-#!/usr/bin/plcsh
+#!/usr/bin/python /usr/bin/plcsh
# utility to store, read and diff our user base data for exporting to OMF
class OmfUserBase:
- def __init__ (self, options, filename):
- self.filename=filename
+ def __init__ (self, options):
self.options=options
for key_id in person['key_ids']:
print >>file, "ssh=%s"%pubkeys_by_id[key_id]
- def save(self):
+ def save(self, output):
"""
Write configuration store to file.
"""
-
- fileout = open(self.filename, 'w')
+
+ if output:
+ fileout = open(output, 'w')
+ else:
+ fileout=sys.stdout
print >>fileout, "# myplc simple userbase extration tools export-omf.py"
print >>fileout, "# generated on %s"%time.strftime("%Y-%m-%d @ %H:%M UTC",time.gmtime())
# store all ssh keys by key_id - keep only the public key
def main ():
- parser = OptionParser (usage="%prog [options] OUTPUT_FILE")
+ parser = OptionParser (usage="""%prog [options]
+Default output is on stdout""")
parser.add_option ("-n","--no-password", action="store_true",
dest="no_password", default=False, help="Don't include encrypted passwords")
+ parser.add_option ("-o","--output", action="store",
+ dest="output", default=None, help="Specify output filename")
options,args = parser.parse_args()
- try:
- output = args[0]
- except IndexError:
- parser.error("no output file")
+ if len(args)!=0:
+ parser.print_help()
+ sys.exit(1)
+
+ userbase=OmfUserBase(options)
+ userbase.save(options.output)
- userbase=OmfUserBase(options, output)
- userbase.save()
+
if __name__ == '__main__':
main()
#!/bin/bash
-# to be run on {www,boot}.planet-lab.eu where the CERTH key was imported
+#
+# to be run on www.planet-lab.eu where the CERTH key was imported
+# triggered by /etc/cron.d/export-nitos.cron
+#
+# (*) initialized gpg with the gpg rings found in /etc/planetlab
+# ple-www.pl.sophia.inria.fr ~ # ls -ld .gnupg .gnupg/*ring.gpg
+# drwx------ 2 root root 4096 Jun 17 16:11 .gnupg
+# -rw------- 1 root root 28357 Jun 17 16:11 .gnupg/pubring.gpg
+# -rw------- 1 root root 47028 Jun 16 16:43 .gnupg/secring.gpg#
#
# (*) used NITOS indications to locate armored key
# http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4646985724FAFE07
# (*) gpg --import /etc/planetlab/Nitlab.key
#
# (*) signed the snipped version and published it to NITOS
-# upon reception of their acknowledgement we can sign the key
-# (which hopefully will remove the need for typing 'y' hehe)
+#
+####################
+# (*) upon reception of their acknowledgement, which establishes trust
+# sign and trust the key:
+# [boot-planet-lab-eu] ~/.gnupg # gpg --edit-key CERTH
+# gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc.
+#
+# <snip>
+#
+# Command> sign
+#
+# <snip>
+#
+# Really sign? (y/N) y
+#
+# Command> trust
+#
+# <snip>
+#
+# 1 = I don't know or won't say
+# 2 = I do NOT trust
+# 3 = I trust marginally
+# 4 = I trust fully
+# 5 = I trust ultimately
+# m = back to the main menu
+#
+# Your decision? 5
+# Do you really want to set this key to ultimate trust? (y/N) y
+#
+# <snip>
+#
+# Command> q
+# Save changes? (y/N) y
+# [boot-planet-lab-eu] ~/.gnupg #
+
DIRNAME=$(dirname $0)
cd $DIRNAME
-# refresh EXPORT and EXPORT.snip with the python script
-
-plcsh ./export-omf.py -- -n EXPORT.snip
-plcsh ./export-omf.py -- EXPORT
-
-yes | gpg -r CERTH -e < EXPORT.snip > EXPORT.snip.nitlab
-yes | gpg -r CERTH -e < EXPORT > EXPORT.nitlab
+# refresh the gpg encrypted version of the export file
+mv -f EXPORT.nitlab.gpg EXPORT.nitlab.gpg.bak
+plcsh ./export-omf.py | gpg -r CERTH -e --output EXPORT.nitlab.gpg
# publish under /var/www/html/download/EXPORT.nitlab
-# or whatever the name is
+cp EXPORT.nitlab.gpg /var/www/html/download/EXPORT.nitlab.gpg