Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make it possible to provision private ssh key as well #1

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Make it possible to provision private ssh key as well #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
5190cb0
Make sure the .ssh directory has sane permissions. Prepare for provis…
mvanbaak Sep 4, 2015
8b400ca
If the bucket also has a file {$email}.private provision this as {$us…
mvanbaak Sep 4, 2015
97ab475
update README with latest new feature
mvanbaak Sep 4, 2015
4549612
fix typo. Set correct permissions on the private keyfile otherwise ss…
mvanbaak Sep 4, 2015
97142b1
For some reason using only one "key" object confused the whole script…
mvanbaak Sep 4, 2015
aae5a9b
Merge remote-tracking branch 'upstream/master'
mvanbaak May 16, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ Launching an instance with the following as userdata will create users
}

This userdata points to the bucket keys.30mhz.com, and expects an object with the name `[email protected]`, for the key of the user `jasper`.
If the bucket has an object with the name `[email protected]` this file will be installed as a private ssh key for the user `jasper`.

NOTE: for ubuntu, change in the userdata: <"groups" : [ "wheel" ]> into <"groups" : [ "sudo" ]>
as Ubuntu has no wheel group!
Expand Down Expand Up @@ -89,5 +90,6 @@ User accounts on instances in most systems are only used for (administering) acc
* full name (comment)
* groups
* authorized keys
* private key (optional)

We put username, email, full name and groups in userdata. Authorized keys are stored in S3, in objects with the email as their key name.
We put username, email, full name and groups in userdata. Authorized and private keys are stored in S3, in objects with the email as their key name.
21 changes: 20 additions & 1 deletion users
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ if not ('security' in userdata and 'users' in userdata['security']):
s3 = boto.connect_s3()
keys = s3.get_bucket(userdata['security']['bucket'], validate=False)
key = boto.s3.key.Key(keys)
privatekey = boto.s3.key.Key(keys)

if "provision" == sys.argv[1]:
for username in userdata['security']['users']:
Expand All @@ -40,9 +41,17 @@ if "provision" == sys.argv[1]:
username))

key.key = user['email']
os.system("/bin/mkdir --mode=0755 -p /home/{0}/.ssh".format(username))
os.system("/bin/mkdir --mode=0700 -p /home/{0}/.ssh".format(username))
key.get_contents_to_filename(
"/home/{0}/.ssh/authorized_keys".format(username))
try:
privatekey.key = "{0}.private".format(user['email'])
privatekey.get_contents_to_filename(
"/home/{0}/.ssh/id_rsa".format(username))
os.system("chmod 600 /home/{0}/.ssh/id_rsa".format(username))
except:
sys.stdout.write(" {0} has no private key to provision".format(username))

os.system("chown -R {0}.{0} /home/{0}".format(username))
elif "remove" == sys.argv[1]:
for username in userdata['security']['users']:
Expand All @@ -65,6 +74,16 @@ elif "update" == sys.argv[1]:
except:
os.remove("/home/{0}/.ssh/authorized_keys".format(username))

try:
privatekey.key = "{0}.private".format(user['email'])
privatekey.exists()
privatekey.get_contents_to_filename(
"/home/{0}/.ssh/id_rsa".format(username))
os.system("chmod 600 /home/{0}/.ssh/id_rsa".format(username))
except:
# also remove
os.remove("/home/{0}/.ssh/id_rsa".format(username))

os.system("chown -R {0}.{0} /home/{0}".format(username))
else:
pass
Expand Down
20 changes: 19 additions & 1 deletion users_ubuntu
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ if not ('security' in userdata and 'users' in userdata['security']):
s3 = boto.connect_s3()
keys = s3.get_bucket(userdata['security']['bucket'], validate=False)
key = boto.s3.key.Key(keys)
privatekey = boto.s3.key.Key(keys)

if "provision" == sys.argv[1]:
for username in userdata['security']['users']:
Expand All @@ -44,9 +45,17 @@ if "provision" == sys.argv[1]:
os.system(command)

key.key = user['email']
os.system("/bin/mkdir --mode=0755 -p /home/{0}/.ssh".format(username))
os.system("/bin/mkdir --mode=0700 -p /home/{0}/.ssh".format(username))
key.get_contents_to_filename(
"/home/{0}/.ssh/authorized_keys".format(username))
try:
privatekey.key = "{0}.private".format(user['email'])
privatekey.get_contents_to_filename(
"/home/{0}/.ssh/id_rsa".format(username))
os.system("chmod 600 /home/{0}/.ssh/id_rsa".format(username))
except:
sys.stdout.write(" {0} has no private key to provision".format(username))

os.system("chown -R {0}.{0} /home/{0}".format(username))
elif "remove" == sys.argv[1]:
for username in userdata['security']['users']:
Expand All @@ -68,6 +77,15 @@ elif "update" == sys.argv[1]:
"/home/{0}/.ssh/authorized_keys".format(username))
except:
os.remove("/home/{0}/.ssh/authorized_keys".format(username))
try:
privatekey.key = "{0}.private".format(user['email'])
privatekey.exists()
privatekey.get_contents_to_filename(
"/home/{0}/.ssh/id_rsa".format(username))
os.system("chmod 600 /home/{0}/.ssh/id_rsa".format(username))
except:
# also remove
os.remove("/home/{0}/.ssh/id_rsa".format(username))

os.system("chown -R {0}.{0} /home/{0}".format(username))
else:
Expand Down