-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathremote_execution_ssh_keys_image_mode.erb
62 lines (52 loc) · 2.64 KB
/
remote_execution_ssh_keys_image_mode.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<%#
name: remote_execution_ssh_keys_image_mode
description: "SSH keys setup snippet for Remote Execution plugin\r\n\r\nParameters:\r\n\r\nremote_execution_ssh_keys:
public keys to be put in ~/.ssh/authorized_keys\r\n\r\nremote_execution_ssh_user:
user for which remote_execution_ssh_keys will be\r\n authorized\r\n\r\nremote_execution_create_user:
create user if it not already existing\r\n\r\nremote_execution_effective_user_method:
method to switch from ssh user to\r\n effective
user\r\n\r\nThis template sets up SSH keys in any host so that as long as your public\r\nSSH
key is in remote_execution_ssh_keys, you can SSH into a host. This\r\nworks in combination
with Remote Execution plugin by querying smart proxies\r\nto build an array.\r\n\r\nTo
use this snippet without the plugin provide the SSH keys as host parameter\r\nremote_execution_ssh_keys.
It expects the same format like the authorized_keys\r\nfile."
snippet: true
model: ProvisioningTemplate
organizations:
- home
locations:
- Default Location
-%>
<% if !host_param('remote_execution_ssh_keys').blank? %>
<% ssh_user = host_param('remote_execution_ssh_user') || 'root' %>
user_exists=false
getent passwd <%= ssh_user %> >/dev/null 2>&1 && user_exists=true
<% if ssh_user != 'root' && host_param_true?('remote_execution_create_user') -%>
if ! $user_exists; then
useradd -m <%= ssh_user %> && user_exists=true
fi
<% end -%>
if $user_exists; then
<% ssh_path = "~#{ssh_user}/.ssh" %>
mkdir -p <%= ssh_path %>
cat << EOF >> <%= ssh_path %>/authorized_keys
<%= host_param('remote_execution_ssh_keys').is_a?(String) ? host_param('remote_execution_ssh_keys') : host_param('remote_execution_ssh_keys').join("\n") %>
EOF
chmod 0700 <%= ssh_path %>
chmod 0600 <%= ssh_path %>/authorized_keys
chown -R <%= "#{ssh_user}:" %> <%= ssh_path %>
# Restore SELinux context with restorecon, if it's available:
command -v restorecon && restorecon -RvF <%= ssh_path %> || true
<% if ssh_user != 'root' && host_param('remote_execution_effective_user_method') == 'sudo' -%>
<% if @host.operatingsystem.family == 'Redhat' || @host.operatingsystem.family == 'Debian' -%>
echo "<%= ssh_user %> ALL = (root) NOPASSWD : ALL
Defaults:<%= ssh_user %> !requiretty" > /etc/sudoers.d/<%= ssh_user %>
<% elsif @host.operatingsystem.family == 'Suse' -%>
echo "<%= ssh_user %> ALL = (root) NOPASSWD : ALL
Defaults:<%= ssh_user %> !targetpw" >> /etc/sudoers
<% end -%>
<% end -%>
else
echo 'The remote_execution_ssh_user does not exist and remote_execution_create_user is not set to true. remote_execution_ssh_keys snippet will not install keys'
fi
<% end -%>