1
0
forked from NASP/registry

[dev] first working version (#4)

works fine for one month

Co-authored-by: Dict Xiong <me@beardic.cn>
Co-authored-by: xiongdian.me <xiongdian.me@bytedance.com>
Co-authored-by: xiuting.xu <xuxiuting04@126.com>
Co-authored-by: lintaothu <lintaothu@163.com>
Co-authored-by: toghrul <tabbasli@hotmail.com>
Co-authored-by: baiyu <baiyu@zgclab.edu.cn>
Reviewed-on: https://git.nasp.ob.ac.cn/NASP/registry/pulls/4
This commit is contained in:
DictXiong 2023-05-30 13:21:29 +08:00
parent 7069fdbd72
commit 8bc58f889c
12 changed files with 137 additions and 0 deletions

2
README.md Normal file
View File

@ -0,0 +1,2 @@
# The NASP Cluster Registry

View File

@ -85,3 +85,5 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzmgYN5tcYKL8wd9pELVuA/wb+mku7wrlc4kF28jvP
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnUV3RkX7xpvRdLWBk/HAvIQM/vtCz0IJN95EQexIcgm7LVDKYEKp4YgCirqfyJm05i+92rwlcnkDuOTkmDXiypcFYnoPdqhyh7q54J+YSJmkXF5RLRmn+m+bH4L+wi8R0cOeAImAFQ8/F+R9cQRxGLGPb8ebXBO/oUCk2KkYdbehKFmz6E2pKV4CGRDpuxA/3JiPlNtNF0xL826+K0jkn/nZ8NsU7v2WpJxITcVvJdKHx9jtOy4Ta8w0Rdvs5YIgJrxTAYZFHmXUaI3DTZDF7qbW/OIM4T5gFUq8G8xVZtdH2u/pL1wgTa3zFMQkaN3c5zCKHm+9E7lt+LW7C0GY5AMkmNgwZe/D83nEUNjK7QB5ULjhULwhKeIlghdfly6mM6+oQ56eLH3fMMA2UalcrCm7RQqILFpv8OXSQ9iQJCPJ5PS3pABpgvc2YF9H1Pu+r/sgK1efQzop5NlT+wXVoKt64px/AUDcKucPlDUg52GEt3EsJUcSMXlIewgPGUU0= ustb_yhb@163.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnUV3RkX7xpvRdLWBk/HAvIQM/vtCz0IJN95EQexIcgm7LVDKYEKp4YgCirqfyJm05i+92rwlcnkDuOTkmDXiypcFYnoPdqhyh7q54J+YSJmkXF5RLRmn+m+bH4L+wi8R0cOeAImAFQ8/F+R9cQRxGLGPb8ebXBO/oUCk2KkYdbehKFmz6E2pKV4CGRDpuxA/3JiPlNtNF0xL826+K0jkn/nZ8NsU7v2WpJxITcVvJdKHx9jtOy4Ta8w0Rdvs5YIgJrxTAYZFHmXUaI3DTZDF7qbW/OIM4T5gFUq8G8xVZtdH2u/pL1wgTa3zFMQkaN3c5zCKHm+9E7lt+LW7C0GY5AMkmNgwZe/D83nEUNjK7QB5ULjhULwhKeIlghdfly6mM6+oQ56eLH3fMMA2UalcrCm7RQqILFpv8OXSQ9iQJCPJ5PS3pABpgvc2YF9H1Pu+r/sgK1efQzop5NlT+wXVoKt64px/AUDcKucPlDUg52GEt3EsJUcSMXlIewgPGUU0= ustb_yhb@163.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDg1kImE4U+ySXkqZNrlrsSwyATOKEyRRTQ8lAYhdI1OsMM3WhxCNKDdYPoFUJgZwio5JqBHe6UBLOfL/B+Muh0PYH0+jofIJoWe4grS10zZifisjayrhu0zfWfiGzyLUQY85nUuprUQPvC4qbI1DEspOCoZAE3Q0fjNz6Et3V3j7HLtJLRLZ1unsb5bnV4kf8sbFBxoSqJg9Ut0WBYcWfCW4zReRglJUxSZ6Hux8jHdZ7DGmyAndxBbu4gpzgsyZ8qPq+o4v/J2jYqKUN/6cnJ12hMF7UEsqDntX4JnZhRu8M7VgsNmb1ST9CW/P7X74tY0PGndlf8W0znb4imoBMZY+EMausZGI4ozbYZ5pttU7zCKxHVBO7mUyaRYUeYlo1ZTBUTNxH8lLLHu26LcSyVfuiYG6buQ4FnfM1bb8spckgokzH1+Bq3AtgDIpQEHNiFoh0cekIOtNqfJnJk/wOkWvlstB9YGevN2TQ5Y3VPt6grZyijHDaWOxdXJNHcW3U= lichuanlong@LAPTOP-QEAOKK4F ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDg1kImE4U+ySXkqZNrlrsSwyATOKEyRRTQ8lAYhdI1OsMM3WhxCNKDdYPoFUJgZwio5JqBHe6UBLOfL/B+Muh0PYH0+jofIJoWe4grS10zZifisjayrhu0zfWfiGzyLUQY85nUuprUQPvC4qbI1DEspOCoZAE3Q0fjNz6Et3V3j7HLtJLRLZ1unsb5bnV4kf8sbFBxoSqJg9Ut0WBYcWfCW4zReRglJUxSZ6Hux8jHdZ7DGmyAndxBbu4gpzgsyZ8qPq+o4v/J2jYqKUN/6cnJ12hMF7UEsqDntX4JnZhRu8M7VgsNmb1ST9CW/P7X74tY0PGndlf8W0znb4imoBMZY+EMausZGI4ozbYZ5pttU7zCKxHVBO7mUyaRYUeYlo1ZTBUTNxH8lLLHu26LcSyVfuiYG6buQ4FnfM1bb8spckgokzH1+Bq3AtgDIpQEHNiFoh0cekIOtNqfJnJk/wOkWvlstB9YGevN2TQ5Y3VPt6grZyijHDaWOxdXJNHcW3U= lichuanlong@LAPTOP-QEAOKK4F
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDO9l6MmdGJo4aR/ej7quGpRrfmlAsCTZraxQqmbJaoHXTDyJEtxr4jeejkpkjizpfI6Nj8LfeEYXJABdRTMU1otHuQljwVR+dUN/GBcACq7JCXNjeT9R64JyEIrhVuMtiXUcXHHf7n9z7qZotdhOyvS6KGSnG9V4m5qnCkXxEyBcEQC0I9qqPt0RFpWx/XGOUuwxx2sdr56eXMFOk0W55FIbYVF0m8xVcYFmXawVFTlz5G+Yt8t/WiFAI3b4PzLfkObSucryr+dPqczOHE/2NYaOmDSS2Eh7Tz2PNP7sIjQpIKWZYQRAWCGcrqENEisTiiPKyzMaaynl6U23LmjuqYjTIuEWrJouSs10ivLeMfhqDbtDG+cRBX6hLW51uiScV324ci/Qd8P+6Dg9oeuHxP34Qy94QXbVNrX9z2Qok2gd+LOlrw9pFu0+M51Gqi2X4Qxr6xNQcdfnCivz9CsLWyewHHb1POTNVtgDKWotUJpelCn+OksUB3sgXSSBccVOk= hotfe@LAPTOP-PEKL7TRE

