|
1 | 1 | #!/bin/bash |
2 | 2 | echo "----------------------------------------------" |
3 | | -echo "Running Phala Cloud Pre-Launch Script v0.0.11" |
| 3 | +echo "Running Phala Cloud Pre-Launch Script v0.0.12" |
4 | 4 | echo "----------------------------------------------" |
5 | 5 | set -e |
6 | 6 |
|
@@ -138,50 +138,95 @@ perform_cleanup |
138 | 138 | # |
139 | 139 | # Set root password. |
140 | 140 | # |
141 | | -if [ -n "$DSTACK_ROOT_PASSWORD" ]; then |
142 | | - echo "$DSTACK_ROOT_PASSWORD" | passwd --stdin root 2>/dev/null \ |
143 | | - || printf '%s\n%s\n' "$DSTACK_ROOT_PASSWORD" "$DSTACK_ROOT_PASSWORD" | passwd root |
144 | | - unset DSTACK_ROOT_PASSWORD |
145 | | - echo "Root password set/updated from DSTACK_ROOT_PASSWORD" |
146 | | - |
147 | | -elif [ -z "$(grep '^root:' /etc/shadow 2>/dev/null | cut -d: -f2)" ]; then |
148 | | - DSTACK_ROOT_PASSWORD=$( |
149 | | - dd if=/dev/urandom bs=32 count=1 2>/dev/null \ |
150 | | - | sha256sum \ |
151 | | - | awk '{print $1}' \ |
152 | | - | cut -c1-32 |
153 | | - ) |
154 | | - echo "$DSTACK_ROOT_PASSWORD" | passwd --stdin root 2>/dev/null \ |
155 | | - || printf '%s\n%s\n' "$DSTACK_ROOT_PASSWORD" "$DSTACK_ROOT_PASSWORD" | passwd root |
156 | | - unset DSTACK_ROOT_PASSWORD |
157 | | - echo "Root password set (random auto-init)" |
| 141 | +echo "Setting root password.." |
158 | 142 |
|
159 | | -else |
160 | | - echo "Root password already set; no changes." |
| 143 | +# Check if password files are writable |
| 144 | +PASSWD_WRITABLE=true |
| 145 | +if [ ! -w /etc/passwd ]; then |
| 146 | + echo "Warning: /etc/passwd is read-only" |
| 147 | + PASSWD_WRITABLE=false |
161 | 148 | fi |
162 | | - |
163 | | -mkdir -p /home/root/.ssh |
164 | | -if [[ -n "$DSTACK_ROOT_PUBLIC_KEY" ]]; then |
165 | | - echo "$DSTACK_ROOT_PUBLIC_KEY" > /home/root/.ssh/authorized_keys |
166 | | - unset $DSTACK_ROOT_PUBLIC_KEY |
167 | | - echo "Root public key set" |
| 149 | +if [ ! -w /etc/shadow ]; then |
| 150 | + echo "Warning: /etc/shadow is read-only" |
| 151 | + PASSWD_WRITABLE=false |
168 | 152 | fi |
169 | | -if [[ -n "$DSTACK_AUTHORIZED_KEYS" ]]; then |
170 | | - echo "$DSTACK_AUTHORIZED_KEYS" > /home/root/.ssh/authorized_keys |
171 | | - unset $DSTACK_AUTHORIZED_KEYS |
172 | | - echo "Root authorized_keys set" |
| 153 | + |
| 154 | +if [ "$PASSWD_WRITABLE" = "false" ]; then |
| 155 | + echo "Skipping password setup due to read-only file system" |
| 156 | +else |
| 157 | + # Check if chpasswd is available |
| 158 | + if command -v chpasswd >/dev/null 2>&1; then |
| 159 | + echo "Using chpasswd method" |
| 160 | + |
| 161 | + if [ -n "$DSTACK_ROOT_PASSWORD" ]; then |
| 162 | + echo "Setting root password from user.." |
| 163 | + echo "root:$DSTACK_ROOT_PASSWORD" | chpasswd |
| 164 | + unset DSTACK_ROOT_PASSWORD |
| 165 | + echo "Root password set/updated from DSTACK_ROOT_PASSWORD" |
| 166 | + elif [ -z "$(grep '^root:' /etc/shadow 2>/dev/null | cut -d: -f2)" ]; then |
| 167 | + echo "Setting random root password.." |
| 168 | + DSTACK_ROOT_PASSWORD=$( |
| 169 | + LC_ALL=C tr -dc 'A-Za-z0-9' < /dev/urandom | dd bs=1 count=32 2>/dev/null |
| 170 | + ) |
| 171 | + echo "root:$DSTACK_ROOT_PASSWORD" | chpasswd |
| 172 | + unset DSTACK_ROOT_PASSWORD |
| 173 | + echo "Root password set (random auto-init)" |
| 174 | + else |
| 175 | + echo "Root password already set; no changes." |
| 176 | + fi |
| 177 | + else |
| 178 | + echo "Using passwd method" |
