From 8bc58f889c2c311c661a786b5795525a919e067f Mon Sep 17 00:00:00 2001 From: DictXiong Date: Tue, 30 May 2023 13:21:29 +0800 Subject: [PATCH] [dev] first working version (#4) works fine for one month Co-authored-by: Dict Xiong Co-authored-by: xiongdian.me Co-authored-by: xiuting.xu Co-authored-by: lintaothu Co-authored-by: toghrul Co-authored-by: baiyu Reviewed-on: https://git.nasp.ob.ac.cn/NASP/registry/pulls/4 --- README.md | 2 + authorized_keys/authorized_keys | 2 + authorized_keys/dictxiong/ltp1-bd | 1 + authorized_keys/dictxiong/pc1 | 1 + authorized_keys/lintaothu/id_rsa.pub | 1 + authorized_keys/onelearn/ybai | 1 + authorized_keys/toghrul/sk0 | 1 + scripts/jumpserver_cron.sh | 21 ++++++++++ scripts/jumpserver_deploy.sh | 25 ++++++++++++ scripts/nasp | 5 +++ scripts/testbed_cron.sh | 57 ++++++++++++++++++++++++++++ scripts/testbed_deploy.sh | 20 ++++++++++ 12 files changed, 137 insertions(+) create mode 100644 README.md create mode 100644 authorized_keys/dictxiong/ltp1-bd create mode 100644 authorized_keys/dictxiong/pc1 create mode 100644 authorized_keys/lintaothu/id_rsa.pub create mode 100644 authorized_keys/onelearn/ybai create mode 100644 authorized_keys/toghrul/sk0 create mode 100755 scripts/jumpserver_cron.sh mode change 100644 => 100755 scripts/jumpserver_deploy.sh create mode 100644 scripts/nasp create mode 100755 scripts/testbed_cron.sh mode change 100644 => 100755 scripts/testbed_deploy.sh diff --git a/README.md b/README.md new file mode 100644 index 0000000..1e35bb6 --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +# The NASP Cluster Registry + diff --git a/authorized_keys/authorized_keys b/authorized_keys/authorized_keys index df254eb..4daf9b4 100644 --- a/authorized_keys/authorized_keys +++ b/authorized_keys/authorized_keys @@ -85,3 +85,5 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzmgYN5tcYKL8wd9pELVuA/wb+mku7wrlc4kF28jvP ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnUV3RkX7xpvRdLWBk/HAvIQM/vtCz0IJN95EQexIcgm7LVDKYEKp4YgCirqfyJm05i+92rwlcnkDuOTkmDXiypcFYnoPdqhyh7q54J+YSJmkXF5RLRmn+m+bH4L+wi8R0cOeAImAFQ8/F+R9cQRxGLGPb8ebXBO/oUCk2KkYdbehKFmz6E2pKV4CGRDpuxA/3JiPlNtNF0xL826+K0jkn/nZ8NsU7v2WpJxITcVvJdKHx9jtOy4Ta8w0Rdvs5YIgJrxTAYZFHmXUaI3DTZDF7qbW/OIM4T5gFUq8G8xVZtdH2u/pL1wgTa3zFMQkaN3c5zCKHm+9E7lt+LW7C0GY5AMkmNgwZe/D83nEUNjK7QB5ULjhULwhKeIlghdfly6mM6+oQ56eLH3fMMA2UalcrCm7RQqILFpv8OXSQ9iQJCPJ5PS3pABpgvc2YF9H1Pu+r/sgK1efQzop5NlT+wXVoKt64px/AUDcKucPlDUg52GEt3EsJUcSMXlIewgPGUU0= ustb_yhb@163.