Use a common solana user on all testnet instances
This commit is contained in:
Michael Vines
Grimes
27
net/scripts/create-solana-user.sh
Executable file
27
net/scripts/create-solana-user.sh
Executable file
@ -0,0 +1,27 @@
|
||||
#!/bin/bash -ex
|
||||
|
||||
[[ $(uname) = Linux ]] || exit 1
|
||||
[[ $USER = root ]] || exit 1
|
||||
|
||||
adduser solana --gecos "" --disabled-password --quiet
|
||||
adduser solana sudo
|
||||
echo "solana ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
|
||||
id solana
|
||||
|
||||
[[ -r /solana-id_ecdsa ]] || exit 1
|
||||
[[ -r /solana-id_ecdsa.pub ]] || exit 1
|
||||
|
||||
sudo -u solana bash -c "
|
||||
mkdir -p /home/solana/.ssh/
|
||||
cd /home/solana/.ssh/
|
||||
cp /solana-id_ecdsa.pub authorized_keys
|
||||
umask 377
|
||||
cp /solana-id_ecdsa id_ecdsa
|
||||
echo \"
|
||||
Host *
|
||||
BatchMode yes
|
||||
IdentityFile ~/.ssh/id_ecdsa
|
||||
StrictHostKeyChecking no
|
||||
\" > config
|
||||
"
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#!/bin/bash -ex
|
||||
|
||||
#
|
||||
# Prevent background upgrades that block |apt-get|
|
||||
#
|
||||
# TODO: This approach is pretty uncompromising. An alternative solution that
|
||||
@ -18,4 +18,3 @@ while fuser /var/lib/dpkg/lock; do
|
||||
sleep 1
|
||||
done
|
||||
|
||||
|
||||
|
||||
@ -185,149 +185,3 @@ gcloud_DeleteInstances() {
|
||||
)
|
||||
}
|
||||
|
||||
#
|
||||
# gcloud_FigureRemoteUsername [instanceInfo]
|
||||
#
|
||||
# The remote username when ssh-ing into GCP instances tends to not be the same
|
||||
# as the user's local username, but it needs to be discovered by ssh-ing into an
|
||||
# instance and examining the system.
|
||||
#
|
||||
# On success the gcloud_username global variable is updated
|
||||
#
|
||||
# instanceInfo - an entry from the `instances` array
|
||||
#
|
||||
# example:
|
||||
# gcloud_FigureRemoteUsername "name:zone:..."
|
||||
#
|
||||
gcloud_FigureRemoteUsername() {
|
||||
if [[ -n $gcloud_username ]]; then
|
||||
return
|
||||
fi
|
||||
|
||||
declare instanceInfo="$1"
|
||||
declare name zone publicIp
|
||||
IFS=: read -r name zone publicIp _ < <(echo "$instanceInfo")
|
||||
|
||||
echo "Detecting remote username using $zone in $zone:"
|
||||
|
||||
# Figure the gcp ssh username
|
||||
(
|
||||
set -x
|
||||
|
||||
# Try to ping the machine first. There can be a delay between when the
|
||||
# instance is reported as RUNNING and when it's reachable over the network
|
||||
timeout 30s bash -c "set -o pipefail; until ping -c 3 $publicIp | tr - _; do echo .; done"
|
||||
|
||||
# Try to ssh in a couple times, sshd may not yet be up even though the
|
||||
# machine can be pinged...
|
||||
set -o pipefail
|
||||
for i in $(seq 1 10); do
|
||||
if gcloud compute ssh "$name" \
|
||||
--zone "$zone" -- "echo whoami:\$USER:iamwho" \
|
||||
| tr -d $'\r '| tee /tmp/whoami-$$; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
echo "Retry $i..."
