cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

move property to ssh module

This commit is contained in:
Joey Hess 2014-11-24 00:51:36 -04:00
parent 9ac4e94625
commit 8d1814a884
2 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/Propellor/Property/OS.hs
View File

@ -13,10 +13,9 @@ import Propellor
import qualified Propellor.Property.Chroot as Chroot import qualified Propellor.Property.Chroot as Chroot
import qualified Propellor.Property.Debootstrap as Debootstrap import qualified Propellor.Property.Debootstrap as Debootstrap
import qualified Propellor.Property.File as File import qualified Propellor.Property.File as File
import qualified Propellor.Property.Ssh as Ssh
import Utility.FileMode import Utility.FileMode
import Utility.PosixFiles
-- | Replaces whatever OS was installed before with a clean installation -- | Replaces whatever OS was installed before with a clean installation
-- of the OS that the Host is configured to have. -- of the OS that the Host is configured to have.
-- --
@ -95,15 +94,10 @@ rootSshAuthorized :: Property
rootSshAuthorized = check (doesDirectoryExist oldloc) $ rootSshAuthorized = check (doesDirectoryExist oldloc) $
property (newloc ++ " copied from old OS") $ do property (newloc ++ " copied from old OS") $ do
ks <- liftIO $ lines <$> readFile oldloc ks <- liftIO $ lines <$> readFile oldloc
ensureProperty $ ensureProperties (map (Ssh.authorizedKey "root") ks)
newloc `File.containsLines` ks
`requires` File.dirExists (takeDirectory newloc)
`onChange` File.mode newloc mode
where where
newloc = "/root/.ssh/authorized_keys" newloc = "/root/.ssh/authorized_keys"
oldloc = oldOsDir ++ newloc oldloc = oldOsDir ++ newloc
-- ssh requires the file mode be locked down
mode = combineModes [ownerWriteMode, ownerReadMode]
-- Installs an appropriate kernel from the OS distribution. -- Installs an appropriate kernel from the OS distribution.
kernelInstalled :: Property kernelInstalled :: Property

13
src/Propellor/Property/Ssh.hs
View File

@ -3,6 +3,7 @@ module Propellor.Property.Ssh (
permitRootLogin, permitRootLogin,
passwordAuthentication, passwordAuthentication,
hasAuthorizedKeys, hasAuthorizedKeys,
authorizedKey,
restarted, restarted,
randomHostKeys, randomHostKeys,
hostKeys, hostKeys,
@ -155,6 +156,8 @@ knownHost hosts hn user = property desc $
return FailedChange return FailedChange
-- | Makes a user have authorized_keys from the PrivData -- | Makes a user have authorized_keys from the PrivData
--
-- This removes any other lines from the file.
authorizedKeys :: UserName -> Context -> Property authorizedKeys :: UserName -> Context -> Property
authorizedKeys user context = withPrivData (SshAuthorizedKeys user) context $ \get -> authorizedKeys user context = withPrivData (SshAuthorizedKeys user) context $ \get ->
property (user ++ " has authorized_keys") $ get $ \v -> do property (user ++ " has authorized_keys") $ get $ \v -> do
@ -167,6 +170,16 @@ authorizedKeys user context = withPrivData (SshAuthorizedKeys user) context $ \g
, File.ownerGroup (takeDirectory f) user user , File.ownerGroup (takeDirectory f) user user
] ]
-- | Ensures that a user's authorized_keys contains a line.
-- Any other lines in the file are preserved as-is.
authorizedKey :: UserName -> String -> Property
authorizedKey user l = property (user ++ " has autorized_keys line " ++ l) $ do
f <- liftIO $ dotFile "authorized_keys" user
ensureProperty $
f `File.containsLine` l
`requires` File.dirExists (takeDirectory f)
`onChange` File.mode f (combineModes [ownerWriteMode, ownerReadMode])
-- | Makes the ssh server listen on a given port, in addition to any other -- | Makes the ssh server listen on a given port, in addition to any other
-- ports it is configured to listen on. -- ports it is configured to listen on.
-- --