Initial version of playbook which creates virtual machines.
This commit is contained in:
commit
b010f9db84
4 changed files with 191 additions and 0 deletions
55
scripts/genpasswd
Executable file
55
scripts/genpasswd
Executable file
|
|
@ -0,0 +1,55 @@
|
|||
#!/usr/bin/env python
|
||||
""" Password generator module """
|
||||
|
||||
import os
|
||||
import sys
|
||||
import string
|
||||
from base64 import encodestring
|
||||
from random import SystemRandom
|
||||
|
||||
from Crypto.PublicKey import RSA
|
||||
from passlib.hash import sha512_crypt
|
||||
|
||||
|
||||
OUTDIR = "/srv/ansible-private/keystore"
|
||||
PUBKEY = "/srv/ansible-private/ssh/id_rsa.pub"
|
||||
|
||||
|
||||
class Passwd(object):
|
||||
""" Generate, hash and encrypt passwords """
|
||||
|
||||
characters = string.ascii_letters + string.digits
|
||||
|
||||
def __init__(self, length=20):
|
||||
self.plain = "".join([SystemRandom().choice(self.characters)\
|
||||
for _ in range(length)])
|
||||
|
||||
def hash(self):
|
||||
""" Return sha512 hash of password """
|
||||
return sha512_crypt.hash(self.plain, rounds=5000)
|
||||
|
||||
def encrypt(self, pem):
|
||||
""" Return password encrypted with given public key """
|
||||
key = RSA.importKey(open(pem, "r").read())
|
||||
# docs say encrypt second argument will be ignored
|
||||
return encodestring(key.encrypt(self.plain, "x")[0])
|
||||
|
||||
|
||||
def main():
|
||||
""" Generate and store password for given host """
|
||||
if len(sys.argv) != 2:
|
||||
print >>sys.stderr, "Usage: %s <hostname>" % \
|
||||
os.path.basename(sys.argv[0])
|
||||
sys.exit(1)
|
||||
|
||||
os.umask(077)
|
||||
mypass = Passwd()
|
||||
|
||||
dest = open(os.path.join(OUTDIR, sys.argv[1] + ".asc"), "w")
|
||||
dest.write(mypass.encrypt(PUBKEY))
|
||||
dest.close()
|
||||
|
||||
print mypass.hash()
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
24
scripts/getpasswd
Executable file
24
scripts/getpasswd
Executable file
|
|
@ -0,0 +1,24 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [ $# -ne 1 ]; then
|
||||
echo "Usage: $(basename "$0") <hostname>" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
TARGET=$1
|
||||
|
||||
ENC=/srv/ansible-private/keystore/${TARGET}.asc
|
||||
KEY=/srv/ansible-private/ssh/id_rsa
|
||||
|
||||
if [ ! -f "${KEY}" ]; then
|
||||
echo "ERR: Cannot find encryption key file ${KEY}" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -f "${ENC}" ]; then
|
||||
echo "ERR: Cannot find password entry for ${TARGET}" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
base64 -d "${ENC}" | openssl rsautl -decrypt -raw -inkey "${KEY}"
|
||||
echo
|
||||
Loading…
Add table
Add a link
Reference in a new issue