[dev] first working version (#4)
works fine for one month Co-authored-by: Dict Xiong <me@beardic.cn> Co-authored-by: xiongdian.me <xiongdian.me@bytedance.com> Co-authored-by: xiuting.xu <xuxiuting04@126.com> Co-authored-by: lintaothu <lintaothu@163.com> Co-authored-by: toghrul <tabbasli@hotmail.com> Co-authored-by: baiyu <baiyu@zgclab.edu.cn> Reviewed-on: https://git.nasp.ob.ac.cn/NASP/registry/pulls/4
This commit is contained in:
parent
7069fdbd72
commit
8bc58f889c
|
@ -85,3 +85,5 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzmgYN5tcYKL8wd9pELVuA/wb+mku7wrlc4kF28jvP
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnUV3RkX7xpvRdLWBk/HAvIQM/vtCz0IJN95EQexIcgm7LVDKYEKp4YgCirqfyJm05i+92rwlcnkDuOTkmDXiypcFYnoPdqhyh7q54J+YSJmkXF5RLRmn+m+bH4L+wi8R0cOeAImAFQ8/F+R9cQRxGLGPb8ebXBO/oUCk2KkYdbehKFmz6E2pKV4CGRDpuxA/3JiPlNtNF0xL826+K0jkn/nZ8NsU7v2WpJxITcVvJdKHx9jtOy4Ta8w0Rdvs5YIgJrxTAYZFHmXUaI3DTZDF7qbW/OIM4T5gFUq8G8xVZtdH2u/pL1wgTa3zFMQkaN3c5zCKHm+9E7lt+LW7C0GY5AMkmNgwZe/D83nEUNjK7QB5ULjhULwhKeIlghdfly6mM6+oQ56eLH3fMMA2UalcrCm7RQqILFpv8OXSQ9iQJCPJ5PS3pABpgvc2YF9H1Pu+r/sgK1efQzop5NlT+wXVoKt64px/AUDcKucPlDUg52GEt3EsJUcSMXlIewgPGUU0= ustb_yhb@163.com
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnUV3RkX7xpvRdLWBk/HAvIQM/vtCz0IJN95EQexIcgm7LVDKYEKp4YgCirqfyJm05i+92rwlcnkDuOTkmDXiypcFYnoPdqhyh7q54J+YSJmkXF5RLRmn+m+bH4L+wi8R0cOeAImAFQ8/F+R9cQRxGLGPb8ebXBO/oUCk2KkYdbehKFmz6E2pKV4CGRDpuxA/3JiPlNtNF0xL826+K0jkn/nZ8NsU7v2WpJxITcVvJdKHx9jtOy4Ta8w0Rdvs5YIgJrxTAYZFHmXUaI3DTZDF7qbW/OIM4T5gFUq8G8xVZtdH2u/pL1wgTa3zFMQkaN3c5zCKHm+9E7lt+LW7C0GY5AMkmNgwZe/D83nEUNjK7QB5ULjhULwhKeIlghdfly6mM6+oQ56eLH3fMMA2UalcrCm7RQqILFpv8OXSQ9iQJCPJ5PS3pABpgvc2YF9H1Pu+r/sgK1efQzop5NlT+wXVoKt64px/AUDcKucPlDUg52GEt3EsJUcSMXlIewgPGUU0= ustb_yhb@163.com
|
||||||
|
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDg1kImE4U+ySXkqZNrlrsSwyATOKEyRRTQ8lAYhdI1OsMM3WhxCNKDdYPoFUJgZwio5JqBHe6UBLOfL/B+Muh0PYH0+jofIJoWe4grS10zZifisjayrhu0zfWfiGzyLUQY85nUuprUQPvC4qbI1DEspOCoZAE3Q0fjNz6Et3V3j7HLtJLRLZ1unsb5bnV4kf8sbFBxoSqJg9Ut0WBYcWfCW4zReRglJUxSZ6Hux8jHdZ7DGmyAndxBbu4gpzgsyZ8qPq+o4v/J2jYqKUN/6cnJ12hMF7UEsqDntX4JnZhRu8M7VgsNmb1ST9CW/P7X74tY0PGndlf8W0znb4imoBMZY+EMausZGI4ozbYZ5pttU7zCKxHVBO7mUyaRYUeYlo1ZTBUTNxH8lLLHu26LcSyVfuiYG6buQ4FnfM1bb8spckgokzH1+Bq3AtgDIpQEHNiFoh0cekIOtNqfJnJk/wOkWvlstB9YGevN2TQ5Y3VPt6grZyijHDaWOxdXJNHcW3U= lichuanlong@LAPTOP-QEAOKK4F
