Wednesday, September 21, 2016

Oracle Linux - retrieve openssh-key data from REST API

After posting my blogpost on the REST API within the Oracle Compute Cloud and how to use this from within Oracle Linux if you deploy on the Oracle Compute Cloud I received an email asking me how to handle the fact that the public-keys an contain multiple keys.

Public-keys response of the REST API provides SSH public keys specified while creating the instance, where{index} is a number starting with 0. public-keys/{index}/openssh-key

The provided example in the original post was on how You will be able to access the public-keys by executing the following curl command:

curl public-keys/{index}/openssh-key

This example is a command example and not a programmable example of how to implement code that can do this for you. As an example I have written the below code example and placed it on github. It provides a BASH script which can be used in conjunction with Oracle Linux. It will most likely run on other distributions as well without any issue however it is not tested.

#   Example script to show how you can get the public keys for a instance
#   that have been promoted. Those keys can for example be used to create 
#   a new OS account with trusted keys. This is in a way the same as is 
#   done by the default Oracle templates who do create an "opc" account 
#   with the trusted keys for login which have been selected during the 
#   creation of the new instance. This is tested with Oracle Linux on
#   the Oracle Cloud.
# LOG:
# VERSION---DATE--------NAME-------------COMMENT
# 0.1       20SEP2016   Johan Louwers    Initial upload to
# Copyright (C) 2015  Johan Louwers
# This code is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
# This code is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this code; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
# *
# */

# ccVmApiBaseUrl is used to access the root of the OPC API

# ccVmApiVersion is the main version of the OPC API used by the lib

# ccVmApiMaxWait is the max time (in seconds) the function will wait for a response from the api.

# The function ccVmGetNumOfPublicKeys will return the number of public keys
 function ccVmGetNumOfPublicKeys {
    ccVmNumOfPublicKeys="$(curl -m $ccVmApiMaxWait -f -s $ccVmApiBaseUrl$ccVmApiVersion/meta-data/public-keys/)"

    if [ "$curlStatus" -eq 0 ]; then
      echo $ccVMNumOfPublicKeys | wc -l
        echo "ERROR"

# The function ccVmGetPublicKeyType will return the public key type
 function ccVmGetPublicKeyType {
    ccVmPublicKeyType="$(curl -m $ccVmApiMaxWait -f -s $ccVmApiBaseUrl$ccVmApiVersion/meta-data/public-keys/$1)"

    if [ "$curlStatus" -eq 0 ]; then
      echo $ccVmPublicKeyType
        echo "ERROR"

# The function ccVmGetPublicSshKey will return the public key
 function ccVmGetPublicSshKey {
    ccVmPublicSshKey="$(curl -m $ccVmApiMaxWait -f -s $ccVmApiBaseUrl$ccVmApiVersion/meta-data/public-keys/$1/openssh-key)"

    if [ "$curlStatus" -eq 0 ]; then
      echo $ccVmPublicSshKey
        echo "ERROR"

 function runMain {
    # Get the number of keys available from the API. For this we will use the ccVmGetNumOfPublicKeys
    # function. 


    # Loop through the number of keys found, check the type of the key and if the key type is correct
    # we will use it to add to the account so it can be used as a trusted key. The key type we are
    # looking for in this case is the openssh-key type to be used.

    while [ $i -lt $mainNumberOfKeys ]
       pubKey="$(ccVmGetPublicKeyType $i)"
       if [ $pubKey = "openssh-key" ]
         ccVmGetPublicSshKey $i


The example shown above will provide you a list of public keys which are provided during the creation of the instance. It will execute the runMain function which in turn will call a number of other functions defined in the code.

The main reason for the function based program is that if you want to adopt this in a more complex scripting solution you do want to ensure you can make this a modular code instead of a monolithic script.

Please do check the latest version of the script at github, the above example code will not be maintained within this blogpost and all changes will be done on github. Meaning, bugfixes and improvements will not show above. 

No comments: