|
|
|
@ -75,8 +75,12 @@ def get_params():
|
|
|
|
|
global msg
|
|
|
|
|
|
|
|
|
|
msg = "reading params"
|
|
|
|
|
with file(sys.argv[1]) as f: #read the args file
|
|
|
|
|
argfile = sys.argv[1]
|
|
|
|
|
try:
|
|
|
|
|
f = open(argfile,"r")
|
|
|
|
|
args = f.read()
|
|
|
|
|
finally:
|
|
|
|
|
f.close()
|
|
|
|
|
|
|
|
|
|
msg = "writing syslog."
|
|
|
|
|
syslog.openlog('ansible-%s' % os.path.basename(__file__))
|
|
|
|
@ -118,8 +122,11 @@ def keyfile(user, create=False):
|
|
|
|
|
os.chmod(sshdir, 0700)
|
|
|
|
|
msg = "Touching authorized keys file."
|
|
|
|
|
if not exists( keysfile):
|
|
|
|
|
with file(keysfile, "w") as f:
|
|
|
|
|
f.write("#Authorized Keys File created by Ansible.")
|
|
|
|
|
try:
|
|
|
|
|
f = open(keysfile, "w")
|
|
|
|
|
f.write("#Authorized Keys File created by Ansible.\n")
|
|
|
|
|
finally:
|
|
|
|
|
f.close()
|
|
|
|
|
os.chown(keysfile, uid, gid)
|
|
|
|
|
os.chmod(keysfile, 0600)
|
|
|
|
|
return keysfile
|
|
|
|
@ -128,15 +135,21 @@ def readkeys( filename):
|
|
|
|
|
global msg
|
|
|
|
|
msg = "Reading authorized_keys."
|
|
|
|
|
if not isfile(filename): return []
|
|
|
|
|
with file(filename) as f:
|
|
|
|
|
try:
|
|
|
|
|
f = open(filename)
|
|
|
|
|
keys = [line.rstrip() for line in f.readlines()]
|
|
|
|
|
finally:
|
|
|
|
|
f.close()
|
|
|
|
|
return keys
|
|
|
|
|
|
|
|
|
|
def writekeys( filename, keys):
|
|
|
|
|
global msg
|
|
|
|
|
msg = "Writing authorized_keys."
|
|
|
|
|
with file(filename,"w") as f:
|
|
|
|
|
try:
|
|
|
|
|
f = open(filename,"w")
|
|
|
|
|
f.writelines( (key + "\n" for key in keys) )
|
|
|
|
|
finally:
|
|
|
|
|
f.close()
|
|
|
|
|
|
|
|
|
|
def enforce_state( params):
|
|
|
|
|
"""Add or remove key.
|
|
|
|
@ -153,7 +166,7 @@ def enforce_state( params):
|
|
|
|
|
state = params.get("state", "present")
|
|
|
|
|
|
|
|
|
|
#== check current state
|
|
|
|
|
params["keyfile"] = keyfile(user)
|
|
|
|
|
params["keyfile"] = keyfile(user,create=True)
|
|
|
|
|
keys = readkeys( params["keyfile"])
|
|
|
|
|
present = key in keys
|
|
|
|
|
|
|
|
|
|