Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.package
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Douglas
slapos.package
Commits
e73b9990
Commit
e73b9990
authored
Aug 26, 2015
by
Alain Takoudjou
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
better manage authorized_keys file, don't overwrite the file
parent
4f5ebb98
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
60 additions
and
8 deletions
+60
-8
playbook/roles/vm-bootstrap/files/file_cmp
playbook/roles/vm-bootstrap/files/file_cmp
+28
-0
playbook/roles/vm-bootstrap/tasks/ssh.yml
playbook/roles/vm-bootstrap/tasks/ssh.yml
+32
-8
No files found.
playbook/roles/vm-bootstrap/files/file_cmp
0 → 100644
View file @
e73b9990
#!/usr/bin/python
import
os
import
sys
if
__name__
==
"__main__"
:
if
len
(
sys
.
argv
)
<
4
:
print
"Use: %s FILE1 FILE2 DEST_FILE"
%
sys
.
argv
[
0
]
exit
(
1
)
file1
=
sys
.
argv
[
1
]
file2
=
sys
.
argv
[
2
]
dest
=
sys
.
argv
[
3
]
lines
=
lines_cmp
=
[]
notfound
=
[]
with
open
(
file1
,
'r'
)
as
ff
:
lines
=
ff
.
readlines
()
with
open
(
file2
,
'r'
)
as
ff2
:
lines_cmp
=
ff2
.
read
()
for
line
in
lines
:
if
not
line
in
lines_cmp
:
notfound
.
append
(
line
)
with
open
(
dest
,
'w'
)
as
f
:
f
.
write
(
'
\
n
'
.
join
(
notfound
))
playbook/roles/vm-bootstrap/tasks/ssh.yml
View file @
e73b9990
...
...
@@ -6,19 +6,43 @@
file
:
path=/home/netadmin/.ssh state=directory mode=700 owner=netadmin group=netadmin
-
name
:
Download ssh authorized keys
get_url
:
url=http://10.0.2.100/authorized_keys dest=/
root/.ssh/authorized_keys.download mode=755
force=yes
get_url
:
url=http://10.0.2.100/authorized_keys dest=/
etc/opt/authorized_keys mode=644
force=yes
ignore_errors
:
True
-
name
:
stat /
root/.ssh/authorized_keys.download
stat
:
path=/
root/.ssh/authorized_keys.download
-
name
:
stat /
etc/opt/authorized_keys
stat
:
path=/
etc/opt/authorized_keys
register
:
authorized_keys
-
name
:
replace /root/.ssh/authorized_keys
copy
:
src=/root/.ssh/authorized_keys.download dest=/root/.ssh/authorized_keys mode=644 force=yes
-
name
:
stat /etc/opt/authorized_keys.old
stat
:
path=/etc/opt/authorized_keys.old
register
:
authorized_keys_old
-
name
:
get removed keys
script
:
file_cmp /etc/opt/authorized_keys.old /etc/opt/authorized_keys /etc/opt/authorized_keys_deleted
when
:
authorized_keys.stat.exists == True and authorized_keys_old.stat.exists == True
-
name
:
stat /etc/opt/authorized_keys_deleted
stat
:
path=/etc/opt/authorized_keys_deleted
register
:
authorized_keys_deleted
-
name
:
Remove deleted authorized_keys
authorized_key
:
user=netadmin key="{{ lookup('file', '/etc/opt/authorized_keys_deleted') }}" state=absent
when
:
authorized_keys_deleted.stat.exists == True
-
name
:
Remove deleted authorized_keys for root
authorized_key
:
user=root key="{{ lookup('file', '/etc/opt/authorized_keys_deleted') }}" state=absent
when
:
authorized_keys_deleted.stat.exists == True
-
name
:
save these authorized_keys
copy
:
src=/etc/opt/authorized_keys dest=/etc/opt/authorized_keys.old mode=644 force=yes
when
:
authorized_keys.stat.exists == True
-
name
:
Add netadmin authorized keys
authorized_key
:
user=netadmin key="{{ lookup('file', '/etc/opt/authorized_keys') }}"
when
:
authorized_keys.stat.exists == True
-
name
:
replace /home/netadmin/.ssh/authorized_
keys
copy
:
src=/root/.ssh/authorized_keys.download dest=/home/netadmin/.ssh/authorized_keys mode=644 owner=netadmin group=netadmin
-
name
:
Add root authorized
keys
authorized_key
:
user=root key="{{ lookup('file', '/etc/opt/authorized_keys') }}"
when
:
authorized_keys.stat.exists == True
-
name
:
update /etc/ssh/sshd_config
...
...
@@ -31,4 +55,4 @@
lineinfile
:
dest=/etc/ssh/sshd_config line="PermitRootLogin no"
notify
:
-
restart ssh
-
restart sshd
\ No newline at end of file
-
restart sshd
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment