Example template that performs copying of SSH keys

This template shows how to leverage the new resources for software configuration/deployment, particularly the use of scripts for configuration, to enable copying of SSH keys in a similar fashion as 'ssh-copy-id'. The example makes use of configuration inputs, and outputs, and get_attr. The use of get_attr introduces an implicit dependencyOne example to show ssh-copy-id between servers Change-Id: Ic15c325d1c6f35108206d0e6e8dc7339c1383a30
2014-03-27 22:29:00 +08:00 · 2014-03-27 22:29:00 +08:00 · 2dc7ba3c1e
commit 2dc7ba3c1e
parent cfdb7c620b
1 changed files with 113 additions and 0 deletions
--- a/hot/software-config/example-ssh-copy-id.yaml
+++ b/hot/software-config/example-ssh-copy-id.yaml
@ -0,0 +1,113 @@
+heat_template_version: 2013-05-23
+#
+# The demo is about similar function with ssh-copy-id.
+#
+# Say we have two virtual machine, server A and server B. Server B
+# wants to add its id_rsa.pub contents into authorized_keys of server
+# A. So that server B can talk with server A via ssh without password.
+#
+parameters:
+  key_name:
+    type: string
+    default: heat_key
+  flavor:
+    type: string
+    default: m1.small
+  image:
+    type: string
+    default: fedora-amd64
+resources:
+  key_add:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      inputs:
+        - name: id_rsa_pub
+        - name: user_name
+      outputs:
+        - name: hostname
+      group: script
+      config: |
+        #!/bin/bash
+        echo "${id_rsa_pub}" | su - $user_name -c 'tee -a .ssh/authorized_keys'
+        hostname > ${heat_outputs_path}.hostname
+  key_gen:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      inputs:
+        - name: user_name
+      outputs:
+        - name: id_rsa_pub
+      group: script
+      config: |
+        #!/bin/bash
+        su - ${user_name} << EOF > ${heat_outputs_path}.id_rsa_pub
+        test -f .ssh/id_rsa.pub || ssh-keygen -q -t rsa -N "" -f .ssh/id_rsa
+        cat .ssh/id_rsa.pub
+        EOF
+  key_test:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      inputs:
+        - name: user_name
+        - name: target
+      group: script
+      config: |
+        #!/bin/bash
+        su - ${user_name} << EOF
+        ssh -o StrictHostKeyChecking=no ${target} hostname
+        EOF
+  do_key_gen:
+    type: OS::Heat::SoftwareDeployment
+    properties:
+      input_values:
+        user_name: ec2-user
+      config:
+        get_resource: key_gen
+      server:
+        get_resource: server_b
+  do_key_add:
+    type: OS::Heat::SoftwareDeployment
+    properties:
+      input_values:
+        user_name: ec2-user
+        id_rsa_pub:
+          get_attr: [do_key_gen, id_rsa_pub]
+      config:
+        get_resource: key_add
+      server:
+        get_resource: server_a
+  do_key_test:
+    type: OS::Heat::SoftwareDeployment
+    properties:
+      input_values:
+        user_name: ec2-user
+        target:
+          get_attr: [do_key_add, hostname]
+      config:
+        get_resource: key_test
+      server:
+        get_resource: server_b
+  server_a:
+    type: OS::Nova::Server
+    properties:
+      image:
+        get_param: image
+      flavor:
+        get_param: flavor
+      key_name:
+        get_param: key_name
+      user_data_format: SOFTWARE_CONFIG
+  server_b:
+    type: OS::Nova::Server
+    properties:
+      image:
+        get_param: image
+      flavor:
+        get_param: flavor
+      key_name:
+        get_param: key_name
+      user_data_format: SOFTWARE_CONFIG
+outputs:
+  do_key_test_stdout:
+    value:
+      get_attr: [do_key_test, deploy_stdout]