CLOUDSTACK-7143: add the ability to inject a custom SSH key

When working on the systemvm in isolation, or using vagrant or similar tools,
it can be useful to inject a custom SSH key before merging a management server
systemvm.iso into it. This option allows that. It should _not_ have effect
on management-server-managed vms which always get their SSH keys injected.

tools/appliance/build.sh

@@ -23,7 +23,7 @@
 function usage() {
   cat <<END
 Usage:
-   ./build.sh [veewee_template [version [branch [BUILD_NUMBER [arch]]]]
+   ./build.sh [veewee_template [version [branch [BUILD_NUMBER [arch [ssh_key]]]]]
 
    * Set \$appliance to provide veewee definition name to build
      (or use command line arg, default systemvmtemplate)
@@ -35,6 +35,8 @@ Usage:
      (or use command line arg, default empty)
    * Set \$arch to provide the (debian) os architecture to inject
      (or use command line arg, default i386, other option amd64)
+   * Set \$ssh_key to provide root ssh public key to inject
+     (or use command line arg, default set in the veewee definition its authorized_keys.sh)
    * Set \$DEBUG=1 to enable debug logging
    * Set \$TRACE=1 to enable trace logging
    * Set \$VEEWEE_ARGS to pass veewee custom arguments
@@ -104,7 +106,7 @@ branch="${3:-${branch:-}}"
 BUILD_NUMBER="${4:-${BUILD_NUMBER:-}}"
 
 # (debian) os architecture to build
-arch="${arch:-i386}"
+arch="${5:-${arch:-i386}}"
 if [ "${appliance}" == "systemvm64template" ]; then
   arch="amd64"
   export VM_ARCH="${arch}"
@@ -112,6 +114,12 @@ if [ "${appliance}" == "systemvm64template" ]; then
   cp -r definitions/systemvmtemplate definitions/systemvm64template
 fi
 
+# optional root SSH public key to write to /root/.ssh/authorized_keys
+# note the cs management server overwrites this, so the only reason to
+# set this is when working with the VM while it is not under management
+# server control
+ssh_key="${6:-${ssh_key:-}}"
+
 # while building with vbox, we need a quite unique appliance name in order to prevent conflicts with multiple
 # concurrent executors on jenkins
 if [ -z "${branch}" ] ; then
@@ -228,6 +236,11 @@ function create_definition() {
     set +e
     sed ${sed_regex_option} -i -e "s/^CLOUDSTACK_RELEASE=.+/CLOUDSTACK_RELEASE=${version}/" \
         "definitions/${appliance_build_name}/postinstall.sh"
+    if [ ! -z "${ssh_key}" ]; then
+      # ssh key lines can contain /
+      sed ${sed_regex_option} -i -e "s|^key=.+|key=\"${ssh_key}\"|" \
+          "definitions/${appliance_build_name}/authorized_keys.sh"
+    fi
     set -e
     add_on_exit rm -rf "definitions/${appliance_build_name}"
   fi

tools/appliance/definitions/systemvmtemplate/authorized_keys.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# override this file during build to inject /root/.ssh/authorized_keys
+
+set -e
+set -x
+
+# the key that we have in ../patches/debian/config/root/.ssh/authorized_keys for some reason
+key='ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvFu3MLSPphFRBR1yM7nBukXWS9gPdAXfqq9cfC8ZqQN9ybi531aj44CybZ4BVT4kLfzbAs7+7nJeSIpPHxjv9XFqbxjIxoFeGYkj7s0RrJgtsEmvAAubZ3mYboUAYUivMgnJFLnv4VqyAbpjix6CfECUiU4ygwo24F3F6bAmhl4Vo1R5TSUdDIX876YePJTFtuVkLl4lu/+xw1QRWrgaSFosGICT37IKY7RjE79Ozb0GjNHyJPPgVAGkUVO4LawroL9dYOBlzdHpmqqA9Kc44oQBpvcU7s1+ezRTt7fZNnP7TG9ninZtrvnP4qmwAc4iUJ7N1bwh0mCblnoTfZ28hw== anthony@mobl-ant'
+mkdir -p /root/.ssh
+chmod 644 /root/.ssh
+echo ${key}  > /root/.ssh/authorized_keys
+chmod 600 /root/.ssh/authorized_keys

tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh

@@ -68,7 +68,6 @@ configure_services() {
   mkdir -p /var/cache/cloud
   mkdir -p /usr/share/cloud
   mkdir -p /usr/local/cloud
-  mkdir -p /root/.ssh
 
   # Fix haproxy directory issue
   mkdir -p /var/lib/haproxy

tools/appliance/definitions/systemvmtemplate/definition.rb

@@ -86,6 +86,7 @@ config = {
         'install_systemvm_packages.sh',
         'configure_conntrack.sh',
         'configure_systemvm_services.sh',
+        'authorized_keys.sh',
         # cleanup & space-saving
         'cleanup.sh',
         'zerodisk.sh'

tools/appliance/definitions/systemvmtemplate/zerodisk.sh

@@ -23,7 +23,7 @@ set -x
 function cleanup_veewee() {
   # this has to be here since it is the last file to run (and we remove ourselves)
   rm -fv /root/*.iso
-  rm -fv /root/{apt_upgrade,build_time,cleanup,install_systemvm_packages,zerodisk}.sh
+  rm -fv /root/{apt_upgrade,authorized_keys,build_time,cleanup,install_systemvm_packages,zerodisk}.sh
   rm -fv /root/configure_{acpid,conntrack,grub,locale,login,networking,systemvm_services}.sh
   rm -fv .veewee_version .veewee_params .vbox_version
 }