git://git.onelab.eu / nodemanager.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
blind and brutal 2to3
[nodemanager.git] / plugins / specialaccounts.py
diff --git a/plugins/specialaccounts.py b/plugins/specialaccounts.py
index 5debf95..ff984e6 100644 (file)
--- a/plugins/specialaccounts.py
+++ b/plugins/specialaccounts.py
@@ -1,9 +1,11 @@
 #!/usr/bin/python -tt
 # vim:set ts=4 sw=4 expandtab:
+#
+#
 # NodeManager plugin to create special accounts
 
 """
-Have NM create/populate accounts/ssh keys for special persons such as root, site_admin, etc.
+create/populate accounts/ssh keys for special persons such as root, site_admin, etc.
 
 """
 
@@ -18,15 +20,23 @@ import pwd
 import logger
 import tools
 
-def start(options, conf):
-    logger.log("personkeys plugin starting up...")
+# right after conf_files
+priority = 3
+
+def start():
+    logger.log("specialaccounts: plugin starting up...")
+
+def GetSlivers(data, conf = None, plc = None):
+    if 'accounts' not in data:
+        logger.log_missing_data("specialaccounts.GetSlivers", 'accounts')
+        return
 
-def GetSlivers(plc, data, conf):
-    if 'accounts' not in data: return
     for account in data['accounts']:
         name = account['name']
         new_keys = account['keys']
 
+        logger.log('specialaccounts: dealing with account %s'%name)
+
         # look up account name, which must exist
         pw_info = pwd.getpwnam(name)
         uid = pw_info[2]
@@ -34,25 +44,21 @@ def GetSlivers(plc, data, conf):
         pw_dir = pw_info[5]
 
         # populate account's .ssh/authorized_keys file
-        dot_ssh = os.path.join(pw_dir,'.ssh')
+        dot_ssh = os.path.join(pw_dir, '.ssh')
         if not os.access(dot_ssh, os.F_OK): os.mkdir(dot_ssh)
-        auth_keys = os.path.join(dot_ssh,'authorized_keys')
-        logger.log("new keys = %s" % auth_keys)
-        fd, fname = tempfile.mkstemp('','authorized_keys',dot_ssh)
-
-    for key in new_keys:
-            os.write(fd,key)
-            os.write(fd,'\n')
-
-        os.close(fd)
-        if os.path.exists(auth_keys):
-            os.unlink(auth_keys)
-        os.rename(fname,auth_keys)
-
-        # set permissions properly
-        os.chmod(dot_ssh, 0700)
-        os.chown(dot_ssh, uid,gid)
-        os.chmod(auth_keys, 0600)
-        os.chown(auth_keys, uid,gid)
-
-        logger.log('specialacounts: installed ssh keys for %s' % name)
+        auth_keys = os.path.join(dot_ssh, 'authorized_keys')
+
+        # catenate all keys in string, add newlines just in case (looks like keys already have this, but)
+        auth_keys_contents = '\n'.join(new_keys)+'\n'
+
+        changes = tools.replace_file_with_string(auth_keys, auth_keys_contents)
+        if changes:
+            logger.log("specialaccounts: keys file changed: %s" % auth_keys)
+
+        # always set permissions properly
+        os.chmod(dot_ssh, 0o700)
+        os.chown(dot_ssh, uid, gid)
+        os.chmod(auth_keys, 0o600)
+        os.chown(auth_keys, uid, gid)
+
+        logger.log('specialaccounts: installed ssh keys for %s' % name)
nodemanager