Bèr Kessels 6 years ago
parent
commit
d7d1725078
6 changed files with 125 additions and 0 deletions
  1. 2
    0
      CHANGELOG.md
  2. 46
    0
      README.md
  3. 1
    0
      attributes/default.rb
  4. 9
    0
      metadata.rb
  5. 61
    0
      recipes/default.rb
  6. 6
    0
      templates/default/authorized_keys.erb

+ 2
- 0
CHANGELOG.md View File

@@ -0,0 +1,2 @@
See https://github.com/intercity/chef-repo/blob/master/CHANGELOG.md for full
changelog

+ 46
- 0
README.md View File

@@ -0,0 +1,46 @@
sysadmins Cookbook
==================

Creates sysadmin accounts: accounts that can access the server over SSH.

Attributes
----------

#### sysadmins::default
<table>
<tr>
<th>Key</th>
<th>Type</th>
<th>Description</th>
<th>Default</th>
</tr>
<tr>
<td><tt>['sysadmins']</tt></td>
<td>Hash</td>
<td>key: username</td>
<td><tt>empty, won't create sysadmins</tt></td>
</tr>
</table>

Usage
-----

Add sysadmins to your node configuration:

```@json
{
"sysadmins": {
"bofh": {
"password": "$1$d...HgH0",
"ssh_keys": [
"ssh-rsa AAA123...xyz== foo",
"ssh-rsa AAA456...uvw== bar"
]
}
}
```

* Create a hashed password with `openssl passwd -1 'plaintextpassword'`.
This password is needed for running `sudo`.
* SSH-keys should be the **public** key. You can leave them out, in
which case you have to log in with the password.

+ 1
- 0
attributes/default.rb View File

@@ -0,0 +1 @@
default["sysadmins"] = []

+ 9
- 0
metadata.rb View File

@@ -0,0 +1,9 @@
# encoding: utf-8

name "sysadmins"
maintainer "Bèr `berkes` Kessels"
maintainer_email "ber@berk.es"
license "MIT"
description "Creates sysadmin user accounts"
long_description IO.read(File.join(File.dirname(__FILE__), "README.md"))
version "0.1.3"

+ 61
- 0
recipes/default.rb View File

@@ -0,0 +1,61 @@
#
# Cookbook Name:: sysadmins
# Recipe:: default
#
# Copyright 2014, Bèr `berkes` Kessels
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:

# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.

# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.

node[:sysadmins].each do |username, user|
home_dir = "/home/#{username}"
# Create a user
user username do
home home_dir
password user["password"] if user.attribute?(:password)

shell "/bin/bash"
manage_home true
action :create
end

# Add ssh-keys to authorized_keys
# Always create the file and dir, even if user did not provide
# ssh-keys
directory "#{home_dir}/.ssh" do
owner username
group username
mode "0700"
end
if user["ssh_keys"]
template "#{home_dir}/.ssh/authorized_keys" do
source "authorized_keys.erb"
owner username
group username
mode "0600"
variables ssh_keys: user["ssh_keys"]
end
end

end

# Add users to the sysadmin group. This is the group used by
# the sudo cookbook to grant users sudo-access.
group "admin" do
members node[:sysadmins].keys
end

+ 6
- 0
templates/default/authorized_keys.erb View File

@@ -0,0 +1,6 @@
# Generated by Chef for <%= node["fqdn"] %>
# Local modifications will be overwritten.
# Created by sysadmins cookbook
<% Array(@ssh_keys).each do |key| %>
<%= key %>
<% end -%>