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDg1kImE4U+ySXkqZNrlrsSwyATOKEyRRTQ8lAYhdI1OsMM3WhxCNKDdYPoFUJgZwio5JqBHe6UBLOfL/B+Muh0PYH0+jofIJoWe4grS10zZifisjayrhu0zfWfiGzyLUQY85nUuprUQPvC4qbI1DEspOCoZAE3Q0fjNz6Et3V3j7HLtJLRLZ1unsb5bnV4kf8sbFBxoSqJg9Ut0WBYcWfCW4zReRglJUxSZ6Hux8jHdZ7DGmyAndxBbu4gpzgsyZ8qPq+o4v/J2jYqKUN/6cnJ12hMF7UEsqDntX4JnZhRu8M7VgsNmb1ST9CW/P7X74tY0PGndlf8W0znb4imoBMZY+EMausZGI4ozbYZ5pttU7zCKxHVBO7mUyaRYUeYlo1ZTBUTNxH8lLLHu26LcSyVfuiYG6buQ4FnfM1bb8spckgokzH1+Bq3AtgDIpQEHNiFoh0cekIOtNqfJnJk/wOkWvlstB9YGevN2TQ5Y3VPt6grZyijHDaWOxdXJNHcW3U= lichuanlong@LAPTOP-QEAOKK4F + +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDO9l6MmdGJo4aR/ej7quGpRrfmlAsCTZraxQqmbJaoHXTDyJEtxr4jeejkpkjizpfI6Nj8LfeEYXJABdRTMU1otHuQljwVR+dUN/GBcACq7JCXNjeT9R64JyEIrhVuMtiXUcXHHf7n9z7qZotdhOyvS6KGSnG9V4m5qnCkXxEyBcEQC0I9qqPt0RFpWx/XGOUuwxx2sdr56eXMFOk0W55FIbYVF0m8xVcYFmXawVFTlz5G+Yt8t/WiFAI3b4PzLfkObSucryr+dPqczOHE/2NYaOmDSS2Eh7Tz2PNP7sIjQpIKWZYQRAWCGcrqENEisTiiPKyzMaaynl6U23LmjuqYjTIuEWrJouSs10ivLeMfhqDbtDG+cRBX6hLW51uiScV324ci/Qd8P+6Dg9oeuHxP34Qy94QXbVNrX9z2Qok2gd+LOlrw9pFu0+M51Gqi2X4Qxr6xNQcdfnCivz9CsLWyewHHb1POTNVtgDKWotUJpelCn+OksUB3sgXSSBccVOk= hotfe@LAPTOP-PEKL7TRE diff --git a/authorized_keys/dictxiong/ltp1-bd b/authorized_keys/dictxiong/ltp1-bd new file mode 100644 index 0000000..159be11 --- /dev/null +++ b/authorized_keys/dictxiong/ltp1-bd @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhS4voo3K/Dvzqckr0bouO1WkCI5XxswstHWnuuyKBz ltp1-bd diff --git a/authorized_keys/dictxiong/pc1 b/authorized_keys/dictxiong/pc1 new file mode 100644 index 0000000..f2d5ea1 --- /dev/null +++ b/authorized_keys/dictxiong/pc1 @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHLYgVj+NPino6sOmahULN7SbAMaVAgzqPfDjz2S8zDv pc1 diff --git a/authorized_keys/lintaothu/id_rsa.pub b/authorized_keys/lintaothu/id_rsa.pub new file mode 100644 index 0000000..490ac15 --- /dev/null +++ b/authorized_keys/lintaothu/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDL4XOqHcUdI6zCDv89jwIcmPKEMLMgtaYknRQxEI9CIB0JzP8fVWy7dIh1I/HQ49SoXprgQxlkeKm1bYZ6J399c1MqtA6cdpWdxL4bd0CqVDOFalHL7YFcF1iw509NByTM67U/t3vIVyAtF+2PyeZnt7BSg71QP5yaNtIPIJwUm33BnkFZS81y2wL2MTSlvooc0vpCFS5aE5amQAqLXkkfMhm5g17rHRc/4lxnEx0G1/+Hq+AuIAGRWk6vQP4SJx08XQeXMfL67nLusKcJk+RnapNUfCXF0FSh10W1v3B6+m37Z7MLNwFu9xVYg24t9o2kIhi12x4bLs/B80ogM8P7GyS1SqW6Pj6XV9TdBG9cUqknqHTaWDiWrzmvqPYko6wml4R+UcE9zInsfG+W4AJfsEdytEAG9GYMwEupnkNumUjGXnGoHTbEhG2fvHznhs4y/I8JfyEy6NlPHFNfCLy1c0ZGrPFvODsJALBVvHJsBnaHHTReoIXM9CVRWFeZf0s= linsir@StarLight diff --git a/authorized_keys/onelearn/ybai