arvados-login-sync 0.1.20150826190127
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/bin/arvados-login-sync +111 -0
- metadata +66 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: d5ca2a17e2809f01578a17f24bfbb2204eecf651
|
|
4
|
+
data.tar.gz: 7433cbefa9070c125bec912f0128888b9e2dfe7f
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 642f83b3c06d635180e3f5e65cfaa20f074b3f4c82e3e42bc8dd9d5903caa507f151faf6c6a008d9647fc1b5ecc37aca9dcf6c43c47420c27a7ca9e7f12ae926
|
|
7
|
+
data.tar.gz: dd3182d606d642cd1cab5c19ca2c38f30024418e0eaa05fd7a4b7afca2d4657032269e4c75b974269863d5e6be2253cf1daacd4c66ed923ec96cb4baa5139e71
|
|
@@ -0,0 +1,111 @@
|
|
|
1
|
+
#!/usr/bin/env ruby
|
|
2
|
+
|
|
3
|
+
require 'rubygems'
|
|
4
|
+
require 'pp'
|
|
5
|
+
require 'arvados'
|
|
6
|
+
require 'etc'
|
|
7
|
+
require 'fileutils'
|
|
8
|
+
require 'yaml'
|
|
9
|
+
|
|
10
|
+
req_envs = %w(ARVADOS_API_HOST ARVADOS_API_TOKEN ARVADOS_VIRTUAL_MACHINE_UUID)
|
|
11
|
+
req_envs.each do |k|
|
|
12
|
+
unless ENV[k]
|
|
13
|
+
abort "Fatal: These environment vars must be set: #{req_envs}"
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
keys = ''
|
|
18
|
+
|
|
19
|
+
seen = Hash.new
|
|
20
|
+
|
|
21
|
+
begin
|
|
22
|
+
uids = Hash[Etc.to_enum(:passwd).map { |ent| [ent.name, ent.uid] }]
|
|
23
|
+
gids = Hash[Etc.to_enum(:group).map { |ent| [ent.name, ent.gid] }]
|
|
24
|
+
arv = Arvados.new({ :suppress_ssl_warnings => false })
|
|
25
|
+
|
|
26
|
+
vm_uuid = ENV['ARVADOS_VIRTUAL_MACHINE_UUID']
|
|
27
|
+
|
|
28
|
+
logins = arv.virtual_machine.logins(:uuid => vm_uuid)[:items]
|
|
29
|
+
logins = [] if logins.nil?
|
|
30
|
+
logins = logins.reject { |l| l[:username].nil? or l[:hostname].nil? or l[:public_key].nil? or l[:virtual_machine_uuid] != vm_uuid }
|
|
31
|
+
|
|
32
|
+
# No system users
|
|
33
|
+
uid_min = 1000
|
|
34
|
+
open("/etc/login.defs", encoding: "utf-8") do |login_defs|
|
|
35
|
+
login_defs.each_line do |line|
|
|
36
|
+
next unless match = /^UID_MIN\s+(\S+)$/.match(line)
|
|
37
|
+
if match[1].start_with?("0x")
|
|
38
|
+
base = 16
|
|
39
|
+
elsif match[1].start_with?("0")
|
|
40
|
+
base = 8
|
|
41
|
+
else
|
|
42
|
+
base = 10
|
|
43
|
+
end
|
|
44
|
+
new_uid_min = match[1].to_i(base)
|
|
45
|
+
uid_min = new_uid_min if (new_uid_min > 0)
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
logins.reject! { |l| (uids[l[:username]] || 65535) < uid_min }
|
|
49
|
+
|
|
50
|
+
keys = Hash.new()
|
|
51
|
+
|
|
52
|
+
# Collect all keys
|
|
53
|
+
logins.each do |l|
|
|
54
|
+
keys[l[:username]] = Array.new() if not keys.has_key?(l[:username])
|
|
55
|
+
key = l[:public_key]
|
|
56
|
+
# Handle putty-style ssh public keys
|
|
57
|
+
key.sub!(/^(Comment: "r[^\n]*\n)(.*)$/m,'ssh-rsa \2 \1')
|
|
58
|
+
key.sub!(/^(Comment: "d[^\n]*\n)(.*)$/m,'ssh-dss \2 \1')
|
|
59
|
+
key.gsub!(/\n/,'')
|
|
60
|
+
key.strip
|
|
61
|
+
|
|
62
|
+
keys[l[:username]].push(key) if not keys[l[:username]].include?(key)
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
seen = Hash.new()
|
|
66
|
+
devnull = open("/dev/null", "w")
|
|
67
|
+
|
|
68
|
+
logins.each do |l|
|
|
69
|
+
next if seen[l[:username]]
|
|
70
|
+
seen[l[:username]] = true if not seen.has_key?(l[:username])
|
|
71
|
+
@homedir = "/home/#{l[:username]}"
|
|
72
|
+
|
|
73
|
+
unless uids[l[:username]]
|
|
74
|
+
STDERR.puts "Creating account #{l[:username]}"
|
|
75
|
+
groups = l[:groups] || []
