bootstrap-vz/bootstrapvz/plugins/admin_user/tasks.py

from base import Task
from common import phases
from common.tasks.initd import InstallInitScripts
from common.tasks import apt
import os


class AddSudoPackage(Task):
	description = 'Adding `sudo\' to the image packages'
	phase = phases.preparation
	predecessors = [apt.AddDefaultSources]

	@classmethod
	def run(cls, info):
		info.packages.add('sudo')


class CreateAdminUser(Task):
	description = 'Creating the admin user'
	phase = phases.system_modification

	@classmethod
	def run(cls, info):
		from common.tools import log_check_call
		log_check_call(['chroot', info.root,
		                'useradd',
		                '--create-home', '--shell', '/bin/bash',
		                info.manifest.plugins['admin_user']['username']])


class PasswordlessSudo(Task):
	description = 'Allowing the admin user to use sudo without a password'
	phase = phases.system_modification

	@classmethod
	def run(cls, info):
		sudo_admin_path = os.path.join(info.root, 'etc/sudoers.d/99_admin')
		username = info.manifest.plugins['admin_user']['username']
		with open(sudo_admin_path, 'w') as sudo_admin:
			sudo_admin.write('{username} ALL=(ALL) NOPASSWD:ALL'.format(username=username))
		import stat
		ug_read_only = (stat.S_IRUSR | stat.S_IRGRP)
		os.chmod(sudo_admin_path, ug_read_only)


class AdminUserCredentials(Task):
	description = 'Modifying ec2-get-credentials to copy the ssh public key to the admin user'
	phase = phases.system_modification
	predecessors = [InstallInitScripts]

	@classmethod
	def run(cls, info):
		from common.tools import sed_i
		getcreds_path = os.path.join(info.root, 'etc/init.d/ec2-get-credentials')
		username = info.manifest.plugins['admin_user']['username']
		sed_i(getcreds_path, 'username=\'root\'', 'username=\'{username}\''.format(username=username))


class DisableRootLogin(Task):
	description = 'Disabling SSH login for root'
	phase = phases.system_modification

	@classmethod
	def run(cls, info):
		from subprocess import CalledProcessError
		from common.tools import log_check_call
		try:
			log_check_call(['chroot', info.root,
			                'dpkg-query', '-W', 'openssh-server'])
			from common.tools import sed_i
			sshdconfig_path = os.path.join(info.root, 'etc/ssh/sshd_config')
			sed_i(sshdconfig_path, 'PermitRootLogin yes', 'PermitRootLogin no')
		except CalledProcessError:
			import logging
			logging.getLogger(__name__).warn('The OpenSSH server has not been installed, '
			                                 'not disabling SSH root login.')
Implemented admin user task 2013-08-10 18:24:27 +02:00			`from base import Task`
			`from common import phases`
			`from common.tasks.initd import InstallInitScripts`
New task: AddDefaultSources 2013-12-29 18:11:48 +01:00			`from common.tasks import apt`
Implemented admin user task 2013-08-10 18:24:27 +02:00			`import os`


			`class AddSudoPackage(Task):`
``quoted'' -> `quoted' 2013-12-29 20:54:36 +01:00			description = 'Adding `sudo\' to the image packages'
Implemented admin user task 2013-08-10 18:24:27 +02:00			`phase = phases.preparation`
New task: AddDefaultSources 2013-12-29 18:11:48 +01:00			`predecessors = [apt.AddDefaultSources]`
Implemented admin user task 2013-08-10 18:24:27 +02:00
Don't instantiate tasks In practice they are just typed functions with attributes, having a reference to an object is just confusing. So: Task.run() is now a classmethod 2014-01-05 15:57:11 +01:00			`@classmethod`
			`def run(cls, info):`
Integrated package plugin with base system New phase introduced "package installation" (fixes #114) Apt source lines are now parsed, this allows to verify the target release of added packages. All packages (except locales) are now installed after bootstrapping (fixes #123) Added env argument to log_(check_)call HostDependencies have been refactored a little 2013-12-29 16:09:47 +01:00			`info.packages.add('sudo')`
Implemented admin user task 2013-08-10 18:24:27 +02:00

			`class CreateAdminUser(Task):`
			`description = 'Creating the admin user'`
			`phase = phases.system_modification`

