Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3769952
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
78 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/.editorconfig b/.editorconfig
index a59c4ee..0ec81b9 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -1,22 +1,22 @@
# EditorConfig - http://EditorConfig.org
root = true
[*]
end_of_line = lf
trim_trailing_whitespace = true
insert_final_newline = true
charset = utf-8
# 4 space indentation
[*.{conf, php, py, sh}]
indent_style = space
indent_size = 4
# 2 space indentation
-[*.{sls,jinja,json,yml}]
+[*.{sls,jinja,json,yml,yaml}]
indent_style = space
indent_size = 2
# Tab indentation (no size specified)
[Makefile]
indent_style = tab
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..008af35
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+__pycache__
+*.pyc
+*.pyo
diff --git a/GIDs b/GIDs
index 94fdfd2..c925a97 100644
--- a/GIDs
+++ b/GIDs
@@ -1,6 +1,9 @@
827 chaton-dev
828 deployment
829 nasqueron-irc
+3001 ops
+#3002 is intentionally left unassigned
+3003 deployment
9001 salt
9002 deploy
9003 web
diff --git a/_modules/forest.py b/_modules/forest.py
new file mode 100644
index 0000000..a7c4763
--- /dev/null
+++ b/_modules/forest.py
@@ -0,0 +1,105 @@
+# -*- coding: utf-8 -*-
+
+# -------------------------------------------------------------
+# Salt — Forest execution module
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-10-11
+# Description: Functions related to forests
+# License: BSD-2-Clause
+# -------------------------------------------------------------
+
+
+def exists(forest):
+ '''
+ A function to check if a forest exists.
+
+ CLI Example::
+
+ salt '*' forest.exists eglide
+ '''
+ return forest in __pillar__.get('forests', [])
+
+
+def get():
+ '''
+ A function to get the forest of the current minion
+
+ CLI Example::
+
+ salt '*' forest.get
+ '''
+ nodes = __pillar__.get('nodes')
+ minion = __grains__['id']
+ return nodes[minion]['forest']
+
+
+def list_groups(forest=None):
+ '''
+ A function to list groups for a forest.
+
+ CLI Example::
+
+ salt '*' forest.list_groups
+ '''
+ if forest is None:
+ forest = get()
+
+ groups = __pillar__.get('shellgroups_ubiquity', [])
+
+ groupsByForest = __pillar__.get('shellgroups_by_forest', {})
+ if forest in groupsByForest:
+ groups.extend(groupsByForest[forest])
+
+ return groups
+
+
+def get_groups(forest=None):
+ '''
+ A function to get groups for a forest as a dictionary,
+ including the group properties.
+
+ CLI Example::
+
+ salt '*' forest.get_groups
+ '''
+ groups = {}
+
+ for groupname in list_groups(forest):
+ groups[groupname] = __pillar__['shellgroups'][groupname]
+
+ return groups
+
+
+def list_users(forest=None):
+ '''
+ A function to list groups for a forest.
+
+ CLI Example::
+
+ salt '*' forest.list_users
+ '''
+ users = []
+
+ for group in get_groups(forest).values():
+ if "members" in group:
+ users.extend(group['members'])
+
+ return list(set(users))
+
+
+def get_users(forest=None):
+ '''
+ A function to get users for a forest as a dictionary,
+ including the users properties.
+
+ CLI Example::
+
+ salt '*' forest.get_users
+ '''
+ users = {}
+
+ for username in list_users(forest):
+ users[username] = __pillar__['shellusers'][username]
+
+ return users
diff --git a/_tests/Makefile b/_tests/Makefile
new file mode 100644
index 0000000..b15e9f0
--- /dev/null
+++ b/_tests/Makefile
@@ -0,0 +1,3 @@
+test:
+ python -m unittest discover modules
+
diff --git a/_tests/data/forests.yaml b/_tests/data/forests.yaml
new file mode 100644
index 0000000..2fb6208
--- /dev/null
+++ b/_tests/data/forests.yaml
@@ -0,0 +1,29 @@
+forests:
+ - brethil
+ - fangorn
+ - lothlorien
+
+nodes:
+ egladil:
+ forest: lothlorien
+ entwash:
+ forest: fangorn
+
+shellgroups_ubiquity:
+ - ubiquity
+
+shellgroups_by_forest:
+ lothlorien:
+ - caras_galadhon
+
+shellgroups:
+ ubiquity: {}
+ caras_galadhon:
+ members:
+ - amdir
+ - amroth
+
+shellusers:
+ amdir: {}
+ amroth: {}
+ galadriel: {}
diff --git a/_tests/mocks/dunder.py b/_tests/mocks/dunder.py
new file mode 100644
index 0000000..3bfafe8
--- /dev/null
+++ b/_tests/mocks/dunder.py
@@ -0,0 +1,26 @@
+class dunder:
+
+ def __init__(self):
+ self.data = {}
+
+ def get(self, key, default=None):
+ if key in self.data:
+ return self.data[key]
+
+ return default
+
+ def set(self, key, value):
+ self.data[key] = value
+
+ def __iter__(self):
+ for key, value in self.data.items():
+ yield [key, value]
+
+ def __getitem__(self, key):
+ if key not in self.data:
+ raise KeyError
+
+ return self.data[key]
+
+ def __setitem__(self, key, value):
+ self.data[key] = value
diff --git a/_tests/modules/test_forest.py b/_tests/modules/test_forest.py
new file mode 100644
index 0000000..274e085
--- /dev/null
+++ b/_tests/modules/test_forest.py
@@ -0,0 +1,53 @@
+import imp
+import unittest
+
+
+salt_test_case = imp.load_source('salt_test_case', "salt_test_case.py")
+forest = imp.load_source('forest', "../_modules/forest.py")
+
+
+class Testinstance(unittest.TestCase, salt_test_case.SaltTestCase):
+
+ def setUp(self):
+ self.initialize_mocks()
+ self.instance = forest
+
+ self.mock_pillar('data/forests.yaml')
+
+ self.mock_grains()
+ self.grains['id'] = 'egladil'
+
+ def test_exists(self):
+ self.assertTrue(forest.exists('lothlorien'))
+ self.assertFalse(forest.exists('notexisting'))
+
+ def test_get(self):
+ self.assertEqual("lothlorien", forest.get())
+
+ def test_get_when_key_not_exists(self):
+ self.grains['id'] = 'notexisting'
+ self.assertRaises(KeyError, forest.get)
+
+ def test_list_groups(self):
+ self.assertEqual(['caras_galadhon', 'ubiquity'],
+ sorted(forest.list_groups()))
+
+ def test_list_groups_when_there_are_none_for_the_foreest(self):
+ self.grains['id'] = 'entwash'
+ self.assertEqual(['ubiquity'], forest.list_groups())
+
+ def test_get_groups(self):
+ self.assertEqual(['caras_galadhon', 'ubiquity'],
+ sorted(forest.get_groups().keys()))
+
+ def test_list_users(self):
+ self.assertEqual(['amdir', 'amroth'],
+ sorted(forest.list_users()))
+
+ def test_get_users(self):
+ self.assertEqual(['amdir', 'amroth'],
+ sorted(forest.get_users().keys()))
+
+
+if __name__ == '__main__':
+ unittest.main()
diff --git a/_tests/salt_test_case.py b/_tests/salt_test_case.py
new file mode 100644
index 0000000..2552b62
--- /dev/null
+++ b/_tests/salt_test_case.py
@@ -0,0 +1,30 @@
+import imp
+import yaml
+from mock import patch
+
+
+class SaltTestCase:
+
+ def initialize_mocks(self):
+ source = imp.load_source('dunder', "mocks/dunder.py")
+ self.pillar = source.dunder()
+ self.grains = source.dunder()
+
+ def import_data_from_yaml(self, filename):
+ with open(filename, 'r') as fd:
+ return yaml.load(fd.read())
+
+ def mock_pillar(self, filename=None, target=None):
+ if not target:
+ target = self.instance
+
+ if filename:
+ self.pillar.data = self.import_data_from_yaml(filename)
+
+ target.__pillar__ = self.pillar
+
+ def mock_grains(self, target=None):
+ if not target:
+ target = self.instance
+
+ target.__grains__ = self.grains
diff --git a/pillar/core/groups.sls b/pillar/core/groups.sls
new file mode 100644
index 0000000..5c95fc3
--- /dev/null
+++ b/pillar/core/groups.sls
@@ -0,0 +1,90 @@
+# -------------------------------------------------------------
+# Salt — Users accounts list
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-11-09
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Users groups
+#
+# These groups will be deployed on each servers if included in
+# shellgroups_ubiquity or in some servers forests if included
+# in the state shellgroups_by_forest.
+#
+# As for users, the mere fact to add a group here is a no-op.
+# These mapping are defined in the forests.sls pillar file.
+#
+# Sort the groups by GIDs.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+shellgroups:
+ shell:
+ gid: 200
+ title: Eglide shell users
+ description: >
+ Provide an account to use on the Eglide shell hosting project servers.
+ members:
+ - akoe
+ - amj
+ - ariel
+ - axe
+ - c2c
+ - chan
+ - dereckson
+ - erol
+ - harshcrop
+ - hlp
+ - kazuya
+ - khmerboy
+ - kumkum
+ - pkuz
+ - rama
+ - rashk0
+ - ringa
+ - rix
+ - sandlayth
+ - shark
+ - thrx
+ - tomjerr
+ - xcombelle
+ - xray
+ chaton-dev:
+ gid: 827
+ description: Manage Bonjour chaton service
+ members:
+ - hlp
+ nasqueron-irc:
+ gid: 829
+ description: Manage IRC bots used for Nasqueron projects
+ members:
+ - dereckson
+ - sandlayth
+ ops:
+ gid: 3001
+ title: Nasqueron Operations
+ description: >
+ Maintain the servers infrastructure. As such, members of this
+ group have a root access everywhere.
+ members:
+ - dereckson
+ - sandlayth
+ deployment:
+ gid: 3003
+ title: Nasqueron Deployment
+ description: >
+ Build softwares to be installed on the servers.
