bootstrap-vz/bootstrapvz/plugins/admin_user/__init__.py



def validate_manifest(data, validator, error):
	import os.path
	schema_path = os.path.normpath(os.path.join(os.path.dirname(__file__), 'manifest-schema.yml'))
	validator(data, schema_path)
	if ('password' in data['plugins']['admin_user'] and 'pubkey' in data['plugins']['admin_user']):
		msg = 'passwd and pubkey are mutually exclusive.'
		error(msg, ['plugins', 'admin_user'])
	if 'pubkey' in data['plugins']['admin_user']:
		full_path = data['plugins']['admin_user']['pubkey']
		if not os.path.exists(full_path):
	    		msg = 'Could not find public key at %s' % full_path
	    		error(msg, ['plugins', 'admin_user'])


def resolve_tasks(taskset, manifest):
	import tasks
	from bootstrapvz.common.tasks import ssh

	from bootstrapvz.common.releases import jessie
	if manifest.release < jessie:
		taskset.update([ssh.DisableRootLogin])

	if 'password' in manifest.plugins['admin_user']:
		taskset.discard(ssh.DisableSSHPasswordAuthentication)
		taskset.add(tasks.AdminUserCredentialsPassword)
	else:
		if 'pubkey' in manifest.plugins['admin_user']:
			taskset.add(tasks.AdminUserCredentialsPublicKey)
		else:
			taskset.add(tasks.AdminUserCredentialsEc2)

	taskset.update([tasks.AddSudoPackage,
	                tasks.CreateAdminUser,
	                tasks.PasswordlessSudo,
	                ])
Plugin architecture working 2013-05-16 08:00:28 +02:00

Remove provider specific manifests Manifest and module loading has been refactored Provider modules now must implement validate_manifest like plugins do Simplified loading of manifests 2014-01-05 14:03:04 +01:00			`def validate_manifest(data, validator, error):`
[admin_user]: Update per comments As requested, this commit converts to tab indentation. Signed-off-by: Manoj Srivastava <srivasta@golden-gryphon.com> 2016-01-10 02:12:58 -08:00			`import os.path`
			`schema_path = os.path.normpath(os.path.join(os.path.dirname(__file__), 'manifest-schema.yml'))`
			`validator(data, schema_path)`
			`if ('password' in data['plugins']['admin_user'] and 'pubkey' in data['plugins']['admin_user']):`
			`msg = 'passwd and pubkey are mutually exclusive.'`
			`error(msg, ['plugins', 'admin_user'])`
[admin_user]: More cleanups. Remove uneeded tests. Signed-off-by: Manoj Srivastava <srivasta@golden-gryphon.com> 2016-02-06 02:15:52 -08:00			`if 'pubkey' in data['plugins']['admin_user']:`
			`full_path = data['plugins']['admin_user']['pubkey']`
			`if not os.path.exists(full_path):`
			`msg = 'Could not find public key at %s' % full_path`
			`error(msg, ['plugins', 'admin_user'])`
Reorder plugin init scripts Let validate_manifest() always be the first function 2013-12-01 23:56:17 +01:00

Simplify tasklist by passing a set to the modules 2014-01-05 15:13:09 +01:00			`def resolve_tasks(taskset, manifest):`
[admin_user]: Update per comments As requested, this commit converts to tab indentation. Signed-off-by: Manoj Srivastava <srivasta@golden-gryphon.com> 2016-01-10 02:12:58 -08:00			`import tasks`
			`from bootstrapvz.common.tasks import ssh`
Make admin_user plugin more robust Don't fail if the ec2-get-credentials script is not installed Don't fail if SSH server is not installed 2013-12-15 19:24:41 +01:00
[admin_user]: Update per comments As requested, this commit converts to tab indentation. Signed-off-by: Manoj Srivastava <srivasta@golden-gryphon.com> 2016-01-10 02:12:58 -08:00			`from bootstrapvz.common.releases import jessie`
			`if manifest.release < jessie:`
			`taskset.update([ssh.DisableRootLogin])`
Only disable root login on squeeze & wheezy (jessie has it disabled per default) 2015-04-29 08:40:48 +02:00
[admin_user]: Update per comments As requested, this commit converts to tab indentation. Signed-off-by: Manoj Srivastava <srivasta@golden-gryphon.com> 2016-01-10 02:12:58 -08:00			`if 'password' in manifest.plugins['admin_user']:`
			`taskset.discard(ssh.DisableSSHPasswordAuthentication)`
			`taskset.add(tasks.AdminUserCredentialsPassword)`
			`else:`
			`if 'pubkey' in manifest.plugins['admin_user']:`
			`taskset.add(tasks.AdminUserCredentialsPublicKey)`
			`else:`
			`taskset.add(tasks.AdminUserCredentialsEc2)`
[admin_user]: Added support for password and static pubkey auth This commit adds authentication optionally with passwords or static ssh pubkeys for the admin user. There are now three ways to grant access to the admin user: - Set a password for the user, or - Provide a ssh public key to allow remote ssh login, or - Use the EC2 public key (EC2 machines only) If a password is provided, this plugin sets the admin password. This also re-enables password login (off by default in Jessie). If the optional argument pubkey is present (it should be a full path to a ssh public key), it will ensure that the ssh public key is used to set up password less remote login for the admin user. Only one of these options (password, or pubkey) may be specified. If neither the password not a ssh public key location are specified, and if the EC2 init scripts are installed, the script for fetching the SSH authorized keys will be adjust to match the username specified. Fixes: https://github.com/andsens/bootstrap-vz/issues/248 Signed-off-by: Manoj Srivastava <srivasta@google.com> 2015-09-28 11:49:50 -07:00
[admin_user]: Update per comments As requested, this commit converts to tab indentation. Signed-off-by: Manoj Srivastava <srivasta@golden-gryphon.com> 2016-01-10 02:12:58 -08:00			`taskset.update([tasks.AddSudoPackage,`
			`tasks.CreateAdminUser,`
			`tasks.PasswordlessSudo,`
			`])`