51 lines
1.6 KiB

  1. #!/bin/bash
  2. set -eux # -x for verbose logging to juju debug-log
  3. ## ``--force-yes`` is required as kal-manage is not signed correctly.
  4. ## kal-manage provides the script /usr/lib/kal/dusk/sbin/ssh-cmd-validate
  5. ## used to validate any entrant connection to SSH.
  6. apt-get install -y --force-yes rsync kal-manage
  7. mkdir -p /var/mirror
  8. mkdir -p /var/lib/rsync
  9. groupadd -r rsync
  10. useradd -r rsync -d /var/lib/rsync -g rsync
  11. chown rsync:rsync /var/lib/rsync
  12. ## build silently a key for 'rsync' user:
  13. su -c 'ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa -q' - rsync
  14. ## /etc/sudoers
  15. cat <<EOF >> /etc/sudoers
  16. ## allow rsync to access /var/mirror
  17. rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRz --delete . /var/mirror/*
  18. rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRze.iLs --delete . /var/mirror/*
  19. rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRze.iLsf --delete . /var/mirror/*
  20. rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRze.iLsf --bwlimit=200 --delete . /var/mirror/*
  21. rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtpArRze.iLsf --delete . /var/mirror/*
  22. rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtpArRze.iLsf --bwlimit=200 --delete . /var/mirror/*
  23. EOF
  24. ## on client:
  25. #mkdir -p /var/lib/rsync
  26. #groupadd -r rsync
  27. #useradd -r rsync -d /var/lib/rsync -g rsync
  28. #chown rsync:rsync /var/lib/rsync
  29. #su -c 'ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa -q' - rsync
  30. ## then you should copy /var/lib/rsync/.ssh/id_rsa.pub in the destination LXC's
  31. ## /var/lib/rsync/.ssh/authorized_keys, prefixed with: command="/usr/sbin/ssh-cmd-validate"