+ Deploy web sites and services files.
+ members:
+ - dereckson
+ nasquenautes:
+ gid: 3004
+ title: Nasqueron servers users
+ description: >
+ Provide an account on Nasqueron development servers.
+ members:
+ - dereckson
+ - kumkum
+ - rama
+ - xcombelle
diff --git a/pillar/core/users.sls b/pillar/core/users.sls
new file mode 100644
index 0000000..57ab4a1
--- /dev/null
+++ b/pillar/core/users.sls
@@ -0,0 +1,165 @@
+# -------------------------------------------------------------
+# Salt — Users accounts list
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-11-08
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Users accounts
+#
+# shellusers:
+# When an account isn't included in a group, this is a no-op.
+# As such, users hereby listed don't have access to any server.
+#
+# revokedusers:
+# Users in this list will be removed from the servers.
+#
+# To rename an user:
+# Edit the username in the shellusers section,
+# add the former username to the revokedusers list.
+#
+# Sort the accounts by their username alphabetic order.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+revokedusers:
+ # Account renamed to erol // T808
+ - fedai
+ # Temporary test account // D608, D609
+ - amjtest
+ # Account renamed to sandlayth // T789
+ - kalix
+ # Users who never have connected to Eglide's accounts (SSH key issues)
+ - tarik
+
+shellusers:
+ akoe:
+ fullname: akoe
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyffI4KDYcnVYJKLIUcVhi0gtjaGPHFs7lJMyYn2RSEmRBoMyz7leZ+vbxC1I0BxiAs20JAAVKDFs+XsWSlKjVSXO++giTZCC2mnaQRR31cRiBXLqm7SZylAGMZiVeWgy9iOZTHQg0oOmE7z5P9hBIpLgScn9qmFKOI9iQwOrYa1u5G9H7qopdW5HdlZ9RDTzHDXQr6byc9Hk7NmycVhnry7WLKvVsSFCsJ2AjBXxB3Ck6CUhF/si8tCAA6EgRs8c+vh8hevUjprDc1rD++THhY/c5esFh5KxyLRr3dCq8QZ7zaJBWkgxXevPKmSlL/zEpyhtTG2CMUeRwURUmByp5 akoe
+ uid: 2024
+ amj:
+ fullname: Amaury J.
+ shell: zsh
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHRDb+9juQM0Dr/lUKwVF0iYid6iZbO8ZFqshxklaIpnzOgKqpkjEE7JhgegDZW+zH+WqlvKXC0ce6KkHAbmCsnu3wdXVkKS2IAfLCa6rQYMXFc8GYU929UMj4LilVCgDi2sXEOSTI6uh2yc8WkVGEOguMt9E7f5za44q+kJGnLJRK/1gu/1eDbCOe/dFfZg7o4hBlMrFcCbb2r+iUevOj92K7jJcYm8x3wmt4FTJbh5/6LJ3lgstLWYmY2jzbxKeJ1ONGg9e1tDNqkKMHcsvMeEyMTdGykYYhEI7tGMoEoxJQIWILpO0h7o8dnxvm6jC7lfBYbZtZttBPBkEsac+RUCX2Zejib0GioOnOXCKSqdk383ZXbyXIHogCn8ya2R/399Fw/40QVTFTvX8A1alSXQUJShA2RgWucPkSaufUKu3uSjGN4pUdtAkuSdcs/78mbQZkGOs29YdVSZIR5TbTld2uPiID6VLu1oLZtoEPvCrr7G5fDv02P7DR7YPKcouMyJwHswWwIQ/WKPawdDNdGEw0Cr8It0dRpI7nNZh79hdlJsqSNa1ezND4qfbm89SlmwpkypaualzvUnxfffW4hpAJp4Y1M7CNkNWLO3mdM1z/5y7vZgIzKURAClCE6h/pJASnZjA/BBxoXg5fgDf+nEGx652GaKIEtyF3PdIoFQ== am@gentam
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCTQ7Tt/wm+eDc6bTbWX2HHQbdMJVS40mlEfit6usDGKb9PUDtV2pn1KumnsevFge3OArnCLDqp0pmIuMy8loMjyyFeMMsrMNvE4i1Zl/xXcss3siwlqzMDozGBpxC3jMielUnm64BMCtnURfFZsIZfnpZoG6jsfLKWUSKJro9SNrxQptnSH5xkvEOF7gZS8HTkEvjE1sgfIEabZrYIIo5nLrz9yxmuiHIOqx1uyhJGw1dr4pJSGAMcYGGOpfy8uOy80+46MUW8ZtpSTspaTiHnUgs7gSPyCThrgdiNjiAj+mAeUKYytQDt5MQxp0FbUvv34bCJ9Q8G7hXVqBaXO7N/wyyiJ2WL8BbfZhoKM0vmn/oaYmomdlWF08YmkJyeqvf0N9/s6gyzjdj7Aqihi/02YiOqdL5m5WZAREiqIGo/HtlpCoShiqtNn545mD+KwanMdJbJp8ALn7yjJJEKpXVCcUaZOPR7kTF4fZ0eUTuVH3SeyCf3z3OpZ55MeGOkjKfVRkHS6FJ9Uhkjxi0K/2apROB/XCtS0Bv3AjOxt7f7HvabmYzx3J/43JLFKK5BkmqTBGUTowKU/40kxbWug1MAnSzbmDEucZ/eu34SE4R2oXarLrflH9kAIZ6+cftMpAAOKd5VVHeVJKnl4MTSU4C67iwsVpVoJ+mQOPHsf5Ekuw== am@debian-am
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0zIEBYPoa9jQLE1+vRv3oMCwn5VM1EpwCb/K5Utqb1+VOpamWEFy3tkJrkppKFxjst+rDl5ztPLKal6LMURuOQhcGmVux+hJM/ucVtzvx/LHJsBmFsZGRJ2Y2cUXwDzedWqvJybzDhLWcuxPSdvIIiv7bTCLLSIatwsGEnDJ1ffSRgkcrXAd8Pu6/ghPAQwkpIv+POB6kvu5mDHcV5xqliMvI3C4pznheFX603WZ4qA2n0sokQ+2bHSDQHZqziGw4vwQc692JauVEHUDoznTGgMlzuiC2f7Aw1q2V9WFPvOifSr+uhTU8DCDlnssSZ/3m7dnh0soFVodju3s2Wpr32fWocyNqay6FDRYQLuFPziGqlQ6wMJE6nDXr+dYTwZm6ktMGp12/Go3KROCr06Q23JSrT5uaQ+UImoU1Y6veejpU34uo1kMQnoV16OsYARa0Aza5S9S8I3evIOGxPGNAsTb+mlylRwqUm7QSpQGpn3ov7fefG4EvH6ytQlZDAou9GyaeVFfhToqQ8cSqyDU4MOLTfILXTB2tjIRnIjs9U0B6Vczv/sZ9rp/614A5mzXapsfhDyx4FieDtVkr/gFNhI1s3f8y5VJcvL7NX2ggeaqq+kfHkIxAwUUjaVCLB+E3LgUeTG5bzz/ErZbRuDqTKpHUaHKinTNoObR9xpz7+w== amj@dwabyam
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCCKtSulhB9uva1RYOtwcLMcO+1V5oGti50OXntqG0OZfEauz/oLTQpt+nkKYNUN6MazL+9ienYQ8ZZPgZbOs9WGh0acxBcPM5Dw5b0ZWEJ8h9Dk2M7P144aeRS/HuHVvc/JyI3+gYHgqWGe5ycEzlrFeegX7/Zr76eaFDQPGMnsJCFZVga24TiSPiEBTuyszq0/emsLJe41zFY4J6Y2kbaWuJYbiAvA0mZAD+g6+ltEa6vdUOF1BI2kTPFeKXc2dCnbaJAz00I437zUGdaU4533iyLHygxLPjAsjxO8q4f163VR7Rd2jibvRUW2EXgVoY1mJjkNwi2XLQCCwgG/6G8IuQaMjPAx0v7bf+vAJ3x+esJtVFNa55sgU7uHWPaRAwtovspCFBpTRIsp6J5f+1WLqWQVBVBZHdR+5PC2H5Zwb5Hq33Jn8ksQoPMCWcbIbjgF78a/B4LgtsJpA2x8cGJi6p1DEKT5bC6ROGMxqPwA8pFgI3+0X5ukZvTMDH7BjiXkbdyCaFfwo7UofRrPHIUyPAYh/XD7rUddc/6rjVBzmkXTeyYvevOOlmTxM5BDJZI/w6Gc2/XQchCDoWT9ttw7VWX19fHaHtx8KE/I8JaSS5hW77Kl3PzWJxewOAcJMh9HNza3jBgqZFTHktPCPUBZbsjD27YWJcYPrhzpQErQ== amj@thinbiam
+ uid: 2005
+ ariel:
+ fullname: ariel
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwaTYlLZ90/oQ5tDYDkhI2mHa1L6Vh+zcekCt8D08N7/CrFI5sUVteTwMWw2ytQlWnyT3HVgHb4IS1EPjpjyuqseRcNW0HYsqBk3E36PCBQIqjLZ0nDAeHQtm6T6pXiKC5qUppghwrvDxVYFpF3lFzAzfYMrF7iugk0xRPTHZWm8df7dqIB/6FfbxSD95yQVAlJefxoFWbo3Yn+exEZQvWv6lQYXnjV5DSwMf8tPGDkc2DRjrnR52ZrXPRZFCqc9JGkA/l8QsYtjmqJdnOgq5raOb56aRulJYdP2j//B4lRJJlglMuj8dSZE/j04zub+P2QhfdqeEHmeaTUqbwcnZZw==
+ uid: 2021
+ axe:
+ fullname: axe
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAjrcYXZ2/bfTdxVI1ZMXknB7WJa8uY1RLZ5Vrs2LPRTzBqaXzpY6/Iw5Ibiy8KMbVo/vQtAWrGY00ucHE+swS2VEtWIZc72kSznkL65bKtqHbZa+IqktRUBsg6ay/3Xups0DBfZ1T+SRSiLh0rya1dXd2NyIrvSo5eCxEPqAPm87rOrgC95GRxqlJUZ5ZOjV92K9v6TcTQWn61nGl2DQviAugNGtHGXhq0Xk98lWkLeGhDLedJOqFmHvqGrkSQpEps7ivlh3Mstv49pXqH1dIA7UhnyX5DTR6YjhIKehZnCfsl8wt6FMCs5QMor1giY4ZpUhY2D4ezvzFD2kqbOUvQQ== 2017-06-14
+ uid: 2019
+ c2c:
+ fullname: c2c
+ shell: fish
+ ssh_keys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPyoC7ekLYc7nsd1QsgfdEatYw1FC7z92miIdXvx0n8O c2c@ender
+ uid: 2012
+ chan:
+ fullname: Chanel
+ ssh_keys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvDcmKHfTrCBRpjJxYyIELMRknrMpDXfcKDhfXqmB09 chan@Calculon
+ uid: 2009
+ dereckson:
+ fullname: Sebastien Santoro
+ shell: zsh
+ ssh_keys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBzD5VzetMFTUHLWrLyBsnZ6bdwDa4Ip9WWAh5nLxKyR dereckson@ysul.nasqueron.org
