Automate updating tripleo cloud jump ssh access
Without this new admins can't log in. Sadness. Change-Id: I11230402ed0cd18188056a500a7ca9e82e0ca507
This commit is contained in:
Robert Collins
57
scripts/update-admin-ssh-keys
Executable file
57
scripts/update-admin-ssh-keys
Executable file
@@ -0,0 +1,57 @@
|
||||
#!/bin/bash
|
||||
set -eu
|
||||
set -o pipefail
|
||||
SCRIPT_NAME=$(basename $0)
|
||||
SCRIPT_HOME=$(dirname $0)
|
||||
|
||||
function show_options () {
|
||||
echo "Usage: $SCRIPT_NAME"
|
||||
echo
|
||||
echo "Pull the latest tripleo-cd-admin ssh keys into a user account."
|
||||
echo
|
||||
echo "Assumes it is running as that user."
|
||||
echo
|
||||
echo "Options:"
|
||||
echo " -h|--help -- This help."
|
||||
echo
|
||||
exit $1
|
||||
}
|
||||
|
||||
|
||||
TEMP=$(getopt -o h -l help -n $SCRIPT_NAME -- "$@")
|
||||
if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi
|
||||
|
||||
# Note the quotes around `$TEMP': they are essential!
|
||||
eval set -- "$TEMP"
|
||||
|
||||
while true ; do
|
||||
case "$1" in
|
||||
-h|--help) show_options 0;;
|
||||
--) shift ; break ;;
|
||||
*) echo "Error: unsupported option $1." ; exit 1 ;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ -n "${1:-}" ]; then
|
||||
show_options 1
|
||||
fi
|
||||
|
||||
cd ~
|
||||
mkdir -p .ssh
|
||||
chmod 0700 .ssh
|
||||
mkdir -p .cache/tripleo-cd
|
||||
|
||||
# Get the keys
|
||||
cd .cache/tripleo-cd
|
||||
if [ ! -d tripleo-incubator ]; then
|
||||
git clone https://git.openstack.org/openstack/tripleo-incubator
|
||||
cd tripleo-incubator
|
||||
else
|
||||
cd tripleo-incubator
|
||||
git pull
|
||||
fi
|
||||
cp -f tripleo-cloud/tripleo-cd-ssh-keys ~/.ssh/authorized_keys
|
||||
# Allow tripleo-incubator stuff that wants to add local keys...
|
||||
# they'll get wiped on the next run (and obviously aren't relevant for bm
|
||||
# access).
|
||||
chmod 0600 ~/.ssh/authorized_keys
|
||||
@@ -16,6 +16,11 @@ Currently found here:
|
||||
|
||||
* tripleo-cd-ssh-keys: The ssh keys for people in tripleo-cd-admins.
|
||||
|
||||
The script update-admin-ssh-keys will copy the tripleo-cd-ssh-keys file on top
|
||||
of the authorized\_keys file for the current user - making it an easy way to
|
||||
self-maintain (as long as you trust the SSL infrastructure to ensure the right
|
||||
repo is being copied :)).
|
||||
|
||||
Policy on adding / removing people:
|
||||
- get consensus/supermajority for adds from existing triple-cd-admins members.
|
||||
- remove folk at own request or if idle for extended period.
|
||||
|
||||
Reference in New Issue
Block a user