ b/bubble-server/src/main/java/bubble/service/cloud/StandardNetworkService.java @@ -154,7 +154,7 @@ public class StandardNetworkService implements NetworkService { final AccountPlan accountPlan = accountPlanDAO.findByAccountAndNetwork(account.getUuid(), network.getUuid()); - // ensure AccountPlan has been paid for + // ensure AccountPlan is enabled if (!accountPlan.enabled()) { progressMeter.error(METER_ERROR_PLAN_NOT_ENABLED); return die("newNode: accountPlan is not enabled: "+accountPlan.getUuid()); @@ -271,6 +271,14 @@ public class StandardNetworkService implements NetworkService { // write jar file copyFile(bubbleJar, new File(bubbleFilesDir, "bubble.jar")); + // write SSH key, if present + if (network.hasSshKey()) { + final File sshPubKeyFile = new File(bubbleFilesDir, "admin_ssh_key.pub"); + final AccountSshKey sshKey = sshKeyDAO.findByAccountAndId(network.getAccount(), network.getSshKey()); + if (sshKey == null) throw invalidEx("err.sshPublicKey.notFound"); + toFile(sshPubKeyFile, sshKey.getSshPublicKey()); + } + // write scripts final File scriptsDir = mkdirOrDie(new File(bubbleFilesDir, "scripts")); for (String script : BUBBLE_SCRIPTS) { diff --git a/bubble-server/src/main/resources/ansible/install_local.sh.hbs b/bubble-server/src/main/resources/ansible/install_local.sh.hbs index d35f7613..7674f344 100644 --- a/bubble-server/src/main/resources/ansible/install_local.sh.hbs +++ b/bubble-server/src/main/resources/ansible/install_local.sh.hbs @@ -34,9 +34,15 @@ if [[ ! -f "${ID_FILE}" ]] ; then ssh-keygen -t rsa -q -N '' -f ${ID_FILE} || die "Error generating RSA key" fi -# this is now the only authorized key. lockout the node that started us. +# lockout the node that started us cat "${PUB_FILE}" > "${AUTH_KEYS}" || die "Error updating ${AUTH_KEYS} file" +# add admin ssh key, if one was given +ADMIN_PUB_KEY="${ANSIBLE_DIR}/roles/bubble/files/admin_ssh_key.pub" +if [[ -f "${ADMIN_PUB_KEY}" ]] ; then + cat "${ADMIN_PUB_KEY}" >> "${AUTH_KEYS}" +fi + sudo apt-get update -y && apt-get upgrade -y || die "Error in apt update / upgrade" sudo apt-get -y install python3 python3-pip virtualenv || die "Error apt installing python3 or python3-pip" sudo pip3 install setuptools psycopg2-binary || die "Error pip3 installing setuptools or psycopg2-binary" diff --git a/bubble-web b/bubble-web index 1ad306cd..a162bffe 160000 --- a/bubble-web +++ b/bubble-web @@ -1 +1 @@ -Subproject commit 1ad306cdb3dbc9e56bf9068d438b5e0ca0ed1c37 +Subproject commit a162bffedf67175135d1d57a67d8b4a643c72522