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIURiX8gBIv91sxutRQeESip7Ympmqe6miepoNDvXpZ9 dereckson@orin.dereckson.drake
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFGIYBdz8pW4vaSyA/QPlcU81uLI8SHoq7I+K6FPO9oh dereckson@graywell.dereckson.drake
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGV4p25jLQQHLgKH1SawoNLKuxkfyHuERRDUN9QZ7i5m dereckson@yakin.dereckson.drake
+ uid: 5001
+ erol:
+ fullname: Erol Unutmaz
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdHrSRJGwaGFTpoZIvkoWTMpnXgke77emVicMT8b37kcUepeD91pA3UPQ7UOEQl/Af3Ly7ePneymZ6NjAkM06oPeIjxE6Nz+i6p7rVIZhCb9qz+hdKgt4wSEQLWponegFNdCUs6HvMjDGlsI0kajHgIakXiKAwNyxhQzpBoGranO9c2PdAq2HGq7Kcq8ApC1kdKG0W3dT4PWborzmt1jWna2yosEn+TTHj5wi2p/E9BsCbmfokBO3xn491lr1P4shh4zg7Mv3SPD3j4/mZb9EMwD8cl4y9ZIoMEbL8p4s8J7Joqs3gK9hmMN5ZCNUFrNrJu3TCRZre2k7cV3+U3IXT erol@fedai
+ uid: 2002
+ harshcrop:
+ fullname: Harsh Shah
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1ANaxVViiL8s2KTdb+p4FWBBZjXz3zH9/es0SSLuXzCjcs1opEeMeb4roQWWgxrZ3j0aOJAj0smSP1THtrwW1xUE5DidmueuqokgbQuvkrsvcDaJYbNjUr/3fAw7/JcWgh4lSSxCLgflpjBr5aTlMQZj/KPrGnlzjr/hPvb8cAomS2HD+hLuC2z26cvOhY811scTZWMoBrxSkmrXOTkutRdZm+TrYJyZy7xQ9ncfsARYzrOZ4be+0mfb6i4tJfMbBvadSu/gyJdOLCfV5SxdjpMLPqIXO9hWkRKYH8SFX5ZWVw8C06iJWcnFCIw1YMTFYe1MNqV8YICiYUmJ2CWaL harshcrop@Harshs-MacBook-Pro.local
+ uid: 2020
+ hlp:
+ fullname: hlp
+ ssh_keys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIP+04Jhq2toJ+RLx41NKrtDGgmSCfOsAY/BnJ6EzNXC hlp@sonny
+ uid: 2018
+ kazuya:
+ fullname: Kazuya
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtCcRQ6HVKD5mj602UJkpI/TMGVt1R0yYx1HxP6SWJb6FM2E4wzkxtf0sp2cxW/9Lz/0OsQV8fSSo/qfUhQXfRcL+rxsM+iixD0WMffMC8CrqsYS+VV32HR2sIm8J7yyMweJrfYneErdFisGmMgOFw8vBGX01XfdwGqbSflf3Tal7L3R0g65rclGsg7JckWE6RQMXnvGwXQxv4QahaNtZK74AlyeFgsXYlv14UeaGE4Pz+rkgZKoC4tvAOBQMNxWtCPMcydJOacoCZO7Jcxv0jMUo0y26mulQ6vbz5hqAPS612c47gh8VNDDkQaznQMeiSyIlnvDEkHmzvC8Z3UAeJ eglide
+ uid: 2004
+ khmerboy:
+ fullname: khmerboy
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAxg4+y6QxyyeHvmcWHy5Q9pjh8YBNC+Q1w3+QHWH/7WKw9odKHgtpu2hixfOeZl5k/E9+XPw2oGmQzs3pInz/yyegGB57kb3xAftqJkHVuBKsrz+7q3fPjnoqk3VZ62k5II3oqEEjizdVhEVacU+149m3LJWo+FKoRAKxlX39KwEM+UMDfynck7OJvKRWTTP/cbPzR7kaMifQLWZF6stFilRnYBAesK2DzLgO37DovwxmQO1CbBuitgsHwLDXGW0gePyC39REIrntZSte1xdlEfC27rQnXcH3YPcTm9bwNBXnK1Jiwfp3fJ6q6FIz9IaybhO6CGNOOODHN4R4DTbbfQ== rsa-key-20170922
+ uid: 2023
+ kumkum:
+ fullname: Kumkum
+ ssh_keys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnCIiESqqsGOhaS16jwboLplQIP0FwKMhk0oRF7EP55 kumkum@kumkum-E200HA
+ uid: 2008
+ pkuz:
+ fullname: PK of UZ
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHIngmKZJUTBgps2LpfrjFwMtW8U5Zd0olKnmG0YZbApN9UHmiVKw6ow0U+KxI6kYGrNi6acKRnZHrnip8io8swW8PnLsgFKoCO2Ywrz/uDFaNJIVdTiNNB1Msm4dd2SiRwtn09SUVwSKBIFQFEoPG7q7v1OgvhIAk13/qbrOV+u6ZgoY8ssYH7qlRElAc4cptjtTen63f87wHFUN65T70ce6nFxOsZfTrB5Y+O7DTO25y7RV6q7CXq+i1uxJutDWDOLhb+dAqQHb5JEqBTF+CElyZtJtK+GxiXfMTWTyNBlv/4up/fRDMRxZ1F69Wowjn3MSnvsFgqxhwxW6Fksr7
+ uid: 2022
+ rama:
+ fullname: Rama
+ ssh_keys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIADXRCZ9fFZJAJLOF0PakwhuU9b5Ne4PPr7ESwJzYndn
+ uid: 2013
+ rashk0:
+ fullname: Rashk0
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJJKU6dVl19vQFPMUWS2iGRzBV1uD9YEaMijBkY2oPYjwhFXc1fouGGr17kkSK9D0c4pr9A6jk/gH9GWE5SpwaZY94VK5QfdvHpyA1hLevdUc4mwuIbsMp893kr0e9Miys1/v+UdFhUq0n3rWiER3oo9rJjx3qloBqSfD18y3sCFTyM1AheVMp7E71kgViG7wWtHrkmnrBo3V5ENc2snTCQy7lF7eQ5a6D45a5n2KYV94YrMvGDbfYUnw8IJHNN6XB1KBK6mksbm2p6fc3ow0UJDOK3bfJNUkp9tfRJV/EeYxGPYJRE60Ng2Dqc3zZaH7FDgbBLoK0UwGURQozNSQT campari@Beta
+ uid: 2003
+ ringa:
+ fullname: Ringa
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAiTobf2i/IveVlpdntX9M6p9rOe60HuODq5FslTIFxA/RwKQbJKafCQZ3ci+Pt9BKAKtBGSJANNfbxxN7VRB+iO6UZUh2Qjb012CfigC5g1r9MEryqh8LBP27NqTkCqjMZrwUa6pYMBG1/ydbOA0BIr3C72QfpXC/qCSvXNgQzL7DGSR7cgjhGvMDn5ewJuxsvXAcajMLEORxeYooONG9ELGRUMFI4WcX6gmiYcrMVsMF+7ByshIngV5v9esWadi+RdTWUVOYt2yVS7hkYHZwUX/bN1AOfkRiuD1w3DFFiHhSoquCwaOOZjKxAw6VOrV6O/toLGe0kXXfRFzeB29/1w== rsa-key-20170111
+ uid: 2010
+ rix:
+ fullname: Rix
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAjFnOi4rwBVdw69U9y1xgWXrfNNgxEXAmbXthzHae07COwN190xoWv8VeogKxfMdxE2Tj4E0BDFt2i7Jbk9BploFdNXG46lrnoszmgRsuRx5jERfvMyOPvCAQHbL0N53AL6zH9wXF/51a5bJJ3n4wkmO1nDj9WqrDNk0in+knICiPHQX4TxwRXqBuf61gQMxwy8Aoy1WCCfCeAesZxjdFM47C6X3PPHVaXvF6x6iX8OzIHqoVT18yQAQxbET+PWMtlmNFJFx76+Sov4eQm/d2KeRg0aqw49gKLpigYnHfd2uitmSQixBNl5jyvDMoR92vZmZnScmqA9cXQikQ9HCW6Q== rsa-key-20170110
+ uid: 2007
+ sandlayth:
+ fullname: Yassine Hadj Messaoud
+ ssh_keys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4H4SF3NZ0/o5uTYhIUKUEzP7hlZ0mGqMxs6wt/dhQs kalix@arch-laptop
+ uid: 5002
+ shark:
+ fullname: Shark
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAjKehL1PdhcpLNiGdWLuVCUpNawUhQoxon3nmhZm/B+oU2nwygqvx9YU3LFzTEDNXWtU0aH2UVgC5bkRyVdmVKjX878luoluYwhKJFrYoEd9zS+EPDNmNYSoKntDbZoB17iacVEUM4Kg3RAzwStw3L8OO9DlB9NdXUzS8/9wlSy43ddoRRy83FvnvhRNXWScUIQyBolxqyoVvXdLZ2t0PnCdU3Bz2Wkcg24XjwDOR0R0A3780b+VGcsjXtjYxK6xCpNo9l2DqLAfpw+BFusWy6au5U15vfHgR91Lbcd1xtfvJAElI97fR6DGf+HSrtYZe+9gMU1nofibdiNWSJ/Vn+Q== rsa-key-20161212
+ uid: 2006
+ thrx:
+ fullname: ThrX
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAqm65UgRA1ZJaGnam+PQiFmXKOKZHAUc5jN8zRQsAaFv5Kgxks857DPBX8eO7Wolh70C/UVXAqYgHS2yg74KKKzyjv2vd/de4vQuC4m24IRWkuGJ6xr+dgqNRMn3YklJ2W/SzMCLIFNWUlM3JnvIPElxrLVMSm9ZCACAvWGgy8uF+vBkJYsmfN5AokyzSZcAUqREBbnsC33erGz50it4Oxn4QpAGWtYBHz+kHz89rZBMbMRAoMyQ1EfnzH076jtufHuTdqibmQRB39GbY8bgJJk0tpntwTvx4pHAnMK6CUwbjtFU03LByYNiIzDjwHXqfwuQZl8WlQjx7oTVNHCJ9fw== rsa-key-20170221
+ uid: 2014
+ tomjerr:
+ fullname: Tommy Aditya
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7WGzb6h6i8H81nkw0E2PvFwi1yqODeltyGwFQxEwL4+bc75LlbxtpIsxS+D4vkervfGjMwgAJSFOv6uimRhubmp1I2Pf85APTf/a9xXmNzAuNnhR8ur93I08cQ2kKlY19q3EX4H4qj2HizRZxgusG8dYyBWuKuq6P7vIn5zn55IzFJKxCekydAjQsDUTOaio5brLD3sY8IfnWtKWDgrszozUOEqZdquJDS6LBEHHDTpWK/Mzuwd6YkpfdG2GVLwuN6Rj43jNoxcvk2W7oJyJQQ7xSpNR3QIFzTAu9VL9AAv4qak4o2AYpmg8HXsgGR2ARvJ0mFzWw8qy/c/5plPgp tomjerr
+ uid: 2001
+ xcombelle:
+ fullname: Xavier Combelle
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9KJQDTtuxGCOaeFtip+yel45zMNS4tvrYg0AzNhT22K8g3F8wiY1GKvYw6Czj8Zo+rqA5/Rt7BCQwNtZyI+Nh23Cvg5wZQ2A6dtzQI69HZVSi+FRA5o4/SG4wyp7AT6wuWn+7tTE/pH69D0keDmaNpLSzhkxKFQd2DuOD2BENobEIE9DzbRf2DeUJ15uCzX/mnEXykklYvQ5AontiwL7VNB1VpNebrfnecAaAua0RhuYp+XwxBaSM4KB4lIA6hTBYEOG6J3TaC3GofMtAANI/n8gcCQkadkqtQHrap2Wh9X6bzekwROVGui1TW6sM7+hS4P7PM80nK05iVnGzIfYR xavier.combelle@gmail.com
