From: Baris Metin Date: Thu, 17 Jun 2010 16:48:36 +0000 (+0200) Subject: Merge branch 'master' of git.onelab.eu:/git/infrastructure X-Git-Tag: foo~110 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=b1b080f53e1d319214aa62a996ff9706a7ca7d97;hp=a88407b43212fc319e5a1b87cdfbec5340ac52b6;p=infrastructure.git Merge branch 'master' of git.onelab.eu:/git/infrastructure --- diff --git a/omf/export-omf.py b/omf/export-omf.py index d470471..21db926 100755 --- a/omf/export-omf.py +++ b/omf/export-omf.py @@ -1,4 +1,4 @@ -#!/usr/bin/plcsh +#!/usr/bin/python /usr/bin/plcsh # utility to store, read and diff our user base data for exporting to OMF @@ -20,8 +20,7 @@ def getPersons(filter={}): class OmfUserBase: - def __init__ (self, options, filename): - self.filename=filename + def __init__ (self, options): self.options=options @@ -44,12 +43,15 @@ class OmfUserBase: for key_id in person['key_ids']: print >>file, "ssh=%s"%pubkeys_by_id[key_id] - def save(self): + def save(self, output): """ Write configuration store to file. """ - - fileout = open(self.filename, 'w') + + if output: + fileout = open(output, 'w') + else: + fileout=sys.stdout print >>fileout, "# myplc simple userbase extration tools export-omf.py" print >>fileout, "# generated on %s"%time.strftime("%Y-%m-%d @ %H:%M UTC",time.gmtime()) # store all ssh keys by key_id - keep only the public key @@ -65,18 +67,22 @@ class OmfUserBase: def main (): - parser = OptionParser (usage="%prog [options] OUTPUT_FILE") + parser = OptionParser (usage="""%prog [options] +Default output is on stdout""") parser.add_option ("-n","--no-password", action="store_true", dest="no_password", default=False, help="Don't include encrypted passwords") + parser.add_option ("-o","--output", action="store", + dest="output", default=None, help="Specify output filename") options,args = parser.parse_args() - try: - output = args[0] - except IndexError: - parser.error("no output file") + if len(args)!=0: + parser.print_help() + sys.exit(1) + + userbase=OmfUserBase(options) + userbase.save(options.output) - userbase=OmfUserBase(options, output) - userbase.save() + if __name__ == '__main__': main() diff --git a/omf/export-omf.sh b/omf/export-omf.sh index 87bf944..25362d5 100755 --- a/omf/export-omf.sh +++ b/omf/export-omf.sh @@ -1,5 +1,13 @@ #!/bin/bash -# to be run on {www,boot}.planet-lab.eu where the CERTH key was imported +# +# to be run on www.planet-lab.eu where the CERTH key was imported +# triggered by /etc/cron.d/export-nitos.cron +# +# (*) initialized gpg with the gpg rings found in /etc/planetlab +# ple-www.pl.sophia.inria.fr ~ # ls -ld .gnupg .gnupg/*ring.gpg +# drwx------ 2 root root 4096 Jun 17 16:11 .gnupg +# -rw------- 1 root root 28357 Jun 17 16:11 .gnupg/pubring.gpg +# -rw------- 1 root root 47028 Jun 16 16:43 .gnupg/secring.gpg# # # (*) used NITOS indications to locate armored key # http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4646985724FAFE07 @@ -9,20 +17,49 @@ # (*) gpg --import /etc/planetlab/Nitlab.key # # (*) signed the snipped version and published it to NITOS -# upon reception of their acknowledgement we can sign the key -# (which hopefully will remove the need for typing 'y' hehe) +# +#################### +# (*) upon reception of their acknowledgement, which establishes trust +# sign and trust the key: +# [boot-planet-lab-eu] ~/.gnupg # gpg --edit-key CERTH +# gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc. +# +# +# +# Command> sign +# +# +# +# Really sign? (y/N) y +# +# Command> trust +# +# +# +# 1 = I don't know or won't say +# 2 = I do NOT trust +# 3 = I trust marginally +# 4 = I trust fully +# 5 = I trust ultimately +# m = back to the main menu +# +# Your decision? 5 +# Do you really want to set this key to ultimate trust? (y/N) y +# +# +# +# Command> q +# Save changes? (y/N) y +# [boot-planet-lab-eu] ~/.gnupg # + DIRNAME=$(dirname $0) cd $DIRNAME -# refresh EXPORT and EXPORT.snip with the python script - -plcsh ./export-omf.py -- -n EXPORT.snip -plcsh ./export-omf.py -- EXPORT - -yes | gpg -r CERTH -e < EXPORT.snip > EXPORT.snip.nitlab -yes | gpg -r CERTH -e < EXPORT > EXPORT.nitlab +# refresh the gpg encrypted version of the export file +mv -f EXPORT.nitlab.gpg EXPORT.nitlab.gpg.bak +plcsh ./export-omf.py | gpg -r CERTH -e --output EXPORT.nitlab.gpg # publish under /var/www/html/download/EXPORT.nitlab -# or whatever the name is +cp EXPORT.nitlab.gpg /var/www/html/download/EXPORT.nitlab.gpg