Hey All, I finally got this working, it was a bit tricky getting sshd to stay open and allow connections in the Ubuntu preseed environment. Here is what worked for me;
d-i preseed/late_command string in-target wget http://$http_server/xenial-sources.list -O /etc/apt/sources.list ; \ mkdir -p /target/root/.ssh ; \ chmod 600 /target/root/.ssh ; \ echo 'ssh-rsa $COBBLER_PUBLIC_KEY cobbler' > /target/root/.ssh/authorized_keys ; \ wget -O- http://$http_server/sshd.sh | chroot /target /bin/bash -s ; \ wget -O- http://$http_server/cblr/svc/op/script/$what/$name/?script=preseed_late_default | chroot /target /bin/bash -s ; \ in-target killall /usr/sbin/sshd ; sshd.sh is; [root@cobbler ~]# cat /var/www/html/sshd.sh mkdir -p /var/run/sshd chmod 0755 /var/run/sshd ssh-keygen -f /root/.ssh/id_rsa -t rsa -N '' (/usr/sbin/sshd -D &) Hope this helps others. On Wed, Nov 2, 2016 at 3:52 PM, Tyler Wilson <k...@linuxdigital.net> wrote: > Hello, > > Thank you for the replies! I tried to replicate your setup with the > following; > > [root@cobbler ~]# cat /var/lib/cobbler/triggers/install/post/chef-key.sh > #!/bin/bash > /usr/bin/scp -i /root/.ssh/id_rsa -o "StrictHostKeyChecking no" -p > /root/chef.key ${3}:/root/chef.key > > Using Ubuntu 16.04 preseed with the following post install commands; > > d-i preseed/late_command string in-target /usr/bin/ssh-keygen -f > /root/.ssh/id_rsa -t rsa -N '' ; \ > echo 'ssh-rsa $COBBLER_PUBLIC_KEY cobbler' > > /target/root/.ssh/authorized_keys ; \ > mkdir -p /target/var/run/sshd ; \ > in-target /usr/sbin/sshd ; \ > wget -O- > http://$http_server/cblr/svc/op/script/$what/$name/?script=preseed_late_default > | chroot /target /bin/sh -s ; \ > in-target wget http://$http_server/xenial-sources.list -O > /etc/apt/sources.list ; > > However I am getting a lost connection whenever it tries to run the post > trigger; > > Tue Nov 1 23:41:58 2016 - DEBUG | running shell triggers from > /var/lib/cobbler/triggers/install/post/* > Tue Nov 1 23:41:58 2016 - DEBUG | running shell trigger > /var/lib/cobbler/triggers/install/post/chef-key.sh > Tue Nov 1 23:41:58 2016 - INFO | running: > ['/var/lib/cobbler/triggers/install/post/chef-key.sh', > 'system', 'cobbler-test', '192.168.1.50'] > Tue Nov 1 23:42:13 2016 - INFO | received on stdout: > Tue Nov 1 23:42:13 2016 - DEBUG | received on stderr: > ssh_exchange_identification: read: Connection reset by peer > lost connection > > I inserted a sleep after the final post command and I could manually run > the scp command fine while the system was still in the "running preseed" > stage. > > [root@cobbler ~]# /var/lib/cobbler/triggers/install/post/chef-key.sh > system cobbler-test 192.168.1.50 > ... > Add correct host key in /root/.ssh/known_hosts to get rid of this message. > Offending ECDSA key in /root/.ssh/known_hosts:1 > Password authentication is disabled to avoid man-in-the-middle attacks. > Keyboard-interactive authentication is disabled to avoid man-in-the-middle > attacks. > chef.key > > 100% 1679 1.6KB/s 00:00 > > Thanks for your help! > > On Wed, Oct 26, 2016 at 6:51 PM, Orion Poplawski <or...@cora.nwra.com> > wrote: > >> On 10/25/2016 09:49 PM, Tyler Wilson wrote: >> >>> Hey All, >>> >>> New Cobbler user here. What is the best method of ensuring deployed >>> nodes have sensitive keys (chef keys, ssh, etc) securely uploaded when >>> completed? Am I able to send them securely from the cobbler host somehow? >>> >>> Thanks for any and all tips! >>> >> >> I fire up sshd on my target system in %post: >> >> # Create temporary host key(s) >> # EL7 >> /usr/sbin/sshd-keygen >> # Fedora >> /usr/libexec/openssh/sshd-keygen rsa >> # Start sshd so that we can copy over the ansible key in the cobbler >> post trigger >> /usr/sbin/sshd >> >> Then I have a cobbler install trigger copy the ssh key over: >> >> # cat /var/lib/cobbler/triggers/install/post/ansible_key >> #!/bin/bash >> [ "$1" = system ] && >> /usr/bin/scp -i /root/.ssh/id_rsa_cobbler -o "StrictHostKeyChecking no" >> -p /root/.ssh/id_rsa_ansible ${2}:/root/.ssh/id_rsa_ansible >> >> >> I suppose someone could the activate the trigger directly and receive the >> key, but this is the best that I was able to come up with. >> >> >> -- >> Orion Poplawski >> Technical Manager 303-415-9701 x222 >> NWRA/CoRA Division FAX: 303-415-9702 >> 3380 Mitchell Lane or...@cora.nwra.com >> Boulder, CO 80301 http://www.cora.nwra.com >> >> _______________________________________________ >> cobbler mailing list -- cobbler@lists.fedorahosted.org >> To unsubscribe send an email to cobbler-le...@lists.fedorahosted.org >> > >
_______________________________________________ cobbler mailing list -- cobbler@lists.fedorahosted.org To unsubscribe send an email to cobbler-le...@lists.fedorahosted.org
