|
1 | 1 | #!/bin/bash |
2 | 2 | echo "----------------------------------------------" |
3 | | -echo "Running Phala Cloud Pre-Launch Script v0.0.8" |
| 3 | +echo "Running Phala Cloud Pre-Launch Script v0.0.11" |
4 | 4 | echo "----------------------------------------------" |
5 | 5 | set -e |
6 | 6 |
|
|
136 | 136 | perform_cleanup |
137 | 137 |
|
138 | 138 | # |
139 | | -# Set root password if DSTACK_ROOT_PASSWORD is set. |
| 139 | +# Set root password. |
140 | 140 | # |
141 | | -if [[ -n "$DSTACK_ROOT_PASSWORD" ]]; then |
142 | | - echo "$DSTACK_ROOT_PASSWORD" | passwd --stdin root 2>/dev/null || echo -e "$DSTACK_ROOT_PASSWORD\n$DSTACK_ROOT_PASSWORD" | passwd root |
143 | | - unset $DSTACK_ROOT_PASSWORD |
144 | | - echo "Root password set" |
| 141 | +if [ -n "$DSTACK_ROOT_PASSWORD" ]; then |
| 142 | + echo "$DSTACK_ROOT_PASSWORD" | passwd --stdin root 2>/dev/null \ |
| 143 | + || printf '%s\n%s\n' "$DSTACK_ROOT_PASSWORD" "$DSTACK_ROOT_PASSWORD" | passwd root |
| 144 | + unset DSTACK_ROOT_PASSWORD |
| 145 | + echo "Root password set/updated from DSTACK_ROOT_PASSWORD" |
| 146 | + |
| 147 | +elif [ -z "$(grep '^root:' /etc/shadow 2>/dev/null | cut -d: -f2)" ]; then |
| 148 | + DSTACK_ROOT_PASSWORD=$( |
| 149 | + dd if=/dev/urandom bs=32 count=1 2>/dev/null \ |
| 150 | + | sha256sum \ |
| 151 | + | awk '{print $1}' \ |
| 152 | + | cut -c1-32 |
| 153 | + ) |
| 154 | + echo "$DSTACK_ROOT_PASSWORD" | passwd --stdin root 2>/dev/null \ |
| 155 | + || printf '%s\n%s\n' "$DSTACK_ROOT_PASSWORD" "$DSTACK_ROOT_PASSWORD" | passwd root |
| 156 | + unset DSTACK_ROOT_PASSWORD |
| 157 | + echo "Root password set (random auto-init)" |
| 158 | + |
| 159 | +else |
| 160 | + echo "Root password already set; no changes." |
145 | 161 | fi |
| 162 | + |
| 163 | +mkdir -p /home/root/.ssh |
146 | 164 | if [[ -n "$DSTACK_ROOT_PUBLIC_KEY" ]]; then |
147 | | - mkdir -p /root/.ssh |
148 | | - echo "$DSTACK_ROOT_PUBLIC_KEY" > /root/.ssh/authorized_keys |
| 165 | + echo "$DSTACK_ROOT_PUBLIC_KEY" > /home/root/.ssh/authorized_keys |
149 | 166 | unset $DSTACK_ROOT_PUBLIC_KEY |
150 | 167 | echo "Root public key set" |
151 | 168 | fi |
152 | 169 | if [[ -n "$DSTACK_AUTHORIZED_KEYS" ]]; then |
153 | | - mkdir -p /root/.ssh |
154 | | - echo "$DSTACK_AUTHORIZED_KEYS" > /root/.ssh/authorized_keys |
| 170 | + echo "$DSTACK_AUTHORIZED_KEYS" > /home/root/.ssh/authorized_keys |
155 | 171 | unset $DSTACK_AUTHORIZED_KEYS |
156 | 172 | echo "Root authorized_keys set" |
157 | 173 | fi |
158 | 174 |
|
| 175 | +if [[ -f /dstack/user_config ]] && jq empty /dstack/user_config 2>/dev/null; then |
| 176 | + if [[ $(jq 'has("ssh_authorized_keys")' /dstack/user_config 2>/dev/null) == "true" ]]; then |
| 177 | + jq -j '.ssh_authorized_keys' /dstack/user_config >> /home/root/.ssh/authorized_keys |
| 178 | + # Remove duplicates if there are multiple keys |
| 179 | + if [[ $(cat /home/root/.ssh/authorized_keys | wc -l) -gt 1 ]]; then |
| 180 | + sort -u /home/root/.ssh/authorized_keys > /home/root/.ssh/authorized_keys.tmp |
| 181 | + mv /home/root/.ssh/authorized_keys.tmp /home/root/.ssh/authorized_keys |
| 182 | + fi |
| 183 | + echo "Set root authorized_keys from user preferences, total" $(cat /home/root/.ssh/authorized_keys | wc -l) "keys" |
| 184 | + fi |
| 185 | +fi |
159 | 186 |
|
160 | 187 | if [[ -S /var/run/dstack.sock ]]; then |
161 | 188 | export DSTACK_APP_ID=$(curl -s --unix-socket /var/run/dstack.sock http://dstack/Info | jq -j .app_id) |
162 | 189 | elif [[ -S /var/run/tappd.sock ]]; then |
163 | 190 | export DSTACK_APP_ID=$(curl -s --unix-socket /var/run/tappd.sock http://dstack/prpc/Tappd.Info | jq -j .app_id) |
164 | 191 | fi |
165 | | -# Check if app-compose.json has default_gateway_domain field and DSTACK_GATEWAY_DOMAIN is not set |
166 | | -# If true, set DSTACK_GATEWAY_DOMAIN from app-compose.json |
167 | | -if [[ $(jq 'has("default_gateway_domain")' app-compose.json) == "true" && -z "$DSTACK_GATEWAY_DOMAIN" ]]; then |
168 | | - export DSTACK_GATEWAY_DOMAIN=$(jq -j '.default_gateway_domain' app-compose.json) |
| 192 | +# Check if DSTACK_GATEWAY_DOMAIN is not set, try to get it from user_config or app-compose.json |
| 193 | +# Priority: user_config > app-compose.json |
| 194 | +if [[ -z "$DSTACK_GATEWAY_DOMAIN" ]]; then |
| 195 | + # First try to get from /dstack/user_config if it exists and is valid JSON |
| 196 | + if [[ -f /dstack/user_config ]] && jq empty /dstack/user_config 2>/dev/null; then |
| 197 | + if [[ $(jq 'has("default_gateway_domain")' /dstack/user_config 2>/dev/null) == "true" ]]; then |
| 198 | + export DSTACK_GATEWAY_DOMAIN=$(jq -j '.default_gateway_domain' /dstack/user_config) |
| 199 | + fi |
| 200 | + fi |
| 201 | + |
| 202 | + # If still not set, try to get from app-compose.json |
| 203 | + if [[ -z "$DSTACK_GATEWAY_DOMAIN" ]] && [[ $(jq 'has("default_gateway_domain")' app-compose.json) == "true" ]]; then |
| 204 | + export DSTACK_GATEWAY_DOMAIN=$(jq -j '.default_gateway_domain' app-compose.json) |
| 205 | + fi |
169 | 206 | fi |
170 | 207 | if [[ -n "$DSTACK_GATEWAY_DOMAIN" ]]; then |
171 | 208 | export DSTACK_APP_DOMAIN=$DSTACK_APP_ID"."$DSTACK_GATEWAY_DOMAIN |
|
0 commit comments