51 lines
1.6 KiB

#!/bin/bash
set -eux # -x for verbose logging to juju debug-log
## ``--force-yes`` is required as kal-manage is not signed correctly.
## kal-manage provides the script /usr/lib/kal/dusk/sbin/ssh-cmd-validate
## used to validate any entrant connection to SSH.
apt-get install -y rsync kal-manage
mkdir -p /var/mirror
mkdir -p /var/lib/rsync
groupadd -r rsync
useradd -r rsync -d /var/lib/rsync -g rsync
chown rsync:rsync /var/lib/rsync
## build silently a key for 'rsync' user:
su -c 'ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa -q' - rsync
## /etc/sudoers
cat <<EOF >> /etc/sudoers
## allow rsync to access /var/mirror
rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRz --delete . /var/mirror/*
rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRze.iLs --delete . /var/mirror/*
rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRze.iLsf --delete . /var/mirror/*
rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRze.iLsf --bwlimit=200 --delete . /var/mirror/*
rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtpArRze.iLsf --delete . /var/mirror/*
rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtpArRze.iLsf --bwlimit=200 --delete . /var/mirror/*
EOF
## on client:
#mkdir -p /var/lib/rsync
#groupadd -r rsync
#useradd -r rsync -d /var/lib/rsync -g rsync
#chown rsync:rsync /var/lib/rsync
#su -c 'ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa -q' - rsync
## then you should copy /var/lib/rsync/.ssh/id_rsa.pub in the destination LXC's
## /var/lib/rsync/.ssh/authorized_keys, prefixed with: command="/usr/sbin/ssh-cmd-validate"