From f8de2cd9d7b3d478c62bfb45398bbaf484502e27 Mon Sep 17 00:00:00 2001 From: konsthol Date: Sun, 12 Mar 2023 20:42:23 +0200 Subject: [PATCH] Trust me, it's not badly written. It's just way above your head. --- secdep.py | 48 ++++++++++++++++++++++++++++++++++-------------- 1 file changed, 34 insertions(+), 14 deletions(-) diff --git a/secdep.py b/secdep.py index 9d7fada..f332861 100755 --- a/secdep.py +++ b/secdep.py @@ -944,19 +944,28 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi elif provider == "azure": node = driver.create_node(name, size, image, location, auth=auth) else: - driver.import_key_pair_from_string("secdep@"+socket.gethostname(), pubkey) + keys = driver.ex_find_or_import_keypair_by_key_material(pubkey) + if len(keys) <= 2: + pass + else: + driver.import_key_pair_from_string("secdep@"+socket.gethostname(), pubkey) driver.ex_authorize_security_group_permissive('default') keyname="secdep@"+socket.gethostname() SCRIPT = '''#!/usr/bin/env bash - useradd -G sudo -m secdep - echo "secdep:secdeppass" | chpasswd - echo "%sudo ALL=(ALL:ALL) ALL" >> /etc/sudoers - mkdir -p /home/secdep/.ssh - cp /root/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys''' + sudo useradd -G sudo -m secdep + sudo echo "secdep:secdeppass" | sudo chpasswd + sudo echo "%sudo ALL=(ALL:ALL) ALL" >> /etc/sudoers + sudo mkdir -p /home/secdep/.ssh + [[ -e /root/.ssh/authorized_keys ]] && sudo cp /root/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys + [[ -e /home/admin/.ssh/authorized_keys ]] && sudo cp /home/admin/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys + [[ -e /home/ec2-user/.ssh/authorized_keys ]] && sudo cp /home/ec2-user/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys + [[ -e /home/centos/.ssh/authorized_keys ]] && sudo cp /home/centos/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys + [[ -e /home/fedora/.ssh/authorized_keys ]] && sudo cp /home/fedora/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys + [[ -e /home/ubuntu/.ssh/authorized_keys ]] && sudo cp /home/ubuntu/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys''' step_1 = SSHKeyDeployment(pubkey) step_2 = ScriptDeployment(SCRIPT) msd = MultiStepDeployment([step_1, step_2]) - node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY) + node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"]) print('stdout: %s' % (step_2.stdout)) print('stderr: %s' % (step_2.stderr)) print('exit_code: %s' % (step_2.exit_status)) @@ -967,19 +976,28 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi elif provider == "azure": node = driver.create_node(name, size, image, location, auth=auth) else: - driver.import_key_pair_from_string("secdep@"+socket.gethostname(), pubkey) + keys = driver.ex_find_or_import_keypair_by_key_material(pubkey) + if len(keys) <= 2: + pass + else: + driver.import_key_pair_from_string("secdep@"+socket.gethostname(), pubkey) driver.ex_authorize_security_group_permissive('default') keyname="secdep@"+socket.gethostname() SCRIPT = '''#!/usr/bin/env bash - useradd -G sudo -m secdep - echo "secdep:secdeppass" | chpasswd - echo "%sudo ALL=(ALL:ALL) ALL" >> /etc/sudoers - mkdir -p /home/secdep/.ssh - cp /root/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys''' + sudo useradd -G sudo -m secdep + sudo echo "secdep:secdeppass" | sudo chpasswd + sudo echo "%sudo ALL=(ALL:ALL) ALL" >> /etc/sudoers + sudo mkdir -p /home/secdep/.ssh + [[ -e /root/.ssh/authorized_keys ]] && sudo cp /root/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys + [[ -e /home/admin/.ssh/authorized_keys ]] && sudo cp /home/admin/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys + [[ -e /home/ec2-user/.ssh/authorized_keys ]] && sudo cp /home/ec2-user/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys + [[ -e /home/centos/.ssh/authorized_keys ]] && sudo cp /home/centos/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys + [[ -e /home/fedora/.ssh/authorized_keys ]] && sudo cp /home/fedora/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys + [[ -e /home/ubuntu/.ssh/authorized_keys ]] && sudo cp /home/ubuntu/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys''' step_1 = SSHKeyDeployment(pubkey) step_2 = ScriptDeployment(SCRIPT) msd = MultiStepDeployment([step_1, step_2]) - node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY) + node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"]) print('stdout: %s' % (step_2.stdout)) print('stderr: %s' % (step_2.stderr)) print('exit_code: %s' % (step_2.exit_status)) @@ -1046,6 +1064,8 @@ def delete_node(): else: print("%s node could not be deleted" % (providerName.upper())) +driver = get_driver(Provider.EC2)(SECDEP_AWS_ACCESS_KEY, SECDEP_AWS_SECRET_KEY,region="eu-west-1") + # If -p -q or -G is passed, provider must be passed as well if args.listimages or args.listsizes or args.listlocations: assert args.provider is not None, "Provider must be passed if listing images, sizes or locations"