Apache
/
jclouds
mirror of https://github.com/apache/jclouds.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

javadoc and code tidy around admin/user setup

This commit is contained in:
Alex Heneveld 2011-10-20 14:55:44 +01:00
parent c5d0543da8
commit 9fc33dc120
3 changed files with 31 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/AdminAccess.java
View File

@ -46,17 +46,26 @@ import com.google.inject.ImplementedBy;
* Controls the administrative access to a node. By default, it will perform the following:
*
* <ul>
* <li>setup a new admin user which folks should use as opposed to the built-in vcloud account</li>
* <ul>
* <li>associate a random password to account</li>
* <ul>
* <li>securely ( use sha 512 on client side and literally rewrite the shadow entry, rather than
* pass password to OS in a script )</li>
* <li>setup a new admin user which folks should use as opposed to any built-in account</li>
* <ul>
* <li>associate a random (or given) password to that account
* <ul>
* <li>securely (using sha 512 on client side and literally rewriting the shadow entry,
* rather than sending password plaintext to OS in a script)</li>
* <li>but note password access is often blocked in any case, see below</li>
* </ul>
* <li>associate the users' ssh public key with the account for login</li>
* <li>associate it with the os group wheel</li>
* </ul>
* <li>set up sudoers for password-less access to root for this user (shouldGrantSudo)</li>
* <ul>
* <li>creating os group wheel and assigning the new admin user to it</li>
* <li>create (overwriting) sudoers file to grant root access for wheel members</li>
* </ul>
* <li>reset password for the user logging in (e.g. root, because root password is
* sometimes known to the provider), securely and randomly as described above (resetLoginPassword)</li>
* <li>lockdown sshd_config for no root login, nor passwords allowed (lockSsh)</li>
* </ul>
* <li>associate the users' ssh public key with the account for login</li> <li>
* associate it with the os group wheel</li> </ul> <li>create os group wheel</li> <li>add sudoers
* for nopassword access to root by group wheel</li> <li>reset root password securely</li> <li>
* lockdown sshd_config for no root login, nor passwords allowed</li> </ul>
*
* @author Adrian Cole
*/

6
scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/DefaultConfiguration.java
View File

@ -51,9 +51,9 @@ public class DefaultConfiguration implements Configuration {
@Override
public Map<String, String> get() {
try {
return ImmutableMap.of("public",
Files.toString(new File(System.getProperty("user.home") + "/.ssh/id_rsa.pub"), UTF_8), "private",
Files.toString(new File(System.getProperty("user.home") + "/.ssh/id_rsa"), UTF_8));
return ImmutableMap.of(
"public", Files.toString(new File(System.getProperty("user.home") + "/.ssh/id_rsa.pub"), UTF_8),
"private", Files.toString(new File(System.getProperty("user.home") + "/.ssh/id_rsa"), UTF_8));
} catch (IOException e) {
return SshKeys.generate();
}

9
scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/UserAdd.java
View File

@ -43,6 +43,13 @@ import com.google.common.collect.Lists;
import com.google.inject.Inject;
/**
* Creates a statement that will add a given user to a machine ("login"), with optional
* password, groups, private key, and authorized keys.
* <p>
* This is supported on most *nix environments. Not currently supported on Windows.
* <p>
* Note that some places where this is used may have stricter requirements on the parameters
* (for example {@link AdminAccess} requires password and keys).
*
* @author Adrian Cole
*/
@ -65,11 +72,13 @@ public class UserAdd implements Statement {
return this;
}
/** the username of the user to add (not the login to use when performing the add) */
public UserAdd.Builder login(String login) {
this.login = login;
return this;
}
/** the password to add for the user (not the password to use when logging in to perform the add) */
public UserAdd.Builder password(String password) {
this.password = password;
return this;