[Qa-jenkins-scm] [jenkins.debian.net] 02/05: re-factor user setup code, and add ssh key handling

Holger Levsen holger at layer-acht.org
Thu Jul 14 13:04:33 UTC 2016 

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to branch master
in repository jenkins.debian.net.

commit 29c8e7d70a5af8ce5f157739003f5d03500d1c7a
Author: Philip Hands <phil at hands.com>
Date:   Thu Jul 14 11:39:00 2016 +0200

    re-factor user setup code, and add ssh key handling
    
    Signed-off-by: Holger Levsen <holger at layer-acht.org>
---
 update_jdn.sh | 68 +++++++++++++++++++++++++++++++++++------------------------
 1 file changed, 40 insertions(+), 28 deletions(-)

diff --git a/update_jdn.sh b/update_jdn.sh
index 0d31e39..74de519 100755
--- a/update_jdn.sh
+++ b/update_jdn.sh
@@ -55,44 +55,56 @@ if ! getent passwd jenkins-adm > /dev/null  ; then
 	sudo usermod -G jenkins jenkins-adm
 fi
 
-declare -A u_shell uh_groups
+
+declare -A user_host_groups u_shell
 
 sudo_groups='jenkins,jenkins-adm,sudo,adm'
-uh_groups['helmut','*']="$sudo_groups"
-uh_groups['holger','*']="$sudo_groups"
-uh_groups['holger','jenkins']="reproducible,${uh_groups['holger','*']}"
-uh_groups['mattia','*']="$sudo_groups"
-uh_groups['phil','jenkins-test-vm']="$sudo_groups,libvirt,libvirt-qemu"
-uh_groups['phil','profitbricks-build10-amd64']=''
-uh_groups['phil','jenkins']=''
-uh_groups['lunar','jenkins']='reproducible'
+
+# if there's a need for host groups, a case statement on $HOSTNAME here that sets $GROUPNAME, say, should do the trick
+# then you can define user_host_groups['phil','lvm_group']=... below
+# and add checks for the GROUP version whereever the HOSTNAME is checked in the following code
+
+user_host_groups['helmut','*']="$sudo_groups"
+user_host_groups['holger','*']="$sudo_groups"
+user_host_groups['holger','jenkins']="reproducible,${user_host_groups['holger','*']}"
+user_host_groups['mattia','*']="$sudo_groups"
+user_host_groups['phil','jenkins-test-vm']="$sudo_groups,libvirt,libvirt-qemu"
+user_host_groups['phil','profitbricks-build10-amd64']=''
+user_host_groups['phil','jenkins']=''
+user_host_groups['lunar','jenkins']='reproducible'
+
 
 u_shell['mattia']='/bin/zsh'
 
-# get the users out of the uh_groups array's index
-users=$(for i in ${!uh_groups[@]}; do echo ${i%,*} ; done | sort -u)
+# get the users out of the user_host_groups array's index
+users=$(for i in ${!user_host_groups[@]}; do echo ${i%,*} ; done | sort -u)
 
-for user in $users ; do
-	if [ -v uh_groups["$user","$HOSTNAME"] -o -v uh_groups["$user",'*'] ] ; then
-		# actually create the user
-		if ! getent passwd $user > /dev/null ; then
-			# adduser, defaulting to /bin/bash as shell
-			sudo adduser --gecos "" --shell "${u_shell[$user]:-/bin/bash}" --disabled-password $user
+$UP2DATE || for user in $users ; do
+	# -v is a bashism to check for set variables, used here to see if this user is active on this host
+	[ -v user_host_groups["$user","$HOSTNAME"] -o -v user_host_groups["$user",'*'] ] || continue
+
+	# create the user
+	if ! getent passwd $user > /dev/null ; then
+		# adduser, defaulting to /bin/bash as shell
+		sudo adduser --gecos "" --shell "${u_shell[$user]:-/bin/bash}" --disabled-password $user
+	fi
+	# add groups: first try the specific host, or if unset fall-back to default '*' setting
+	for h in "$HOSTNAME" '*' ; do
+		if [ -v user_host_groups["$user","$h"] ] ; then
+			sudo usermod -G ${user_host_groups["$user","$h"]} $user
+			break
 		fi
-		# add groups: first try the specific host, or if unset fall-back to default '*' setting
-		for h in "$HOSTNAME" '*' ; do
-			if [ -v uh_groups["$user","$h"] ] ; then
-				sudo usermod -G ${uh_groups["$user","$h"]} $user
-				break
-			fi
-		done
-		# add the keys
-		cp # FIXME we need the paths here
+	done
+	# add the user's keys (if any)
+	if ls authorized_keys/${user}@*.pub >/dev/null 2>&1 ; then
+		[ -d /var/lib/misc/userkeys ] || sudo mkdir -p /var/lib/misc/userkeys
+		cat authorized_keys/${user}@*.pub | sudo tee /var/lib/misc/userkeys/${user} > /dev/null
 	fi
 done
 
-grep -q '^AuthorizedKeysFile' /etc/ssh/sshd_config || {
-    echo 'AuthorizedKeysFile /var/lib/misc/userkeys/%u' >> /etc/ssh/sshd_config
+$UP2DATE || grep -q '^AuthorizedKeysFile' /etc/ssh/sshd_config || {
+	sudo sh -c "echo 'AuthorizedKeysFile /var/lib/misc/userkeys/%u %h/.ssh/authorized_keys' >> /etc/ssh/sshd_config"
+	sudo service ssh reload
 }
 
 sudo mkdir -p /srv/workspace

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/qa/jenkins.debian.net.git

More information about the Qa-jenkins-scm mailing list