That's awesome!
Dave has the new gateway box set up, so I can take a stab at this today.
One question: Does this script have the logic to remove users if they
get removed from the LP group, or is that a manual step?
On 07/26/2012 10:04 AM, Loïc Minier wrote:
I've revamped the scripts and split them differently; it's more generic
now, especially if you only care about the union of a set of Launchpad
teams or persons.
e.g.:
./lp-members-sshkeys --sshkeys linaro-flexlm linaro-validation
to dump SSH keys from folks recursively under ~linaro-flexlm or
~linaro-validation.
Cron to update ~/.ssh/authorized_keys would be:
@hourly cd linaro-its-tools && bzr pull >/dev/null 2>&1 && PATH="$PATH:`pwd`"
&& update-ssh-keys lp-members-sshkeys --sshkeys linaro-flexlm linaro-validation
Cheers,
On Thu, Jul 26, 2012, Loïc Minier wrote:
As Michael noted yesterday, it would be nice to grant access to the
lab using some type sync with SSH keys of users from a launchpad
group. I'm guessing that code has already been written somewhere
else before.
I looked at ssh-import-id, but it didn't have a team feature and didn't
particularly impress me, so instead I hacked a custom script for the
~linaro-flexlm use case:
http://bazaar.launchpad.net/~linaro-sysadmins/linaro-its-tools/trunk/view/head:/flexlm-sshkeys
It's custom because it hardcodes ~linaro-flexlm and it also checks that
people there are members of ~linaro (harcoded as well). Not hard to
make more generic.
It's wrapped by a lock in this script:
http://bazaar.launchpad.net/~linaro-sysadmins/linaro-its-tools/trunk/view/head:/update-ssh-keys
and the crontab entry looks like this:
@hourly cd linaro-its-tools && bzr pull >/dev/null 2>&1 && ./update-ssh-keys
./flexlm-sshkeys
--
Loïc Minier
_______________________________________________
linaro-validation mailing list
[email protected]
http://lists.linaro.org/mailman/listinfo/linaro-validation
