cloud.keystore是这样生成的
String dname = "cn=\"" + cn + "\",ou=\"" + ou + "\",o=\"" + o + "\",c=\"" + c + "\"";
Script script = new Script(true, "keytool", 5000, null);
script.add("-genkey");
script.add("-keystore", keystorePath);
script.add("-storepass", "vmops.com");
script.add("-keypass", "vmops.com");
script.add("-keyalg", "RSA");
script.add("-validity", "3650");
script.add("-dname", dname);
String result = script.execute();
if (result != null) {
throw new IOException("Fail to generate certificate!: " + result);
}
手动生成该文件
sudo keytool -genkey -keystore "/etc/cloudstack/management/cloud.keystore" -storepass "vmops.com" -keypass "vmops.com" -keyalg "RSA" -validity 3650 -dname "CN=cloud.com,OU=sjcloud CA,O=sjcloud Inc,L=sjcloud,S=sjcloud,C=SE"
injectkeys.sh 脚本
# Copies keys that enable SSH communication with system vms
# $1 = new public key
# $2 = new private key
#set -x
source /etc/bashrc
source /etc/profile
TMP=/tmp
clean_up() {
sudo umount $MOUNTPATH
}
inject_into_iso() {
local isofile=${systemvmpath}
local newpubkey=$2
local backup=${isofile}.bak
local tmpiso=${TMP}/$1
mkdir -p $MOUNTPATH
[ ! -f $isofile ] && echo "$(basename $0): Could not find systemvm iso patch file $isofile" && return 1
sudo mount -o loop $isofile $MOUNTPATH
[ $? -ne 0 ] && echo "$(basename $0): Failed to mount original iso $isofile" && clean_up && return 1
diff -q $MOUNTPATH/authorized_keys $newpubkey &> /dev/null && clean_up && return 0
sudo cp -b $isofile $backup
[ $? -ne 0 ] && echo "$(basename $0): Failed to backup original iso $isofile" && clean_up && return 1
sudo rm -rf $TMPDIR
sudo mkdir -p $TMPDIR
[ ! -d $TMPDIR ] && echo "$(basename $0): Could not find/create temporary dir $TMPDIR" && clean_up && return 1
sudo cp -fr $MOUNTPATH/* $TMPDIR/
[ $? -ne 0 ] && echo "$(basename $0): Failed to copy from original iso $isofile" && clean_up && return 1
sudo cp $newpubkey $TMPDIR/authorized_keys
sudo umount $MOUNTPATH
[ $? -ne 0 ] && echo "$(basename $0): Failed to unmount old iso from $MOUNTPATH" && return 1
sudo cp -f $tmpiso $isofile
[ $? -ne 0 ] && echo "$(basename $0): Failed to overwrite old iso $isofile with $tmpiso" && return 1
sudo rm -rf $TMPDIR
}
copy_priv_key() {
local newprivkey=$1
diff -q $newprivkey $(dirname $0)/id_rsa.cloud && return 0
sudo cp -f $newprivkey $(dirname $0)/id_rsa.cloud
sudo chmod 644 $(dirname $0)/id_rsa.cloud
return $?
}
sudo mkdir -p $MOUNTPATH
[ $# -ne 3 ] && echo "Usage: $(basename $0) <new public key file> <new private key file> <systemvm iso path>" && exit 3
newpubkey=$1
newprivkey=$2
systemvmpath=$3
[ ! -f $newpubkey ] && echo "$(basename $0): Could not open $newpubkey" && exit 3
[ ! -f $newprivkey ] && echo "$(basename $0): Could not open $newprivkey" && exit 3
command -v mkisofs > /dev/null || (echo "$(basename $0): mkisofs not found, please install or ensure PATH is accurate" ; exit 4)
inject_into_iso systemvm.iso $newpubkey
[ $? -ne 0 ] && exit 5
copy_priv_key $newprivkey
exit $?
加入部分sudo
