summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPhilip Hands <phil@hands.com>2016-07-14 00:10:04 +0200
committerHolger Levsen <holger@layer-acht.org>2016-07-14 15:04:14 +0200
commit2cb75f54b7dcc67124434e3be9c9088d5830d56d (patch)
tree436125e544e2b5af433666060ee34feda0523a09
parentf8b7174a87729b6c1a0264d992719cdf9a90793a (diff)
downloadjenkins.debian.net-2cb75f54b7dcc67124434e3be9c9088d5830d56d.tar.xz
get somewhere towards the key deployment thing
Signed-off-by: Holger Levsen <holger@layer-acht.org>
-rwxr-xr-xupdate_jdn.sh68
1 files changed, 38 insertions, 30 deletions
diff --git a/update_jdn.sh b/update_jdn.sh
index f375e2e3..0d31e390 100755
--- a/update_jdn.sh
+++ b/update_jdn.sh
@@ -54,40 +54,47 @@ if ! getent passwd jenkins-adm > /dev/null ; then
sudo adduser --system --shell /bin/bash --no-create-home --ingroup jenkins-adm --disabled-login --no-create-home jenkins-adm
sudo usermod -G jenkins jenkins-adm
fi
-for user in helmut holger mattia lunar phil ; do
- if [ "$user" = "lunar" ] && [ "$HOSTNAME" != "jenkins" ] ; then
- # lunar only wants to configure jekyll
- continue
- fi
- if [ "$user" = "phil" ] && [ "$HOSTNAME" = "jenkins-test-vm" ] ; then
- # phil only wants to test stuff
- sudo adduser $user libvirt
- sudo adduser $user libvirt-qemu
- continue
- elif [ "$user" = "phil" ] && ( ! [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "jenkins-test-vm" ] ) ; then
- # create phil on jenkins and jenkins-test-vm only
- continue
- fi
- # actually create the user
- if ! getent passwd $user > /dev/null ; then
- if [ "$user" = "mattia" ] ; then
- usershell=/bin/zsh
- else
- usershell=/bin/bash
+
+declare -A u_shell uh_groups
+
+sudo_groups='jenkins,jenkins-adm,sudo,adm'
+uh_groups['helmut','*']="$sudo_groups"
+uh_groups['holger','*']="$sudo_groups"
+uh_groups['holger','jenkins']="reproducible,${uh_groups['holger','*']}"
+uh_groups['mattia','*']="$sudo_groups"
+uh_groups['phil','jenkins-test-vm']="$sudo_groups,libvirt,libvirt-qemu"
+uh_groups['phil','profitbricks-build10-amd64']=''
+uh_groups['phil','jenkins']=''
+uh_groups['lunar','jenkins']='reproducible'
+
+u_shell['mattia']='/bin/zsh'
+
+# get the users out of the uh_groups array's index
+users=$(for i in ${!uh_groups[@]}; do echo ${i%,*} ; done | sort -u)
+
+for user in $users ; do
+ if [ -v uh_groups["$user","$HOSTNAME"] -o -v uh_groups["$user",'*'] ] ; then
+ # actually create the user
+ if ! getent passwd $user > /dev/null ; then
+ # adduser, defaulting to /bin/bash as shell
+ sudo adduser --gecos "" --shell "${u_shell[$user]:-/bin/bash}" --disabled-password $user
fi
- sudo adduser --gecos "" --shell "$usershell" --disabled-password $user
- fi
- # put user in groups
- if [ "$HOSTNAME" = "jenkins" ] && [ "$user" = "lunar" ] ; then
- extra_groups="reproducible"
- elif [ "$HOSTNAME" = "jenkins" ] ; then
- extra_groups="reproducible,jenkins,jenkins-adm,sudo,adm"
- else
- extra_groups="jenkins,jenkins-adm,sudo,adm"
+ # add groups: first try the specific host, or if unset fall-back to default '*' setting
+ for h in "$HOSTNAME" '*' ; do
+ if [ -v uh_groups["$user","$h"] ] ; then
+ sudo usermod -G ${uh_groups["$user","$h"]} $user
+ break
+ fi
+ done
+ # add the keys
+ cp # FIXME we need the paths here
fi
- sudo usermod -G $extra_groups $user
done
+grep -q '^AuthorizedKeysFile' /etc/ssh/sshd_config || {
+ echo 'AuthorizedKeysFile /var/lib/misc/userkeys/%u' >> /etc/ssh/sshd_config
+}
+
sudo mkdir -p /srv/workspace
[ -d /srv/schroots ] || sudo mkdir -p /srv/schroots
[ -h /chroots ] || sudo ln -s /srv/workspace/chroots /chroots
@@ -482,6 +489,7 @@ else
[ -d /srv/jenkins/job-cfg ] && sudo rm -rf /srv/jenkins/job-cfg
fi
+
sudo mkdir -p /var/lib/jenkins/.ssh
if [ "$HOSTNAME" = "jenkins" ] ; then
sudo cp jenkins-home/procmailrc /var/lib/jenkins/.procmailrc