Merge pull request #141 from miroswan/adding-passwordless-ssh

Adding passwordless SSH and fixing some of the spec files

lib/kitchen/driver/docker.rb

@@ -17,6 +17,7 @@
 require 'kitchen'
 require 'json'
 require 'uri'
+require 'net/ssh'
 require File.join(File.dirname(__FILE__), 'docker', 'erb')
 
 module Kitchen
@@ -47,6 +48,8 @@ class Docker < Kitchen::Driver::SSHBase
       default_config :tls_key,       nil
       default_config :publish_all,   false
       default_config :wait_for_sshd, true
+      default_config :private_key,   File.join(Dir.pwd, '.kitchen', 'docker_id_rsa')
+      default_config :public_key,    File.join(Dir.pwd, '.kitchen', 'docker_id_rsa.pub')
 
       default_config :use_sudo do |driver|
         !driver.remote_socket?
@@ -91,6 +94,8 @@ def default_platform
       end
 
       def create(state)
+        generate_keys
+        state[:ssh_key] = config[:private_key]
         state[:image_id] = build_image(state) unless state[:image_id]
         state[:container_id] = run_container(state) unless state[:container_id]
         state[:hostname] = remote_socket? ? socket_uri.host : 'localhost'
@@ -126,6 +131,22 @@ def docker_command(cmd, options={})
         run_command("#{docker} #{cmd}", options.merge(:quiet => !logger.debug?))
       end
 
+      def generate_keys
+        if !File.exist?(config[:public_key]) || !File.exist?(config[:private_key])
+          private_key = OpenSSL::PKey::RSA.new 2048
+          blobbed_key = Base64.encode64(private_key.to_blob).gsub("\n", '')
+          public_key = "ssh-rsa #{blobbed_key} kitchen_docker_key"
+          File.open(config[:private_key], 'w') do |f|
+            f.write(private_key)
+            f.chmod(0600)
+          end
+          File.open(config[:public_key], 'w') do |f|
+            f.write(public_key)
+            f.chmod(0600)
+          end
+        end
+      end
+
       def build_dockerfile
         from = "FROM #{config[:image]}"
         platform = case config[:platform]
@@ -172,15 +193,24 @@ def build_dockerfile
           raise ActionFailed,
           "Unknown platform '#{config[:platform]}'"
         end
+
         username = config[:username]
         password = config[:password]
+        public_key_str = IO.read(config[:public_key])
+
         base = <<-eos
           RUN if ! getent passwd #{username}; then useradd -d /home/#{username} -m -s /bin/bash #{username}; fi
           RUN echo #{username}:#{password} | chpasswd
           RUN echo '#{username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
           RUN mkdir -p /etc/sudoers.d
           RUN echo '#{username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/#{username}
           RUN chmod 0440 /etc/sudoers.d/#{username}
+          RUN [ ! -d /home/kitchen/.ssh ] && mkdir /home/kitchen/.ssh
+          RUN chown -R kitchen:kitchen /home/kitchen/.ssh
+          RUN chmod 0700 /home/kitchen/.ssh
+          RUN echo '#{public_key_str}' >> /home/kitchen/.ssh/authorized_keys
+          RUN chown kitchen:kitchen /home/kitchen/.ssh/authorized_keys
+          RUN chmod 0600 /home/kitchen/.ssh/authorized_keys
         eos
         custom = ''
         Array(config[:provision_command]).each do |cmd|

test/integration/capabilities/serverspec/capabilities_drop_spec.rb

@@ -1,6 +1,4 @@
-require 'serverspec' 
-
-set :backend, :exec
+require_relative 'spec_helper' 
 
 describe command('sudo /sbin/ifconfig eth0 multicast') do
   its(:exit_status) { should_not eq 0 }

test/integration/capabilities/serverspec/spec_helper.rb

@@ -0,0 +1,3 @@
+require 'serverspec' 
+
+set :backend, :exec

test/integration/default/serverspec/default_spec.rb

@@ -1,7 +1,4 @@
-require 'serverspec'
-
-include Serverspec::Helper::Exec
-include Serverspec::Helper::DetectOS
+require_relative 'spec_helper'
 
 describe file('/etc/passwd') do
   it { should be_file }

test/integration/default/serverspec/spec_helper.rb

@@ -0,0 +1,4 @@
+require 'serverspec'
+
+# Required by serverspec
+set :backend, :exec