| 179 | + |
| 180 | + if [ -n "$DSTACK_ROOT_PASSWORD" ]; then |
| 181 | + echo "Setting root password from user.." |
| 182 | + echo "$DSTACK_ROOT_PASSWORD" | passwd --stdin root 2>/dev/null \ |
| 183 | + || printf '%s\n%s\n' "$DSTACK_ROOT_PASSWORD" "$DSTACK_ROOT_PASSWORD" | passwd root |
| 184 | + unset DSTACK_ROOT_PASSWORD |
| 185 | + echo "Root password set/updated from DSTACK_ROOT_PASSWORD" |
| 186 | + elif [ -z "$(grep '^root:' /etc/shadow 2>/dev/null | cut -d: -f2)" ]; then |
| 187 | + echo "Setting random root password.." |
| 188 | + DSTACK_ROOT_PASSWORD=$( |
| 189 | + LC_ALL=C tr -dc 'A-Za-z0-9' < /dev/urandom | dd bs=1 count=32 2>/dev/null |
| 190 | + ) |
| 191 | + echo "$DSTACK_ROOT_PASSWORD" | passwd --stdin root 2>/dev/null \ |
| 192 | + || printf '%s\n%s\n' "$DSTACK_ROOT_PASSWORD" "$DSTACK_ROOT_PASSWORD" | passwd root |
| 193 | + unset DSTACK_ROOT_PASSWORD |
| 194 | + echo "Root password set (random auto-init)" |
| 195 | + else |
| 196 | + echo "Root password already set; no changes." |
| 197 | + fi |
| 198 | + fi |
173 | 199 | fi |
174 | 200 |
|
175 | | -if [[ -f /dstack/user_config ]] && jq empty /dstack/user_config 2>/dev/null; then |
176 | | - if [[ $(jq 'has("ssh_authorized_keys")' /dstack/user_config 2>/dev/null) == "true" ]]; then |
177 | | - jq -j '.ssh_authorized_keys' /dstack/user_config >> /home/root/.ssh/authorized_keys |
178 | | - # Remove duplicates if there are multiple keys |
179 | | - if [[ $(cat /home/root/.ssh/authorized_keys | wc -l) -gt 1 ]]; then |
180 | | - sort -u /home/root/.ssh/authorized_keys > /home/root/.ssh/authorized_keys.tmp |
181 | | - mv /home/root/.ssh/authorized_keys.tmp /home/root/.ssh/authorized_keys |
| 201 | +# |
| 202 | +# Set SSH authorized keys |
| 203 | +# |
| 204 | +if mkdir -p /home/root/.ssh 2>/dev/null; then |
| 205 | + if [[ -n "$DSTACK_ROOT_PUBLIC_KEY" ]]; then |
| 206 | + echo "$DSTACK_ROOT_PUBLIC_KEY" > /home/root/.ssh/authorized_keys |
| 207 | + unset $DSTACK_ROOT_PUBLIC_KEY |
| 208 | + echo "Root public key set" |
| 209 | + fi |
| 210 | + if [[ -n "$DSTACK_AUTHORIZED_KEYS" ]]; then |
| 211 | + echo "$DSTACK_AUTHORIZED_KEYS" > /home/root/.ssh/authorized_keys |
| 212 | + unset $DSTACK_AUTHORIZED_KEYS |
| 213 | + echo "Root authorized_keys set" |
| 214 | + fi |
| 215 | + |
| 216 | + if [[ -f /dstack/user_config ]] && jq empty /dstack/user_config 2>/dev/null; then |
| 217 | + if [[ $(jq 'has("ssh_authorized_keys")' /dstack/user_config 2>/dev/null) == "true" ]]; then |
| 218 | + jq -j '.ssh_authorized_keys' /dstack/user_config >> /home/root/.ssh/authorized_keys |
| 219 | + # Remove duplicates if there are multiple keys |
| 220 | + if [[ $(cat /home/root/.ssh/authorized_keys | wc -l) -gt 1 ]]; then |
| 221 | + sort -u /home/root/.ssh/authorized_keys > /home/root/.ssh/authorized_keys.tmp |
| 222 | + mv /home/root/.ssh/authorized_keys.tmp /home/root/.ssh/authorized_keys |
| 223 | + fi |
| 224 | + echo "Set root authorized_keys from user preferences, total" $(cat /home/root/.ssh/authorized_keys | wc -l) "keys" |
182 | 225 | fi |
183 | | - echo "Set root authorized_keys from user preferences, total" $(cat /home/root/.ssh/authorized_keys | wc -l) "keys" |
184 | 226 | fi |
| 227 | +else |
| 228 | + echo "Warning: Cannot create /home/root/.ssh directory (read-only file system?)" |
| 229 | + echo "Skipping SSH key setup" |
185 | 230 | fi |
186 | 231 |
|
187 | 232 | if [[ -S /var/run/dstack.sock ]]; then |
|
0 commit comments