#!/bin/bash set -eux # -x for verbose logging to juju debug-log ## ``--force-yes`` is required as kal-manage is not signed correctly. ## kal-manage provides the script /usr/lib/kal/dusk/sbin/ssh-cmd-validate ## used to validate any entrant connection to SSH. apt-get install -y --force-yes rsync kal-manage mkdir -p /var/mirror mkdir -p /var/lib/rsync groupadd -r rsync useradd -r rsync -d /var/lib/rsync -g rsync chown rsync:rsync /var/lib/rsync ## build silently a key for 'rsync' user: su -c 'ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa -q' - rsync ## /etc/sudoers cat <<EOF >> /etc/sudoers ## allow rsync to access /var/mirror rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRz --delete . /var/mirror/* rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRze.iLs --delete . /var/mirror/* rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRze.iLsf --delete . /var/mirror/* rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRze.iLsf --bwlimit=200 --delete . /var/mirror/* rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtpArRze.iLsf --delete . /var/mirror/* rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtpArRze.iLsf --bwlimit=200 --delete . /var/mirror/* EOF ## on client: #mkdir -p /var/lib/rsync #groupadd -r rsync #useradd -r rsync -d /var/lib/rsync -g rsync #chown rsync:rsync /var/lib/rsync #su -c 'ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa -q' - rsync ## then you should copy /var/lib/rsync/.ssh/id_rsa.pub in the destination LXC's ## /var/lib/rsync/.ssh/authorized_keys, prefixed with: command="/usr/sbin/ssh-cmd-validate"