From 3424e7fde1f32a7e88b1195c09e4155ac75996c6 Mon Sep 17 00:00:00 2001
From: Vitaliy Filippov <vitalif@yourcmc.ru>
Date: Tue, 4 Feb 2020 20:58:35 +0300
Subject: [PATCH] Fix passwordless ssh, add onedns

---
 etc/systemd/system/onedns.service.env | 19 +++++++++++++++++
 opennebula.sh                         | 30 ++++++++++++++++++++++++---
 2 files changed, 46 insertions(+), 3 deletions(-)
 create mode 100644 etc/systemd/system/onedns.service.env

diff --git a/etc/systemd/system/onedns.service.env b/etc/systemd/system/onedns.service.env
new file mode 100644
index 0000000..7f73707
--- /dev/null
+++ b/etc/systemd/system/onedns.service.env
@@ -0,0 +1,19 @@
+[Unit]
+Description=Dynamic DNS for OpenNebula
+Wants=local-fs.target network.target opennebula.service
+After=local-fs.target network.target opennebula.service
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=simple
+WorkingDirectory=/
+Environment=HOME=/var/lib/one
+ExecStart=/usr/local/bin/onedns --domain=$one_domain --one-secret= daemon --dns-address=$keepalived_virtual_ip --dns-port=53 --sync-interval=60
+KillMode=process
+Restart=always
+StartLimitInterval=3
+StartLimitIntervalSec=3
+PrivateTmp=true
+StandardOutput=syslog
diff --git a/opennebula.sh b/opennebula.sh
index 4c24242..d2af466 100755
--- a/opennebula.sh
+++ b/opennebula.sh
@@ -153,17 +153,41 @@ systemctl enable opennebula
 systemctl enable opennebula-sunstone
 systemctl restart opennebula
 systemctl restart opennebula-sunstone
+EOF
+
+# Setup onedns
+envsubst < ./etc/systemd/system/onedns.service.env | \
+    ssh root@$play_host 'cat > /etc/systemd/system/onedns.service'
+scp etc/sysctl.conf root@$play_host:/etc/
+ssh root@$play_host <<EOF
+set -e -x
+[ -e onedns ] || git clone https://github.com/vitalif/onedns
+cd onedns
+DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" \
+    -o Dpkg::Options::="--force-confold" install -y \
+    python-setuptools
+python setup.py install
+sysctl --load=/etc/sysctl.conf
+systemctl enable onedns
+systemctl restart onedns
+EOF
+
+# Setup passwordless ssh for `oneadmin` (authorized_keys and known_hosts)
+ssh root@$play_host <<EOF
+set -e -x
 
 if [ ! -f /var/lib/one/.ssh/id_rsa.pub ]; then
-    su - oneadmin -c ssh-keygen
+    su - oneadmin -c 'ssh-keygen -t rsa -f /root/.ssh/id_rsa -q -P ""'
+fi
+
+if [ ! -f /var/lib/one/.ssh/known_hosts ]; then
     su - oneadmin -c 'ssh-keyscan localhost >> /var/lib/one/.ssh/known_hosts'
     for host in $opennebula_hosts; do
-        su - oneadmin -c "ssh-keyscan $host >> /var/lib/one/.ssh/known_hosts"
+        su - oneadmin -c "ssh-keyscan \$host >> /var/lib/one/.ssh/known_hosts"
     done
 fi
 EOF
 
-# Setup passwordless ssh for `oneadmin`
 > tmp$$
 for host in $opennebula_hosts; do
     ssh root@$host 'cat /var/lib/one/.ssh/id_rsa.pub' >> tmp$$