+ uid: 2017
+ xray:
+ fullname: xray
+ ssh_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAzSj3sQYbrBBdceBRUAbuzCS9vZWycVV0OSZ0ofoWx/dOTIalhc3O+aett7J34GqwDgpcTEkEpa/MrlO/2TOGOFIsPlvbZW4fXXFADCbOWkRRNuYW5rv/Sg6ZliGtw4cj0dKEkn9+L/JAuGwKV5KJNTPcp5w8hZyQYczZ8KhcyNVv7mfzLnId03wPnuTTe+AmCTOitbVb3gxjdXDYeS46PkbV8m/23KpcdLigo3ClDwE/SIoA+YddaAbpWDMEwhnWyKmLGI6xkFcqSY1NT0eYnL2waZMEnfluxt+D0V0IT5NeOmQcTuVWPvjFdSKbKepPhdrFmzGNtytfZWoFOPiG+Q== rsa-key-20170119
+ uid: 2011
diff --git a/pillar/nodes/forests.sls b/pillar/nodes/forests.sls
new file mode 100644
index 0000000..b386585
--- /dev/null
+++ b/pillar/nodes/forests.sls
@@ -0,0 +1,46 @@
+# -------------------------------------------------------------
+# Salt — Forests
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-10-20
+# Description: Groups nodes by forest to allow to apply
+# a common configuration, like users/groups
+# to a set of nodes (ie servers).
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Table of contents
+# -------------------------------------------------------------
+#
+# :: Forests
+# :: Shell groups
+#
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Forests
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+forests:
+ - nasqueron-dev
+ - nasqueron-infra
+ - eglide
+
+# -------------------------------------------------------------
+# Shell groups
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+shellgroups_ubiquity:
+ - ops
+ - deployment
+
+shellgroups_by_forest:
+ nasqueron-dev:
+ - nasquenautes
+ - nasqueron-irc
+ nasqueron-infra: []
+ eglide:
+ - shell
+ - chaton-dev
+ - nasqueron-irc
diff --git a/pillar/nodes/nodes.sls b/pillar/nodes/nodes.sls
index ec694d9..32feac3 100644
--- a/pillar/nodes/nodes.sls
+++ b/pillar/nodes/nodes.sls
@@ -1,59 +1,59 @@
# -------------------------------------------------------------
# Salt — Nodes
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-10-20
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
nodes:
##
## Forest: Nasqueron
## Semantic field: https://devcentral.nasqueron.org/P27
##
dwellers:
- forest: nasqueron
+ forest: nasqueron-infra
hostname: dwellers.nasqueron.org
roles:
- paas-lxc
- paas-docker
network:
ipv6_tunnel: True
equatower:
- forest: nasqueron
+ forest: nasqueron-infra
hostname: equatower.nasqueron.org
roles:
- paas-docker
network:
ipv6_tunnel: False
ysul:
- forest: nasqueron
+ forest: nasqueron-dev
hostname: ysul.nasqueron.org
roles:
- devserver
- saltmaster
- dbserver-mysql
zfs:
pool: arcology
network:
ipv4_interface: igb0
ipv4_address: 163.172.49.16
ipv4_gateway: 163.172.49.1
ipv6_gateway: 2001:470:1f12:9e1::1
ipv4_aliases:
- 212.83.187.132
ipv6_tunnel: True
##
## Forest: Eglide
## Semantic field: ? (P27 used for "Eglide" too)
##
## This forest is intended to separate credentials
## between Eglide and Nasqueron sevrers.
##
eglide:
forest: eglide
hostname: eglide.org
roles:
- shellserver
network:
ipv6_tunnel: True
diff --git a/pillar/top.sls b/pillar/top.sls
index ec4910a..1fa13c8 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -1,20 +1,19 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-04-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
base:
'*':
- core.hostnames
+ - core.users
+ - core.groups
- certificates.certificates
- nodes.nodes
+ - nodes.forests
ysul:
- paas-jails.jails
- webserver-legacy.sites
- eglide:
- - users.revokedusers
- - users.shellusers
- - users.shellgroups
diff --git a/pillar/users/revokedusers.sls b/pillar/users/revokedusers.sls
deleted file mode 100644
index 89485d5..0000000
--- a/pillar/users/revokedusers.sls
+++ /dev/null
@@ -1,21 +0,0 @@
-# -------------------------------------------------------------
-# Salt — Revoked users accounts list
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# Created: 2016-04-10
-# License: Trivial work, not eligible to copyright
-# -------------------------------------------------------------
-
-# -------------------------------------------------------------
-# Users accounts
-# -------------------------------------------------------------
-
-revokedusers:
- # Account renamed to erol // T808
- - fedai
- # Temporary test account // D608, D609
- - amjtest
- # Account renamed to sandlayth // T789
- - kalix
- # Users who never have connected to Eglide's accounts (SSH key issues)
- - tarik
diff --git a/pillar/users/shellgroups.sls b/pillar/users/shellgroups.sls
deleted file mode 100644
index d33ae45..0000000
--- a/pillar/users/shellgroups.sls
+++ /dev/null
@@ -1,35 +0,0 @@
-# -------------------------------------------------------------
-# Salt — Service groups list
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# Created: 2017-01-24
-# License: Trivial work, not eligible to copyright
-# -------------------------------------------------------------
-
-# -------------------------------------------------------------
-# Nasqueron
-# -------------------------------------------------------------
-
-shellgroups:
- ops:
- gid: 3001
- description: Nasqueron Operations
- members:
- - dereckson
- - sandlayth
- chaton-dev:
- gid: 827
- description: Bonjour chaton
- members:
- - hlp
- deployment:
- gid: 828
- description: Build softwares to be installed on the servers
- members:
- - dereckson
- nasqueron-irc:
- gid: 829
- description: Manages IRC bots used for Nasqueron projects
- members:
- - dereckson
- - sandlayth
diff --git a/pillar/users/shellusers.sls b/pillar/users/shellusers.sls
deleted file mode 100644
index c51f83c..0000000
--- a/pillar/users/shellusers.sls
+++ /dev/null
@@ -1,88 +0,0 @@
-# -------------------------------------------------------------
-# Salt — Users accounts list
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# Created: 2016-04-08
-# License: Trivial work, not eligible to copyright
-# -------------------------------------------------------------
-
-# -------------------------------------------------------------
-# Users accounts
-# -------------------------------------------------------------
-
-shellusers:
- tomjerr:
- fullname: Tommy Aditya
- uid: 2001
- erol:
- fullname: Erol Unutmaz
- uid: 2002
- rashk0:
- fullname: Rashk0
- uid: 2003
- kazuya:
- fullname: Kazuya
- uid: 2004
- amj:
- fullname: Amaury J.
