5 PROFILE
=${CLOUD_ENVIRONMENT}
6 SSH_KEY_DIR
="SSHConfigs"
9 DDB_TEMPLATE
="userManagementTemplates/ddb.templ"
10 DTS_TEMPLATE
="userManagementTemplates/ddbts.templ"
11 VPN_SCRIPT
="./createVPNAccount.sh"
19 ${SELF} - create account for local users
20 --------------------------------------
23 ${SELF} is used to create the account information that is stored in DDB
24 this information is used to push out accounts to the machines in the cluster.
26 You can only add a single group using this interface, to add additional groups
27 use the DDB tool to turn groups into an array, where each machine type is an available group.
28 User details are stored in the DynamoDB table: ${DDBTABLE}.
30 If you want to use a machine generated password (instead of having a user come to your desk)
31 pass in '-p' to the script. If you use an auto generated password, it will be written out to
32 ${SSH_KEY_DIR}/${PROFILE}-\$Username.pass
34 After running this script, you'll need to give the user the following files:
35 - ${SSH_KEY_DIR}/${PROFILE}-\$Username -- This is the SSH private key
36 - ${SSH_KEY_DIR}/${PROFILE}-\$Username.pass -- This is the user's password if using -p
37 - VPNConfigs/${PROFILE}-\$EMAIL.ovpn -- This is the VPN Config unique to the users
43 function valid_password
(){
44 # we don't want quotes or escapes in passwords, for reasons
52 if [ "x${1}" == "x-h" ]; then
54 elif [ "x${1}" == "x-p" ]; then
57 PASS1
=$(pwgen -y -N 1 15)
58 valid_password
"${PASS1}" && break
64 read -p "Username: " UNAME
65 read -p "Email: " EMAIL
67 # Check to see if we have an existing .pass file to reuse (*shame*)
68 if [ -e "${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pass" ]; then
69 echo "Reusing exsting .pass file"
70 PASS1
=$(cat ${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pass)
75 if [ ${AUTOPASS} -eq 0 ]; then
78 read -s -p "Password: " PASS1
80 read -s -p "Password (again):" PASS2
83 if [[ "x${PASS1}" != "x${PASS2}" ]]
85 echo "Passwords do not match, please try again."
89 if ! valid_password
"${PASS1}"
91 echo "Please do not use escape characters, nor single or double quotes in passwords. Enter a different password."
98 # save the autogenerated password somewhere
99 echo "${PASS1}" > "${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pass"
102 PASS_CRYPT
=$(python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(\"${PASS1}\")";)
104 if [ ! -e "${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pub
" ]; then
105 ssh-keygen -b 521 -t ecdsa -C "${PROFILE}-${UNAME}-${EMAIL}" -N '' -f "${SSH_KEY_DIR}/${PROFILE}-${UNAME}" > /dev/null
107 echo "Using existing SSH key
"
109 SSHPUB=$(cat ${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pub)
112 echo "Available Groups
:"
113 for i in us-east-1 us-west-2; do
115 aws --region "${i}" ec2 describe-instances --query 'Reservations[*].Instances[*].Tags[?Key==`module`].Value' --output text
116 done | sort -u | xargs -n1 echo ' -'
118 read -p "Group
for this user
: " MYGROUPS
121 echo "Groups
: $MYGROUPS"
123 cat ${DDB_TEMPLATE} | sed -e "s
/%UNAME
%/${UNAME}/g
" -e "s
#%SSHPUB%#${SSHPUB}#g" -e "s#%PASS_CRYPT%#${PASS_CRYPT}#g" -e "s/%GROUPS%/${MYGROUPS}/g" -e "s/%EMAIL%/${EMAIL}/g" > /tmp/ddb-${UNAME}.json
124 cat ${DTS_TEMPLATE} | sed -e "s/%TS%/`date +%s`/g" > /tmp
/ddbts
-${UNAME}.json
128 aws
--region "${DDBREGION}" dynamodb put
-item --table-name "${DDBTABLE}" --item file:///tmp
/${f}-${UNAME}.json
129 rm -f /tmp
/${f}-${UNAME}.json
133 echo "Generating VPN Configuration:"
134 ${VPN_SCRIPT} ${PROFILE} ${EMAIL}
138 echo "In additon to the VPN Config, you'll need to give the user the following files:"
139 echo " - ${SSH_KEY_DIR}/${PROFILE}-${UNAME} -- This is the SSH private key"
140 if [ $AUTOPASS -eq 1 ]; then
141 echo " - ${SSH_KEY_DIR}/${PROFILE}-${UNAME}.pass -- This is the user's password in plaintext"
146 echo "I'll create a tarball of the important files for you to download."
147 echo "You can find it at ${TGZDIR}/${PROFILE}-${UNAME}.tgz"
148 tar zcf
${TGZDIR}/${PROFILE}-${UNAME}.tgz
$(find ${SSH_KEY_DIR} -name "*${PROFILE}-${UNAME}*"; find VPNConfigs -name "*${PROFILE}-${UNAME}*")
149 echo "You're welcome..."