|
||||
done
|
||||
)
|
||||
while IFS=: read -r whoami gcloud_username iamwho ; do
|
||||
[[ $whoami == "whoami" && $iamwho == "iamwho" ]] && break;
|
||||
done < /tmp/whoami-$$
|
||||
rm -f /tmp/whoami-$$
|
||||
|
||||
if [[ -z $gcloud_username ]]; then
|
||||
echo Unable to figure remote user name
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Remote username: $gcloud_username"
|
||||
}
|
||||
|
||||
#
|
||||
# gcloud_PrepInstancesForSsh [username] [privateKey]
|
||||
#
|
||||
# Prepares all the instances in the `instances` array for ssh with the specified
|
||||
# keypair. This eliminates the need to use the restrictive |gcloud compute ssh|,
|
||||
# use plain |ssh| instead.
|
||||
#
|
||||
# username - gcp ssh username as computed by gcloud_FigureRemoteUsername
|
||||
# privateKey - private key to install on all the instances
|
||||
#
|
||||
gcloud_PrepInstancesForSsh() {
|
||||
declare username="$1"
|
||||
declare privateKey="$2"
|
||||
declare publicKey="$privateKey".pub
|
||||
declare logDir=log/
|
||||
|
||||
mkdir -p $logDir
|
||||
rm -rf $logDir/gcloud_PrepInstancesForSsh-*
|
||||
|
||||
[[ -r $publicKey ]] || {
|
||||
echo "Unable to read public key: $publicKey"
|
||||
exit 1
|
||||
}
|
||||
|
||||
[[ -r $privateKey ]] || {
|
||||
echo "Unable to read private key: $privateKey"
|
||||
exit 1
|
||||
}
|
||||
|
||||
[[ -d $logDir ]] || {
|
||||
echo "logDir does not exist: $logDir"
|
||||
exit 1
|
||||
}
|
||||
|
||||
declare -a pids
|
||||
for instanceInfo in "${instances[@]}"; do
|
||||
declare name zone publicIp
|
||||
IFS=: read -r name zone publicIp _ < <(echo "$instanceInfo")
|
||||
|
||||
logFile="$logDir/gcloud_PrepInstancesForSsh-$name.log"
|
||||
|
||||
# TODO: This next subshell runs in series because for unknown reason running
|
||||
# multiple |gcloud compute ssh| commands in parallel cause the macOS
|
||||
# terminal to misbehave
|
||||
(
|
||||
set -x
|
||||
|
||||
# Try to ping the machine first. There can be a delay between when the
|
||||
# instance is reported as RUNNING and when it's reachable over the network
|
||||
timeout 60s bash -c "set -o pipefail; until ping -c 3 $publicIp | tr - _; do echo .; done"
|
||||
|
||||
gcloud compute ssh --zone "$zone" "$name" -- "
|
||||
set -x;
|
||||
mkdir -p .ssh;
|
||||
echo \"$(cat "$publicKey")\" >> .ssh/authorized_keys;
|
||||
echo \"
|
||||
Host *
|
||||
BatchMode yes
|
||||
IdentityFile ~/.ssh/id_testnet
|
||||
StrictHostKeyChecking no
|
||||
\" > .ssh/config;
|
||||
"
|
||||
) >> "$logFile" 2>&1
|
||||
(
|
||||
set -x
|
||||
scp \
|
||||
-o StrictHostKeyChecking=no \
|
||||
-o UserKnownHostsFile=/dev/null \
|
||||
-i "$privateKey" \
|
||||
"$privateKey" "$username@$publicIp:.ssh/id_testnet"
|
||||
) >> "$logFile" 2>&1 &
|
||||
declare pid=$!
|
||||
|
||||
ln -sfT "$logFile" "$logDir/gcloud_PrepInstancesForSsh-$pid.log"
|
||||
pids+=("$pid")
|
||||
done
|
||||
|
||||
for pid in "${pids[@]}"; do
|
||||
declare ok=true
|
||||
wait "$pid" || ok=false
|
||||
if ! $ok; then
|
||||
cat "$logDir/gcloud_PrepInstancesForSsh-$pid.log"
|
||||
echo ^^^ +++
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user