b/authorized_keys/onelearn/ybai new file mode 100644 index 0000000..3848bb8 --- /dev/null +++ b/authorized_keys/onelearn/ybai @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMi6FE3bVJfpBkBnHE/LcddAgV7JQAqRdADJMH+0/cbc baiyu0325@gmail.com diff --git a/authorized_keys/toghrul/sk0 b/authorized_keys/toghrul/sk0 new file mode 100644 index 0000000..0f863df --- /dev/null +++ b/authorized_keys/toghrul/sk0 @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDP8JSCeZDkV/9oq8vUtmnEw7qe3nv9RrChH5LFNHO4Ds71L01ZyzVdsIkOzpxcAdFLJiV5pLVDtBAufEtH1uSIKcbVbDvcoaQAJhJGL90B9NlW8S8hbqBRfJWLAZlFNf/6pEIyRhW5xO/2x3SY2LvjJa7U90wP+XQqSPhol62qeWrGH+UxwQSiqQcfPb209F7n9qSeoROz1tpdtjWTLIKmkhVSG786tEX0eCUK3NqSli95uLfKMWQzw6poscE7PycyUTbUDj2kj2rrNFExDrYyz136hfIIMVmQF9LL8uemqZifQCIZgTkkeVQbn8CuCu7VaJysjcKaHOitgcaulss7GP3t5+DU5dT4VOnE+r7i/TXsVZvVpKKNXEX6vzus5R+7eEO3k+lS/xSNv2qy1XM7c6C0PWTuL+RFaxOq+hDsVkXJRo1BGlqkxJK1G0dG6l/4QD/75tbPi0bbemT2PKbpbu8+PVlR1Zba0OpnsLn3OQOscDZNbcwIT2001TmnDW0= togrul@Abbaslis-MacBook-Pro.local \ No newline at end of file diff --git a/scripts/jumpserver_cron.sh b/scripts/jumpserver_cron.sh new file mode 100755 index 0000000..38cc4b3 --- /dev/null +++ b/scripts/jumpserver_cron.sh @@ -0,0 +1,21 @@ +#!/bin/bash +set -ex +THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd ) + +tmp_path="/tmp/authorized_keys" +dest_path="/home/ssh/.ssh/authorized_keys" +echo "# This file is autoly generated. Changes here will not work." > "$tmp_path" + +for file in $(find "$THIS_DIR/../authorized_keys" -type f); do + (echo "# key file: ${file#*authorized_keys/}";cat "$file"; echo) >> "$tmp_path" +done + +if [[ ! -d "/home/ssh/.ssh" ]]; then + mkdir -p "/home/ssh/.ssh" + chown ssh:ssh "/home/ssh/.ssh" + chmod 700 "/home/ssh/.ssh" +fi +cat "$tmp_path" > "$dest_path" +rm "$tmp_path" +chown ssh:ssh "$dest_path" +chmod 600 "$dest_path" diff --git a/scripts/jumpserver_deploy.sh b/scripts/jumpserver_deploy.sh old mode 100644 new mode 100755 index e69de29..ef3f45e --- a/scripts/jumpserver_deploy.sh +++ b/scripts/jumpserver_deploy.sh @@ -0,0 +1,25 @@ +#!/bin/bash +set -ex +THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd ) + +adduser \ + --disabled-password \ + --home /home/ssh \ + --gecos "jumpserver user ssh" \ + ssh + +usermod -p '*' ssh + +insert_if_not_exist() +{ + filename=$1 + line=$2 + if [ ! -f "$filename" ]; then + touch $filename + fi + grep -qxF -- "$line" "$filename" || echo "$line" >> "$filename" +} + +insert_if_not_exist "/etc/crontabs/root" "*/5 * * * * cd \"$THIS_DIR\" && git