View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhS4voo3K/Dvzqckr0bouO1WkCI5XxswstHWnuuyKBz ltp1-bd

View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHLYgVj+NPino6sOmahULN7SbAMaVAgzqPfDjz2S8zDv pc1

View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDL4XOqHcUdI6zCDv89jwIcmPKEMLMgtaYknRQxEI9CIB0JzP8fVWy7dIh1I/HQ49SoXprgQxlkeKm1bYZ6J399c1MqtA6cdpWdxL4bd0CqVDOFalHL7YFcF1iw509NByTM67U/t3vIVyAtF+2PyeZnt7BSg71QP5yaNtIPIJwUm33BnkFZS81y2wL2MTSlvooc0vpCFS5aE5amQAqLXkkfMhm5g17rHRc/4lxnEx0G1/+Hq+AuIAGRWk6vQP4SJx08XQeXMfL67nLusKcJk+RnapNUfCXF0FSh10W1v3B6+m37Z7MLNwFu9xVYg24t9o2kIhi12x4bLs/B80ogM8P7GyS1SqW6Pj6XV9TdBG9cUqknqHTaWDiWrzmvqPYko6wml4R+UcE9zInsfG+W4AJfsEdytEAG9GYMwEupnkNumUjGXnGoHTbEhG2fvHznhs4y/I8JfyEy6NlPHFNfCLy1c0ZGrPFvODsJALBVvHJsBnaHHTReoIXM9CVRWFeZf0s= linsir@StarLight

View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMi6FE3bVJfpBkBnHE/LcddAgV7JQAqRdADJMH+0/cbc baiyu0325@gmail.com

View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDP8JSCeZDkV/9oq8vUtmnEw7qe3nv9RrChH5LFNHO4Ds71L01ZyzVdsIkOzpxcAdFLJiV5pLVDtBAufEtH1uSIKcbVbDvcoaQAJhJGL90B9NlW8S8hbqBRfJWLAZlFNf/6pEIyRhW5xO/2x3SY2LvjJa7U90wP+XQqSPhol62qeWrGH+UxwQSiqQcfPb209F7n9qSeoROz1tpdtjWTLIKmkhVSG786tEX0eCUK3NqSli95uLfKMWQzw6poscE7PycyUTbUDj2kj2rrNFExDrYyz136hfIIMVmQF9LL8uemqZifQCIZgTkkeVQbn8CuCu7VaJysjcKaHOitgcaulss7GP3t5+DU5dT4VOnE+r7i/TXsVZvVpKKNXEX6vzus5R+7eEO3k+lS/xSNv2qy1XM7c6C0PWTuL+RFaxOq+hDsVkXJRo1BGlqkxJK1G0dG6l/4QD/75tbPi0bbemT2PKbpbu8+PVlR1Zba0OpnsLn3OQOscDZNbcwIT2001TmnDW0= togrul@Abbaslis-MacBook-Pro.local