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDg1kImE4U+ySXkqZNrlrsSwyATOKEyRRTQ8lAYhdI1OsMM3WhxCNKDdYPoFUJgZwio5JqBHe6UBLOfL/B+Muh0PYH0+jofIJoWe4grS10zZifisjayrhu0zfWfiGzyLUQY85nUuprUQPvC4qbI1DEspOCoZAE3Q0fjNz6Et3V3j7HLtJLRLZ1unsb5bnV4kf8sbFBxoSqJg9Ut0WBYcWfCW4zReRglJUxSZ6Hux8jHdZ7DGmyAndxBbu4gpzgsyZ8qPq+o4v/J2jYqKUN/6cnJ12hMF7UEsqDntX4JnZhRu8M7VgsNmb1ST9CW/P7X74tY0PGndlf8W0znb4imoBMZY+EMausZGI4ozbYZ5pttU7zCKxHVBO7mUyaRYUeYlo1ZTBUTNxH8lLLHu26LcSyVfuiYG6buQ4FnfM1bb8spckgokzH1+Bq3AtgDIpQEHNiFoh0cekIOtNqfJnJk/wOkWvlstB9YGevN2TQ5Y3VPt6grZyijHDaWOxdXJNHcW3U= lichuanlong@LAPTOP-QEAOKK4F
|
||||||
|
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDO9l6MmdGJo4aR/ej7quGpRrfmlAsCTZraxQqmbJaoHXTDyJEtxr4jeejkpkjizpfI6Nj8LfeEYXJABdRTMU1otHuQljwVR+dUN/GBcACq7JCXNjeT9R64JyEIrhVuMtiXUcXHHf7n9z7qZotdhOyvS6KGSnG9V4m5qnCkXxEyBcEQC0I9qqPt0RFpWx/XGOUuwxx2sdr56eXMFOk0W55FIbYVF0m8xVcYFmXawVFTlz5G+Yt8t/WiFAI3b4PzLfkObSucryr+dPqczOHE/2NYaOmDSS2Eh7Tz2PNP7sIjQpIKWZYQRAWCGcrqENEisTiiPKyzMaaynl6U23LmjuqYjTIuEWrJouSs10ivLeMfhqDbtDG+cRBX6hLW51uiScV324ci/Qd8P+6Dg9oeuHxP34Qy94QXbVNrX9z2Qok2gd+LOlrw9pFu0+M51Gqi2X4Qxr6xNQcdfnCivz9CsLWyewHHb1POTNVtgDKWotUJpelCn+OksUB3sgXSSBccVOk= hotfe@LAPTOP-PEKL7TRE
|
||||||
|
|
1
authorized_keys/dictxiong/ltp1-bd
Normal file
1
authorized_keys/dictxiong/ltp1-bd
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhS4voo3K/Dvzqckr0bouO1WkCI5XxswstHWnuuyKBz ltp1-bd
|
1
authorized_keys/dictxiong/pc1
Normal file
1
authorized_keys/dictxiong/pc1
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHLYgVj+NPino6sOmahULN7SbAMaVAgzqPfDjz2S8zDv pc1
|
1
authorized_keys/lintaothu/id_rsa.pub
Normal file
1
authorized_keys/lintaothu/id_rsa.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDL4XOqHcUdI6zCDv89jwIcmPKEMLMgtaYknRQxEI9CIB0JzP8fVWy7dIh1I/HQ49SoXprgQxlkeKm1bYZ6J399c1MqtA6cdpWdxL4bd0CqVDOFalHL7YFcF1iw509NByTM67U/t3vIVyAtF+2PyeZnt7BSg71QP5yaNtIPIJwUm33BnkFZS81y2wL2MTSlvooc0vpCFS5aE5amQAqLXkkfMhm5g17rHRc/4lxnEx0G1/+Hq+AuIAGRWk6vQP4SJx08XQeXMfL67nLusKcJk+RnapNUfCXF0FSh10W1v3B6+m37Z7MLNwFu9xVYg24t9o2kIhi12x4bLs/B80ogM8P7GyS1SqW6Pj6XV9TdBG9cUqknqHTaWDiWrzmvqPYko6wml4R+UcE9zInsfG+W4AJfsEdytEAG9GYMwEupnkNumUjGXnGoHTbEhG2fvHznhs4y/I8JfyEy6NlPHFNfCLy1c0ZGrPFvODsJALBVvHJsBnaHHTReoIXM9CVRWFeZf0s= linsir@StarLight
|
1
authorized_keys/onelearn/ybai
Normal file
1
authorized_keys/onelearn/ybai
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMi6FE3bVJfpBkBnHE/LcddAgV7JQAqRdADJMH+0/cbc baiyu0325@gmail.com
|
1
authorized_keys/toghrul/sk0
Normal file
1
authorized_keys/toghrul/sk0
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDP8JSCeZDkV/9oq8vUtmnEw7qe3nv9RrChH5LFNHO4Ds71L01ZyzVdsIkOzpxcAdFLJiV5pLVDtBAufEtH1uSIKcbVbDvcoaQAJhJGL90B9NlW8S8hbqBRfJWLAZlFNf/6pEIyRhW5xO/2x3SY2LvjJa7U90wP+XQqSPhol62qeWrGH+UxwQSiqQcfPb209F7n9qSeoROz1tpdtjWTLIKmkhVSG786tEX0eCUK3NqSli95uLfKMWQzw6poscE7PycyUTbUDj2kj2rrNFExDrYyz136hfIIMVmQF9LL8uemqZifQCIZgTkkeVQbn8CuCu7VaJysjcKaHOitgcaulss7GP3t5+DU5dT4VOnE+r7i/TXsVZvVpKKNXEX6vzus5R+7eEO3k+lS/xSNv2qy1XM7c6C0PWTuL+RFaxOq+hDsVkXJRo1BGlqkxJK1G0dG6l/4QD/75tbPi0bbemT2PKbpbu8+PVlR1Zba0OpnsLn3OQOscDZNbcwIT2001TmnDW0= togrul@Abbaslis-MacBook-Pro.local
