From: Uladzimir Bely <ubely@ilbers.de>
To: isar-users@googlegroups.com
Subject: [PATCH v2 3/9] meta-isar: Add a recipe that configures ci user
Date: Wed, 8 Feb 2023 16:45:05 +0100 [thread overview]
Message-ID: <20230208154511.1884-4-ubely@ilbers.de> (raw)
In-Reply-To: <20230208154511.1884-1-ubely@ilbers.de>
This creates `ci` user on a target and configures it for
non-interactive access to the image via SSH.
Non-interactive access is provided by placing testsuite's public part
of ssh key to `authorized_keys`.
This allows non-interactive SSH access to the machine with executing
custom commands on the guest VM.
Also, NetworkManager is installed to the image to make ethernet on
target auto configured and thus port forwarding from host to qemu
machine would work.
Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
---
.../isar-ci-ssh-setup/files/postinst | 18 +++++++++++++++
.../isar-ci-ssh-setup_0.1.bb | 22 +++++++++++++++++++
2 files changed, 40 insertions(+)
create mode 100644 meta-isar/recipes-ci/isar-ci-ssh-setup/files/postinst
create mode 100644 meta-isar/recipes-ci/isar-ci-ssh-setup/isar-ci-ssh-setup_0.1.bb
diff --git a/meta-isar/recipes-ci/isar-ci-ssh-setup/files/postinst b/meta-isar/recipes-ci/isar-ci-ssh-setup/files/postinst
new file mode 100644
index 00000000..37d1bcb0
--- /dev/null
+++ b/meta-isar/recipes-ci/isar-ci-ssh-setup/files/postinst
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -e
+
+if ! getent group ci >/dev/null; then
+ groupadd --system ci
+fi
+
+if ! getent passwd ci >/dev/null; then
+ useradd --system --gid ci --create-home \
+ --home-dir /var/lib/isar-ci --no-user-group \
+ --comment "Isar CI user" \
+ ci
+fi
+
+# since the homedir was part of the package, useradd did not include skel
+cp -RTn /etc/skel ~ci
+chown -R ci:ci ~ci
diff --git a/meta-isar/recipes-ci/isar-ci-ssh-setup/isar-ci-ssh-setup_0.1.bb b/meta-isar/recipes-ci/isar-ci-ssh-setup/isar-ci-ssh-setup_0.1.bb
new file mode 100644
index 00000000..74fecf92
--- /dev/null
+++ b/meta-isar/recipes-ci/isar-ci-ssh-setup/isar-ci-ssh-setup_0.1.bb
@@ -0,0 +1,22 @@
+# This software is a part of ISAR.
+
+DESCRIPTION = "Setup user with non-interactive SSH access"
+MAINTAINER = "Uladzimir Bely <uladzimir.bely@ilbers.de>"
+
+SRC_URI = " \
+ file://postinst \
+"
+
+DEPENDS += "sshd-regen-keys"
+DEBIAN_DEPENDS = "adduser, apt (>= 0.4.2), network-manager, sshd-regen-keys"
+
+inherit dpkg-raw
+
+do_install() {
+ # Install authorized SSH keys
+ install -v -d ${D}/var/lib/isar-ci/.ssh/
+ install -v -m 644 ${TESTSUITEDIR}/keys/ssh/id_rsa.pub ${D}/var/lib/isar-ci/.ssh/authorized_keys
+
+ # Manage all interfaces (including ethernet) by NetworkManager
+ install -D -m 644 /dev/null ${D}/etc/NetworkManager/conf.d/10-globally-managed-devices.conf
+}
--
2.20.1
next prev parent reply other threads:[~2023-02-08 15:45 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-08 15:45 [PATCH v2 0/9] Support running custom commands in VM Uladzimir Bely
2023-02-08 15:45 ` [PATCH v2 1/9] testsuite: Fix failing hostname service in qemu guest Uladzimir Bely
2023-02-08 15:45 ` [PATCH v2 2/9] testsuite: Add SSH key pair for using in CI Uladzimir Bely
2023-02-08 15:45 ` Uladzimir Bely [this message]
2023-02-08 15:45 ` [PATCH v2 4/9] meta-isar: Use a separate image recipe " Uladzimir Bely
2023-02-08 15:45 ` [PATCH v2 5/9] testsuite: Allow custom image names in start_vm.py Uladzimir Bely
2023-02-08 15:45 ` [PATCH v2 6/9] testsuite: Support running custom commands in VM Uladzimir Bely
2023-02-08 15:45 ` [PATCH v2 7/9] testsuite: Support running custom scripts " Uladzimir Bely
2023-02-08 15:45 ` [PATCH v2 8/9] testsuite: Run custom commands and scripts on some qemu targets Uladzimir Bely
2023-02-08 15:45 ` [PATCH v2 9/9] testsuite: Update testsuite qemu-related documentation Uladzimir Bely
2023-02-21 10:56 ` [PATCH v2 0/9] Support running custom commands in VM Uladzimir Bely
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230208154511.1884-4-ubely@ilbers.de \
--to=ubely@ilbers.de \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox