CloudStack 脚本封装分析

花蜻宽

   　　cloud.keystore是这样生成的

  

   　　String dname = "cn=\"" + cn + "\",ou=\"" + ou + "\",o=\"" + o + "\",c=\"" + c + "\"";     
        Script script = new Script(true, "keytool", 5000, null);      
        script.add("-genkey");      
        script.add("-keystore", keystorePath);      
        script.add("-storepass", "vmops.com");      
        script.add("-keypass", "vmops.com");      
        script.add("-keyalg", "RSA");      
        script.add("-validity", "3650");      
        script.add("-dname", dname);      
        String result = script.execute();      
        if (result != null) {      
            throw new IOException("Fail to generate certificate!: " + result);      
        }

  　　手动生成该文件
　　sudo keytool -genkey -keystore "/etc/cloudstack/management/cloud.keystore" -storepass "vmops.com" -keypass "vmops.com" -keyalg "RSA" -validity 3650 -dname "CN=cloud.com,OU=sjcloud CA,O=sjcloud Inc,L=sjcloud,S=sjcloud,C=SE"
　　

　　injectkeys.sh 脚本
　　# Copies keys that enable SSH communication with system vms   
# $1 = new public key   
# $2 = new private key
　　#set -x   
source /etc/bashrc   
source /etc/profile   
TMP=/tmp
　　
clean_up() {   
  sudo umount $MOUNTPATH   
}
　　inject_into_iso() {   
  local isofile=${systemvmpath}   
  local newpubkey=$2   
  local backup=${isofile}.bak   
  local tmpiso=${TMP}/$1   
  mkdir -p $MOUNTPATH   
  [ ! -f $isofile ] && echo "$(basename $0): Could not find systemvm iso patch file $isofile" && return 1   
  sudo mount -o loop $isofile $MOUNTPATH   
  [ $? -ne 0 ] && echo "$(basename $0): Failed to mount original iso $isofile" && clean_up && return 1   
  diff -q $MOUNTPATH/authorized_keys $newpubkey &> /dev/null && clean_up && return 0   
  sudo cp -b $isofile $backup   
  [ $? -ne 0 ] && echo "$(basename $0): Failed to backup original iso $isofile" && clean_up && return 1   
  sudo rm -rf $TMPDIR   
  sudo mkdir -p $TMPDIR   
  [ ! -d $TMPDIR  ] && echo "$(basename $0): Could not find/create temporary dir $TMPDIR" && clean_up && return 1   
  sudo cp -fr $MOUNTPATH/* $TMPDIR/   
  [ $? -ne 0 ] && echo "$(basename $0): Failed to copy from original iso $isofile" && clean_up && return 1   
  sudo cp $newpubkey $TMPDIR/authorized_keys   
  sudo umount $MOUNTPATH   
  [ $? -ne 0 ] && echo "$(basename $0): Failed to unmount old iso from $MOUNTPATH" && return 1   
  sudo cp -f $tmpiso $isofile   
  [ $? -ne 0 ] && echo "$(basename $0): Failed to overwrite old iso $isofile with $tmpiso" && return 1   
  sudo rm -rf $TMPDIR   
}
　　copy_priv_key() {   
  local newprivkey=$1   
  diff -q $newprivkey $(dirname $0)/id_rsa.cloud && return 0   
  sudo cp -f $newprivkey $(dirname $0)/id_rsa.cloud   
  sudo chmod 644 $(dirname $0)/id_rsa.cloud   
  return $?   
}
　　sudo mkdir -p $MOUNTPATH
　　[ $# -ne 3 ] && echo "Usage: $(basename $0)    " && exit 3   
newpubkey=$1   
newprivkey=$2   
systemvmpath=$3   
[ ! -f $newpubkey ] && echo "$(basename $0): Could not open $newpubkey" && exit 3   
[ ! -f $newprivkey ] && echo "$(basename $0): Could not open $newprivkey" && exit 3
　　command -v mkisofs > /dev/null   || (echo "$(basename $0): mkisofs not found, please install or ensure PATH is accurate" ; exit 4)
　　inject_into_iso systemvm.iso $newpubkey
　　[ $? -ne 0 ] && exit 5
　　copy_priv_key $newprivkey
　　exit $?
　　加入部分sudo