+ # get the special accounts and keys needed for the node
+ # root
+ # site_admin
+ accounts = []
+ if False and 'site_id' not in node:
+ nodes = Nodes(self.api, node['node_id'])
+ node = nodes[0]
+
+ def getpersonsitekeys(site_id_or_name,theroles):
+ site_filter = site_id_or_name
+ site_return_filter = ['person_ids']
+ sites = Sites(self.api, site_filter, site_return_filter)
+ site = sites[0]
+ person_filter = {'person_id':site['person_ids'],'enabled':True}
+ person_return_filter = ['person_id', 'enabled', 'key_ids','role_ids']
+ site_persons = Persons(self.api, person_filter, person_return_filter)
+
+ # XXX This snippet below maps role names to role_ids,
+ # which is really DUMB. Why can't one just pass 'roles'
+ # as a return_filter to Persons() above.
+ __roles = {}
+ dbroles = Roles(self.api)
+ for dbrole in dbroles:
+ __roles[dbrole['name']]=dbrole['role_id']
+ __theroles = []
+ for role in theroles:
+ __theroles.append(__roles[role])
+ theroles=__theroles
+
+ # collect the keys into a table to weed out duplicates
+ site_keys = {}
+ for site_person in site_persons:
+ if site_person['enabled'] is False: continue
+ more = True
+ for role in theroles:
+ if role in site_person['role_ids']:
+ keys_filter = site_person['key_ids']
+ keys_return_filter = ['key_id', 'key', 'key_type']
+ keys = Keys(self.api, keys_filter, keys_return_filter)
+ for key in keys:
+ if key['key_type'] == 'ssh':
+ site_keys[key['key']]=None
+ return site_keys.keys()
+
+ # 'site_admin' account setup
+ personsitekeys=getpersonsitekeys(node['site_id'],['pi','tech'])
+ accounts.append({'name':'site_admin','keys':personsitekeys})
+
+ # 'root' account setup on nodes from all 'admin' users
+ # registered with the PLC main site
+ personsitekeys=getpersonsitekeys(plc_config.PLC_SLICE_PREFIX,['admin'])
+ accounts.append({'name':'root','keys':personsitekeys})
+