Don't instantiate tasks In practice they are just typed functions with attributes, having a reference to an object is just confusing. So: Task.run() is now a classmethod 2014-01-05 15:57:11 +01:00			`@classmethod`
			`def run(cls, info):`
Implemented admin user task 2013-08-10 18:24:27 +02:00			`from common.tools import log_check_call`
Rely on $PATH to resolve commands. Fixes #12 2014-02-23 22:16:10 +01:00			`log_check_call(['chroot', info.root,`
			`'useradd',`
Correct mirror entry, turn on admin user; fix chroot call to create admin user (--shell and /bin/bash as two entries, not one argument). 2013-08-15 22:17:37 +00:00			`'--create-home', '--shell', '/bin/bash',`
Implemented admin user task 2013-08-10 18:24:27 +02:00			`info.manifest.plugins['admin_user']['username']])`


			`class PasswordlessSudo(Task):`
			`description = 'Allowing the admin user to use sudo without a password'`
			`phase = phases.system_modification`

Don't instantiate tasks In practice they are just typed functions with attributes, having a reference to an object is just confusing. So: Task.run() is now a classmethod 2014-01-05 15:57:11 +01:00			`@classmethod`
			`def run(cls, info):`
Implemented admin user task 2013-08-10 18:24:27 +02:00			`sudo_admin_path = os.path.join(info.root, 'etc/sudoers.d/99_admin')`
			`username = info.manifest.plugins['admin_user']['username']`
			`with open(sudo_admin_path, 'w') as sudo_admin:`
			`sudo_admin.write('{username} ALL=(ALL) NOPASSWD:ALL'.format(username=username))`
			`import stat`
			`ug_read_only = (stat.S_IRUSR \| stat.S_IRGRP)`
			`os.chmod(sudo_admin_path, ug_read_only)`


			`class AdminUserCredentials(Task):`
			`description = 'Modifying ec2-get-credentials to copy the ssh public key to the admin user'`
			`phase = phases.system_modification`
Fix #107. Rename before and after task properties `before' becomes `successors' and `after' becomes `predecessors' 2013-11-21 15:54:42 +01:00			`predecessors = [InstallInitScripts]`
Implemented admin user task 2013-08-10 18:24:27 +02:00
Don't instantiate tasks In practice they are just typed functions with attributes, having a reference to an object is just confusing. So: Task.run() is now a classmethod 2014-01-05 15:57:11 +01:00			`@classmethod`
			`def run(cls, info):`
Implemented admin user task 2013-08-10 18:24:27 +02:00			`from common.tools import sed_i`
			`getcreds_path = os.path.join(info.root, 'etc/init.d/ec2-get-credentials')`
			`username = info.manifest.plugins['admin_user']['username']`
			`sed_i(getcreds_path, 'username=\'root\'', 'username=\'{username}\''.format(username=username))`


			`class DisableRootLogin(Task):`
DisableRootLogin now runs after package install Also adjusted the wording of the description 2013-12-28 13:54:15 +01:00			`description = 'Disabling SSH login for root'`
Implemented admin user task 2013-08-10 18:24:27 +02:00			`phase = phases.system_modification`

Don't instantiate tasks In practice they are just typed functions with attributes, having a reference to an object is just confusing. So: Task.run() is now a classmethod 2014-01-05 15:57:11 +01:00			`@classmethod`
			`def run(cls, info):`
Make admin_user plugin more robust Don't fail if the ec2-get-credentials script is not installed Don't fail if SSH server is not installed 2013-12-15 19:24:41 +01:00			`from subprocess import CalledProcessError`
			`from common.tools import log_check_call`
			`try:`
Rely on $PATH to resolve commands. Fixes #12 2014-02-23 22:16:10 +01:00			`log_check_call(['chroot', info.root,`
			`'dpkg-query', '-W', 'openssh-server'])`
Make admin_user plugin more robust Don't fail if the ec2-get-credentials script is not installed Don't fail if SSH server is not installed 2013-12-15 19:24:41 +01:00			`from common.tools import sed_i`
			`sshdconfig_path = os.path.join(info.root, 'etc/ssh/sshd_config')`
			`sed_i(sshdconfig_path, 'PermitRootLogin yes', 'PermitRootLogin no')`
			`except CalledProcessError:`
			`import logging`
			`logging.getLogger(__name__).warn('The OpenSSH server has not been installed, '`
			`'not disabling SSH root login.')`