21
scripts/jumpserver_cron.sh Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
set -ex
THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )
tmp_path="/tmp/authorized_keys"
dest_path="/home/ssh/.ssh/authorized_keys"
echo "# This file is autoly generated. Changes here will not work." > "$tmp_path"
for file in $(find "$THIS_DIR/../authorized_keys" -type f); do
(echo "# key file: ${file#*authorized_keys/}";cat "$file"; echo) >> "$tmp_path"
done
if [[ ! -d "/home/ssh/.ssh" ]]; then
mkdir -p "/home/ssh/.ssh"
chown ssh:ssh "/home/ssh/.ssh"
chmod 700 "/home/ssh/.ssh"
fi
cat "$tmp_path" > "$dest_path"
rm "$tmp_path"
chown ssh:ssh "$dest_path"
chmod 600 "$dest_path"

25
scripts/jumpserver_deploy.sh Normal file → Executable file
View File

@ -0,0 +1,25 @@
#!/bin/bash
set -ex
THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )
adduser \
--disabled-password \
--home /home/ssh \
--gecos "jumpserver user ssh" \
ssh
usermod -p '*' ssh
insert_if_not_exist()
{
filename=$1
line=$2
if [ ! -f "$filename" ]; then
touch $filename
fi
grep -qxF -- "$line" "$filename" || echo "$line" >> "$filename"
}
insert_if_not_exist "/etc/crontabs/root" "*/5 * * * * cd \"$THIS_DIR\" && git pull && \"$THIS_DIR\"/jumpserver_cron.sh"
"$THIS_DIR"/jumpserver_cron.sh

5
scripts/nasp Normal file
View File

@ -0,0 +1,5 @@
%nasp ALL = (root) NOPASSWD: /usr/bin/docker
%nasp ALL = (root) NOPASSWD: /usr/sbin/reboot
%nasp ALL = (root) NOPASSWD: /usr/bin/whoami
%nasp ALL = (root) NOPASSWD: /usr/bin/nvidia-smi
%nasp ALL = (root) NOPASSWD: /usr/sbin/shutdown

57
scripts/testbed_cron.sh Executable file
View File

@ -0,0 +1,57 @@
#!/bin/bash
set -ex
THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )
touch_user() {
test -n "$1"
if id -u $1 1>/dev/null 2>&1; then
return
fi
if ! getent group nasp ; then
echo "Group 'nasp' does not exist\!"
exit 1
fi
adduser \
--shell /bin/bash \
--disabled-password \
--home /home/$1 \
--gecos "nasp member" \
$1
usermod -a -G nasp $1
}
update_key() {
tmp_path="/tmp/authorized_keys_$1"
dest_path="/home/$1/.ssh/authorized_keys"
dest_dir=$(dirname "$dest_path")
echo "# This file is autoly generated. Changes here will not work." > "$tmp_path"
for file in $(find "$THIS_DIR/../authorized_keys/$1" -type f); do
(echo "# key file: ${file#*authorized_keys/}";cat "$file"; echo) >> "$tmp_path"
done
if [[ ! -d "$dest_dir" ]]; then
mkdir -p "$dest_dir"
chown $1:$1 "$dest_dir"
chmod 700 "$dest_dir"
fi
cat "$tmp_path" > "$dest_path"
rm "$tmp_path"
chown $1:$1 "$dest_path"
chmod 600 "$dest_path"
}
main() {
cp "$THIS_DIR/nasp" "/etc/sudoers.d/nasp"
for file in "$THIS_DIR"/../authorized_keys/* ; do
if [[ ! -d "$file" ]]; then
continue
fi
username=$(basename $file)
touch_user $username
update_key $username
done
}
main

20
scripts/testbed_deploy.sh Normal file → Executable file
View File

@ -0,0 +1,20 @@
#!/bin/bash
set -ex
THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )
apt update && apt install sudo
addgroup nasp
insert_if_not_exist()
{
filename=$1
line=$2
if [ ! -f "$filename" ]; then
touch $filename
fi
grep -qxF -- "$line" "$filename" || echo "$line" >> "$filename"
}
insert_if_not_exist "/etc/crontab" "*/5 * * * * root cd \"$THIS_DIR\" && git pull && \"$THIS_DIR\"/testbed_cron.sh"
"$THIS_DIR"/testbed_cron.sh