bundles/users: get default user data from users.json
This commit is contained in:
parent
c090a9c2c2
commit
cca4fec761
5 changed files with 52 additions and 19 deletions
|
@ -1,5 +1,9 @@
|
||||||
% for user, config in sorted(node.metadata['users'].items()):
|
% for user, config in sorted(node.metadata['users'].items()):
|
||||||
|
% if config.get('is_admin', False):
|
||||||
|
${user} ALL=(ALL) NOPASSWD:ALL
|
||||||
|
% else:
|
||||||
% for p in sorted(config.get('sudo_commands', [])):
|
% for p in sorted(config.get('sudo_commands', [])):
|
||||||
${user} ALL=(ALL) NOPASSWD:${p}
|
${user} ALL=(ALL) NOPASSWD:${p}
|
||||||
% endfor
|
% endfor
|
||||||
|
% endif
|
||||||
% endfor
|
% endfor
|
||||||
|
|
|
@ -30,7 +30,11 @@ for username, attrs in node.metadata['users'].items():
|
||||||
|
|
||||||
user['home'] = home
|
user['home'] = home
|
||||||
user['shell'] = '/bin/bash'
|
user['shell'] = '/bin/bash'
|
||||||
user['password_hash'] = 'x'
|
|
||||||
|
if 'password' in attrs:
|
||||||
|
user['password'] = attrs['password']
|
||||||
|
else:
|
||||||
|
user['password_hash'] = 'x' if node.use_shadow_passwords else '*'
|
||||||
|
|
||||||
if 'groups' in attrs:
|
if 'groups' in attrs:
|
||||||
user['groups'] = attrs['groups']
|
user['groups'] = attrs['groups']
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
from json import loads
|
||||||
|
from os.path import join
|
||||||
|
|
||||||
defaults = {
|
defaults = {
|
||||||
'apt': {
|
'apt': {
|
||||||
'packages': {
|
'packages': {
|
||||||
|
@ -13,3 +16,29 @@ defaults = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@metadata_reactor
|
||||||
|
def add_users_from_json(metadata):
|
||||||
|
with open(join(repo.path, 'users.json'), 'r') as f:
|
||||||
|
json = loads(f.read())
|
||||||
|
|
||||||
|
users = {}
|
||||||
|
# First, add all admin users
|
||||||
|
for uname, config in json.items():
|
||||||
|
if config.get('is_admin', False):
|
||||||
|
users[uname] = {
|
||||||
|
'ssh_pubkey': set(config['ssh_pubkey']),
|
||||||
|
'is_admin': True,
|
||||||
|
}
|
||||||
|
|
||||||
|
# Then, run again to get all 'to be deleted' users
|
||||||
|
for uname, config in json.items():
|
||||||
|
if uname not in metadata.get('users', {}):
|
||||||
|
users.setdefault(uname, {
|
||||||
|
'delete': True,
|
||||||
|
})
|
||||||
|
|
||||||
|
return {
|
||||||
|
'users': users,
|
||||||
|
}
|
||||||
|
|
|
@ -19,24 +19,6 @@ groups['all'] = {
|
||||||
'mail': 'hostmaster@kunsmann.eu',
|
'mail': 'hostmaster@kunsmann.eu',
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'users': {
|
|
||||||
'kunsi': {
|
|
||||||
'ssh_pubkey': [
|
|
||||||
