From ad84f62c0da9d6f938f9690160e58408c4fdaeeb Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 16 Jan 2021 22:21:27 +0100 Subject: [PATCH] bundles/sshmon: do not rely on bundle:users to create sshmon user --- bundles/sshmon/items.py | 17 +++++++++++++++++ bundles/sshmon/metadata.py | 14 -------------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/bundles/sshmon/items.py b/bundles/sshmon/items.py index ed2b582..a3ab4fe 100644 --- a/bundles/sshmon/items.py +++ b/bundles/sshmon/items.py @@ -1,3 +1,5 @@ +from os.path import join + def collect_commands(): check_commands = {} @@ -15,6 +17,13 @@ def collect_commands(): return check_commands +users = { + 'sshmon': { + 'password_hash': 'x', + 'home': '/home/sshmon', + }, +} + pkg_apt = { 'gawk': {}, # needed by check_ram 'libwww-perl': {}, # needed by check_nginx_status @@ -24,6 +33,9 @@ pkg_apt = { check_commands = collect_commands() +with open(join(repo.path, 'data', 'sshmon', 'sshmon.pub'), 'r') as fp: + pubkey = fp.read().strip() + files = { '/etc/sshmon.cfg': { 'content_type': 'mako', @@ -41,6 +53,11 @@ files = { '/usr/local/sbin/sshmon': { 'mode': '0755', }, + '/home/sshmon/.ssh/authorized_keys': { + 'content': 'command="/usr/local/sbin/sshmon" {}\n'.format(pubkey), + 'owner': 'sshmon', + 'mode': '0400', + }, } for check in { diff --git a/bundles/sshmon/metadata.py b/bundles/sshmon/metadata.py index 2038d06..2265dd0 100644 --- a/bundles/sshmon/metadata.py +++ b/bundles/sshmon/metadata.py @@ -1,12 +1,7 @@ from bundlewrap.utils import Fault -from os.path import join from re import sub - -with open(join(repo.path, 'data', 'sshmon', 'sshmon.pub'), 'r') as fp: - pubkey = fp.read().strip() - defaults = { 'apt': { 'packages': { @@ -25,15 +20,6 @@ defaults = { }, }, }, - 'users': { - 'sshmon': { - 'password_hash': 'x', - 'ssh_pubkey': { - 'command="/usr/local/sbin/sshmon" {}'.format(pubkey), - }, - 'sudo_commands': [], - }, - }, }