Merge branch 'andrew/collapse-duplicated-code' into 'master'

Chore(NODE-1340): Consolidate setup-ssh-account-keys

After consolidation, SSH successful on HostOS and GuestOS! 

See merge request dfinity-lab/public/ic!19442

ic-os/rootfs/guestos.bzl

@@ -126,7 +126,7 @@ rootfs_files = {
     Label("ssh/provision-ssh-keys.sh"): "/opt/ic/bin/provision-ssh-keys.sh",
     Label("ssh/setup-ssh-keys/setup-ssh-keys.sh"): "/opt/ic/bin/setup-ssh-keys.sh",
     Label("ssh/setup-ssh-keys/setup-ssh-keys.service"): "/etc/systemd/system/setup-ssh-keys.service",
-    Label("ssh/setup-ssh-account-keys/guestos/setup-ssh-account-keys.sh"): "/opt/ic/bin/setup-ssh-account-keys.sh",
+    Label("ssh/setup-ssh-account-keys/setup-ssh-account-keys.sh"): "/opt/ic/bin/setup-ssh-account-keys.sh",
     Label("ssh/setup-ssh-account-keys/setup-ssh-account-keys.service"): "/etc/systemd/system/setup-ssh-account-keys.service",
     Label("ssh/read-ssh-keys.sh"): "/opt/ic/bin/read-ssh-keys.sh",
 

ic-os/rootfs/hostos.bzl

@@ -74,8 +74,8 @@ rootfs_files = {
     # ssh
     Label("ssh/setup-ssh-keys/setup-ssh-keys.sh"): "/opt/ic/bin/setup-ssh-keys.sh",
     Label("ssh/setup-ssh-keys/setup-ssh-keys.service"): "/etc/systemd/system/setup-ssh-keys.service",
-    Label("ssh/setup-ssh-account-keys/hostos/setup-ssh-account-keys.sh"): "/opt/ic/bin/setup-ssh-account-keys.sh",
-    Label("ssh/setup-ssh-account-keys/hostos/setup-ssh-account-keys.service"): "/etc/systemd/system/setup-ssh-account-keys.service",
+    Label("ssh/setup-ssh-account-keys/setup-ssh-account-keys.sh"): "/opt/ic/bin/setup-ssh-account-keys.sh",
+    Label("ssh/setup-ssh-account-keys/setup-ssh-account-keys.service"): "/etc/systemd/system/setup-ssh-account-keys.service",
     Label("ssh/deploy-updated-ssh-account-keys/deploy-updated-ssh-account-keys.sh"): "/opt/ic/bin/deploy-updated-ssh-account-keys.sh",
     Label("ssh/deploy-updated-ssh-account-keys/deploy-updated-ssh-account-keys.service"): "/etc/systemd/system/deploy-updated-ssh-account-keys.service",
 

ic-os/rootfs/init/bootstrap-ic-node/boundary-guestos/bootstrap-ic-node.service

@@ -2,9 +2,11 @@
 Description=Bootstrap the IC node
 Requires=var-log.mount
 After=var-log.mount
+Before=setup-ssh-account-keys.service
 
 [Install]
 WantedBy=multi-user.target
+RequiredBy=setup-ssh-account-keys.service
 
 [Service]
 Type=oneshot

ic-os/rootfs/init/bootstrap-ic-node/guestos/bootstrap-ic-node.service

@@ -7,9 +7,11 @@ Requires=var-lib-ic-crypto.mount
 After=var-lib-ic-crypto.mount
 Requires=var-lib-ic-backup.mount
 After=var-lib-ic-backup.mount
+Before=setup-ssh-account-keys.service
 
 [Install]
 WantedBy=multi-user.target
+RequiredBy=setup-ssh-account-keys.service
 
 [Service]
 Type=oneshot

ic-os/rootfs/ssh/setup-ssh-account-keys/setup-ssh-account-keys.service

@@ -1,8 +1,7 @@
 [Unit]
 Description=Set up ssh account keys
-After=bootstrap-ic-node.service
-Requires=bootstrap-ic-node.service
 Before=ssh.service
+# bootstrap-ic-node.service (if it exists) lists this service as a reverse dependency
 
 [Install]
 WantedBy=multi-user.target

ic-os/rootfs/ssh/setup-ssh-account-keys/setup-ssh-account-keys.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -e
+
+copy_ssh_keys() {
+    local SOURCE_FILE="$1"
+    local DEST_FILE="$2"
+    if [ -e "${SOURCE_FILE}" ]; then
+        cp -L "${SOURCE_FILE}" "${DEST_FILE}"
+        chmod 600 "${DEST_FILE}"
+    fi
+}
+
+for ACCOUNT in backup readonly admin; do
+    HOMEDIR=$(getent passwd "${ACCOUNT}" | cut -d: -f6)
+    GROUP=$(id -ng "${ACCOUNT}")
+
+    mkdir -p "${HOMEDIR}/.ssh"
+    chmod 700 "${HOMEDIR}" "${HOMEDIR}/.ssh"
+
+    GUESTOS_AUTHORIZED_SSH_KEYS="/boot/config/accounts_ssh_authorized_keys/${ACCOUNT}"
+    HOSTOS_AUTHORIZED_SSH_KEYS="/boot/config/ssh_authorized_keys/${ACCOUNT}"
+    AUTHORIZED_KEYS_FILE="${HOMEDIR}/.ssh/authorized_keys"
+
+    copy_ssh_keys "${GUESTOS_AUTHORIZED_SSH_KEYS}" "${AUTHORIZED_KEYS_FILE}"
+    copy_ssh_keys "${HOSTOS_AUTHORIZED_SSH_KEYS}" "${AUTHORIZED_KEYS_FILE}"
+
+    chown -R "${ACCOUNT}:${GROUP}" "${HOMEDIR}"
+    restorecon -r "${HOMEDIR}"
+done