Bit Bucket is down. What should I do now?
This commit is contained in:
62
secdep.py
62
secdep.py
@@ -28,7 +28,7 @@ from dotenv import load_dotenv
|
|||||||
from libcloud.compute.types import Provider
|
from libcloud.compute.types import Provider
|
||||||
from libcloud.compute.providers import get_driver
|
from libcloud.compute.providers import get_driver
|
||||||
from libcloud.compute.base import NodeAuthSSHKey
|
from libcloud.compute.base import NodeAuthSSHKey
|
||||||
from libcloud.compute.deployment import ScriptDeployment, SSHKeyDeployment, MultiStepDeployment
|
from libcloud.compute.deployment import ScriptDeployment, MultiStepDeployment, ScriptFileDeployment
|
||||||
from azure.identity import ClientSecretCredential
|
from azure.identity import ClientSecretCredential
|
||||||
from azure.mgmt.resource import ResourceManagementClient
|
from azure.mgmt.resource import ResourceManagementClient
|
||||||
from azure.mgmt.network import NetworkManagementClient
|
from azure.mgmt.network import NetworkManagementClient
|
||||||
@@ -779,7 +779,7 @@ def getAWSRegionFromAmi(ami):
|
|||||||
return list(image.keys())[list(image.values()).index(ami)]
|
return list(image.keys())[list(image.values()).index(ami)]
|
||||||
|
|
||||||
# This is the most important function of all and uses all the previous ones to validate the input and get the actual objects
|
# This is the most important function of all and uses all the previous ones to validate the input and get the actual objects
|
||||||
def create_node(provider, name=None, location=None, size=None, image=None, confirm=None):
|
def create_node(provider, name=None, location=None, size=None, image=None, confirm=None, deploy=None):
|
||||||
# Get public ssh key value
|
# Get public ssh key value
|
||||||
with open(SECDEP_SSH_PUBLIC_KEY, 'r') as f:
|
with open(SECDEP_SSH_PUBLIC_KEY, 'r') as f:
|
||||||
pubkey = f.read()
|
pubkey = f.read()
|
||||||
@@ -985,9 +985,9 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
|
|||||||
keys = driver.list_key_pairs()
|
keys = driver.list_key_pairs()
|
||||||
for key in keys:
|
for key in keys:
|
||||||
driver.delete_key_pair(key)
|
driver.delete_key_pair(key)
|
||||||
driver.import_key_pair_from_string("secdep@"+socket.gethostname(), pubkey)
|
|
||||||
driver.ex_authorize_security_group_permissive('default')
|
|
||||||
keyname="secdep@"+socket.gethostname()
|
keyname="secdep@"+socket.gethostname()
|
||||||
|
driver.import_key_pair_from_string(keyname, pubkey)
|
||||||
|
driver.ex_authorize_security_group_permissive('default')
|
||||||
# since each ami decides on a different admin user name we can't use the create node
|
# since each ami decides on a different admin user name we can't use the create node
|
||||||
# to end up with a secdep user but we have to use the deploy_node function
|
# to end up with a secdep user but we have to use the deploy_node function
|
||||||
SCRIPT = '''#!/usr/bin/env bash
|
SCRIPT = '''#!/usr/bin/env bash
|
||||||
@@ -1004,13 +1004,16 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
|
|||||||
sudo chown secdep:secdep /home/secdep -R
|
sudo chown secdep:secdep /home/secdep -R
|
||||||
sudo chmod 700 /home/secdep /home/secdep/.ssh
|
sudo chmod 700 /home/secdep /home/secdep/.ssh
|
||||||
sudo chmod 600 /home/secdep/.ssh/authorized_keys'''
|
sudo chmod 600 /home/secdep/.ssh/authorized_keys'''
|
||||||
step_1 = SSHKeyDeployment(pubkey)
|
deploy = ScriptDeployment(script=SCRIPT, name="initialization.sh", delete=True)
|
||||||
step_2 = ScriptDeployment(SCRIPT)
|
if args.deploy:
|
||||||
msd = MultiStepDeployment([step_1, step_2])
|
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
|
||||||
node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"])
|
msd = MultiStepDeployment([deploy, actualDeployScript])
|
||||||
print('stdout: %s' % (step_2.stdout))
|
node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"])
|
||||||
print('stderr: %s' % (step_2.stderr))
|
else:
|
||||||
print('exit_code: %s' % (step_2.exit_status))
|
node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=deploy, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"])
|
||||||
|
print('stdout: %s' % (deploy.stdout))
|
||||||
|
print('stderr: %s' % (deploy.stderr))
|
||||||
|
print('exit_code: %s' % (deploy.exit_status))
|
||||||
else:
|
else:
|
||||||
# When the -y or --yes parameter is passed we go straight to the node creation
|
# When the -y or --yes parameter is passed we go straight to the node creation
|
||||||
if provider == "gce":
|
if provider == "gce":
|
||||||
@@ -1075,9 +1078,9 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
|
|||||||
keys = driver.list_key_pairs()
|
keys = driver.list_key_pairs()
|
||||||
for key in keys:
|
for key in keys:
|
||||||
driver.delete_key_pair(key)
|
driver.delete_key_pair(key)
|
||||||
driver.import_key_pair_from_string("secdep@"+socket.gethostname(), pubkey)
|
|
||||||
driver.ex_authorize_security_group_permissive('default')
|
|
||||||
keyname="secdep@"+socket.gethostname()
|
keyname="secdep@"+socket.gethostname()
|
||||||
|
driver.import_key_pair_from_string(keyname, pubkey)
|
||||||
|
driver.ex_authorize_security_group_permissive('default')
|
||||||
# since each ami decides on a different admin user name we can't use the create node
|
# since each ami decides on a different admin user name we can't use the create node
|
||||||
# to end up with a secdep user but we have to use the deploy_node function
|
# to end up with a secdep user but we have to use the deploy_node function
|
||||||
SCRIPT = '''#!/usr/bin/env bash
|
SCRIPT = '''#!/usr/bin/env bash
|
||||||
@@ -1094,17 +1097,18 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
|
|||||||
sudo chown secdep:secdep /home/secdep -R
|
sudo chown secdep:secdep /home/secdep -R
|
||||||
sudo chmod 700 /home/secdep /home/secdep/.ssh
|
sudo chmod 700 /home/secdep /home/secdep/.ssh
|
||||||
sudo chmod 600 /home/secdep/.ssh/authorized_keys'''
|
sudo chmod 600 /home/secdep/.ssh/authorized_keys'''
|
||||||
step_1 = SSHKeyDeployment(pubkey)
|
deploy = ScriptDeployment(script=SCRIPT, name="initialization.sh", delete=True)
|
||||||
step_2 = ScriptDeployment(SCRIPT)
|
if args.deploy:
|
||||||
msd = MultiStepDeployment([step_1, step_2])
|
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
|
||||||
node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"])
|
msd = MultiStepDeployment([deploy, actualDeployScript])
|
||||||
print('stdout: %s' % (step_2.stdout))
|
node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"])
|
||||||
print('stderr: %s' % (step_2.stderr))
|
else:
|
||||||
print('exit_code: %s' % (step_2.exit_status))
|
node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=deploy, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"])
|
||||||
|
print('stdout: %s' % (deploy.stdout))
|
||||||
|
print('stderr: %s' % (deploy.stderr))
|
||||||
|
print('exit_code: %s' % (deploy.exit_status))
|
||||||
print(node.name + " created successfully")
|
print(node.name + " created successfully")
|
||||||
print("Node is initializing")
|
print("Node is initializing")
|
||||||
if provider == "aws":
|
|
||||||
time.sleep(30) #Aws takes a while to assign a public ip
|
|
||||||
print("ip to connect to")
|
print("ip to connect to")
|
||||||
print("\nIP: %s\n" % (node.public_ips))
|
print("\nIP: %s\n" % (node.public_ips))
|
||||||
return node
|
return node
|
||||||
@@ -1239,7 +1243,8 @@ def node_action(action, provider):
|
|||||||
result = poller.result()
|
result = poller.result()
|
||||||
|
|
||||||
def node_action_all(action, provider):
|
def node_action_all(action, provider):
|
||||||
nodes = list_all_nodes(provider, action)
|
string = action[:-3]
|
||||||
|
nodes = list_all_nodes(provider, string)
|
||||||
node_name = ""
|
node_name = ""
|
||||||
for node in nodes:
|
for node in nodes:
|
||||||
providerName = node.name.split("-")[0]
|
providerName = node.name.split("-")[0]
|
||||||
@@ -1269,7 +1274,6 @@ def node_action_all(action, provider):
|
|||||||
case _:
|
case _:
|
||||||
print("Invalid action command")
|
print("Invalid action command")
|
||||||
exit(0)
|
exit(0)
|
||||||
string = action[:-3]
|
|
||||||
if(succeded):
|
if(succeded):
|
||||||
print("%s node %s -> successful" % (node.name, string))
|
print("%s node %s -> successful" % (node.name, string))
|
||||||
else:
|
else:
|
||||||
@@ -1280,7 +1284,7 @@ def node_action_all(action, provider):
|
|||||||
result = poller.result()
|
result = poller.result()
|
||||||
|
|
||||||
def ssh(provider):
|
def ssh(provider):
|
||||||
node = choose_from_list(list_all_nodes(provider), "node")
|
node = choose_from_list(list_all_nodes(provider,"stop"), "node")
|
||||||
ip = node.public_ips[0]
|
ip = node.public_ips[0]
|
||||||
port = 22
|
port = 22
|
||||||
username = "secdep"
|
username = "secdep"
|
||||||
@@ -1338,7 +1342,7 @@ if args.listlocations and args.provider:
|
|||||||
if args.create:
|
if args.create:
|
||||||
assert args.provider is not None, "Provider must be specified for node creation"
|
assert args.provider is not None, "Provider must be specified for node creation"
|
||||||
# If -c or --create is passed, call the create_node function
|
# If -c or --create is passed, call the create_node function
|
||||||
create_node(args.provider, args.name, args.region, args.size, args.image, args.yes)
|
create_node(args.provider, args.name, args.region, args.size, args.image, args.yes, args.deploy)
|
||||||
exit(0)
|
exit(0)
|
||||||
if args.list:
|
if args.list:
|
||||||
if args.print:
|
if args.print:
|
||||||
@@ -1356,10 +1360,8 @@ if args.action:
|
|||||||
if args.ssh:
|
if args.ssh:
|
||||||
ssh(args.provider)
|
ssh(args.provider)
|
||||||
exit(0)
|
exit(0)
|
||||||
if args.image or args.size or args.name or args.region or args.yes and not args.create:
|
if args.image or args.size or args.name or args.region or args.yes or args.deploy and not args.create:
|
||||||
print("Image, size, name, region and yes parameters only go along with the create flag")
|
print("Image, size, name, region, yes and deploy parameters only go along with the create flag")
|
||||||
exit(0)
|
exit(0)
|
||||||
if args.print and not args.list or args.listimages or args.listsizes or args.listlocations:
|
if args.print and not args.list or args.listimages or args.listsizes or args.listlocations:
|
||||||
print("The print flag only goes together with the list, list images, list sizes or list locations")
|
print("The print flag only goes together with the list, list images, list sizes or list locations")
|
||||||
if args.deploy:
|
|
||||||
print(args.deploy)
|
|
||||||
|
|||||||
Reference in New Issue
Block a user