[MediaWiki-commits] [Gerrit] keyholder: fix `keyholder` script - change (operations/puppet)

Thu, 13 Nov 2014 14:25:29 -0800 

Ori.livneh has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/173177

Change subject: keyholder: fix `keyholder` script
......................................................................

keyholder: fix `keyholder` script

* Make the mwdeploy key group-readable and chgrp'd to keyholder, so that we can
  read it when we sudo to keyholder to add it to the agent.
* Consolidate list, list-proxy and status subcommands into status.

Change-Id: I0e71c1f79c6a7313ecd6085165d5eba06524bed1
---
M manifests/role/deployment.pp
M modules/keyholder/files/keyholder
2 files changed, 11 insertions(+), 16 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/77/173177/1

diff --git a/manifests/role/deployment.pp b/manifests/role/deployment.pp
index 98e8999..4ca9376 100644
--- a/manifests/role/deployment.pp
+++ b/manifests/role/deployment.pp
@@ -154,8 +154,8 @@
     file { '/root/.ssh/mwdeploy_rsa':
         source => 'puppet:///private/ssh/tin/mwdeploy_rsa',
         owner  => 'root',
-        group  => 'root',
-        mode   => '0400',
+        group  => 'keyholder',
+        mode   => '0440',
     }
 }
 
diff --git a/modules/keyholder/files/keyholder 
b/modules/keyholder/files/keyholder
index 499db3a..97de949 100755
--- a/modules/keyholder/files/keyholder
+++ b/modules/keyholder/files/keyholder
@@ -4,14 +4,12 @@
 show_usage() {
   /bin/echo >&2 "keyholder -- Manage shared SSH agent
 
+  keyholder status
+    Lists service status and the fingerprints of all identities
+    currently represented by the agent
+
   keyholder add KEY
     Add a private key identity to the agent
-
-  keyholder list
-    Lists fingerprints of all identities currently represented by the agent
-
-  keyholder list-proxy
-    Lists fingerprints of all identities currently represented by the proxy
 
   keyholder clear
     Deletes all identities from the agent
@@ -25,14 +23,11 @@
 command=$1; shift
 case "$command" in
     status)
-        /sbin/status keyholder-agent
-        /sbin/status keyholder-proxy
-        ;;
-    list)
-        SSH_AUTH_SOCK=/run/keyholder/agent.sock /usr/bin/ssh-add -l
-        ;;
-    list-proxy)
-        SSH_AUTH_SOCK=/run/keyholder/proxy.sock /usr/bin/ssh-add -l
+        for service in agent proxy; do
+            /sbin/status "keyholder-${service}" || continue
+            [ -r "/run/keyholder/${service}.sock" ] || continue
+            SSH_AUTH_SOCK="/run/keyholder/${service}.sock" /usr/bin/ssh-add -l 
| sed 's/^/- /'
+        done
         ;;
     add)
         SSH_AUTH_SOCK=/run/keyholder/agent.sock /usr/bin/sudo -u keyholder -E 
/usr/bin/ssh-add "$@"

-- 
To view, visit https://gerrit.wikimedia.org/r/173177
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I0e71c1f79c6a7313ecd6085165d5eba06524bed1
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ori.livneh <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to