- shell: zsh
- uid: 2005
- dereckson:
- fullname: Sebastien Santoro
- shell: zsh
- uid: 5001
- sandlayth:
- fullname: Yassine Hadj Messaoud
- uid: 5002
- shark:
- fullname: Shark
- uid: 2006
- rix:
- fullname: Rix
- uid: 2007
- kumkum:
- fullname: Kumkum
- uid: 2008
- chan:
- fullname: Chanel
- uid: 2009
- ringa:
- fullname: Ringa
- uid: 2010
- xray:
- fullname: xray
- uid: 2011
- c2c:
- fullname: c2c
- shell: fish
- uid: 2012
- rama:
- fullname: Rama
- uid: 2013
- thrx:
- fullname: ThrX
- uid: 2014
- xcombelle:
- fullname: xcombelle
- uid: 2017
- hlp:
- fullname: hlp
- uid: 2018
- axe:
- fullname: axe
- uid: 2019
- harshcrop:
- fullname: Harsh Shah
- uid: 2020
- ariel:
- fullname: ariel
- uid: 2021
- pkuz:
- fullname: PK of UZ
- uid: 2022
- khmerboy:
- fullname: khmerboy
- uid: 2023
- akoe:
- fullname: akoe
- uid: 2024
diff --git a/roles/shellserver/users/files/ssh_keys/rama b/roles/core/users/files/authorized_keys
similarity index 81%
rename from roles/shellserver/users/files/ssh_keys/rama
rename to roles/core/users/files/authorized_keys
index ed83997..e8f7e53 100644
--- a/roles/shellserver/users/files/ssh_keys/rama
+++ b/roles/core/users/files/authorized_keys
@@ -1,22 +1,21 @@
# -------------------------------------------------------------
# OpenSSH authorized_keys
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/rama
+# Source file: pillar/core/users.sls
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
#
# To add a new key or revoke a key, submit a Git commit:
# https://agora.nasqueron.org/How_to_contribute_code
#
# You can also ask Nasqueron operations to do that for you:
# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
# </auto-generated>
-
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIADXRCZ9fFZJAJLOF0PakwhuU9b5Ne4PPr7ESwJzYndn
+{% for key in keys %}
+{{ key }}{% endfor %}
diff --git a/roles/shellserver/users/init.sls b/roles/core/users/init.sls
similarity index 59%
rename from roles/shellserver/users/init.sls
rename to roles/core/users/init.sls
index afeb13b..0bcfde0 100644
--- a/roles/shellserver/users/init.sls
+++ b/roles/core/users/init.sls
@@ -1,77 +1,79 @@
# -------------------------------------------------------------
# Salt — Provision users accounts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# Created: 2016-04-08
+# Project: Nasqueron
+# Created: 2017-11-09
# Description: Adds and revokes user accounts, in the relevant
# groups and with their stable SSH keys.
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# Table of contents
# -------------------------------------------------------------
#
# :: Disabled accounts
# :: Active accounts
# :: Groups
-# :: Managed SSH keys
+# :: SSH keys
#
# -------------------------------------------------------------
{% from "map.jinja" import shells with context %}
# -------------------------------------------------------------
# Disabled accounts
# -------------------------------------------------------------
-{% for user in pillar.get('revokedusers') %}
-{{user}}:
+{% for username in pillar.get('revokedusers') %}
+{{ username }}:
user.absent
{% endfor %}
# -------------------------------------------------------------
# Active accounts
# -------------------------------------------------------------
-{% for user, args in pillar.get('shellusers', {}).iteritems() %}
-{{user}}:
+{% for username, user in salt['forest.get_users']().iteritems() %}
+{{ username }}:
user.present:
- - fullname: {{ args['fullname'] }}
- - shell: {{ shells[args['shell']|default('bash')] }}
- - uid: {{ args['uid'] }}
+ - fullname: {{ user['fullname'] }}
+ - shell: {{ shells[user['shell']|default('bash')] }}
+ - uid: {{ user['uid'] }}
{% endfor %}
# -------------------------------------------------------------
# Groups
# -------------------------------------------------------------
-shell:
+{% for groupname, group in salt['forest.get_groups']().iteritems() %}
+group_{{ groupname }}:
group.present:
- - system: True
- - gid: 200
- - members:
-{% for user, args in pillar.get('shellusers', {}).iteritems() %}
- - {{user}}
+ - name: {{ groupname }}
+ - gid: {{ group['gid'] }}
+ - members: {{ group['members'] }}
{% endfor %}
-{% for group, args in pillar.get('shellgroups', {}).iteritems() %}
-group_{{group}}:
- group.present:
- - name: {{group}}
- - system: False
- - gid: {{ args['gid'] }}
- - members: {{ args['members'] }}
-{% endfor %}
-
# -------------------------------------------------------------
-# Managed SSH keys
+# SSH keys
# -------------------------------------------------------------
-{% for user, args in pillar.get('shellusers', {}).iteritems() %}
-sshkey_{{user}}:
- ssh_auth.present:
- - user: {{user}}
- - source: salt://roles/shellserver/users/files/ssh_keys/{{user}}
-{% endfor %}
+{% for username, user in salt['forest.get_users']().iteritems() %}
+/home/{{ username }}/.ssh:
+ file.directory:
+ - user: {{ username }}
+ - group: {{ username }}
+ - dir_mode: 700
+
+/home/{{ username}}/.ssh/authorized_keys:
+ file.managed:
+ - source: salt://roles/core/users/files/authorized_keys
+ - user: {{ username }}
+ - group: {{ username }}
+ - mode: 600
+ - template: jinja
+ - context:
+ keys: {{ user['ssh_keys']|default([]) }}
+
+{% endfor %}
diff --git a/roles/saltmaster/account/init.sls b/roles/saltmaster/account/init.sls
index 81cc2a6..4521b92 100644
--- a/roles/saltmaster/account/init.sls
+++ b/roles/saltmaster/account/init.sls
@@ -1,66 +1,61 @@
# -------------------------------------------------------------
# Salt — Salt master configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-04-28
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
# -------------------------------------------------------------
# Accounts
# -------------------------------------------------------------
# Salt account
salt_account:
group.present:
- name: salt
- gid: 9001
- - system: True
user.present:
- name: salt
- fullname: SaltStack master account
- uid: 9001
- gid: 9001
- home: /var/run/salt
salt_account_ownership:
cmd.run:
- name: chown -R salt {{ dirs.etc }}/salt /var/cache/salt /var/log/salt /var/run/salt
- onchanges:
- user: salt_account
# Deployment account
deploy_account:
- group.present:
- - name: deploy
- - gid: 9002
- - system: True
user.present:
- name: deploy
- fullname: Deployment and management of the Salt staging area
- uid: 9002
- - gid: 9002
+ - gid: 3003
- home: /var/run/deploy
# Allow to repair ownership if the account is created after the staging
deploy_account_ownership:
cmd.run:
- name: chown -R salt /opt/salt/staging /opt/salt/private/staging
- onchanges:
- user: deploy_account
# -------------------------------------------------------------
# Sudo capabilities
#
# Ops should be able to sudo -u salt …
# Deployers should be able to sudo -u deploy <anything>
# -------------------------------------------------------------
{% for sudofile in ['salt', 'deploy'] %}
saltmaster_sudo_capabilities_{{ sudofile }}:
file.managed:
- name: {{ dirs.etc }}/sudoers.d/{{ sudofile }}
- source: salt://roles/saltmaster/account/files/{{ sudofile }}
{% endfor %}
diff --git a/roles/shellserver/users/files/ssh_keys/akoe b/roles/shellserver/users/files/ssh_keys/akoe
deleted file mode 100644
