diff options
author | Philip Hands <phil@hands.com> | 2016-07-14 00:10:04 +0200 |
---|---|---|
committer | Holger Levsen <holger@layer-acht.org> | 2016-07-14 15:04:14 +0200 |
commit | 2cb75f54b7dcc67124434e3be9c9088d5830d56d (patch) | |
tree | 436125e544e2b5af433666060ee34feda0523a09 | |
parent | f8b7174a87729b6c1a0264d992719cdf9a90793a (diff) | |
download | jenkins.debian.net-2cb75f54b7dcc67124434e3be9c9088d5830d56d.tar.xz |
get somewhere towards the key deployment thing
Signed-off-by: Holger Levsen <holger@layer-acht.org>
-rwxr-xr-x | update_jdn.sh | 68 |
1 files changed, 38 insertions, 30 deletions
diff --git a/update_jdn.sh b/update_jdn.sh index f375e2e3..0d31e390 100755 --- a/update_jdn.sh +++ b/update_jdn.sh @@ -54,40 +54,47 @@ if ! getent passwd jenkins-adm > /dev/null ; then sudo adduser --system --shell /bin/bash --no-create-home --ingroup jenkins-adm --disabled-login --no-create-home jenkins-adm sudo usermod -G jenkins jenkins-adm fi -for user in helmut holger mattia lunar phil ; do - if [ "$user" = "lunar" ] && [ "$HOSTNAME" != "jenkins" ] ; then - # lunar only wants to configure jekyll - continue - fi - if [ "$user" = "phil" ] && [ "$HOSTNAME" = "jenkins-test-vm" ] ; then - # phil only wants to test stuff - sudo adduser $user libvirt - sudo adduser $user libvirt-qemu - continue - elif [ "$user" = "phil" ] && ( ! [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "jenkins-test-vm" ] ) ; then - # create phil on jenkins and jenkins-test-vm only - continue - fi - # actually create the user - if ! getent passwd $user > /dev/null ; then - if [ "$user" = "mattia" ] ; then - usershell=/bin/zsh - else - usershell=/bin/bash + +declare -A u_shell uh_groups + +sudo_groups='jenkins,jenkins-adm,sudo,adm' +uh_groups['helmut','*']="$sudo_groups" +uh_groups['holger','*']="$sudo_groups" +uh_groups['holger','jenkins']="reproducible,${uh_groups['holger','*']}" +uh_groups['mattia','*']="$sudo_groups" +uh_groups['phil','jenkins-test-vm']="$sudo_groups,libvirt,libvirt-qemu" +uh_groups['phil','profitbricks-build10-amd64']='' +uh_groups['phil','jenkins']='' +uh_groups['lunar','jenkins']='reproducible' + +u_shell['mattia']='/bin/zsh' + +# get the users out of the uh_groups array's index +users=$(for i in ${!uh_groups[@]}; do echo ${i%,*} ; done | sort -u) + +for user in $users ; do + if [ -v uh_groups["$user","$HOSTNAME"] -o -v uh_groups["$user",'*'] ] ; then + # actually create the user + if ! getent passwd $user > /dev/null ; then + # adduser, defaulting to /bin/bash as shell + sudo adduser --gecos "" --shell "${u_shell[$user]:-/bin/bash}" --disabled-password $user fi - sudo adduser --gecos "" --shell "$usershell" --disabled-password $user - fi - # put user in groups - if [ "$HOSTNAME" = "jenkins" ] && [ "$user" = "lunar" ] ; then - extra_groups="reproducible" - elif [ "$HOSTNAME" = "jenkins" ] ; then - extra_groups="reproducible,jenkins,jenkins-adm,sudo,adm" - else - extra_groups="jenkins,jenkins-adm,sudo,adm" + # add groups: first try the specific host, or if unset fall-back to default '*' setting + for h in "$HOSTNAME" '*' ; do + if [ -v uh_groups["$user","$h"] ] ; then + sudo usermod -G ${uh_groups["$user","$h"]} $user + break + fi + done + # add the keys + cp # FIXME we need the paths here fi - sudo usermod -G $extra_groups $user done +grep -q '^AuthorizedKeysFile' /etc/ssh/sshd_config || { + echo 'AuthorizedKeysFile /var/lib/misc/userkeys/%u' >> /etc/ssh/sshd_config +} + sudo mkdir -p /srv/workspace [ -d /srv/schroots ] || sudo mkdir -p /srv/schroots [ -h /chroots ] || sudo ln -s /srv/workspace/chroots /chroots @@ -482,6 +489,7 @@ else [ -d /srv/jenkins/job-cfg ] && sudo rm -rf /srv/jenkins/job-cfg fi + sudo mkdir -p /var/lib/jenkins/.ssh if [ "$HOSTNAME" = "jenkins" ] ; then sudo cp jenkins-home/procmailrc /var/lib/jenkins/.procmailrc |