|
|
76
|
+
# Adding users to the FUSE group has long been hardcoded behavior.
|
|
77
|
+
groups << "fuse"
|
|
78
|
+
groups.select! { |name| gids[name] }
|
|
79
|
+
# Create new user
|
|
80
|
+
next unless system("useradd", "-m",
|
|
81
|
+
"-c", l[:username],
|
|
82
|
+
"-s", "/bin/bash",
|
|
83
|
+
"-G", groups.join(","),
|
|
84
|
+
l[:username],
|
|
85
|
+
out: devnull)
|
|
86
|
+
end
|
|
87
|
+
# Create .ssh directory if necessary
|
|
88
|
+
userdotssh = File.join(@homedir, ".ssh")
|
|
89
|
+
Dir.mkdir(userdotssh) if !File.exists?(userdotssh)
|
|
90
|
+
@key = "#######################################################################################
|
|
91
|
+
# THIS FILE IS MANAGED BY #{$0} -- CHANGES WILL BE OVERWRITTEN #
|
|
92
|
+
#######################################################################################\n\n"
|
|
93
|
+
@key += keys[l[:username]].join("\n") + "\n"
|
|
94
|
+
userauthkeys = File.join(userdotssh, "authorized_keys")
|
|
95
|
+
if !File.exists?(userauthkeys) or IO::read(userauthkeys) != @key then
|
|
96
|
+
f = File.new(userauthkeys, 'w')
|
|
97
|
+
f.write(@key)
|
|
98
|
+
f.close()
|
|
99
|
+
end
|
|
100
|
+
FileUtils.chown_R(l[:username], l[:username], userdotssh)
|
|
101
|
+
File.chmod(0700, userdotssh)
|
|
102
|
+
File.chmod(0750, @homedir)
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
devnull.close
|
|
106
|
+
rescue Exception => bang
|
|
107
|
+
puts "Error: " + bang.to_s
|
|
108
|
+
puts bang.backtrace.join("\n")
|
|
109
|
+
exit 1
|
|
110
|
+
end
|
|
111
|
+
|
metadata
ADDED
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: arvados-login-sync
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.1.20150826190127
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Arvados Authors
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2015-08-26 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: arvados
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '0.1'
|
|
20
|
+
- - ">="
|
|
21
|
+
- !ruby/object:Gem::Version
|
|
22
|
+
version: 0.1.20150615153458
|
|
23
|
+
type: :runtime
|
|
24
|
+
prerelease: false
|
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
26
|
+
requirements:
|
|
27
|
+
- - "~>"
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: '0.1'
|
|
30
|
+
- - ">="
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: 0.1.20150615153458
|
|
33
|
+
description: Creates and updates local login accounts for Arvados users. Built from
|
|
34
|
+
git commit f2afe64c25d1b3e79b38972e69104431a2587935
|
|
35
|
+
email: gem-dev@curoverse.com
|
|
36
|
+
executables:
|
|
37
|
+
- arvados-login-sync
|
|
38
|
+
extensions: []
|
|
39
|
+
extra_rdoc_files: []
|
|
40
|
+
files:
|
|
41
|
+
- bin/arvados-login-sync
|
|
42
|
+
homepage: https://arvados.org
|
|
43
|
+
licenses:
|
|
44
|
+
- GNU Affero General Public License, version 3.0
|
|
45
|
+
metadata: {}
|
|
46
|
+
post_install_message:
|
|
47
|
+
rdoc_options: []
|
|
48
|
+
require_paths:
|
|
49
|
+
- lib
|
|
50
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - ">="
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: 2.1.0
|
|
55
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
56
|
+
requirements:
|
|
57
|
+
- - ">="
|
|
58
|
+
- !ruby/object:Gem::Version
|
|
59
|
+
version: '0'
|
|
60
|
+
requirements: []
|
|
61
|
+
rubyforge_project:
|
|
62
|
+
rubygems_version: 2.4.3
|
|
63
|
+
signing_key:
|
|
64
|
+
specification_version: 4
|
|
65
|
+
summary: Set up local login accounts for Arvados users
|
|
66
|
+
test_files: []
|