rancher/os
1
0
Fork 1
mirror of https://github.com/rancher/os.git synced 2025-06-23 13:37:03 +00:00
Code Issues Releases Wiki Activity

Rewrite update-ssh-keys in Go

Browse Source
This commit is contained in:
Josh Curl 2016-11-16 13:02:35 -08:00
parent 2b0638c95f
commit bba93792d5
No known key found for this signature in database
GPG Key ID: 82B504B9BCCFA677
4 changed files with 105 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
cmd/cloudinitexecute/authorize_ssh_keys.go
View File

@ -1,20 +1,110 @@
package cloudinitexecute package cloudinitexecute
import ( import (
"io/ioutil"
"os" "os"
"os/exec" "path"
"strconv"
"strings"
log "github.com/Sirupsen/logrus" log "github.com/Sirupsen/logrus"
"github.com/rancher/os/util"
) )
func authorizeSSHKeys(user string, authorizedKeys []string, name string) { var (
for _, authorizedKey := range authorizedKeys { sshDir = ".ssh"
cmd := exec.Command("update-ssh-keys", user, authorizedKey) authorizedKeysFile = path.Join(sshDir, "authorized_keys")
cmd.Stdout = os.Stdout )
cmd.Stderr = os.Stderr
err := cmd.Run() func authorizeSSHKeys(username string, authorizedKeys []string, name string) error {
var uid int
var gid int
var homeDir string
bytes, err := ioutil.ReadFile("/etc/passwd")
if err != nil { if err != nil {
log.WithFields(log.Fields{"err": err, "user": user, "auth_key": authorizedKey}).Error("Error updating SSH authorized_keys") return err
}
for _, line := range strings.Split(string(bytes), "\n") {
if strings.HasPrefix(line, username) {
split := strings.Split(line, ":")
if len(split) < 6 {
break
}
uid, err = strconv.Atoi(split[2])
if err != nil {
return err
}
gid, err = strconv.Atoi(split[3])
if err != nil {
return err
}
homeDir = split[5]
} }
} }
sshDir = path.Join(homeDir, sshDir)
authorizedKeysFile = path.Join(homeDir, authorizedKeysFile)
for _, authorizedKey := range authorizedKeys {
if err = authorizeSSHKey(authorizedKey, uid, gid, homeDir); err != nil {
log.Errorf("Failed to authorize SSH key %s: %v", authorizedKey, err)
}
}
return nil
}
func authorizeSSHKey(authorizedKey string, uid, gid int, homeDir string) error {
if _, err := os.Stat(sshDir); os.IsNotExist(err) {
if err = os.Mkdir(sshDir, 0700); err != nil {
return err
}
} else if err != nil {
return err
}
authorizedKeysFileInfo, err := os.Stat(authorizedKeysFile)
if os.IsNotExist(err) {
keysFile, err := os.Create(authorizedKeysFile)
if err != nil {
return err
}
if err = keysFile.Chmod(0600); err != nil {
return err
}
if err = keysFile.Close(); err != nil {
return err
}
authorizedKeysFileInfo, err = os.Stat(authorizedKeysFile)
if err != nil {
return err
}
} else if err != nil {
return err
}
bytes, err := ioutil.ReadFile(authorizedKeysFile)
if err != nil {
return err
}
if !strings.Contains(string(bytes), authorizedKey) {
bytes = append(bytes, []byte(authorizedKey)...)
bytes = append(bytes, '\n')
}
perm := authorizedKeysFileInfo.Mode().Perm()
if err = util.WriteFileAtomic(authorizedKeysFile, bytes, perm); err != nil {
return err
}
if err = os.Chown(sshDir, uid, gid); err != nil {
return err
}
if err = os.Chown(authorizedKeysFile, uid, gid); err != nil {
return err
}
return nil
} }

8
cmd/cloudinitexecute/cloudinitexecute.go
View File

@ -56,8 +56,12 @@ func Main() {
func ApplyConsole(cfg *rancherConfig.CloudConfig) { func ApplyConsole(cfg *rancherConfig.CloudConfig) {
if len(cfg.SSHAuthorizedKeys) > 0 { if len(cfg.SSHAuthorizedKeys) > 0 {
authorizeSSHKeys("rancher", cfg.SSHAuthorizedKeys, sshKeyName) if err := authorizeSSHKeys("rancher", cfg.SSHAuthorizedKeys, sshKeyName); err != nil {
authorizeSSHKeys("docker", cfg.SSHAuthorizedKeys, sshKeyName) log.Error(err)
}
if err := authorizeSSHKeys("docker", cfg.SSHAuthorizedKeys, sshKeyName); err != nil {
log.Error(err)
}
} }
WriteFiles(cfg, "console") WriteFiles(cfg, "console")

1
images/02-console/Dockerfile
View File

@ -1,5 +1,4 @@
FROM rancher/os-base FROM rancher/os-base
COPY update-ssh-keys /usr/sbin/
COPY build/lsb-release /etc/ COPY build/lsb-release /etc/
RUN sed -i 's/rancher:!/rancher:*/g' /etc/shadow && \ RUN sed -i 's/rancher:!/rancher:*/g' /etc/shadow && \
sed -i 's/docker:!/docker:*/g' /etc/shadow && \ sed -i 's/docker:!/docker:*/g' /etc/shadow && \

20
images/02-console/update-ssh-keys
View File

@ -1,20 +0,0 @@
#!/bin/bash
USERNAME=$1
HOME_DIR=$(grep ^$USERNAME /etc/passwd | cut -f6 -d:)
if [ ! -d $HOME_DIR/.ssh ]; then
mkdir -p $HOME_DIR/.ssh
chmod 0700 $HOME_DIR/.ssh
fi
if [ ! -e $HOME_DIR/.ssh/authorized_keys ]; then
touch $HOME_DIR/.ssh/authorized_keys
chmod 0600 $HOME_DIR/.ssh/authorized_keys
fi
if ! grep -q "$2" $HOME_DIR/.ssh/authorized_keys; then
echo "$2" >> $HOME_DIR/.ssh/authorized_keys
fi
chown -R $USERNAME $HOME_DIR/.ssh