git://git.onelab.eu
/
nodemanager.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
patch by Thomas Dreibholz - ovs-vsctl and not ovs-ovsctl
[nodemanager.git]
/
plugins
/
specialaccounts.py
diff --git
a/plugins/specialaccounts.py
b/plugins/specialaccounts.py
index
9396062
..
718d283
100644
(file)
--- a/
plugins/specialaccounts.py
+++ b/
plugins/specialaccounts.py
@@
-1,13
+1,11
@@
#!/usr/bin/python -tt
# vim:set ts=4 sw=4 expandtab:
#
#!/usr/bin/python -tt
# vim:set ts=4 sw=4 expandtab:
#
-# $Id$
-# $URL$
#
# NodeManager plugin to create special accounts
"""
#
# NodeManager plugin to create special accounts
"""
-
Have NM
create/populate accounts/ssh keys for special persons such as root, site_admin, etc.
+create/populate accounts/ssh keys for special persons such as root, site_admin, etc.
"""
"""
@@
-22,18
+20,23
@@
import pwd
import logger
import tools
import logger
import tools
-def start(options, conf):
- logger.log("personkeys plugin starting up...")
+# right after conf_files
+priority = 3
+
+def start():
+ logger.log("specialaccounts: plugin starting up...")
def GetSlivers(data, conf = None, plc = None):
def GetSlivers(data, conf = None, plc = None):
- if 'accounts' not in data:
- logger.log
("specialaccounts: No account information found. DISABLED!"
)
+ if 'accounts' not in data:
+ logger.log
_missing_data("specialaccounts.GetSlivers", 'accounts'
)
return
for account in data['accounts']:
name = account['name']
new_keys = account['keys']
return
for account in data['accounts']:
name = account['name']
new_keys = account['keys']
+ logger.log('specialaccounts: dealing with account %s'%name)
+
# look up account name, which must exist
pw_info = pwd.getpwnam(name)
uid = pw_info[2]
# look up account name, which must exist
pw_info = pwd.getpwnam(name)
uid = pw_info[2]
@@
-41,25
+44,21
@@
def GetSlivers(data, conf = None, plc = None):
pw_dir = pw_info[5]
# populate account's .ssh/authorized_keys file
pw_dir = pw_info[5]
# populate account's .ssh/authorized_keys file
- dot_ssh = os.path.join(pw_dir,'.ssh')
+ dot_ssh = os.path.join(pw_dir,
'.ssh')
if not os.access(dot_ssh, os.F_OK): os.mkdir(dot_ssh)
if not os.access(dot_ssh, os.F_OK): os.mkdir(dot_ssh)
- auth_keys = os.path.join(dot_ssh,'authorized_keys')
-
- logger.log("new keys = %s" % auth_keys)
- fd, fname = tempfile.mkstemp('','authorized_keys',dot_ssh)
+ auth_keys = os.path.join(dot_ssh, 'authorized_keys')
- for key in new_keys:
- os.write(fd,key)
- os.write(fd,'\n')
+ # catenate all keys in string, add newlines just in case (looks like keys already have this, but)
+ auth_keys_contents = '\n'.join(new_keys)+'\n'
-
os.close(fd
)
- if
os.path.exists(auth_keys): os.unlink(auth_keys)
-
os.rename(fname,
auth_keys)
+
changes = tools.replace_file_with_string(auth_keys, auth_keys_contents
)
+ if
changes:
+
logger.log("specialaccounts: keys file changed: %s" %
auth_keys)
- # set permissions properly
+ #
always
set permissions properly
os.chmod(dot_ssh, 0700)
os.chmod(dot_ssh, 0700)
- os.chown(dot_ssh, uid,gid)
+ os.chown(dot_ssh, uid,
gid)
os.chmod(auth_keys, 0600)
os.chmod(auth_keys, 0600)
- os.chown(auth_keys, uid,gid)
+ os.chown(auth_keys, uid,
gid)
- logger.log('specialacounts: installed ssh keys for %s' % name)
+ logger.log('specialac
c
ounts: installed ssh keys for %s' % name)