Merge pull request #1261 from edx/jarv/ubuntu-key-management

add and remove ubuntu public keys

Merge pull request #1261 from edx/jarv/ubuntu-key-management
add and remove ubuntu public keys
154a6a78 · John Jarvis · c758cb14 · 74ceeef2 · 154a6a78 · 154a6a78
Commit 154a6a78 authored Jul 01, 2014 by John Jarvis
Hide whitespace changes
Inline Side-by-side

Showing with 62 additions and 0 deletions

playbooks/edx-east/add-ubuntu-key.yml
+32 -0

playbooks/edx-east/remove-ubuntu-key.yml
+30 -0

No files found.
--- a/playbooks/edx-east/add-ubuntu-key.yml
+++ b/playbooks/edx-east/add-ubuntu-key.yml
+# A simple utility play to add a public key to the authorized key
+# file for the ubuntu user.
+# You must pass in the entire line that you are adding.
+# Example: ansible-playbook add-ubuntu-key.yml -c local -i 127.0.0.1, \
+#                              -e "public_key='ssh-rsa SOME_PUBLIC_KEY deployment-201407'" \
+#                              -e owner=jarv  -e keyfile=/home/jarv/.ssh/authorized_keys
+
+- hosts: all
+  vars:
+    owner: ubuntu
+    keyfile: "/home/{{ owner }}/.ssh/authorized_keys"
+  tasks:
+    - fail: msg="You must pass in a public_key"
+      when: public_key is not defined
+    - command: mktemp
+      register: mktemp
+    - name: Validate the public key before we add it to authorized_keys
+      copy: >
+        content="{{ public_key }}"
+        dest={{ mktemp.stdout }}
+    # This tests the public key and will not continue if it does not look valid
+    - command: ssh-keygen -l -f {{ mktemp.stdout }}
+    - file: >
+        path={{ mktemp.stdout }}
+        state=absent
+    - lineinfile: >
+        dest={{ keyfile }}
+        line="{{ public_key }}"
+    - file: >
+        path={{ keyfile }}
+        owner={{ owner }}
+        mode=0600
--- a/playbooks/edx-east/remove-ubuntu-key.yml
+++ b/playbooks/edx-east/remove-ubuntu-key.yml
+# A simple utility play to remove a public key from the authorized key
+# file for the ubuntu user
+# You must pass in the entire line that you are adding
+- hosts: all
+  vars:
+    owner: ubuntu
+    keyfile: "/home/{{ owner }}/.ssh/authorized_keys"
+  tasks:
+    - fail: msg="You must pass in a public_key"
+      when: public_key is not defined
+    - command: mktemp
+      register: mktemp
+    # This command will fail if this returns zero lines which will prevent
+    # the last key from being removed
+    - shell: >
+        grep -Fv '{{ public_key }}' {{ keyfile }} > {{ mktemp.stdout }}
+    - shell: >
+        while read line; do ssh-keygen -lf /dev/stdin <<<$line; done <{{ mktemp.stdout }}
+        executable=/bin/bash
+      register: keycheck
+    - fail: msg="public key check failed!"
+      when: keycheck.stderr != ""
+    - command: cp {{ mktemp.stdout }} {{ keyfile }}
+    - file: >
+        path={{ keyfile }}
+        owner={{ owner }}
+        mode=0600
+    - file: >
+          path={{ mktemp.stdout }}
+          state=absent