Support mdata variable for /root/.ssh/authorized_keys file

[drscream]

This script creates a .ssh folder with minimal permissions, if the directory already exists the permissions will be changed to 700. If the mdata variable root_authorized_keys the authorized_keys is cleared and a header is added. I also fix the file permissions to be sure we're using the minimal permissions required for authorized_keys.

[dwlf]

I don't know the mechanism SmartDataCenter uses, but @drscream did you investigate if that was appropriate here? If it isn't appropriate, could you explain why?

If the approach already proposed here is preferred, would it make sense to use the same logic / code as https://github.com/joyent/smartos-vmtools/blob/master/src/linux/lib/smartdc/set-root-authorized-keys

[drscream]

I'm sorry I don't know how it works in SDC but I will try to find out. I only noticed that it isn't working if you're using the base or base64 mibe image on SmartOS without SDC.

The code you provided from the smartos-vmtools should work but mdata-get isn't in /lib/smartdc/ on a SmartOS zone. I also like the idea to update the /root/.ssh/authorized_keys file if it already exists which isn't possible by the smartos-vmtools version.

[bahamat]

SDC uses SmartLogin, a service that runs in the global zone and communicates with UFDS. SmartLogin authenticates users against keys stored in UFDS without using an authorized_keys file.

OS zones in SDC don't include the root_authorized_keys by default so in theory this change wouldn't affect SDC. Even still, I would feel more comfortable if the script explicitly checked the sdc:datacenter_name metadata value to ensure it's empty. Secondly, if we wanted to do this at all, it should also follow the convention used for KVM zones where overwrite_root_akeys must be set to OVERWRITE.