diff --git a/plugins/admin_user/__init__.py b/plugins/admin_user/__init__.py index 49725d6..8c396c9 100644 --- a/plugins/admin_user/__init__.py +++ b/plugins/admin_user/__init__.py @@ -1,5 +1,15 @@ def tasks(tasklist, manifest): - from adminuser import AddSudoPackage - tasklist.add(AddSudoPackage()) + import tasks + tasklist.add(tasks.AddSudoPackage()) + tasklist.add(tasks.CreateAdminUser()) + tasklist.add(tasks.PasswordlessSudo()) + tasklist.add(tasks.AdminUserCredentials()) + tasklist.add(tasks.DisableRootLogin()) + + +def validate_manifest(data, schema_validate): + from os import path + schema_path = path.normpath(path.join(path.dirname(__file__), 'manifest-schema.json')) + schema_validate(data, schema_path) diff --git a/plugins/admin_user/adminuser.py b/plugins/admin_user/adminuser.py deleted file mode 100644 index e21db40..0000000 --- a/plugins/admin_user/adminuser.py +++ /dev/null @@ -1,14 +0,0 @@ -from base import Task -from common import phases -from providers.ec2.tasks.packages import ImagePackages -from providers.ec2.tasks.host import CheckPackages - - -class AddSudoPackage(Task): - description = 'Adding ``sudo\'\' to the image packages' - phase = phases.preparation - after = [ImagePackages] - before = [CheckPackages] - - def run(self, info): - info.img_packages[0].add('sudo') diff --git a/plugins/admin_user/manifest-schema.json b/plugins/admin_user/manifest-schema.json new file mode 100644 index 0000000..422877f --- /dev/null +++ b/plugins/admin_user/manifest-schema.json @@ -0,0 +1,23 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Admin user plugin manifest", + "type": "object", + "properties": { + "plugins": { + "type": "object", + "properties": { + "admin_user": { + "type": "object", + "properties": { + "username": { + "type": "string" + } + }, + "required": ["username"] + } + }, + "required": ["admin_user"] + } + }, + "required": ["plugins"] +} diff --git a/plugins/admin_user/tasks.py b/plugins/admin_user/tasks.py new file mode 100644 index 0000000..96df75b --- /dev/null +++ b/plugins/admin_user/tasks.py @@ -0,0 +1,64 @@ +from base import Task +from common import phases +from providers.ec2.tasks.packages import ImagePackages +from common.tasks.host import CheckPackages +from common.tasks.initd import InstallInitScripts +import os + + +class AddSudoPackage(Task): + description = 'Adding ``sudo\'\' to the image packages' + phase = phases.preparation + after = [ImagePackages] + before = [CheckPackages] + + def run(self, info): + info.img_packages[0].add('sudo') + + +class CreateAdminUser(Task): + description = 'Creating the admin user' + phase = phases.system_modification + + def run(self, info): + from common.tools import log_check_call + log_check_call(['/usr/sbin/chroot', info.root, + '/usr/sbin/useradd', + '--create-home', '--shell /bin/bash', + info.manifest.plugins['admin_user']['username']]) + + +class PasswordlessSudo(Task): + description = 'Allowing the admin user to use sudo without a password' + phase = phases.system_modification + + def run(self, info): + sudo_admin_path = os.path.join(info.root, 'etc/sudoers.d/99_admin') + username = info.manifest.plugins['admin_user']['username'] + with open(sudo_admin_path, 'w') as sudo_admin: + sudo_admin.write('{username} ALL=(ALL) NOPASSWD:ALL'.format(username=username)) + import stat + ug_read_only = (stat.S_IRUSR | stat.S_IRGRP) + os.chmod(sudo_admin_path, ug_read_only) + + +class AdminUserCredentials(Task): + description = 'Modifying ec2-get-credentials to copy the ssh public key to the admin user' + phase = phases.system_modification + after = [InstallInitScripts] + + def run(self, info): + from common.tools import sed_i + getcreds_path = os.path.join(info.root, 'etc/init.d/ec2-get-credentials') + username = info.manifest.plugins['admin_user']['username'] + sed_i(getcreds_path, 'username=\'root\'', 'username=\'{username}\''.format(username=username)) + + +class DisableRootLogin(Task): + description = 'Disable SSH login for root' + phase = phases.system_modification + + def run(self, info): + from common.tools import sed_i + sshdconfig_path = os.path.join(info.root, 'etc/ssh/sshd_config') + sed_i(sshdconfig_path, 'PermitRootLogin yes', 'PermitRootLogin no')