plugins/specialaccounts.py

   1 #!/usr/bin/python -tt
   2 # vim:set ts=4 sw=4 expandtab:
   3 #
   4 # $Id$
   5 # $URL$
   6 #
   7 # NodeManager plugin to create special accounts
   8
   9 """
  10 Have NM create/populate accounts/ssh keys for special persons such as root, site_admin, etc.
  11
  12 """
  13
  14 import errno
  15 import os
  16 import random
  17 import string
  18 import tempfile
  19 import grp
  20 import pwd
  21
  22 import logger
  23 import tools
  24
  25 def start(options, conf):
  26     logger.log("personkeys: plugin starting up...")
  27
  28 def GetSlivers(data, conf = None, plc = None):
  29     if 'accounts' not in data:
  30         logger.log_missing_data("specialaccounts.GetSlivers",'accounts')
  31         return
  32
  33     for account in data['accounts']:
  34         name = account['name']
  35         new_keys = account['keys']
  36
  37         # look up account name, which must exist
  38         pw_info = pwd.getpwnam(name)
  39         uid = pw_info[2]
  40         gid = pw_info[3]
  41         pw_dir = pw_info[5]
  42
  43         # populate account's .ssh/authorized_keys file
  44         dot_ssh = os.path.join(pw_dir,'.ssh')
  45         if not os.access(dot_ssh, os.F_OK): os.mkdir(dot_ssh)
  46         auth_keys = os.path.join(dot_ssh,'authorized_keys')
  47
  48         logger.log("specialaccounts: new keys = %s" % auth_keys)
  49         fd, fname = tempfile.mkstemp('','authorized_keys',dot_ssh)
  50
  51         for key in new_keys:
  52             os.write(fd,key)
  53             os.write(fd,'\n')
  54
  55         os.close(fd)
  56         if os.path.exists(auth_keys): os.unlink(auth_keys)
  57         os.rename(fname, auth_keys)
  58
  59         # set permissions properly
  60         os.chmod(dot_ssh, 0700)
  61         os.chown(dot_ssh, uid,gid)
  62         os.chmod(auth_keys, 0600)
  63         os.chown(auth_keys, uid,gid)
  64
  65         logger.log('specialacounts: installed ssh keys for %s' % name)