From 9fab03c1cd0318e1b9ba69ef900c40e3bbc4dda8 Mon Sep 17 00:00:00 2001 From: Valentin Lab Date: Tue, 23 Apr 2013 11:46:13 +0200 Subject: [PATCH] new: enable access to ``git.0k.io`` from other LXC --- precise/base-0k/hooks/install | 22 +++++++++++++++ .../base-0k/src/etc/ssh/lxc_git_access_id_rsa | 27 +++++++++++++++++++ .../src/etc/ssh/lxc_git_access_id_rsa.pub | 1 + precise/git/hooks/install | 17 ++++++++++++ precise/git/shorewall | 4 +++ .../git/src/etc/ssh/lxc_git_access_id_rsa.pub | 1 + 6 files changed, 72 insertions(+) create mode 100644 precise/base-0k/src/etc/ssh/lxc_git_access_id_rsa create mode 100644 precise/base-0k/src/etc/ssh/lxc_git_access_id_rsa.pub create mode 120000 precise/git/src/etc/ssh/lxc_git_access_id_rsa.pub diff --git a/precise/base-0k/hooks/install b/precise/base-0k/hooks/install index 98bb663..96a00d1 100755 --- a/precise/base-0k/hooks/install +++ b/precise/base-0k/hooks/install @@ -101,3 +101,25 @@ function glog() { prompt 1 EOF + + +## +## ssh config +## + + +cp src/etc/ssh/lxc_git_access_id_rsa /etc/ssh/lxc_git_access_id_rsa + +cat < ~/.ssh/config + +Host git.0k.io + User lxc-user + IdentityFile /etc/ssh/lxc_git_access_id_rsa + UserKnownHostsFile /dev/null + StrictHostKeyChecking no + Port 10022 + +EOF + + + diff --git a/precise/base-0k/src/etc/ssh/lxc_git_access_id_rsa b/precise/base-0k/src/etc/ssh/lxc_git_access_id_rsa new file mode 100644 index 0000000..4c9db43 --- /dev/null +++ b/precise/base-0k/src/etc/ssh/lxc_git_access_id_rsa @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA7NUITk5i/GnMaz0dPbuXoyhTBufRXyYVNsna+zfkq/SHhrhB +6h8yoyhROe8wtXNQ26SW7CT9kQrpqZ9bf/nLRwW5KpLgRM0ETw721O6wf2ElJHNa +sLOzNwkqrj3eRA8Gph3pDl9E5wBk6vVFVe8pDfmrnlQ1dbPVQK5kbsRpqgJxmg6a +3yqPao2qsexLBg1fuxRDX75WRwYsaljj1gK52aigFGf3BUSmvIGtUkOdsw4AHFVD +Oh9K0gsjxo0+kBpYfI36N6o5Akg+TiQVZBvQsksruwPKL9/uz2SNn8vYADtw0xvr +QIKPO0GCqOOmO7lBORZwGe30WfY3yNoAkqKoIwIDAQABAoIBABEv1I56Ocy/kMon +gTu9pV99yaiyogsZpGh5dZ7Ni5a/BCbOsFnhMbeNcXeW2B4S5EdMRneUp6Ii/JoG +qok7A3l//NQOHKBhkHJ8T4VcXQqhbiSbCnXQVK0lyScj7kFaJc1gVk1otINfD/PN +IN7/oCcXe1DeI5MLHeq3vSocrt5bc0fs2F4Z9lR18PjRYNp3bcI5j1tlqk1MXJ46 +mT0MxDTFSm0W/jx74pbtWwPKKT1MP8y2uvZXRzKmxicMJ+S5u9yqmn1AOqdBQ/8Y +3kAkBaGGFafvmwbDu+Ss9WWNrb60+vauVmzFoxH4EozREvqpOCC4RN6JJFioBQgW +zkugTiECgYEA/29MwSUXiEQBsA8NYWn6ULL1rOqoNX3NMWhoJN1QeJjjgDXB0Iuv +ds8Iu5ZRAFFhOazkiZ/PlDth1Xl19/1ZdoH8Qx1a8MD0dTsLy4RZDgXxKEiMGpqg +5VPMVeuLEwg3xTPkqxKM2J6XJK1JS/yn13bOKEnETUxtyDmuQjEqqM8CgYEA7Vsx +y1uk+5vf3yTKJzIg04SahPdKyW1bwc/Q6MKL3NZT6o+OEnrCqrdu74T7K/GimL0H +rDIykGAVIaJxi9rLL5NN8GHcUD/TEnmI0lMLAhsI4wrWQvDRhJ3IVbY9k9uplQhu +T0yHszAyacbfeiBEuKwVmQxXJHrjopTHESScuG0CgYEA1Q15gLQ2b5MBsV6ss27Y +uUy7e7HyAUPfzXEfRHhQMXaccwjjktWf0cIXr5dOEqzOInQh3uSsGCB7lroLeoAX +ibAbv8MRYjQe8lUAnozSVs7/+bChI2OMBhuiGJwxUPuOwO5qsYH0do241X+v3jBr +slzG0XXNxQeVneb2gQFPaqMCgYB7l0m1VxHwRbjri0+L20lGejyvUcjqW3w0zg48 +tNh49E0bzQYwTyXAGOW16GuU9SwyFfPB0R2NGcrHCbvQE+xK6IvjyEEctC8m5ou8 +4KrRvNwCxOjOUHD4eeQP5WXo8K87v/kYZ4QdZNJLS9ef0t+VvV09pTRW9XpEdO22 +2naUfQKBgQDPdVdPhq5tZLwfW/1Ml6+pm5kYCAftqpsTHl0jQ8APH4/PyA/41HDY +13BgOxbqEToC79/C/4+AncID/EXpi5SuUHs2ZjmiMoTqy+1UrpKAlsVJXNGMSYa9 +ll9nPEIvb+TPXHhPfQtgvQcLkDhP4vh209eDzXSAox0sADr48XLxwA== +-----END RSA PRIVATE KEY----- diff --git a/precise/base-0k/src/etc/ssh/lxc_git_access_id_rsa.pub b/precise/base-0k/src/etc/ssh/lxc_git_access_id_rsa.pub new file mode 100644 index 0000000..a30274c --- /dev/null +++ b/precise/base-0k/src/etc/ssh/lxc_git_access_id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDs1QhOTmL8acxrPR09u5ejKFMG59FfJhU2ydr7N+Sr9IeGuEHqHzKjKFE57zC1c1DbpJbsJP2RCumpn1t/+ctHBbkqkuBEzQRPDvbU7rB/YSUkc1qws7M3CSquPd5EDwamHekOX0TnAGTq9UVV7ykN+aueVDV1s9VArmRuxGmqAnGaDprfKo9qjaqx7EsGDV+7FENfvlZHBixqWOPWArnZqKAUZ/cFRKa8ga1SQ52zDgAcVUM6H0rSCyPGjT6QGlh8jfo3qjkCSD5OJBVkG9CySyu7A8ov3+7PZI2fy9gAO3DTG+tAgo87QYKo46Y7uUE5FnAZ7fRZ9jfI2gCSoqgj lxc-user@lxc diff --git a/precise/git/hooks/install b/precise/git/hooks/install index eeadf7c..548a764 100755 --- a/precise/git/hooks/install +++ b/precise/git/hooks/install @@ -44,3 +44,20 @@ ln -sf /opt/apps/git-bzr-ng/git-bzr /usr/lib/git-core/ cp src/sbin/git-bzr-syncs /usr/sbin/git-bzr-syncs cp src/etc/cron.daily/git-bzr-syncs /etc/cron.daily/git-bzr-syncs + +## +## Setup password-less access for other LXC +## + +LXC_USER=lxc-user +LXC_USER_HOME=/var/lib/$LXC_USER + +groupadd -r git-users && +adduser --system --home=$LXC_USER_HOME --shell /bin/bash --ingroup=git-users $LXC_USER && + +mkdir $LXC_USER_HOME/.ssh -p && +cat srv/etc/ssh/lxc_git_access_id_rsa.pub >> $LXC_USER_HOME/.ssh/authorized_keys && +chown lxc-user $LXC_USER_HOME/.ssh -R + + + diff --git a/precise/git/shorewall b/precise/git/shorewall index 7b9aaf1..c7006f9 100644 --- a/precise/git/shorewall +++ b/precise/git/shorewall @@ -1,2 +1,6 @@ DNAT net lan:%%NAME%%:22 tcp 10022 +DNAT lan lan:%%NAME%%:22 tcp 10022 - %%HOST_INTERNET_IP%% + +DNAT fw lan:%%NAME%%:22 tcp 10022 - %%HOST_INTERNET_IP%% + diff --git a/precise/git/src/etc/ssh/lxc_git_access_id_rsa.pub b/precise/git/src/etc/ssh/lxc_git_access_id_rsa.pub new file mode 120000 index 0000000..7c206e1 --- /dev/null +++ b/precise/git/src/etc/ssh/lxc_git_access_id_rsa.pub @@ -0,0 +1 @@ +../../../../base-0k/src/etc/ssh/lxc_git_access_id_rsa.pub \ No newline at end of file