Fix #474: allow vagrant localhost ssh in vm_devbox

rsconf/component/vm_devbox.py

@@ -8,15 +8,16 @@
 from pykern import pkio
 from pykern.pkcollections import PKDict
 from pykern.pkdebug import pkdp
-from rsconf import component
-from rsconf import systemd
 import re
+import rsconf.component
+import rsconf.db
+import rsconf.systemd
 
 # Allowable pattern enforced by vagrant
 _VM_HOSTNAME_RE = "[a-z0-9][a-z0-9.-]*"
 
 
-class T(component.T):
+class T(rsconf.component.T):
     def internal_build_compile(self):
         def _create_user_instances():
             for u in self.hdb.vm_devbox.users:
@@ -36,16 +37,20 @@ def _create_user_instances():
             _create_user_instances()
             return
         self.buildt.require_component("network")
-        z.run_d = systemd.unit_run_d(jc, self.name)
+        z.run_d = rsconf.systemd.unit_run_d(jc, self.name)
         z.run_u = jc.rsconf_db.run_u
+        z.root_u = jc.rsconf_db.root_u
+        z.local_ip = rsconf.db.LOCAL_IP
         z.ssh_port = jc.vm_devbox_users.spec[self._user].ssh_port
         z.ssh_guest_host_key_f = "/etc/ssh/host_key"
         z.ssh_guest_identity_pub_f = "/etc/ssh/identity.pub"
         z.start_f = z.run_d.join("start")
         z.stop_f = z.run_d.join("stop")
         z.timeout_start_min = jc[self.module_name].get("timeout_start_min", 15)
         z.vm_hostname = f"{self._user}.{jc[self.module_name].vm_parent_domain}"
-        systemd.unit_prepare(self, self.j2_ctx, watch_files=(z.start_f, z.stop_f))
+        rsconf.systemd.unit_prepare(
+            self, self.j2_ctx, watch_files=(z.start_f, z.stop_f)
+        )
         self._network(jc, z)
         self._ssh(jc, z)
 

rsconf/package_data/vm_devbox/start.sh.jinja

@@ -61,7 +61,7 @@ vm_devbox_set_ssh_config() {
 sudo bash -s <<'EOF_BASH'
 set -eou pipefail
 
-install --mode=400 --owner=root --group=root /dev/stdin /etc/ssh/sshd_config<<EOF_INSTALL
+install --mode=400 --owner=root --group=root /dev/stdin /etc/ssh/sshd_config<<EOF_SSH_CONFIG
 # DO NOT EDIT THIS FILE
 # MANAGED BY RSCONF
 
@@ -79,13 +79,20 @@ PasswordAuthentication no
 PermitRootLogin no
 Protocol 2
 X11Forwarding yes
-EOF_INSTALL
 
+# SSH access from localhost (ex for sirepo.job_driver.sbatch)
+ListenAddress {{ this.local_ip }}:22
+Match User {{ this.run_u }} Address {{ this.local_ip }}
+    PasswordAuthentication yes
+EOF_SSH_CONFIG
 echo '{{ this.ssh_identity_pub_key }}' >> '/home/{{ this.run_u }}/.ssh/authorized_keys'
 
-install --mode=400 --owner=root --group=root /dev/stdin "{{ this.ssh_guest_host_key_f }}"<<EOF_INSTALL
+install --mode=400 --owner=root --group=root /dev/stdin "{{ this.ssh_guest_host_key_f }}"<<EOF_SSH_KEY
 {{ this.ssh_host_key }}
-EOF_INSTALL
+EOF_SSH_KEY
+
+passwd -d {{ this.root_u }}
+passwd -d {{ this.run_u }}
 
 sshd -t
 systemctl restart sshd

tests/pkcli/build_data/1.out/srv/host/v9.radia.run/srv/vm_devbox_user-1/start

@@ -61,7 +61,7 @@ vm_devbox_set_ssh_config() {
 sudo bash -s <<'EOF_BASH'
 set -eou pipefail
 
-install --mode=400 --owner=root --group=root /dev/stdin /etc/ssh/sshd_config<<EOF_INSTALL
+install --mode=400 --owner=root --group=root /dev/stdin /etc/ssh/sshd_config<<EOF_SSH_CONFIG
 # DO NOT EDIT THIS FILE
 # MANAGED BY RSCONF
 
@@ -79,12 +79,16 @@ PasswordAuthentication no
 PermitRootLogin no
 Protocol 2
 X11Forwarding yes
-EOF_INSTALL
 
+# SSH access from localhost (ex for sirepo.job_driver.sbatch)
+ListenAddress 127.0.0.1:22
+Match User vagrant Address 127.0.0.1
+    PasswordAuthentication yes
+EOF_SSH_CONFIG
 echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKe3wWXD3GUVd/5viGVhf6L/ttJJfmksXauPSpC8zWru v9.radia.run
 ' >> '/home/vagrant/.ssh/authorized_keys'
 
-install --mode=400 --owner=root --group=root /dev/stdin "/etc/ssh/host_key"<<EOF_INSTALL
+install --mode=400 --owner=root --group=root /dev/stdin "/etc/ssh/host_key"<<EOF_SSH_KEY
 -----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
 QyNTUxOQAAACCT/PsL9/XcOTmEXAvGVhJj5+MlLl/UBUNDiC+H84AAHQAAAJBriK60a4iu
@@ -93,7 +97,10 @@ AAAEBVP+MksqPH64Pi3Rfb8lieY9ofTRBWZqvKWk2oYjuqsJP8+wv39dw5OYRcC8ZWEmPn
 4yUuX9QFQ0OIL4fzgAAdAAAADHY5LnJhZGlhLnJ1bgE=
 -----END OPENSSH PRIVATE KEY-----
 
-EOF_INSTALL
+EOF_SSH_KEY
+
+passwd -d root
+passwd -d vagrant
 
 sshd -t
 systemctl restart sshd

tests/pkcli/build_data/1.out/srv/host/v9.radia.run/vm_devbox_user-1.sh

@@ -4,7 +4,7 @@ rsconf_service_prepare 'vm_devbox_user-1' '/etc/systemd/system/vm_devbox_user-1.
 rsconf_install_access '700' 'vagrant' 'vagrant'
 rsconf_install_directory '/srv/vm_devbox_user-1'
 rsconf_install_access '500' 'vagrant' 'vagrant'
-rsconf_install_file '/srv/vm_devbox_user-1/start' '081baa61746f4dd28339816bb90453ed'
+rsconf_install_file '/srv/vm_devbox_user-1/start' '010c45bdda17d571d19d946057f11b1a'
 rsconf_install_file '/srv/vm_devbox_user-1/stop' '94f5e7855deadc753f54580dfad70217'
 rsconf_install_access '444' 'root' 'root'
 rsconf_install_file '/etc/systemd/system/vm_devbox_user-1.service' '95beabb09a3e8a9977002d11ae4e47cd'