|
21
scripts/jumpserver_cron.sh
Executable file
21
scripts/jumpserver_cron.sh
Executable file
|
@ -0,0 +1,21 @@
|
||||||
|
#!/bin/bash
|
||||||
|
set -ex
|
||||||
|
THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )
|
||||||
|
|
||||||
|
tmp_path="/tmp/authorized_keys"
|
||||||
|
dest_path="/home/ssh/.ssh/authorized_keys"
|
||||||
|
echo "# This file is autoly generated. Changes here will not work." > "$tmp_path"
|
||||||
|
|
||||||
|
for file in $(find "$THIS_DIR/../authorized_keys" -type f); do
|
||||||
|
(echo "# key file: ${file#*authorized_keys/}";cat "$file"; echo) >> "$tmp_path"
|
||||||
|
done
|
||||||
|
|
||||||
|
if [[ ! -d "/home/ssh/.ssh" ]]; then
|
||||||
|
mkdir -p "/home/ssh/.ssh"
|
||||||
|
chown ssh:ssh "/home/ssh/.ssh"
|
||||||
|
chmod 700 "/home/ssh/.ssh"
|
||||||
|
fi
|
||||||
|
cat "$tmp_path" > "$dest_path"
|
||||||
|
rm "$tmp_path"
|
||||||
|
chown ssh:ssh "$dest_path"
|
||||||
|
chmod 600 "$dest_path"
|
25
scripts/jumpserver_deploy.sh
Normal file → Executable file
25
scripts/jumpserver_deploy.sh
Normal file → Executable file
|
@ -0,0 +1,25 @@
|
||||||
|
#!/bin/bash
|
||||||
|
set -ex
|
||||||
|
THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )
|
||||||
|
|
||||||
|
adduser \
|
||||||
|
--disabled-password \
|
||||||
|
--home /home/ssh \
|
||||||
|
--gecos "jumpserver user ssh" \
|
||||||
|
ssh
|
||||||
|
|
||||||
|
usermod -p '*' ssh
|
||||||
|
|
||||||
|
insert_if_not_exist()
|
||||||
|
{
|
||||||
|
filename=$1
|
||||||
|
line=$2
|
||||||
|
if [ ! -f "$filename" ]; then
|
||||||
|
touch $filename
|
||||||
|
fi
|
||||||
|
grep -qxF -- "$line" "$filename" || echo "$line" >> "$filename"
|
||||||
|
}
|
||||||
|
|
||||||
|
insert_if_not_exist "/etc/crontabs/root" "*/5 * * * * cd \"$THIS_DIR\" && git pull && \"$THIS_DIR\"/jumpserver_cron.sh"
|
||||||
|
|
||||||
|
"$THIS_DIR"/jumpserver_cron.sh
|
5
scripts/nasp
Normal file
5
scripts/nasp
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
%nasp ALL = (root) NOPASSWD: /usr/bin/docker
|
||||||
|
%nasp ALL = (root) NOPASSWD: /usr/sbin/reboot
|
||||||
|
%nasp ALL = (root) NOPASSWD: /usr/bin/whoami
|
||||||
|
%nasp ALL = (root) NOPASSWD: /usr/bin/nvidia-smi
|
||||||
|
%nasp ALL = (root) NOPASSWD: /usr/sbin/shutdown
|
57
scripts/testbed_cron.sh
Executable file
57
scripts/testbed_cron.sh
Executable file
|
