Add pubkey setup for datacenter nodes (#5514)

net/README.md

@@ -81,8 +81,9 @@ $ ./net.sh start -f "cuda"
 
 ### How to interact with a CD testnet deployed by ci/testnet-deploy.sh
 
-**AWS-Specific Extra Setup**: Follow the steps in `scripts/add-solana-user-authorized_keys.sh`,
-then redeploy the testnet before continuing in this section.
+**AWS-Specific Extra Setup**: Follow the steps in
+`scripts/solana-user-authorized_keys.sh`, then redeploy the testnet
+before continuing in this section.
 
 Taking **master-testnet-solana-com** as an example, configure your workspace for
 the testnet using:

net/gce.sh

@@ -630,7 +630,7 @@ $(
   cat \
     disable-background-upgrades.sh \
     create-solana-user.sh \
-    add-solana-user-authorized_keys.sh \
+    add-testnet-solana-user-authorized_keys.sh \
     install-certbot.sh \
     install-earlyoom.sh \
     install-libssl-compatability.sh \

net/scripts/add-datacenter-solana-user-authorized_keys.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -ex
+
+[[ $(uname) = Linux ]] || exit 1
+[[ $USER = root ]] || exit 1
+
+[[ -d /home/solana/.ssh ]] || mkdir -p /home/solana/.ssh
+
+cd "$(dirname "$0")"
+
+# shellcheck source=net/scripts/solana-user-authorized_keys.sh
+source solana-user-authorized_keys.sh
+
+# solana-user-authorized_keys.sh defines the public keys for users that should
+# automatically be granted access to ALL datacenter nodes.
+for i in "${!SOLANA_USERS[@]}"; do
+  echo "environment=\"SOLANA_USER=${SOLANA_USERS[i]}\" ${SOLANA_PUBKEYS[i]}" >> /solana-authorized_keys
+done
+
+sudo -u solana mv /solana-authorized_keys /home/solana/.ssh/authorized_keys

net/scripts/add-solana-user-authorized_keys.sh

@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-set -ex
-
-[[ $(uname) = Linux ]] || exit 1
-[[ $USER = root ]] || exit 1
-
-[[ -d /home/solana/.ssh ]] || exit 1
-
-# /solana-authorized_keys contains the public keys for users that should
-# automatically be granted access to ALL testnets.
-#
-# To add an entry into this list:
-# 1. Run: ssh-keygen -t ecdsa -N '' -f ~/.ssh/id-solana-testnet
-# 2. Inline ~/.ssh/id-solana-testnet.pub below
-cat > /solana-authorized_keys <<EOF
-ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFBNwLw0i+rI312gWshojFlNw9NV7WfaKeeUsYADqOvM2o4yrO2pPw+sgW8W+/rPpVyH7zU9WVRgTME8NgFV1Vc=
-ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGqZAwAZeBl0buOMz4FpUYrtpwk1L5aGKlbd7lI8dpbSx5WVRPWCVKhWzsGMtDUIfmozdzJouk1LPyihghTDgsE=
-ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOk4jgcX/VWSk3j//wXeIynSQjsOt+AjYXM/XZUMa7R1Q8lfIJGK/qHLBP86CMXdpyEKJ5i37QLYOL+0VuRy0CI=
-ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEB6YLY4oCfm0e1qPswbzryw0hQEMiVDcUxOwT4bdBbui/ysKGQlVY8bO6vET1Te8EYHz5W4RuPfETbcHmw6dr4=
-EOF
-
-sudo -u solana bash -c "
-  cat /solana-authorized_keys >> /home/solana/.ssh/authorized_keys
-"

net/scripts/add-testnet-solana-user-authorized_keys.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+set -ex
+
+[[ $(uname) = Linux ]] || exit 1
+[[ $USER = root ]] || exit 1
+
+[[ -d /home/solana/.ssh ]] || exit 1
+
+cd "$(dirname "$0")"
+
+# shellcheck source=net/scripts/solana-user-authorized_keys.sh
+source solana-user-authorized_keys.sh
+
+# solana-user-authorized_keys.sh defines the public keys for users that should
+# automatically be granted access to ALL testnets.
+for key in "${SOLANA_PUBKEYS[@]}"; do
+  echo "$key" >> /solana-authorized_keys
+done
+
+sudo -u solana bash -c "
+  cat /solana-authorized_keys >> /home/solana/.ssh/authorized_keys
+"

net/scripts/solana-user-authorized_keys.sh

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+# Contains the public keys for users that should automatically be granted access
+# to ALL testnets and datacenter nodes.
+#
+# To add an entry into this list:
+# 1. Run: ssh-keygen -t ecdsa -N '' -f ~/.ssh/id-solana-testnet
+# 2. Add an entry to SOLANA_USERS with your username
+# 3. Add an entry to SOLANA_PUBKEYS with the contents of ~/.ssh/id-solana-testnet.pub
+#
+# If you need multiple keys with your username, repeatedly add your username to SOLANA_USERS, once per key
+
+SOLANA_USERS=()
+SOLANA_PUBKEYS=()
+
+SOLANA_USERS+=('mvines')
+SOLANA_PUBKEYS+=('ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFBNwLw0i+rI312gWshojFlNw9NV7WfaKeeUsYADqOvM2o4yrO2pPw+sgW8W+/rPpVyH7zU9WVRgTME8NgFV1Vc=')
+
+SOLANA_USERS+=('sathish')
+SOLANA_PUBKEYS+=('ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGqZAwAZeBl0buOMz4FpUYrtpwk1L5aGKlbd7lI8dpbSx5WVRPWCVKhWzsGMtDUIfmozdzJouk1LPyihghTDgsE=')
+
+SOLANA_USERS+=('carl')
+SOLANA_PUBKEYS+=('ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOk4jgcX/VWSk3j//wXeIynSQjsOt+AjYXM/XZUMa7R1Q8lfIJGK/qHLBP86CMXdpyEKJ5i37QLYOL+0VuRy0CI=')
+
+SOLANA_USERS+=('jack')
+SOLANA_PUBKEYS+=('ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEB6YLY4oCfm0e1qPswbzryw0hQEMiVDcUxOwT4bdBbui/ysKGQlVY8bO6vET1Te8EYHz5W4RuPfETbcHmw6dr4=')
+
+SOLANA_USERS+=('trent')
+SOLANA_PUBKEYS+=('ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZC/APgZTM1Y/EfNnCHr+BQN+SN4KWfpyGkwMg+nXdC trent@fry')
+
+SOLANA_USERS+=('tristan')
+SOLANA_PUBKEYS+=('ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9VNoG7BLPNbyr4YLf3M2LfQycvFclvi/giXvTpLp0b tristan@TristanSolanaMacBook.local')
+
+SOLANA_USERS+=('dan')
+SOLANA_PUBKEYS+=('ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKMl07qHaMCmnvRKBCmahbBAR6GTWkR5BVe8jdzDJ7xzjXLZlf1aqfaOjt5Cu2VxvW7lUtpJQGLJJiMnWuD4Zmc= dan@Dans-MBP.local')
+
+SOLANA_USERS+=('greg')
+SOLANA_PUBKEYS+=('ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3eu2c7DZS+FE3MZmtU+nv1nn9RqW0lno0gyKpGtxT7 greg@solana.com')
+
+SOLANA_USERS+=('tyera')
+SOLANA_PUBKEYS+=('ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDSWMrqTMsML19cDKmxhfwkDfMWwpcVSYJ49cYkZYpZfTvFjV/Wdbpklo0+fp98i5AzfNYnvl0oxVpFg8A8dpYk=')