From: Razvan Deaconescu Date: Sun, 11 Apr 2010 10:27:49 +0000 (+0300) Subject: update clusterctl script; fully functional public key management X-Git-Tag: getopt_long~99 X-Git-Url: http://p2p-next.cs.pub.ro/gitweb/?a=commitdiff_plain;h=fab6ac578fea4c04abfc5789d34895490c0fbfcd;p=cs-p2p-next.git update clusterctl script; fully functional public key management --- diff --git a/scripts/admin/clusterctl b/scripts/admin/clusterctl index a82b6aa..4e96be6 100755 --- a/scripts/admin/clusterctl +++ b/scripts/admin/clusterctl @@ -9,6 +9,10 @@ # source configuration file source ./config +if ! test -z "$identity_file"; then + alias ssh="ssh -i $identity_file" +fi + verbose=0 add_keyfile="" delete_expr="" @@ -16,79 +20,235 @@ remoteuser="all" remotehost="all" vzcontainer="all" list=0 +empty=0 list_keys() { - this_user=$1 - this_host=$2 - echo "$this_user@$this_host keys" - ssh -l root $this_host "eval cat ~$this_user/.ssh/authorized_keys" | sed 's/ [^ =]*=\+//g' | sed 's/^/ * /g' - echo + this_user=$1 + this_host=$2 + echo "$this_user@$this_host keys" + if test $verbose -eq 1; then + ssh -l root $this_host "cat ~$this_user/.ssh/authorized_keys" | sed 's/ [^ =]\+\([^ =]\{10\}=\+\)/ ...\1/g' | sed 's/^/ * /g' + else + ssh -l root $this_host "cat ~$this_user/.ssh/authorized_keys" | sed 's/ [^ =]*=\+//g' | sed 's/^/ * /g' + fi + echo +} + +# remove blank lines in authorized_keys file +clear_keys() +{ + this_user=$1 + this_host=$2 + echo "cleaning $this_user@$this_host keys" + ssh -l root $this_host "\ + sed -i.bak '/^[ \t]*$/d' ~$this_user/.ssh/authorized_keys ;\ + ( grep 'ssh' ~$this_user/.ssh/authorized_keys > /dev/null 2>&1 ||\ + cp ~$this_user/.ssh/authorized_keys.bak ~$this_user/.ssh/authorized_keys) ;\ + rm ~$this_user/.ssh/authorized_keys.bak + " +} + +# delete keys matching expression +delete_keys() +{ + this_user=$1 + this_host=$2 + this_expr=$3 + echo "delete $this_user@$this_host keys that match '$this_expr'" + ssh -l root $this_host "\ + sed -i.bak '/$this_expr/d' ~$this_user/.ssh/authorized_keys ;\ + ( grep 'ssh' ~$this_user/.ssh/authorized_keys > /dev/null 2>&1 ||\ + cp ~$this_user/.ssh/authorized_keys.bak ~$this_user/.ssh/authorized_keys) ;\ + rm ~$this_user/.ssh/authorized_keys.bak + " +} + +# get first key matching expression +get_key() +{ + this_user=$1 + this_host=$2 + this_expr=$3 + echo "get first $this_user@$this_host keys that matches '$this_expr'" + ssh -l root $this_host "\ + grep '$this_expr' ~$this_user/.ssh/authorized_keys | head -n 1 + " +} + +# add key +add_key() +{ + this_user=$1 + this_host=$2 + this_key=$3 + echo "add $this_key to $this_user@$this_host" + cat $this_key | ssh -l root $this_host "\ + cat >> ~$this_user/.ssh/authorized_keys + " } usage() { - echo "Usage:" >&2 - echo -e "\t$0 -h" >&2 - echo -e "\t$0 [-v] [-r remotehost] [-c vzcontainer] [-u user] -a key" >&2 - echo -e "\t$0 [-v] [-r remotehost] [-c vzcontainer] [-u user] -d string" >&2 - echo -e "\t$0 [-v] [-r remotehost] [-c vzcontainer] [-u user] -l" >&2 + echo "Usage:" >&2 + echo -e "\t$0 -h" >&2 + echo -e "\t$0 [-v] [-r remotehost] [-c vzcontainer] [-u user] -a key" >&2 + echo -e "\t$0 [-v] [-r remotehost] [-c vzcontainer] [-u user] -d string" >&2 + echo -e "\t$0 [-v] [-r remotehost] [-c vzcontainer] [-u user] -g string" >&2 + echo -e "\t$0 [-v] [-r remotehost] [-c vzcontainer] [-u user] -l" >&2 + echo -e "\t$0 [-v] [-r remotehost] [-c vzcontainer] [-u user] -e" >&2 } -while getopts "hvr:c:u:a:d:l" option; do - case $option in - a) - add_keyfile="$OPTARG" - ;; - d) - delete_expr="$OPTARG" - ;; - l) - list=1 - ;; - h) - usage - exit 0 - ;; - v) - verbose=1 - ;; - \?) - usage - exit 1 - ;; - esac +while getopts "hvr:c:u:a:d:g:le" option; do + case $option in + r) + remotehost="$OPTARG" + ;; + c) + vzcontainer="$OPTARG" + ;; + u) + remoteuser="$OPTARG" + ;; + a) + add_keyfile="$OPTARG" + ;; + d) + delete_expr="$OPTARG" + ;; + g) + get_expr="$OPTARG" + ;; + l) + list=1 + ;; + e) + empty=1 + ;; + h) + usage + exit 0 + ;; + v) + verbose=1 + ;; + \?) + usage + exit 1 + ;; + esac done if ! test -z $add_keyfile; then - echo "add $add_keyfile" + if test "$remotehost" == "all"; then + for host in ${remote_hosts[*]}; do + if test "$remoteuser" == "all"; then + for user in ${remote_users[*]}; do + add_key $user $host $add_keyfile + done + continue + fi + add_key $remoteuser $host $add_keyfile + done + else + if test "$remoteuser" == "all"; then + for user in ${remote_users[*]}; do + add_key $user $remotehost $add_keyfile + done + else + add_key $remoteuser $remotehost $add_keyfile + fi + fi fi if ! test -z $delete_expr; then - echo "delete $delete_expr" + if test "$remotehost" == "all"; then + for host in ${remote_hosts[*]}; do + if test "$remoteuser" == "all"; then + for user in ${remote_users[*]}; do + delete_keys $user $host $delete_expr + done + continue + fi + delete_keys $remoteuser $host $delete_expr + done + else + if test "$remoteuser" == "all"; then + for user in ${remote_users[*]}; do + delete_keys $user $remotehost $delete_expr + done + else + delete_keys $remoteuser $remotehost $delete_expr + fi + fi +fi + +if ! test -z $get_expr; then + if test "$remotehost" == "all"; then + for host in ${remote_hosts[*]}; do + if test "$remoteuser" == "all"; then + for user in ${remote_users[*]}; do + get_key $user $host $get_expr + done + continue + fi + get_key $remoteuser $host $get_expr + done + else + if test "$remoteuser" == "all"; then + for user in ${remote_users[*]}; do + get_key $user $remotehost $get_expr + done + else + get_key $remoteuser $remotehost $get_expr + fi + fi +fi + +if test $empty -eq 1; then + if test "$remotehost" == "all"; then + for host in ${remote_hosts[*]}; do + if test "$remoteuser" == "all"; then + for user in ${remote_users[*]}; do + clear_keys $user $host + done + continue + fi + clear_keys $remoteuser $host + done + else + if test "$remoteuser" == "all"; then + for user in ${remote_users[*]}; do + clear_keys $user $remotehost + done + else + clear_keys $remoteuser $remotehost + fi + fi fi if test $list -eq 1; then - if test "$remotehost" == "all"; then - echo "yeah" - for host in ${remote_hosts[*]}; do - if test "$remoteuser" == "all"; then - for user in ${remote_users[*]}; do - list_keys $user $host - done - continue - fi - list_keys $remoteuser $host - done - else - if test "$user" == "all"; then - for user in ${remote_users[*]}; do - list_keys $user $remotehost - done - else - list_keys $remoteuser $remotehost - fi - fi + if test "$remotehost" == "all"; then + for host in ${remote_hosts[*]}; do + if test "$remoteuser" == "all"; then + for user in ${remote_users[*]}; do + list_keys $user $host + done + continue + fi + list_keys $remoteuser $host + done + else + if test "$remoteuser" == "all"; then + for user in ${remote_users[*]}; do + list_keys $user $remotehost + done + else + list_keys $remoteuser $remotehost + fi + fi fi exit 0 + +# vim: set sts=4 sw=4 ts=8 et: diff --git a/scripts/admin/config b/scripts/admin/config index 3fd7625..7bd11cd 100644 --- a/scripts/admin/config +++ b/scripts/admin/config @@ -16,3 +16,5 @@ remote_users=("p2p" "root") root_dir=~/projects/p2p-next/cs-p2p-next/scripts/admin keys_dir=$root_dir/keys + +identity_file=~/.ssh/id_rsa