@ -0,0 +1,57 @@
|
||||||
|
#!/bin/bash
|
||||||
|
set -ex
|
||||||
|
THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )
|
||||||
|
|
||||||
|
touch_user() {
|
||||||
|
test -n "$1"
|
||||||
|
if id -u $1 1>/dev/null 2>&1; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
if ! getent group nasp ; then
|
||||||
|
echo "Group 'nasp' does not exist\!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
adduser \
|
||||||
|
--shell /bin/bash \
|
||||||
|
--disabled-password \
|
||||||
|
--home /home/$1 \
|
||||||
|
--gecos "nasp member" \
|
||||||
|
$1
|
||||||
|
usermod -a -G nasp $1
|
||||||
|
}
|
||||||
|
|
||||||
|
update_key() {
|
||||||
|
tmp_path="/tmp/authorized_keys_$1"
|
||||||
|
dest_path="/home/$1/.ssh/authorized_keys"
|
||||||
|
dest_dir=$(dirname "$dest_path")
|
||||||
|
|
||||||
|
echo "# This file is autoly generated. Changes here will not work." > "$tmp_path"
|
||||||
|
for file in $(find "$THIS_DIR/../authorized_keys/$1" -type f); do
|
||||||
|
(echo "# key file: ${file#*authorized_keys/}";cat "$file"; echo) >> "$tmp_path"
|
||||||
|
done
|
||||||
|
|
||||||
|
if [[ ! -d "$dest_dir" ]]; then
|
||||||
|
mkdir -p "$dest_dir"
|
||||||
|
chown $1:$1 "$dest_dir"
|
||||||
|
chmod 700 "$dest_dir"
|
||||||
|
fi
|
||||||
|
cat "$tmp_path" > "$dest_path"
|
||||||
|
rm "$tmp_path"
|
||||||
|
chown $1:$1 "$dest_path"
|
||||||
|
chmod 600 "$dest_path"
|
||||||
|
}
|
||||||
|
|
||||||
|
main() {
|
||||||
|
cp "$THIS_DIR/nasp" "/etc/sudoers.d/nasp"
|
||||||
|
for file in "$THIS_DIR"/../authorized_keys/* ; do
|
||||||
|
if [[ ! -d "$file" ]]; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
username=$(basename $file)
|
||||||
|
touch_user $username
|
||||||
|
update_key $username
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
main
|
20
scripts/testbed_deploy.sh
Normal file → Executable file
20
scripts/testbed_deploy.sh
Normal file → Executable file
|
@ -0,0 +1,20 @@
|
||||||
|
#!/bin/bash
|
||||||
|
set -ex
|
||||||
|
THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )
|
||||||
|
|
||||||
|
apt update && apt install sudo
|
||||||
|
addgroup nasp
|
||||||
|
|
||||||
|
insert_if_not_exist()
|
||||||
|
{
|
||||||
|
filename=$1
|
||||||
|
line=$2
|
||||||
|
if [ ! -f "$filename" ]; then
|
||||||
|
touch $filename
|
||||||
|
fi
|
||||||
|
grep -qxF -- "$line" "$filename" || echo "$line" >> "$filename"
|
||||||
|
}
|
||||||
|
|
||||||
|
insert_if_not_exist "/etc/crontab" "*/5 * * * * root cd \"$THIS_DIR\" && git pull && \"$THIS_DIR\"/testbed_cron.sh"
|
||||||
|
|
||||||
|
"$THIS_DIR"/testbed_cron.sh
|
Loading…
Reference in New Issue
Block a user