install admin ssh key early on

преди 4 години · d07afa97b8
--- a/automation/roles/bubble/tasks/main.yml
+++ b/automation/roles/bubble/tasks/main.yml
@@ -136,8 +136,8 @@

 - name: Install refresh_bubble_ssh_keys monitor
  copy:
    src: "refresh_bubble_ssh_keys.sh"
    dest: "/usr/local/sbin/refresh_bubble_ssh_keys.sh"
    src: "refresh_bubble_ssh_keys_monitor.sh"
    dest: "/usr/local/sbin/refresh_bubble_ssh_keys_monitor.sh"
    owner: root
    group: root
    mode: 0500
--- a/bubble-server/src/main/java/bubble/service/cloud/StandardNetworkService.java
+++ b/bubble-server/src/main/java/bubble/service/cloud/StandardNetworkService.java
@@ -154,7 +154,7 @@ public class StandardNetworkService implements NetworkService {

            final AccountPlan accountPlan = accountPlanDAO.findByAccountAndNetwork(account.getUuid(), network.getUuid());

            // ensure AccountPlan has been paid for
            // ensure AccountPlan is enabled
            if (!accountPlan.enabled()) {
                progressMeter.error(METER_ERROR_PLAN_NOT_ENABLED);
                return die("newNode: accountPlan is not enabled: "+accountPlan.getUuid());
@@ -271,6 +271,14 @@ public class StandardNetworkService implements NetworkService {
            // write jar file
            copyFile(bubbleJar, new File(bubbleFilesDir, "bubble.jar"));

            // write SSH key, if present
            if (network.hasSshKey()) {
                final File sshPubKeyFile = new File(bubbleFilesDir, "admin_ssh_key.pub");
                final AccountSshKey sshKey = sshKeyDAO.findByAccountAndId(network.getAccount(), network.getSshKey());
                if (sshKey == null) throw invalidEx("err.sshPublicKey.notFound");
                toFile(sshPubKeyFile, sshKey.getSshPublicKey());
            }

            // write scripts
            final File scriptsDir = mkdirOrDie(new File(bubbleFilesDir, "scripts"));
            for (String script : BUBBLE_SCRIPTS) {
--- a/bubble-server/src/main/resources/ansible/install_local.sh.hbs
+++ b/bubble-server/src/main/resources/ansible/install_local.sh.hbs
@@ -34,9 +34,15 @@ if [[ ! -f "${ID_FILE}" ]] ; then
  ssh-keygen -t rsa -q -N '' -f ${ID_FILE} || die "Error generating RSA key"
 fi

 # this is now the only authorized key. lockout the node that started us.
 # lockout the node that started us
 cat "${PUB_FILE}" > "${AUTH_KEYS}" || die "Error updating ${AUTH_KEYS} file"

 # add admin ssh key, if one was given
 ADMIN_PUB_KEY="${ANSIBLE_DIR}/roles/bubble/files/admin_ssh_key.pub"
 if [[ -f "${ADMIN_PUB_KEY}" ]] ; then
  cat "${ADMIN_PUB_KEY}" >> "${AUTH_KEYS}"
 fi

 sudo apt-get update -y && apt-get upgrade -y || die "Error in apt update / upgrade"
 sudo apt-get -y install python3 python3-pip virtualenv || die "Error apt installing python3 or python3-pip"
 sudo pip3 install setuptools psycopg2-binary || die "Error pip3 installing setuptools or psycopg2-binary"
--- a/+ 1
+++ b/+ 1
@@ -1 +1 @@
 Subproject commit 1ad306cdb3dbc9e56bf9068d438b5e0ca0ed1c37
 Subproject commit a162bffedf67175135d1d57a67d8b4a643c72522