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+ja1z5VRQzaKCCePsUM14qMr9QR94qlWc7Je5Poki9UmC1t/TyxRVzcCBL1ZdIfBGx6QKtfkEbvhgb3nxVt3PvXjoJrc6wwGLmNrVsU6B88y35g7nzupQiPKYJwkNzJ9j6Dmkgj1F5Q+aY2SitDaX6vqICLJ4Al/ZFw2IQxVJfC7JXRJ9jRMG5o9gWoE3gWDYEAmw+HU2mNzyeuaD12qJw9DHUimAlgkOWzll3gh9WclsYnnXGrCCn5fyHFUCJl+XXAIy519z7YTpKih02rsIOw5dnaGClBZD/YQu2ZKVFZiwIVH7aBiqHOmtgRyWTQgjbh/fMpIN0ar2f/iZsWYUjd6et48TOmXZYIPCQ5FivXNvxt9oo1XZfq76UHBwlmypLJIWROMbz375n2M6hr3hECuxuPjKEUXAv05KiC1aJ4xc6pFoVhqwAR99hvHw5U4o7/ko2NVjNpTu6Jr5DT5VaQLIdDDjC/93kUjMpdD/8P72bEn7454+WexU6OE6uvNiHj1fetrptr2UAuzVfnCoaV8pBqY7X95gk+lnSENdpr8ltJYMg8s0Z7Pzz0OxsZtzzDY5VmWfC9TCdJkN5lT8IbnaixsYlWdjQl1lMmZGElmelfU3K7YQLAbZiHmHKe4hTl9ZoCcWdTQ3d4y2t1DBos+N2HZNdtFCyOS8esDdMw== cardno:000609506971',
|
|
||||||
],
|
|
||||||
'sudo_commands': {
|
|
||||||
'ALL',
|
|
||||||
},
|
|
||||||
},
|
|
||||||
'sophie': {
|
|
||||||
'ssh_pubkey': [
|
|
||||||
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDU7XmpX4w+rGQDi+dF6M0q65K2iHVgD1wHBoHREjyqCzmPGZgrnLIv6EN9WWJXjCgRdLEUXgPn7PNJnAgBs3U8G8MsF55yrPNUIsEeg6v+Y6zibEujMrwmeDSk0XAn8iSZcy+4cnqykIMk9Hd5WXW7ZhSHGs4MftWn3Z/q15qPHl/w9OyaKDJAjk8yEsD1sZoAQMhomKliKjJ5a6jNyf7otS3HdbZx4KXABJNuWn/IvmwkcaIU8ljyuPkPkiMn5JWhcUK2kE81Y4a5zJxxusSXSF6Ip7W2Rhv+4gnScTjhTPsG70HlSF/LAB2ytKo0F0N/ZB2hJk+Jq6cAwNBzuST7 sophie@ejgwmobile',
|
|
||||||
],
|
|
||||||
'sudo_commands': {
|
|
||||||
'ALL',
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
'pip_command': 'pip3',
|
'pip_command': 'pip3',
|
||||||
}
|
}
|
||||||
|
|
14
users.json
Normal file
14
users.json
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"kunsi": {
|
||||||
|
"ssh_pubkey": [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+ja1z5VRQzaKCCePsUM14qMr9QR94qlWc7Je5Poki9UmC1t/TyxRVzcCBL1ZdIfBGx6QKtfkEbvhgb3nxVt3PvXjoJrc6wwGLmNrVsU6B88y35g7nzupQiPKYJwkNzJ9j6Dmkgj1F5Q+aY2SitDaX6vqICLJ4Al/ZFw2IQxVJfC7JXRJ9jRMG5o9gWoE3gWDYEAmw+HU2mNzyeuaD12qJw9DHUimAlgkOWzll3gh9WclsYnnXGrCCn5fyHFUCJl+XXAIy519z7YTpKih02rsIOw5dnaGClBZD/YQu2ZKVFZiwIVH7aBiqHOmtgRyWTQgjbh/fMpIN0ar2f/iZsWYUjd6et48TOmXZYIPCQ5FivXNvxt9oo1XZfq76UHBwlmypLJIWROMbz375n2M6hr3hECuxuPjKEUXAv05KiC1aJ4xc6pFoVhqwAR99hvHw5U4o7/ko2NVjNpTu6Jr5DT5VaQLIdDDjC/93kUjMpdD/8P72bEn7454+WexU6OE6uvNiHj1fetrptr2UAuzVfnCoaV8pBqY7X95gk+lnSENdpr8ltJYMg8s0Z7Pzz0OxsZtzzDY5VmWfC9TCdJkN5lT8IbnaixsYlWdjQl1lMmZGElmelfU3K7YQLAbZiHmHKe4hTl9ZoCcWdTQ3d4y2t1DBos+N2HZNdtFCyOS8esDdMw== cardno:000609506971"
|
||||||
|
],
|
||||||
|
"is_admin": true
|
||||||
|
},
|
||||||
|
"sophie": {
|
||||||
|
"ssh_pubkey": [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDU7XmpX4w+rGQDi+dF6M0q65K2iHVgD1wHBoHREjyqCzmPGZgrnLIv6EN9WWJXjCgRdLEUXgPn7PNJnAgBs3U8G8MsF55yrPNUIsEeg6v+Y6zibEujMrwmeDSk0XAn8iSZcy+4cnqykIMk9Hd5WXW7ZhSHGs4MftWn3Z/q15qPHl/w9OyaKDJAjk8yEsD1sZoAQMhomKliKjJ5a6jNyf7otS3HdbZx4KXABJNuWn/IvmwkcaIU8ljyuPkPkiMn5JWhcUK2kE81Y4a5zJxxusSXSF6Ip7W2Rhv+4gnScTjhTPsG70HlSF/LAB2ytKo0F0N/ZB2hJk+Jq6cAwNBzuST7 sophie@ejgwmobile"
|
||||||
|
],
|
||||||
|
"is_admin": true
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue