Trust me, it's not badly written. It's just way above your head.

2023-03-12 20:42:23 +02:00
parent 029407c1c6
commit f8de2cd9d7
1 changed files with 34 additions and 14 deletions
--- a/secdep.py
+++ b/secdep.py
@@ -944,19 +944,28 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
        elif provider == "azure":
            node = driver.create_node(name, size, image, location, auth=auth)
        else:
-            driver.import_key_pair_from_string("secdep@"+socket.gethostname(), pubkey)
+            keys = driver.ex_find_or_import_keypair_by_key_material(pubkey)
+            if len(keys) <= 2:
+                pass
+            else:
+                driver.import_key_pair_from_string("secdep@"+socket.gethostname(), pubkey)
            driver.ex_authorize_security_group_permissive('default')
            keyname="secdep@"+socket.gethostname()
            SCRIPT = '''#!/usr/bin/env bash
-            useradd -G sudo -m secdep
-            echo "secdep:secdeppass" | chpasswd
-            echo "%sudo	ALL=(ALL:ALL) ALL" >> /etc/sudoers
-            mkdir -p /home/secdep/.ssh
-            cp /root/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys'''
+            sudo useradd -G sudo -m secdep
+            sudo echo "secdep:secdeppass" | sudo chpasswd
+            sudo echo "%sudo ALL=(ALL:ALL) ALL" >> /etc/sudoers
+            sudo mkdir -p /home/secdep/.ssh
+            [[ -e /root/.ssh/authorized_keys ]] && sudo cp /root/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            [[ -e /home/admin/.ssh/authorized_keys ]] && sudo cp /home/admin/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            [[ -e /home/ec2-user/.ssh/authorized_keys ]] && sudo cp /home/ec2-user/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            [[ -e /home/centos/.ssh/authorized_keys ]] && sudo cp /home/centos/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            [[ -e /home/fedora/.ssh/authorized_keys ]] && sudo cp /home/fedora/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            [[ -e /home/ubuntu/.ssh/authorized_keys ]] && sudo cp /home/ubuntu/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys'''
            step_1 = SSHKeyDeployment(pubkey)
            step_2 = ScriptDeployment(SCRIPT)
            msd = MultiStepDeployment([step_1, step_2])
-            node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY)
+            node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"])
            print('stdout: %s' % (step_2.stdout))
            print('stderr: %s' % (step_2.stderr))
            print('exit_code: %s' % (step_2.exit_status))
@@ -967,19 +976,28 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
        elif provider == "azure":
            node = driver.create_node(name, size, image, location, auth=auth)
        else:
-            driver.import_key_pair_from_string("secdep@"+socket.gethostname(), pubkey)
+            keys = driver.ex_find_or_import_keypair_by_key_material(pubkey)
+            if len(keys) <= 2:
+                pass
+            else:
+                driver.import_key_pair_from_string("secdep@"+socket.gethostname(), pubkey)
            driver.ex_authorize_security_group_permissive('default')
            keyname="secdep@"+socket.gethostname()
            SCRIPT = '''#!/usr/bin/env bash
-            useradd -G sudo -m secdep
-            echo "secdep:secdeppass" | chpasswd
-            echo "%sudo	ALL=(ALL:ALL) ALL" >> /etc/sudoers
-            mkdir -p /home/secdep/.ssh
-            cp /root/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys'''
+            sudo useradd -G sudo -m secdep
+            sudo echo "secdep:secdeppass" | sudo chpasswd
+            sudo echo "%sudo ALL=(ALL:ALL) ALL" >> /etc/sudoers
+            sudo mkdir -p /home/secdep/.ssh
+            [[ -e /root/.ssh/authorized_keys ]] && sudo cp /root/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            [[ -e /home/admin/.ssh/authorized_keys ]] && sudo cp /home/admin/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            [[ -e /home/ec2-user/.ssh/authorized_keys ]] && sudo cp /home/ec2-user/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            [[ -e /home/centos/.ssh/authorized_keys ]] && sudo cp /home/centos/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            [[ -e /home/fedora/.ssh/authorized_keys ]] && sudo cp /home/fedora/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
+            [[ -e /home/ubuntu/.ssh/authorized_keys ]] && sudo cp /home/ubuntu/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys'''
            step_1 = SSHKeyDeployment(pubkey)
            step_2 = ScriptDeployment(SCRIPT)
            msd = MultiStepDeployment([step_1, step_2])
-            node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY)
+            node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"])
            print('stdout: %s' % (step_2.stdout))
            print('stderr: %s' % (step_2.stderr))
            print('exit_code: %s' % (step_2.exit_status))
@@ -1046,6 +1064,8 @@ def delete_node():
    else:
        print("%s node could not be deleted" % (providerName.upper()))

+driver = get_driver(Provider.EC2)(SECDEP_AWS_ACCESS_KEY, SECDEP_AWS_SECRET_KEY,region="eu-west-1")
+
 # If -p -q or -G is passed, provider must be passed as well
 if args.listimages or args.listsizes or args.listlocations:
    assert args.provider is not None, "Provider must be passed if listing images, sizes or locations"