Add some SSH config stuff for Fabric.

We'll see if this is a good idea or not..
2015-04-26 01:56:52 -05:00 · 2015-04-26 01:56:52 -05:00 · 3197ec76dd
parent fa1e8d7ce2
commit 3197ec76dd
1 changed files with 64 additions and 0 deletions
--- a/rattail/fablib/ssh.py
+++ b/rattail/fablib/ssh.py
@ -0,0 +1,64 @@
+# -*- coding: utf-8 -*-
+################################################################################
+#
+#  Rattail -- Retail Software Framework
+#  Copyright © 2010-2015 Lance Edgar
+#
+#  This file is part of Rattail.
+#
+#  Rattail is free software: you can redistribute it and/or modify it under the
+#  terms of the GNU Affero General Public License as published by the Free
+#  Software Foundation, either version 3 of the License, or (at your option)
+#  any later version.
+#
+#  Rattail is distributed in the hope that it will be useful, but WITHOUT ANY
+#  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+#  FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for
+#  more details.
+#
+#  You should have received a copy of the GNU Affero General Public License
+#  along with Rattail.  If not, see <http://www.gnu.org/licenses/>.
+#
+################################################################################
+"""
+Fabric Library for SSH
+"""
+
+from __future__ import unicode_literals
+
+from fabric.api import *
+from fabric.contrib.files import exists, sed
+
+from rattail.fablib.system import mkdir
+from rattail.fablib.python import cdvirtualenv
+
+
+def configure_ssh():
+    """
+    Configure the OpenSSH service.
+    """
+    sed('/etc/ssh/sshd_config', r'^PermitRootLogin yes$', r'PermitRootLogin no', use_sudo=True)
+    sed('/etc/ssh/sshd_config', r'^#PasswordAuthentication yes$', r'PasswordAuthentication no', use_sudo=True)
+    sudo('service ssh restart')
+
+
+def establish_identity(envname, comment, user='rattail', home='/var/lib/rattail'):
+    """
+    Generate a SSH key pair and configure it for local use.
+    """
+    home = home.rstrip('/')
+    sshdir = '{0}/.ssh'.format(home)
+    owner='{0}:{0}'.format(user)
+    mkdir(sshdir, owner=owner, mode='0700')
+    with cd(sshdir):
+        if not exists('authorized_keys'):
+            sudo('touch authorized_keys')
+        sudo('chown {0} authorized_keys'.format(owner))
+        sudo('chmod 0600 authorized_keys')
+    with cdvirtualenv(envname, 'app'):
+        mkdir('ssh', owner=owner, mode='0700')
+    with cdvirtualenv(envname, 'app/ssh'):
+        if not exists('id_rsa', use_sudo=True):
+            sudo("ssh-keygen -C '{0}' -P '' -f id_rsa".format(comment))
+            sudo('cat id_rsa.pub >> {0}/authorized_keys'.format(sshdir))
+        sudo('chown {0} id_rsa*'.format(owner))