forked from rkt/rkt
/
kvm.go
117 lines (102 loc) · 3.03 KB
/
kvm.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
// Copyright 2015 The rkt Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package stage0
import (
"fmt"
"io"
"os"
"os/exec"
"path/filepath"
)
const (
kvmSettingsDir = "/kvm"
kvmPrivateKeyFilename = "/ssh_kvm_key"
)
// fileAccessible checks if the given path exists and is a regular file
func fileAccessible(path string) bool {
if info, err := os.Stat(path); err == nil {
return info.Mode().IsRegular()
}
return false
}
func kvmSettingsDirPath(dataDir string) string {
return filepath.Join(dataDir, kvmSettingsDir)
}
func sshPrivateKeyPath(dataDir string) string {
return filepath.Join(kvmSettingsDirPath(dataDir), kvmPrivateKeyFilename)
}
func sshPublicKeyPath(dataDir string) string {
return filepath.Join(kvmSettingsDirPath(dataDir), kvmPrivateKeyFilename+".pub")
}
// generateKeyPair calls ssh-keygen with private key location for key generation purpose
func generateKeyPair(private string) error {
out, err := exec.Command(
"ssh-keygen",
"-q", // silence
"-t", "dsa", // type
"-b", "1024", // length in bits
"-f", private, // output file
"-N", "", // no passphrase
).Output()
if err != nil {
// out is in form of bytes buffer and we have to turn it into slice ending on first \0 occurence
return fmt.Errorf("error in keygen time. ret_val: %v, output: %v", err, string(out[:]))
}
return nil
}
func ensureKeysExistOnHost(dataDir string) error {
private, public := sshPrivateKeyPath(dataDir), sshPublicKeyPath(dataDir)
if !fileAccessible(private) || !fileAccessible(public) {
if err := os.MkdirAll(kvmSettingsDirPath(dataDir), 0700); err != nil {
return err
}
if err := generateKeyPair(private); err != nil {
return err
}
}
return nil
}
func ensureAuthorizedKeysExist(keyDirPath, dataDir string) error {
fout, err := os.OpenFile(
filepath.Join(keyDirPath, "/authorized_keys"),
os.O_CREATE|os.O_TRUNC|os.O_WRONLY,
0600,
)
if err != nil {
return err
}
defer fout.Close()
fin, err := os.Open(sshPublicKeyPath(dataDir))
if err != nil {
return err
}
defer fin.Close()
if _, err := io.Copy(fout, fin); err != nil {
return err
}
return fout.Sync()
}
func ensureKeysExistInPod(podRootfsPath, dataDir string) error {
keyDirPath := filepath.Join(podRootfsPath, "/root", "/.ssh")
if err := os.MkdirAll(keyDirPath, 0700); err != nil {
return err
}
return ensureAuthorizedKeysExist(keyDirPath, dataDir)
}
func kvmCheckSSHSetup(rootfsPath, dataDir string) error {
if err := ensureKeysExistOnHost(dataDir); err != nil {
return err
}
return ensureKeysExistInPod(rootfsPath, dataDir)
}