index f19a68b..0000000
--- a/roles/shellserver/users/files/ssh_keys/akoe
+++ /dev/null
@@ -1,22 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/akoe
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyffI4KDYcnVYJKLIUcVhi0gtjaGPHFs7lJMyYn2RSEmRBoMyz7leZ+vbxC1I0BxiAs20JAAVKDFs+XsWSlKjVSXO++giTZCC2mnaQRR31cRiBXLqm7SZylAGMZiVeWgy9iOZTHQg0oOmE7z5P9hBIpLgScn9qmFKOI9iQwOrYa1u5G9H7qopdW5HdlZ9RDTzHDXQr6byc9Hk7NmycVhnry7WLKvVsSFCsJ2AjBXxB3Ck6CUhF/si8tCAA6EgRs8c+vh8hevUjprDc1rD++THhY/c5esFh5KxyLRr3dCq8QZ7zaJBWkgxXevPKmSlL/zEpyhtTG2CMUeRwURUmByp5 akoe
diff --git a/roles/shellserver/users/files/ssh_keys/amj b/roles/shellserver/users/files/ssh_keys/amj
deleted file mode 100644
index cb3a371..0000000
--- a/roles/shellserver/users/files/ssh_keys/amj
+++ /dev/null
@@ -1,25 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/amj
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHRDb+9juQM0Dr/lUKwVF0iYid6iZbO8ZFqshxklaIpnzOgKqpkjEE7JhgegDZW+zH+WqlvKXC0ce6KkHAbmCsnu3wdXVkKS2IAfLCa6rQYMXFc8GYU929UMj4LilVCgDi2sXEOSTI6uh2yc8WkVGEOguMt9E7f5za44q+kJGnLJRK/1gu/1eDbCOe/dFfZg7o4hBlMrFcCbb2r+iUevOj92K7jJcYm8x3wmt4FTJbh5/6LJ3lgstLWYmY2jzbxKeJ1ONGg9e1tDNqkKMHcsvMeEyMTdGykYYhEI7tGMoEoxJQIWILpO0h7o8dnxvm6jC7lfBYbZtZttBPBkEsac+RUCX2Zejib0GioOnOXCKSqdk383ZXbyXIHogCn8ya2R/399Fw/40QVTFTvX8A1alSXQUJShA2RgWucPkSaufUKu3uSjGN4pUdtAkuSdcs/78mbQZkGOs29YdVSZIR5TbTld2uPiID6VLu1oLZtoEPvCrr7G5fDv02P7DR7YPKcouMyJwHswWwIQ/WKPawdDNdGEw0Cr8It0dRpI7nNZh79hdlJsqSNa1ezND4qfbm89SlmwpkypaualzvUnxfffW4hpAJp4Y1M7CNkNWLO3mdM1z/5y7vZgIzKURAClCE6h/pJASnZjA/BBxoXg5fgDf+nEGx652GaKIEtyF3PdIoFQ== am@gentam
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCTQ7Tt/wm+eDc6bTbWX2HHQbdMJVS40mlEfit6usDGKb9PUDtV2pn1KumnsevFge3OArnCLDqp0pmIuMy8loMjyyFeMMsrMNvE4i1Zl/xXcss3siwlqzMDozGBpxC3jMielUnm64BMCtnURfFZsIZfnpZoG6jsfLKWUSKJro9SNrxQptnSH5xkvEOF7gZS8HTkEvjE1sgfIEabZrYIIo5nLrz9yxmuiHIOqx1uyhJGw1dr4pJSGAMcYGGOpfy8uOy80+46MUW8ZtpSTspaTiHnUgs7gSPyCThrgdiNjiAj+mAeUKYytQDt5MQxp0FbUvv34bCJ9Q8G7hXVqBaXO7N/wyyiJ2WL8BbfZhoKM0vmn/oaYmomdlWF08YmkJyeqvf0N9/s6gyzjdj7Aqihi/02YiOqdL5m5WZAREiqIGo/HtlpCoShiqtNn545mD+KwanMdJbJp8ALn7yjJJEKpXVCcUaZOPR7kTF4fZ0eUTuVH3SeyCf3z3OpZ55MeGOkjKfVRkHS6FJ9Uhkjxi0K/2apROB/XCtS0Bv3AjOxt7f7HvabmYzx3J/43JLFKK5BkmqTBGUTowKU/40kxbWug1MAnSzbmDEucZ/eu34SE4R2oXarLrflH9kAIZ6+cftMpAAOKd5VVHeVJKnl4MTSU4C67iwsVpVoJ+mQOPHsf5Ekuw== am@debian-am
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0zIEBYPoa9jQLE1+vRv3oMCwn5VM1EpwCb/K5Utqb1+VOpamWEFy3tkJrkppKFxjst+rDl5ztPLKal6LMURuOQhcGmVux+hJM/ucVtzvx/LHJsBmFsZGRJ2Y2cUXwDzedWqvJybzDhLWcuxPSdvIIiv7bTCLLSIatwsGEnDJ1ffSRgkcrXAd8Pu6/ghPAQwkpIv+POB6kvu5mDHcV5xqliMvI3C4pznheFX603WZ4qA2n0sokQ+2bHSDQHZqziGw4vwQc692JauVEHUDoznTGgMlzuiC2f7Aw1q2V9WFPvOifSr+uhTU8DCDlnssSZ/3m7dnh0soFVodju3s2Wpr32fWocyNqay6FDRYQLuFPziGqlQ6wMJE6nDXr+dYTwZm6ktMGp12/Go3KROCr06Q23JSrT5uaQ+UImoU1Y6veejpU34uo1kMQnoV16OsYARa0Aza5S9S8I3evIOGxPGNAsTb+mlylRwqUm7QSpQGpn3ov7fefG4EvH6ytQlZDAou9GyaeVFfhToqQ8cSqyDU4MOLTfILXTB2tjIRnIjs9U0B6Vczv/sZ9rp/614A5mzXapsfhDyx4FieDtVkr/gFNhI1s3f8y5VJcvL7NX2ggeaqq+kfHkIxAwUUjaVCLB+E3LgUeTG5bzz/ErZbRuDqTKpHUaHKinTNoObR9xpz7+w== amj@dwabyam
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCCKtSulhB9uva1RYOtwcLMcO+1V5oGti50OXntqG0OZfEauz/oLTQpt+nkKYNUN6MazL+9ienYQ8ZZPgZbOs9WGh0acxBcPM5Dw5b0ZWEJ8h9Dk2M7P144aeRS/HuHVvc/JyI3+gYHgqWGe5ycEzlrFeegX7/Zr76eaFDQPGMnsJCFZVga24TiSPiEBTuyszq0/emsLJe41zFY4J6Y2kbaWuJYbiAvA0mZAD+g6+ltEa6vdUOF1BI2kTPFeKXc2dCnbaJAz00I437zUGdaU4533iyLHygxLPjAsjxO8q4f163VR7Rd2jibvRUW2EXgVoY1mJjkNwi2XLQCCwgG/6G8IuQaMjPAx0v7bf+vAJ3x+esJtVFNa55sgU7uHWPaRAwtovspCFBpTRIsp6J5f+1WLqWQVBVBZHdR+5PC2H5Zwb5Hq33Jn8ksQoPMCWcbIbjgF78a/B4LgtsJpA2x8cGJi6p1DEKT5bC6ROGMxqPwA8pFgI3+0X5ukZvTMDH7BjiXkbdyCaFfwo7UofRrPHIUyPAYh/XD7rUddc/6rjVBzmkXTeyYvevOOlmTxM5BDJZI/w6Gc2/XQchCDoWT9ttw7VWX19fHaHtx8KE/I8JaSS5hW77Kl3PzWJxewOAcJMh9HNza3jBgqZFTHktPCPUBZbsjD27YWJcYPrhzpQErQ== amj@thinbiam
diff --git a/roles/shellserver/users/files/ssh_keys/ariel b/roles/shellserver/users/files/ssh_keys/ariel
deleted file mode 100644
index c83bb03..0000000
--- a/roles/shellserver/users/files/ssh_keys/ariel
+++ /dev/null
@@ -1,21 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/ariel
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwaTYlLZ90/oQ5tDYDkhI2mHa1L6Vh+zcekCt8D08N7/CrFI5sUVteTwMWw2ytQlWnyT3HVgHb4IS1EPjpjyuqseRcNW0HYsqBk3E36PCBQIqjLZ0nDAeHQtm6T6pXiKC5qUppghwrvDxVYFpF3lFzAzfYMrF7iugk0xRPTHZWm8df7dqIB/6FfbxSD95yQVAlJefxoFWbo3Yn+exEZQvWv6lQYXnjV5DSwMf8tPGDkc2DRjrnR52ZrXPRZFCqc9JGkA/l8QsYtjmqJdnOgq5raOb56aRulJYdP2j//B4lRJJlglMuj8dSZE/j04zub+P2QhfdqeEHmeaTUqbwcnZZw==
diff --git a/roles/shellserver/users/files/ssh_keys/axe b/roles/shellserver/users/files/ssh_keys/axe
deleted file mode 100644
index 2f47e6a..0000000
--- a/roles/shellserver/users/files/ssh_keys/axe
+++ /dev/null
@@ -1,22 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/axe
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAjrcYXZ2/bfTdxVI1ZMXknB7WJa8uY1RLZ5Vrs2LPRTzBqaXzpY6/Iw5Ibiy8KMbVo/vQtAWrGY00ucHE+swS2VEtWIZc72kSznkL65bKtqHbZa+IqktRUBsg6ay/3Xups0DBfZ1T+SRSiLh0rya1dXd2NyIrvSo5eCxEPqAPm87rOrgC95GRxqlJUZ5ZOjV92K9v6TcTQWn61nGl2DQviAugNGtHGXhq0Xk98lWkLeGhDLedJOqFmHvqGrkSQpEps7ivlh3Mstv49pXqH1dIA7UhnyX5DTR6YjhIKehZnCfsl8wt6FMCs5QMor1giY4ZpUhY2D4ezvzFD2kqbOUvQQ== 2017-06-14
diff --git a/roles/shellserver/users/files/ssh_keys/c2c b/roles/shellserver/users/files/ssh_keys/c2c
deleted file mode 100644
index ab41c9a..0000000
--- a/roles/shellserver/users/files/ssh_keys/c2c
+++ /dev/null
@@ -1,22 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/c2c
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPyoC7ekLYc7nsd1QsgfdEatYw1FC7z92miIdXvx0n8O c2c@ender
diff --git a/roles/shellserver/users/files/ssh_keys/chan b/roles/shellserver/users/files/ssh_keys/chan
deleted file mode 100644
index 07f3bc4..0000000
--- a/roles/shellserver/users/files/ssh_keys/chan
+++ /dev/null
@@ -1,22 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/chan
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvDcmKHfTrCBRpjJxYyIELMRknrMpDXfcKDhfXqmB09 chan@Calculon
diff --git a/roles/shellserver/users/files/ssh_keys/dereckson b/roles/shellserver/users/files/ssh_keys/dereckson
deleted file mode 100644
index 21e77f2..0000000
--- a/roles/shellserver/users/files/ssh_keys/dereckson
+++ /dev/null
@@ -1,25 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/dereckson
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBzD5VzetMFTUHLWrLyBsnZ6bdwDa4Ip9WWAh5nLxKyR dereckson@ysul.nasqueron.org
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIURiX8gBIv91sxutRQeESip7Ympmqe6miepoNDvXpZ9 dereckson@orin.dereckson.drake
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFGIYBdz8pW4vaSyA/QPlcU81uLI8SHoq7I+K6FPO9oh dereckson@graywell.dereckson.drake
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGV4p25jLQQHLgKH1SawoNLKuxkfyHuERRDUN9QZ7i5m dereckson@yakin.dereckson.drake
diff --git a/roles/shellserver/users/files/ssh_keys/erol b/roles/shellserver/users/files/ssh_keys/erol
deleted file mode 100644
index 7f41a46..0000000
--- a/roles/shellserver/users/files/ssh_keys/erol
+++ /dev/null
@@ -1,22 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/erol