pull && \"$THIS_DIR\"/jumpserver_cron.sh" + +"$THIS_DIR"/jumpserver_cron.sh diff --git a/scripts/nasp b/scripts/nasp new file mode 100644 index 0000000..0ef8cd0 --- /dev/null +++ b/scripts/nasp @@ -0,0 +1,5 @@ +%nasp ALL = (root) NOPASSWD: /usr/bin/docker +%nasp ALL = (root) NOPASSWD: /usr/sbin/reboot +%nasp ALL = (root) NOPASSWD: /usr/bin/whoami +%nasp ALL = (root) NOPASSWD: /usr/bin/nvidia-smi +%nasp ALL = (root) NOPASSWD: /usr/sbin/shutdown diff --git a/scripts/testbed_cron.sh b/scripts/testbed_cron.sh new file mode 100755 index 0000000..ed2f833 --- /dev/null +++ b/scripts/testbed_cron.sh @@ -0,0 +1,57 @@ +#!/bin/bash +set -ex +THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd ) + +touch_user() { + test -n "$1" + if id -u $1 1>/dev/null 2>&1; then + return + fi + if ! getent group nasp ; then + echo "Group 'nasp' does not exist\!" + exit 1 + fi + + adduser \ + --shell /bin/bash \ + --disabled-password \ + --home /home/$1 \ + --gecos "nasp member" \ + $1 + usermod -a -G nasp $1 +} + +update_key() { + tmp_path="/tmp/authorized_keys_$1" + dest_path="/home/$1/.ssh/authorized_keys" + dest_dir=$(dirname "$dest_path") + + echo "# This file is autoly generated. Changes here will not work." > "$tmp_path" + for file in $(find "$THIS_DIR/../authorized_keys/$1" -type f); do + (echo "# key file: ${file#*authorized_keys/}";cat "$file"; echo) >> "$tmp_path" + done + + if [[ ! -d "$dest_dir" ]]; then + mkdir -p "$dest_dir" + chown $1:$1 "$dest_dir" + chmod 700 "$dest_dir" + fi + cat "$tmp_path" > "$dest_path" + rm "$tmp_path" + chown $1:$1 "$dest_path" + chmod 600 "$dest_path" +} + +main() { + cp "$THIS_DIR/nasp" "/etc/sudoers.d/nasp" + for file in "$THIS_DIR"/../authorized_keys/* ; do + if [[ ! -d "$file" ]]; then + continue + fi + username=$(basename $file) + touch_user $username + update_key $username + done +} + +main diff --git a/scripts/testbed_deploy.sh b/scripts/testbed_deploy.sh old mode 100644 new mode 100755 index e69de29..d43a7c7 --- a/scripts/testbed_deploy.sh +++ b/scripts/testbed_deploy.sh @@ -0,0 +1,20 @@ +#!/bin/bash +set -ex +THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd ) + +apt update && apt install sudo +addgroup nasp + +insert_if_not_exist() +{ + filename=$1 + line=$2 + if [ ! -f "$filename" ]; then + touch $filename + fi + grep -qxF -- "$line" "$filename" || echo "$line" >> "$filename" +} + +insert_if_not_exist "/etc/crontab" "*/5 * * * * root cd \"$THIS_DIR\" && git pull && \"$THIS_DIR\"/testbed_cron.sh" + +"$THIS_DIR"/testbed_cron.sh