kevinheyer/bootstrap-vz
1
0
Fork 0
mirror of https://github.com/kevingruesser/bootstrap-vz.git synced 2025-08-22 18:00:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
bootstrap-vz/bootstrapvz/plugins/admin_user/__init__.py
Manoj Srivastava a56f20657b
[admin_user]: Added support for password and static pubkey auth 
This commit adds authentication optionally with passwords or static
ssh pubkeys for the admin user.

There are now three ways to grant access to the admin user:
-  Set a password for the user, or
-  Provide a ssh public key to allow remote ssh login, or
-  Use the EC2 public key (EC2 machines only)

If a password is provided, this plugin sets the admin password. This
also re-enables password login (off by default in Jessie).

If the optional argument pubkey is present (it should be a full path
to a ssh public key), it will ensure that the ssh public key is used
to set up password less remote login for the admin user.

Only one of these options (password, or pubkey) may be specified.

If neither the password not a ssh public key location are specified,
and if the EC2 init scripts are installed, the script for fetching the
SSH authorized keys will be adjust to match the username specified.

Fixes: https://github.com/andsens/bootstrap-vz/issues/248

Signed-off-by: Manoj Srivastava <srivasta@google.com>
2016-02-06 00:39:20 -08:00

36 lines
1.5 KiB
Python
Raw Blame History

def validate_manifest(data, validator, error):
import os.path
schema_path = os.path.normpath(os.path.join(os.path.dirname(__file__), 'manifest-schema.yml'))
validator(data, schema_path)
if ('password' in data['plugins']['admin_user'] and 'pubkey' in data['plugins']['admin_user']):
msg = 'passwd and pubkey are mutually exclusive.'
error(msg, ['plugins', 'admin_user'])
full_path = data['plugins']['admin_user']['pubkey']
if not os.path.exists(full_path):
msg = 'Could not find public key at %s' % full_path
error(msg, ['plugins', 'admin_user'])
def resolve_tasks(taskset, manifest):
import tasks
from bootstrapvz.common.tasks import ssh
from bootstrapvz.common.releases import jessie
if manifest.release < jessie:
taskset.update([ssh.DisableRootLogin])
if 'password' in manifest.plugins['admin_user']:
taskset.discard(ssh.DisableSSHPasswordAuthentication)
taskset.add(tasks.AdminUserCredentialsPassword)
else:
if 'pubkey' in manifest.plugins['admin_user']:
taskset.add(tasks.AdminUserCredentialsPublicKey)
else:
taskset.add(tasks.AdminUserCredentialsEc2)
taskset.update([tasks.AddSudoPackage,
tasks.CreateAdminUser,
tasks.PasswordlessSudo,
])
Reference in a new issue View git blame Copy permalink