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdHrSRJGwaGFTpoZIvkoWTMpnXgke77emVicMT8b37kcUepeD91pA3UPQ7UOEQl/Af3Ly7ePneymZ6NjAkM06oPeIjxE6Nz+i6p7rVIZhCb9qz+hdKgt4wSEQLWponegFNdCUs6HvMjDGlsI0kajHgIakXiKAwNyxhQzpBoGranO9c2PdAq2HGq7Kcq8ApC1kdKG0W3dT4PWborzmt1jWna2yosEn+TTHj5wi2p/E9BsCbmfokBO3xn491lr1P4shh4zg7Mv3SPD3j4/mZb9EMwD8cl4y9ZIoMEbL8p4s8J7Joqs3gK9hmMN5ZCNUFrNrJu3TCRZre2k7cV3+U3IXT erol@fedai
diff --git a/roles/shellserver/users/files/ssh_keys/harshcrop b/roles/shellserver/users/files/ssh_keys/harshcrop
deleted file mode 100644
index af18829..0000000
--- a/roles/shellserver/users/files/ssh_keys/harshcrop
+++ /dev/null
@@ -1,21 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/harshcrop
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1ANaxVViiL8s2KTdb+p4FWBBZjXz3zH9/es0SSLuXzCjcs1opEeMeb4roQWWgxrZ3j0aOJAj0smSP1THtrwW1xUE5DidmueuqokgbQuvkrsvcDaJYbNjUr/3fAw7/JcWgh4lSSxCLgflpjBr5aTlMQZj/KPrGnlzjr/hPvb8cAomS2HD+hLuC2z26cvOhY811scTZWMoBrxSkmrXOTkutRdZm+TrYJyZy7xQ9ncfsARYzrOZ4be+0mfb6i4tJfMbBvadSu/gyJdOLCfV5SxdjpMLPqIXO9hWkRKYH8SFX5ZWVw8C06iJWcnFCIw1YMTFYe1MNqV8YICiYUmJ2CWaL harshcrop@Harshs-MacBook-Pro.local
diff --git a/roles/shellserver/users/files/ssh_keys/hlp b/roles/shellserver/users/files/ssh_keys/hlp
deleted file mode 100644
index 5827414..0000000
--- a/roles/shellserver/users/files/ssh_keys/hlp
+++ /dev/null
@@ -1,23 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/hlp
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIP+04Jhq2toJ+RLx41NKrtDGgmSCfOsAY/BnJ6EzNXC hlp@sonny
-
diff --git a/roles/shellserver/users/files/ssh_keys/kazuya b/roles/shellserver/users/files/ssh_keys/kazuya
deleted file mode 100644
index 23b346c..0000000
--- a/roles/shellserver/users/files/ssh_keys/kazuya
+++ /dev/null
@@ -1,22 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/kazuya
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtCcRQ6HVKD5mj602UJkpI/TMGVt1R0yYx1HxP6SWJb6FM2E4wzkxtf0sp2cxW/9Lz/0OsQV8fSSo/qfUhQXfRcL+rxsM+iixD0WMffMC8CrqsYS+VV32HR2sIm8J7yyMweJrfYneErdFisGmMgOFw8vBGX01XfdwGqbSflf3Tal7L3R0g65rclGsg7JckWE6RQMXnvGwXQxv4QahaNtZK74AlyeFgsXYlv14UeaGE4Pz+rkgZKoC4tvAOBQMNxWtCPMcydJOacoCZO7Jcxv0jMUo0y26mulQ6vbz5hqAPS612c47gh8VNDDkQaznQMeiSyIlnvDEkHmzvC8Z3UAeJ eglide
diff --git a/roles/shellserver/users/files/ssh_keys/khmerboy b/roles/shellserver/users/files/ssh_keys/khmerboy
deleted file mode 100644
index 0877e5d..0000000
--- a/roles/shellserver/users/files/ssh_keys/khmerboy
+++ /dev/null
@@ -1,21 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/khmerboy
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAxg4+y6QxyyeHvmcWHy5Q9pjh8YBNC+Q1w3+QHWH/7WKw9odKHgtpu2hixfOeZl5k/E9+XPw2oGmQzs3pInz/yyegGB57kb3xAftqJkHVuBKsrz+7q3fPjnoqk3VZ62k5II3oqEEjizdVhEVacU+149m3LJWo+FKoRAKxlX39KwEM+UMDfynck7OJvKRWTTP/cbPzR7kaMifQLWZF6stFilRnYBAesK2DzLgO37DovwxmQO1CbBuitgsHwLDXGW0gePyC39REIrntZSte1xdlEfC27rQnXcH3YPcTm9bwNBXnK1Jiwfp3fJ6q6FIz9IaybhO6CGNOOODHN4R4DTbbfQ== rsa-key-20170922
diff --git a/roles/shellserver/users/files/ssh_keys/kumkum b/roles/shellserver/users/files/ssh_keys/kumkum
deleted file mode 100644
index 8b88a74..0000000
--- a/roles/shellserver/users/files/ssh_keys/kumkum
+++ /dev/null
@@ -1,22 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/kumkum
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnCIiESqqsGOhaS16jwboLplQIP0FwKMhk0oRF7EP55 kumkum@kumkum-E200HA
diff --git a/roles/shellserver/users/files/ssh_keys/pkuz b/roles/shellserver/users/files/ssh_keys/pkuz
deleted file mode 100644
index 2a83dfe..0000000
--- a/roles/shellserver/users/files/ssh_keys/pkuz
+++ /dev/null
@@ -1,21 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/pkuz
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHIngmKZJUTBgps2LpfrjFwMtW8U5Zd0olKnmG0YZbApN9UHmiVKw6ow0U+KxI6kYGrNi6acKRnZHrnip8io8swW8PnLsgFKoCO2Ywrz/uDFaNJIVdTiNNB1Msm4dd2SiRwtn09SUVwSKBIFQFEoPG7q7v1OgvhIAk13/qbrOV+u6ZgoY8ssYH7qlRElAc4cptjtTen63f87wHFUN65T70ce6nFxOsZfTrB5Y+O7DTO25y7RV6q7CXq+i1uxJutDWDOLhb+dAqQHb5JEqBTF+CElyZtJtK+GxiXfMTWTyNBlv/4up/fRDMRxZ1F69Wowjn3MSnvsFgqxhwxW6Fksr7
diff --git a/roles/shellserver/users/files/ssh_keys/rashk0 b/roles/shellserver/users/files/ssh_keys/rashk0
deleted file mode 100644
index 611a1d1..0000000
--- a/roles/shellserver/users/files/ssh_keys/rashk0
+++ /dev/null
@@ -1,22 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/rashk0
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJJKU6dVl19vQFPMUWS2iGRzBV1uD9YEaMijBkY2oPYjwhFXc1fouGGr17kkSK9D0c4pr9A6jk/gH9GWE5SpwaZY94VK5QfdvHpyA1hLevdUc4mwuIbsMp893kr0e9Miys1/v+UdFhUq0n3rWiER3oo9rJjx3qloBqSfD18y3sCFTyM1AheVMp7E71kgViG7wWtHrkmnrBo3V5ENc2snTCQy7lF7eQ5a6D45a5n2KYV94YrMvGDbfYUnw8IJHNN6XB1KBK6mksbm2p6fc3ow0UJDOK3bfJNUkp9tfRJV/EeYxGPYJRE60Ng2Dqc3zZaH7FDgbBLoK0UwGURQozNSQT campari@Beta
diff --git a/roles/shellserver/users/files/ssh_keys/ringa b/roles/shellserver/users/files/ssh_keys/ringa
deleted file mode 100644
index 0c1565b..0000000
--- a/roles/shellserver/users/files/ssh_keys/ringa
+++ /dev/null
@@ -1,22 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/ringa
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAiTobf2i/IveVlpdntX9M6p9rOe60HuODq5FslTIFxA/RwKQbJKafCQZ3ci+Pt9BKAKtBGSJANNfbxxN7VRB+iO6UZUh2Qjb012CfigC5g1r9MEryqh8LBP27NqTkCqjMZrwUa6pYMBG1/ydbOA0BIr3C72QfpXC/qCSvXNgQzL7DGSR7cgjhGvMDn5ewJuxsvXAcajMLEORxeYooONG9ELGRUMFI4WcX6gmiYcrMVsMF+7ByshIngV5v9esWadi+RdTWUVOYt2yVS7hkYHZwUX/bN1AOfkRiuD1w3DFFiHhSoquCwaOOZjKxAw6VOrV6O/toLGe0kXXfRFzeB29/1w== rsa-key-20170111
diff --git a/roles/shellserver/users/files/ssh_keys/rix b/roles/shellserver/users/files/ssh_keys/rix
deleted file mode 100644
index ffc9c54..0000000
--- a/roles/shellserver/users/files/ssh_keys/rix
+++ /dev/null
@@ -1,22 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/rix
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAjFnOi4rwBVdw69U9y1xgWXrfNNgxEXAmbXthzHae07COwN190xoWv8VeogKxfMdxE2Tj4E0BDFt2i7Jbk9BploFdNXG46lrnoszmgRsuRx5jERfvMyOPvCAQHbL0N53AL6zH9wXF/51a5bJJ3n4wkmO1nDj9WqrDNk0in+knICiPHQX4TxwRXqBuf61gQMxwy8Aoy1WCCfCeAesZxjdFM47C6X3PPHVaXvF6x6iX8OzIHqoVT18yQAQxbET+PWMtlmNFJFx76+Sov4eQm/d2KeRg0aqw49gKLpigYnHfd2uitmSQixBNl5jyvDMoR92vZmZnScmqA9cXQikQ9HCW6Q== rsa-key-20170110
diff --git a/roles/shellserver/users/files/ssh_keys/sandlayth b/roles/shellserver/users/files/ssh_keys/sandlayth
deleted file mode 100644
index f617e8f..0000000
--- a/roles/shellserver/users/files/ssh_keys/sandlayth
+++ /dev/null
@@ -1,22 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/sandlayth
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL4H4SF3NZ0/o5uTYhIUKUEzP7hlZ0mGqMxs6wt/dhQs kalix@arch-laptop
diff --git a/roles/shellserver/users/files/ssh_keys/shark b/roles/shellserver/users/files/ssh_keys/shark
deleted file mode 100644
index c24dc77..0000000
--- a/roles/shellserver/users/files/ssh_keys/shark
+++ /dev/null
@@ -1,22 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/shark
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAjKehL1PdhcpLNiGdWLuVCUpNawUhQoxon3nmhZm/B+oU2nwygqvx9YU3LFzTEDNXWtU0aH2UVgC5bkRyVdmVKjX878luoluYwhKJFrYoEd9zS+EPDNmNYSoKntDbZoB17iacVEUM4Kg3RAzwStw3L8OO9DlB9NdXUzS8/9wlSy43ddoRRy83FvnvhRNXWScUIQyBolxqyoVvXdLZ2t0PnCdU3Bz2Wkcg24XjwDOR0R0A3780b+VGcsjXtjYxK6xCpNo9l2DqLAfpw+BFusWy6au5U15vfHgR91Lbcd1xtfvJAElI97fR6DGf+HSrtYZe+9gMU1nofibdiNWSJ/Vn+Q== rsa-key-20161212
