Skip to content

Generate Auth Key

Warning

This script can only be run by people with admin access to the VAP DB.

Run the script

  1. Log in to an infra host
  2. Connect to the DB container (infra01 - 301) with vzctl enter 301
  3. Run the script /root/dsc/get_public_key [CTID], where the [CTID] is the backend container ID from the VAP frontend.

Re-deploy the script

If the container is redeployed/modified, the script may no longer be there, you can add it again with.

  1. Log in to an infra host
  2. Connect to the DB container (infra01 - 301) with vzctl enter 301
  3. Create (if not existing) the dsc scripts folder with mkdir -p /root/dsc
  4. Edit the file with vi /root/dsc/get_public_key and add the contents (as below)
  5. Make the script executable chmod +x /root/dsc/get_public_key
  6. You can now run the script as required

Script: Get Public Key

Warning

DO NOT MODIFY THIS SCRIPT!!! IT ACCESSES THE PRODUCTION DATABASE

#!/bin/bash

# Check if the required OS_NODE_ID parameter is provided
if [ "$#" -ne 1 ]; then
    echo "Usage: $0 <OS_NODE_ID>"
    exit 1
fi

OS_NODE_ID="$1"
FILENAME="authorized_key_$OS_NODE_ID"

# MySQL credentials (assuming localhost)
DB_USER="jelastic"
DB_NAME="hivext_jelastic"

# Prompt for MySQL password securely
echo -n "Enter DB Password: "
read -s DB_PASS
echo

# Fetch sshCredential_id from os_node
SSH_CREDENTIAL_ID=$(mysql -u "$DB_USER" -p"$DB_PASS" -D "$DB_NAME" -se "SELECT sshCredential_id FROM os_node WHERE id = '$OS_NODE_ID';")

if [ -z "$SSH_CREDENTIAL_ID" ]; then
    echo "Error: No sshCredential_id found for os_node ID $OS_NODE_ID"
    exit 1
fi

# Fetch private key from credential table and correctly preserve formatting
PRIVATE_KEY=$(mysql -u "$DB_USER" -p"$DB_PASS" -D "$DB_NAME" -se "SELECT sshKey FROM credential WHERE id = '$SSH_CREDENTIAL_ID';" | sed 's/\\n/\n/g')

if [ -z "$PRIVATE_KEY" ]; then
    echo "Error: No private key found for sshCredential_id $SSH_CREDENTIAL_ID"
    exit 1
fi

# Convert private key to OpenSSH public key format (without writing to disk)
PUB_KEY=$(echo -e "$PRIVATE_KEY" | ssh-keygen -y -f /dev/stdin 2>/dev/null)

if [ -z "$PUB_KEY" ]; then
    echo "Error: Failed to generate SSH public key."
    exit 1
fi

# Append required string as a comment
echo "$PUB_KEY gw.ocs - DELETING THIS WILL BREAK OCS ACCESS" > "$FILENAME"

# Output to user
echo -e "Authorized key successfully generated and saved in '$FILENAME'\n---"
cat $FILENAME
echo -e "---\nPlease add the above line to the /root/.ssh/authorized_keys file on the container with CTID $OS_NODE_ID."