This repository has been archived by the owner on Apr 23, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 82
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #125 from berkes/feature/79-sudo-users
Feature #79 sudo users
- Loading branch information
Showing
12 changed files
with
166 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
name "sysadmins" | ||
description "This role configures sysadmins, users with sudo-rights on your server" | ||
run_list( | ||
"role[base]", | ||
"recipe[packages]", | ||
"recipe[sysadmins]", | ||
"recipe[sudo]" | ||
) | ||
# Configure the sudo recipe so it mirrors Ubuntu's default behaviour | ||
default_attributes( | ||
"authorization" => { | ||
"sudo" => { | ||
"groups" => ["admin"], | ||
"passwordless" => false, | ||
"include_sudoers_d" => true, | ||
"sudoers_default" => [ | ||
"env_reset", | ||
"mail_badpass", | ||
"secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"" | ||
], | ||
} | ||
} | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
sysadmins CHANGELOG | ||
=================== | ||
|
||
This file is used to list changes made in each version of the sysadmins cookbook. | ||
|
||
0.1.0 | ||
----- | ||
- [Bèr Kessels] - Initial release of sysadmins |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
sysadmins Cookbook | ||
================== | ||
|
||
Creates sysadmin accounts: accounts that can access the server over SSH. | ||
|
||
Attributes | ||
---------- | ||
|
||
#### sysadmins::default | ||
<table> | ||
<tr> | ||
<th>Key</th> | ||
<th>Type</th> | ||
<th>Description</th> | ||
<th>Default</th> | ||
</tr> | ||
<tr> | ||
<td><tt>['sysadmins']</tt></td> | ||
<td>Hash</td> | ||
<td>key: username</td> | ||
<td><tt>empty, won't create sysadmins</tt></td> | ||
</tr> | ||
</table> | ||
|
||
Usage | ||
----- | ||
|
||
Add sysadmins to your node configuration: | ||
|
||
```@json | ||
{ | ||
"sysadmins": { | ||
"bofh": { | ||
"password": "$1$d...HgH0", | ||
"ssh_keys": [ | ||
"ssh-rsa AAA123...xyz== foo", | ||
"ssh-rsa AAA456...uvw== bar" | ||
] | ||
} | ||
} | ||
``` | ||
|
||
* Create a hashed password with `openssl passwd -1 'plaintextpassword'`. | ||
This password is needed for running `sudo`. | ||
* SSH-keys should be the **public** key. You can leave them out, in | ||
which case you have to log in with the password. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
default["sysadmins"] = [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
name "sysadmins" | ||
maintainer "Bèr `berkes` Kessels" | ||
maintainer_email "[email protected]" | ||
license "MIT" | ||
description "Creates sysadmin user accounts" | ||
long_description IO.read(File.join(File.dirname(__FILE__), "README.md")) | ||
version "0.1.2" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
# | ||
# Cookbook Name:: sysadmins | ||
# Recipe:: default | ||
# | ||
# Copyright 2014, Bèr `berkes` Kessels | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
node[:sysadmins].each do |username, user| | ||
home_dir = "/home/#{username}" | ||
# Create a user | ||
user username do | ||
home home_dir | ||
password user["password"] if user["password"] | ||
|
||
shell "/bin/bash" | ||
manage_home true | ||
action :create | ||
end | ||
|
||
# Add ssh-keys to authorized_keys | ||
# Always create the file and dir, even if user did not provide | ||
# ssh-keys | ||
directory "#{home_dir}/.ssh" do | ||
owner username | ||
group username | ||
mode "0700" | ||
end | ||
if user["ssh_keys"] | ||
template "#{home_dir}/.ssh/authorized_keys" do | ||
source "authorized_keys.erb" | ||
owner username | ||
group username | ||
mode "0600" | ||
variables ssh_keys: user["ssh_keys"] | ||
end | ||
end | ||
|
||
end | ||
|
||
# Add users to the sysadmin group. This is the group used by | ||
# the sudo cookbook to grant users sudo-access. | ||
group "admin" do | ||
members node[:sysadmins].keys | ||
end |
6 changes: 6 additions & 0 deletions
6
vendor/cookbooks/sysadmins/templates/default/authorized_keys.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
# Generated by Chef for <%= node["fqdn"] %> | ||
# Local modifications will be overwritten. | ||
# Created by sysadmins cookbook | ||
<% Array(@ssh_keys).each do |key| %> | ||
<%= key %> | ||
<% end -%> |