update clusterctl script; fully functional public key management

diff --git a/scripts/admin/clusterctl b/scripts/admin/clusterctl
index a82b6aa..4e96be6 100755 (executable)
--- a/scripts/admin/clusterctl
+++ b/scripts/admin/clusterctl
@@ -9,6 +9,10 @@
 # source configuration file
 source ./config
 
+if ! test -z "$identity_file"; then
+    alias ssh="ssh -i $identity_file"
+fi
+
 verbose=0
 add_keyfile=""
 delete_expr=""
@@ -16,79 +20,235 @@ remoteuser="all"
 remotehost="all"
 vzcontainer="all"
 list=0
+empty=0
 
 list_keys()
 {
-       this_user=$1
-       this_host=$2
-       echo "$this_user@$this_host keys"
-       ssh -l root $this_host "eval cat ~$this_user/.ssh/authorized_keys" | sed 's/ [^ =]*=\+//g' | sed 's/^/ * /g'
-       echo
+    this_user=$1
+    this_host=$2
+    echo "$this_user@$this_host keys"
+    if test $verbose -eq 1; then
+        ssh -l root $this_host "cat ~$this_user/.ssh/authorized_keys" | sed 's/ [^ =]\+\([^ =]\{10\}=\+\)/ ...\1/g' | sed 's/^/ * /g'
+    else
+        ssh -l root $this_host "cat ~$this_user/.ssh/authorized_keys" | sed 's/ [^ =]*=\+//g' | sed 's/^/ * /g'
+    fi
+    echo
+}
+
+# remove blank lines in authorized_keys file
+clear_keys()
+{
+    this_user=$1
+    this_host=$2
+    echo "cleaning $this_user@$this_host keys"
+    ssh -l root $this_host "\
+        sed -i.bak '/^[ \t]*$/d' ~$this_user/.ssh/authorized_keys ;\
+        ( grep 'ssh' ~$this_user/.ssh/authorized_keys > /dev/null 2>&1 ||\
+        cp ~$this_user/.ssh/authorized_keys.bak ~$this_user/.ssh/authorized_keys) ;\
+        rm ~$this_user/.ssh/authorized_keys.bak
+    "
+}
+
+# delete keys matching expression
+delete_keys()
+{
+    this_user=$1
+    this_host=$2
+    this_expr=$3
+    echo "delete $this_user@$this_host keys that match '$this_expr'"
+    ssh -l root $this_host "\
+        sed -i.bak '/$this_expr/d' ~$this_user/.ssh/authorized_keys ;\
+        ( grep 'ssh' ~$this_user/.ssh/authorized_keys > /dev/null 2>&1 ||\
+        cp ~$this_user/.ssh/authorized_keys.bak ~$this_user/.ssh/authorized_keys) ;\
+        rm ~$this_user/.ssh/authorized_keys.bak
+    "
+}
+
+# get first key matching expression
+get_key()
+{
+    this_user=$1
+    this_host=$2
+    this_expr=$3
+    echo "get first $this_user@$this_host keys that matches '$this_expr'"
+    ssh -l root $this_host "\
+        grep '$this_expr' ~$this_user/.ssh/authorized_keys | head -n 1
+    "
+}
+
+# add key
+add_key()
+{
+    this_user=$1
+    this_host=$2
+    this_key=$3
+    echo "add $this_key to $this_user@$this_host"
+    cat $this_key | ssh -l root $this_host "\
+        cat >> ~$this_user/.ssh/authorized_keys
+    "
 }
 
 usage()
 {
-       echo "Usage:" >&2
-       echo -e "\t$0 -h" >&2
-       echo -e "\t$0 [-v] [-r remotehost] [-c vzcontainer] [-u user] -a key" >&2
-       echo -e "\t$0 [-v] [-r remotehost] [-c vzcontainer] [-u user] -d string" >&2
-       echo -e "\t$0 [-v] [-r remotehost] [-c vzcontainer] [-u user] -l" >&2
+    echo "Usage:" >&2
+    echo -e "\t$0 -h" >&2
+    echo -e "\t$0 [-v] [-r remotehost] [-c vzcontainer] [-u user] -a key" >&2
+    echo -e "\t$0 [-v] [-r remotehost] [-c vzcontainer] [-u user] -d string" >&2
+    echo -e "\t$0 [-v] [-r remotehost] [-c vzcontainer] [-u user] -g string" >&2
+    echo -e "\t$0 [-v] [-r remotehost] [-c vzcontainer] [-u user] -l" >&2
+    echo -e "\t$0 [-v] [-r remotehost] [-c vzcontainer] [-u user] -e" >&2
 }
 
-while getopts "hvr:c:u:a:d:l" option; do
-       case $option in
-       a)
-               add_keyfile="$OPTARG"
-               ;;
-       d)
-               delete_expr="$OPTARG"
-               ;;
-       l)
-               list=1
-               ;;
-       h)
-               usage
-               exit 0
-               ;;
-       v)
-               verbose=1
-               ;;
-       \?)
-               usage
-               exit 1
-               ;;
-       esac
+while getopts "hvr:c:u:a:d:g:le" option; do
+    case $option in
+        r)
+            remotehost="$OPTARG"
+            ;;
+        c)
+            vzcontainer="$OPTARG"
+            ;;
+        u)
+            remoteuser="$OPTARG"
+            ;;
+        a)
+            add_keyfile="$OPTARG"
+            ;;
+        d)
+            delete_expr="$OPTARG"
+            ;;
+        g)
+            get_expr="$OPTARG"
+            ;;
+        l)
+            list=1
+            ;;
+        e)
+            empty=1
+            ;;
+        h)
+            usage
+            exit 0
+            ;;
+        v)
+            verbose=1
+            ;;
+        \?)
+            usage
+            exit 1
+            ;;
+    esac
 done
 
 if ! test -z $add_keyfile; then
-       echo "add $add_keyfile"
+    if test "$remotehost" == "all"; then
+        for host in ${remote_hosts[*]}; do
+            if test "$remoteuser" == "all"; then
+                for user in ${remote_users[*]}; do
+                    add_key $user $host $add_keyfile
+                done
+                continue
+            fi
+            add_key $remoteuser $host $add_keyfile
+        done
+    else
+        if test "$remoteuser" == "all"; then
+            for user in ${remote_users[*]}; do
+                add_key $user $remotehost $add_keyfile
+            done
+        else
+            add_key $remoteuser $remotehost $add_keyfile
+        fi
+    fi
 fi
 
 if ! test -z $delete_expr; then
-       echo "delete $delete_expr"
+    if test "$remotehost" == "all"; then
+        for host in ${remote_hosts[*]}; do
+            if test "$remoteuser" == "all"; then
+                for user in ${remote_users[*]}; do
+                    delete_keys $user $host $delete_expr
+                done
+                continue
+            fi
+            delete_keys $remoteuser $host $delete_expr
+        done
+    else
+        if test "$remoteuser" == "all"; then
+            for user in ${remote_users[*]}; do
+                delete_keys $user $remotehost $delete_expr
+            done
+        else
+            delete_keys $remoteuser $remotehost $delete_expr
+        fi
+    fi
+fi
+
+if ! test -z $get_expr; then
+    if test "$remotehost" == "all"; then
+        for host in ${remote_hosts[*]}; do
+            if test "$remoteuser" == "all"; then
+                for user in ${remote_users[*]}; do
+                    get_key $user $host $get_expr
+                done
+                continue
+            fi
+            get_key $remoteuser $host $get_expr
+        done
+    else
+        if test "$remoteuser" == "all"; then
+            for user in ${remote_users[*]}; do
+                get_key $user $remotehost $get_expr
+            done
+        else
+            get_key $remoteuser $remotehost $get_expr
+        fi
+    fi
+fi
+
+if test $empty -eq 1; then
+    if test "$remotehost" == "all"; then
+        for host in ${remote_hosts[*]}; do
+            if test "$remoteuser" == "all"; then
+                for user in ${remote_users[*]}; do
+                    clear_keys $user $host
+                done
+                continue
+            fi
+            clear_keys $remoteuser $host
+        done
+    else
+        if test "$remoteuser" == "all"; then
+            for user in ${remote_users[*]}; do
+                clear_keys $user $remotehost
+            done
+        else
+            clear_keys $remoteuser $remotehost
+        fi
+    fi
 fi
 
 if test $list -eq 1; then
-       if test "$remotehost" == "all"; then
-               echo "yeah"
-               for host in ${remote_hosts[*]}; do
-                       if test "$remoteuser" == "all"; then
-                               for user in ${remote_users[*]}; do
-                                       list_keys $user $host
-                               done
-                               continue
-                       fi
-                       list_keys $remoteuser $host
-               done
-       else
-               if test "$user" == "all"; then
-                       for user in ${remote_users[*]}; do
-                               list_keys $user $remotehost
-                       done
-               else
-                       list_keys $remoteuser $remotehost
-               fi
-       fi
+    if test "$remotehost" == "all"; then
+        for host in ${remote_hosts[*]}; do
+            if test "$remoteuser" == "all"; then
+                for user in ${remote_users[*]}; do
+                    list_keys $user $host
+                done
+                continue
+            fi
+            list_keys $remoteuser $host
+        done
+    else
+        if test "$remoteuser" == "all"; then
+            for user in ${remote_users[*]}; do
+                list_keys $user $remotehost
+            done
+        else
+            list_keys $remoteuser $remotehost
+        fi
+    fi
 fi
 
 exit 0
+
+# vim: set sts=4 sw=4 ts=8 et:

diff --git a/scripts/admin/config b/scripts/admin/config
index 3fd7625..7bd11cd 100644 (file)
--- a/scripts/admin/config
+++ b/scripts/admin/config
@@ -16,3 +16,5 @@ remote_users=("p2p" "root")
 root_dir=~/projects/p2p-next/cs-p2p-next/scripts/admin
 
 keys_dir=$root_dir/keys
+
+identity_file=~/.ssh/id_rsa