From 0a2447381a8c051f63b61eee42b7d33b4244a98f Mon Sep 17 00:00:00 2001 From: Valentin Lab Date: Wed, 9 Mar 2016 20:59:25 +0800 Subject: [PATCH] new: [sftp] add in root. --- sftp/hooks/init | 59 ++++++++++++++++++++++++++ sftp/hooks/sftp_access-relation-joined | 26 ++++++++++++ sftp/metadata.yml | 8 ++++ 3 files changed, 93 insertions(+) create mode 100755 sftp/hooks/init create mode 100755 sftp/hooks/sftp_access-relation-joined create mode 100644 sftp/metadata.yml diff --git a/sftp/hooks/init b/sftp/hooks/init new file mode 100755 index 0000000..8a31842 --- /dev/null +++ b/sftp/hooks/init @@ -0,0 +1,59 @@ +#!/bin/bash + +## Init is run on host +## For now it is run every time the script is launched, but +## it should be launched only once after build. + +## Accessible variables are: +## - SERVICE_NAME Name of current service +## - DOCKER_BASE_IMAGE Base image from which this service might be built if any +## - SERVICE_DATASTORE Location on host of the DATASTORE of this service +## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service + + +set -e + +service_def=$(get_compose_service_def "$SERVICE_NAME") + +users_def=$(echo "$service_def" | shyaml get-value options.users 2>/dev/null) || true + +users_file="$SERVICE_CONFIGSTORE/etc/sftp-users.conf" +echo | file_put "$users_file" + +[ "$users_def" ] || exit 0 + +rm -f "$users_file" +volume_keys=() +while read-0 login user_def; do + key_nb=0 + local_path_key="/home/$login/.ssh/keys" + host_path_key="$SERVICE_CONFIGSTORE${local_path_key}" + while read-0 key; do + debug "Creating login key ${key_nb} for '$login'" || true + echo "$key" | file_put "$host_path_key/key_${key_nb}.pub" + ((key_nb++)) || true + done < <(echo "$user_def" | shyaml get-values-0 keys) + volume_keys+=("$host_path_key:$local_path_key:ro") + gids=() + while read-0 group; do + if ! group_ent=$(getent group "$group"); then + debug groupadd -K GID_MIN=3000 -K GID_MAX=4000 "$group" + groupadd -K GID_MIN=3000 -K GID_MAX=4000 "$group" + group_ent=$(getent group "$group") + fi + gids+=("$(echo "$group_ent" | cut -f3 -d:)") + done < <(echo "$user_def" | shyaml get-values-0 groups 2>/dev/null) + password=$(echo "$user_def" | shyaml get-value password 2>/dev/null) || + password=$(gen_password 14) + line="$login:$password::$(echo "${gids[@]}" | tr " " ",")" + debug "Adding line: $line" + echo "$line" >> "$users_file" +done < <(echo "$users_def" | shyaml key-values-0) + +init-config-add "\ +$SERVICE_NAME: + volumes: +$(for volume in "${volume_keys[@]}"; do + echo " - $volume" + done) +" diff --git a/sftp/hooks/sftp_access-relation-joined b/sftp/hooks/sftp_access-relation-joined new file mode 100755 index 0000000..51671b3 --- /dev/null +++ b/sftp/hooks/sftp_access-relation-joined @@ -0,0 +1,26 @@ +#!/bin/bash + +## Should be executable N time in a row with same result. + +set -e + +VOLUMES=$(relation-get volumes 2>/dev/null) +GROUP=$(relation-get group 2>/dev/null) || true + +if test "$GROUP" && ! getent group "$GROUP" >/dev/null 2>&1; then + die "No group '$GROUP' found." +fi + +config-add "\ +$MASTER_TARGET_CHARM_NAME: + volumes: +$(while read-0 volume_def; do + IFS=: read src dst mode < <(echo "$volume_def:") + mode=${mode:-rw} + if [ "$mode" == "rw" -a "$GROUP" ]; then + debug setfacl -m "g:$GROUP:rwx" -R "$DATASTORE/$BASE_CHARM_NAME$src" + setfacl -m "g:$GROUP:rwx" -R "$DATASTORE/$BASE_CHARM_NAME$src" + fi + echo " - $DATASTORE/$BASE_CHARM_NAME$src:$dst:$mode" + done < <(echo "$VOLUMES" | shyaml get-values-0))" + diff --git a/sftp/metadata.yml b/sftp/metadata.yml new file mode 100644 index 0000000..3ee84f4 --- /dev/null +++ b/sftp/metadata.yml @@ -0,0 +1,8 @@ +docker-image: docker.0k.io/sftp:carif +config-resources: + - /etc/sftp-users.conf +data-resources: + - /home +provides: + sftp-access: + tech-dep: False