testbed_deploy.sh

2023-04-21 17:12:36 +08:00 · 2023-04-21 17:12:36 +08:00 · cce4a4c5bc
commit cce4a4c5bc
parent 0ca082e81b
4 changed files with 36 additions and 2 deletions
--- a/scripts/jumpserver_deploy.sh
+++ b/scripts/jumpserver_deploy.sh
@ -19,3 +19,5 @@ insert_if_not_exist()
 }

 insert_if_not_exist "/etc/crontab" "*/5 * * * * cd \"$THIS_DIR\" && git pull && \"$THIS_DIR\"/jumpserver_cron.sh"
+
+\"$THIS_DIR\"/jumpserver_cron.sh
--- a/scripts/nasp
+++ b/scripts/nasp
@ -0,0 +1,4 @@
+%nasp ALL = (root) NOPASSWD: /usr/bin/docker
+%nasp ALL = (root) NOPASSWD: /usr/sbin/reboot
+%nasp ALL = (root) NOPASSWD: /usr/bin/whoami
+
--- a/scripts/testbed_cron.sh
+++ b/scripts/testbed_cron.sh
@ -16,6 +16,7 @@ touch_user() {
        --shell /bin/bash \
        --disabled-password \
        --home /home/$1 \
+        --gecos "nasp member" \
        $1
    usermod -a -G nasp $1
 }
@ -23,12 +24,18 @@ touch_user() {
 update_key() {
    tmp_path="/tmp/authorized_keys_$1"
    dest_path="/home/$1/.ssh/authorized_keys"
-    echo "# This file is autoly generated. Changes here will not work." > "$tmp_path"
+    dest_dir=$(dirname "$dest_path")

+    echo "# This file is autoly generated. Changes here will not work." > "$tmp_path"
    for file in $(find "$THIS_DIR/../authorized_keys/$1" -type f); do
        (echo "# key file: ${file#*authorized_keys/}";cat "$file"; echo) >> "$tmp_path"
    done

+    if [[ ! -d "$dest_dir" ]]; then
+        mkdir -p "$dest_dir"
+        chown $1:$1 "$dest_dir"
+        chmod 700 "$dest_dir"
+    fi
    cat "$tmp_path" > "$dest_path"
    rm "$tmp_path"
    chown $1:$1 "$dest_path"
@ -36,8 +43,9 @@ update_key() {
 }

 main() {
+    cp "$THIS_DIR/nasp /etc/sudoers.d/nasp"
    for file in "$THIS_DIR"/../authorized_keys/* ; do
-        if ! test -d "$file"; then
+        if [[ ! -d "$file" ]]; then
            continue
        fi
        username=$(basename $file)
--- a/scripts/testbed_deploy.sh
+++ b/scripts/testbed_deploy.sh
@ -0,0 +1,20 @@
+#!/bin/bash
+set -ex
+THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )
+
+apt update && apt install sudo
+addgroup nasp
+
+insert_if_not_exist()
+{
+    filename=$1
+    line=$2
+    if [ ! -f "$filename" ]; then
+        touch $filename
+    fi
+    grep -qxF -- "$line" "$filename" || echo "$line" >> "$filename"
+}
+
+insert_if_not_exist "/etc/crontab" "*/5 * * * * cd \"$THIS_DIR\" && git pull && \"$THIS_DIR\"/testbed_cron.sh"
+
+\"$THIS_DIR\"/testbed_cron.sh