diff --git a/roles/shellserver/users/files/ssh_keys/thrx b/roles/shellserver/users/files/ssh_keys/thrx
deleted file mode 100644
index 4973be2..0000000
--- a/roles/shellserver/users/files/ssh_keys/thrx
+++ /dev/null
@@ -1,22 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/thrx
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAqm65UgRA1ZJaGnam+PQiFmXKOKZHAUc5jN8zRQsAaFv5Kgxks857DPBX8eO7Wolh70C/UVXAqYgHS2yg74KKKzyjv2vd/de4vQuC4m24IRWkuGJ6xr+dgqNRMn3YklJ2W/SzMCLIFNWUlM3JnvIPElxrLVMSm9ZCACAvWGgy8uF+vBkJYsmfN5AokyzSZcAUqREBbnsC33erGz50it4Oxn4QpAGWtYBHz+kHz89rZBMbMRAoMyQ1EfnzH076jtufHuTdqibmQRB39GbY8bgJJk0tpntwTvx4pHAnMK6CUwbjtFU03LByYNiIzDjwHXqfwuQZl8WlQjx7oTVNHCJ9fw== rsa-key-20170221
diff --git a/roles/shellserver/users/files/ssh_keys/tomjerr b/roles/shellserver/users/files/ssh_keys/tomjerr
deleted file mode 100644
index 9310274..0000000
--- a/roles/shellserver/users/files/ssh_keys/tomjerr
+++ /dev/null
@@ -1,22 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/tomjerr
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7WGzb6h6i8H81nkw0E2PvFwi1yqODeltyGwFQxEwL4+bc75LlbxtpIsxS+D4vkervfGjMwgAJSFOv6uimRhubmp1I2Pf85APTf/a9xXmNzAuNnhR8ur93I08cQ2kKlY19q3EX4H4qj2HizRZxgusG8dYyBWuKuq6P7vIn5zn55IzFJKxCekydAjQsDUTOaio5brLD3sY8IfnWtKWDgrszozUOEqZdquJDS6LBEHHDTpWK/Mzuwd6YkpfdG2GVLwuN6Rj43jNoxcvk2W7oJyJQQ7xSpNR3QIFzTAu9VL9AAv4qak4o2AYpmg8HXsgGR2ARvJ0mFzWw8qy/c/5plPgp tomjerr
diff --git a/roles/shellserver/users/files/ssh_keys/xcombelle b/roles/shellserver/users/files/ssh_keys/xcombelle
deleted file mode 100644
index 2aeff97..0000000
--- a/roles/shellserver/users/files/ssh_keys/xcombelle
+++ /dev/null
@@ -1,22 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/xcombelle
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9KJQDTtuxGCOaeFtip+yel45zMNS4tvrYg0AzNhT22K8g3F8wiY1GKvYw6Czj8Zo+rqA5/Rt7BCQwNtZyI+Nh23Cvg5wZQ2A6dtzQI69HZVSi+FRA5o4/SG4wyp7AT6wuWn+7tTE/pH69D0keDmaNpLSzhkxKFQd2DuOD2BENobEIE9DzbRf2DeUJ15uCzX/mnEXykklYvQ5AontiwL7VNB1VpNebrfnecAaAua0RhuYp+XwxBaSM4KB4lIA6hTBYEOG6J3TaC3GofMtAANI/n8gcCQkadkqtQHrap2Wh9X6bzekwROVGui1TW6sM7+hS4P7PM80nK05iVnGzIfYR xavier.combelle@gmail.com
diff --git a/roles/shellserver/users/files/ssh_keys/xray b/roles/shellserver/users/files/ssh_keys/xray
deleted file mode 100644
index 331067c..0000000
--- a/roles/shellserver/users/files/ssh_keys/xray
+++ /dev/null
@@ -1,22 +0,0 @@
-# -------------------------------------------------------------
-# OpenSSH authorized_keys
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/users/files/ssh_keys/xray
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-#
-# To add a new key or revoke a key, submit a Git commit:
-# https://agora.nasqueron.org/How_to_contribute_code
-#
-# You can also ask Nasqueron operations to do that for you:
-# https://devcentral.nasqueron.org/maniphest/task/edit/form/3/
-# </auto-generated>
-
-ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAzSj3sQYbrBBdceBRUAbuzCS9vZWycVV0OSZ0ofoWx/dOTIalhc3O+aett7J34GqwDgpcTEkEpa/MrlO/2TOGOFIsPlvbZW4fXXFADCbOWkRRNuYW5rv/Sg6ZliGtw4cj0dKEkn9+L/JAuGwKV5KJNTPcp5w8hZyQYczZ8KhcyNVv7mfzLnId03wPnuTTe+AmCTOitbVb3gxjdXDYeS46PkbV8m/23KpcdLigo3ClDwE/SIoA+YddaAbpWDMEwhnWyKmLGI6xkFcqSY1NT0eYnL2waZMEnfluxt+D0V0IT5NeOmQcTuVWPvjFdSKbKepPhdrFmzGNtytfZWoFOPiG+Q== rsa-key-20170119
diff --git a/scripts/byTasks/repo-maintenance/migrate-ssh-keys.py b/scripts/byTasks/repo-maintenance/migrate-ssh-keys.py
new file mode 100755
index 0000000..0cf65d5
--- /dev/null
+++ b/scripts/byTasks/repo-maintenance/migrate-ssh-keys.py
@@ -0,0 +1,114 @@
+#!/usr/bin/env python3
+
+# -------------------------------------------------------------
+# rOPS — migrate SSH keys from file to Salt state
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-11-09
+# Description: Read a dictionary, and for each key, find in
+# a specified folder a data file. Add data from
+# this file to the dictionary. Output in YAML.
+# License: BSD-2-Clause
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Table of contents
+# -------------------------------------------------------------
+#
+# :: Configuration
+# :: YAML style
+# :: Update code
+# :: Run task
+#
+# -------------------------------------------------------------
+
+
+import os
+import yaml
+
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+# Where is located the dictionary to update?
+state_file = 'pillar/core/users.sls'
+state_key = 'shellusers'
+
+# Where are located the data fileS?
+data_path = 'roles/shellserver/users/files/ssh_keys/'
+
+# What property should get the data and be added if missing in the dict?
+state_data_property = 'ssh_keys'
+
+
+# -------------------------------------------------------------
+# YAML style
+#
+# Allows to dump with indented lists
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+class SaltStyleDumper(yaml.Dumper):
+
+ def increase_indent(self, flow=False, indentless=False):
+ return super(SaltStyleDumper, self).increase_indent(flow, False)
+
+
+# -------------------------------------------------------------
+# Update code
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+def do_update():
+ state = read_state()
+ update_state(state)
+ print(dump_state(state))
+
+
+def read_state():
+ fd = open(state_file, "r")
+ states = yaml.load(fd.read())
+ fd.close()
+
+ return states[state_key]
+
+
+def update_state(state):
+ for key in state:
+ if state_data_property not in state[key]:
+ state[key][state_data_property] = read_data(key)
+
+
+def read_data(key):
+ path = data_path + key
+
+ if not os.path.exists(path):
+ return []
+
+ return [line.strip() for line in open(path, "r") if is_value_line(line)]
+
+
+def is_value_line(line):
+ if line.startswith("#"):
+ return False
+
+ if line.strip() == '':
+ return False
+
+ return True
+
+
+def dump_state(state):
+ return yaml.dump({state_key: state},
+ default_flow_style=False,
+ Dumper=SaltStyleDumper, width=1000)
+
+
+# -------------------------------------------------------------
+# Run task
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+do_update()
diff --git a/top.sls b/top.sls
index e661244..da00144 100644
--- a/top.sls
+++ b/top.sls
@@ -1,40 +1,40 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-04-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
base:
'*':
- roles/core/rc
- roles/core/hostname
- roles/core/network
- roles/core/motd
- roles/core/rsyslog
- roles/core/salt
- roles/core/sshd
- roles/core/sysctl
+ - roles/core/users
'local':
- roles/saltmaster
'ysul':
- roles/paas-jails
- roles/dbserver-mysql
- roles/webserver-core
- roles/webserver-legacy
- roles/webserver-varnish
'dwellers':
- roles/paas-docker/docker
- roles/paas-lxc/lxc
- roles/mastodon
'eglide':
- roles/webserver-core
- - roles/shellserver/users
- roles/shellserver/userland-software
- roles/shellserver/eglide-website
- roles/shellserver/vhosts
- roles/shellserver/web-hosting
- roles/shellserver/database
- roles/shellserver/odderon
- roles/shellserver/bonjour-chaton
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Mon, Nov 25, 18:27 (11 h, 30 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2260704
Default Alt Text
(78 KB)
Attached To
Mode
rOPS Nasqueron Operations
Attached
Detach File
Event Timeline
Log In to Comment