summaryrefslogtreecommitdiff
path: root/ec2-fetch-credentials.py
diff options
context:
space:
mode:
Diffstat (limited to 'ec2-fetch-credentials.py')
-rwxr-xr-xec2-fetch-credentials.py86
1 files changed, 26 insertions, 60 deletions
diff --git a/ec2-fetch-credentials.py b/ec2-fetch-credentials.py
index 05bc7a9c..9ebc4634 100755
--- a/ec2-fetch-credentials.py
+++ b/ec2-fetch-credentials.py
@@ -18,76 +18,42 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-import urllib
import os
-import socket
-import sys
-from configobj import ConfigObj
+import pwd
-api_ver = '2008-02-01'
-metadata = None
-filename='/etc/ec2-init/ec2-config.cfg'
+import ec2init
-config = ConfigObj(filename)
-user = config['user']
-config_root = config['DISABLE_ROOT']
+def setup_user_keys(keys, user, key_prefix):
+ pwent = pwd.getpwnam(user)
-def get_ssh_keys():
- base_url = 'http://169.254.169.254/%s/meta-data' % api_ver
- data = urllib.urlopen('%s/public-keys/' % base_url).read()
- keyids = [line.split('=')[0] for line in data.split('\n')]
- return [urllib.urlopen('%s/public-keys/%d/openssh-key' % (base_url, int(keyid))).read().rstrip() for keyid in keyids]
+ os.umask(077)
+ if not os.path.exists('%s/.ssh' % pwent.pw_dir):
+ os.mkdir('%s/.ssh' % pwent.pw_dir)
-def setup_user_keys(k,user,filename):
- if not os.path.exists('/home/%s/.ssh' %(user)):
- os.mkdir('/home/%s/.ssh' %(user))
-
- authorized_keys = '/home/%s/.ssh/authorized_keys' % user
+ authorized_keys = '%s/.ssh/authorized_keys' % pwent.pw_dir
fp = open(authorized_keys, 'a')
- fp.write(''.join(['%s\n' % key for key in keys]))
+ fp.write(''.join(['%s%s\n' % (key_prefix, key) for key in keys]))
fp.close()
- os.system('chown -R %s:%s /home/%s/.ssh' %(user,user,user))
- os.system('touch %s' %(filename))
-def setup_root_user(k,root_config):
- if root_config == "1":
- if not os.path.exists('/root/.ssh'):
- os.mkdir('/root/.ssh/')
+ os.chown(authorized_keys, pwent.pw_uid, pwent.pw_gid)
- fp = open('/root/.ssh/authorized_keys', 'a')
- fp.write("command=\"echo \'Please login as the ubuntu user rather than root user.\';echo;sleep 10\" ")
- fp.write(''.join(['%s\n' % key for key in keys]))
- fp.close()
- elif root_config == "0":
- print "You choose to disable the root user, god help you."
- else:
- print "%s - I dont understand that opion."
+def main():
+ ec2 = ec2init.EC2Init()
-def checkServer():
- s = socket.socket()
- try:
- address = '169.254.169.254'
- port = 80
- s.connect((address,port))
- except socket.error, e:
- print "!!! Unable to connect to %s" % address
- sys.exit(0)
+ user = ec2.get_cfg_option_str('user')
+ disable_root = ec2.get_cfg_option_bool('disable_root')
-def get_ami_id():
- url = 'http://169.254.169.254/%s/meta-data' % api_ver
- ami_id = urllib.urlopen('%s/ami-id/' %url).read()
- return ami_id
+ keys = ec2.get_ssh_keys()
+
+ if user:
+ setup_user_keys(keys, user, '')
+
+ if disable_root:
+ key_prefix = 'command="echo \'Please login as the ubuntu user rather than root user.\';echo;sleep 10" '
+ else:
+ key_prefix = ''
-amid = get_ami_id()
-filename = '/var/ec2/.ssh-keys-ran.%s' %amid
-if os.path.exists(filename):
- print "ec2-fetch-credentials already ran....skipping."
-else:
- os.umask(077)
- if user == "":
- print "User must exist in %s" %(filename)
- sys.exit(0)
+ setup_root_user(keys, 'root', key_prefix)
- keys = get_ssh_keys()
- setup_user_keys(keys,user,filename)
- setup_root_user(keys,config_root)
+if __name__ == '__main__':
+ main()