feat: add branding and get_iam_sshkeys.py
This commit is contained in:
parent
b907511e03
commit
19efeada19
11
README.md
11
README.md
|
@ -2,4 +2,13 @@
|
||||||
|
|
||||||
ZeroDownTime - Alpine golden images
|
ZeroDownTime - Alpine golden images
|
||||||
|
|
||||||
AWS only for now
|
AWS only for now
|
||||||
|
|
||||||
|
## Image scanning via Trivy
|
||||||
|
|
||||||
|
```
|
||||||
|
modprobe nbd
|
||||||
|
qemu-nbd -c /dev/nbd0 zdt-alpine-3.16.2-x86_64-bios-tiny-minimal-r1.vhd
|
||||||
|
mount /dev/nbd0 /mnt/image
|
||||||
|
trivy filesystem /mnt/image
|
||||||
|
```
|
||||||
|
|
|
@ -5,8 +5,8 @@ echo "Are you really sure as AMIs might be used by customers !!"
|
||||||
read
|
read
|
||||||
|
|
||||||
#TAG_FILTER="Name=tag:project,Values=zdt-alpine"
|
#TAG_FILTER="Name=tag:project,Values=zdt-alpine"
|
||||||
#TAG_FILTER="Name=tag:Name,Values=zdt-alpine-3.16.0-x86_64-bios-tiny-minimal-r0"
|
TAG_FILTER="Name=tag:Name,Values=zdt-alpine-3.16.2-x86_64-bios-tiny-minimal-r1"
|
||||||
TAG_FILTER="Name=tag:Name,Values=zdt-alpine-3.16.2-x86_64-bios-tiny-kubezero-1.23.10-r0"
|
#TAG_FILTER="Name=tag:Name,Values=zdt-alpine-3.16.2-x86_64-bios-tiny-kubezero-1.23.10-r0"
|
||||||
|
|
||||||
#for r in $(aws ec2 describe-regions --query "Regions[].{Name:RegionName}" --output text); do
|
#for r in $(aws ec2 describe-regions --query "Regions[].{Name:RegionName}" --output text); do
|
||||||
for r in ap-southeast-2 ca-central-1 eu-central-1 us-east-1 us-west-1 us-west-2; do
|
for r in ap-southeast-2 ca-central-1 eu-central-1 us-east-1 us-west-1 us-west-2; do
|
||||||
|
|
|
@ -45,7 +45,8 @@ echo 'Installed cloudbender shutdown hook'
|
||||||
|
|
||||||
# Install tools
|
# Install tools
|
||||||
cp $SETUP/route53.py $TARGET/usr/local/bin
|
cp $SETUP/route53.py $TARGET/usr/local/bin
|
||||||
echo 'Installed route53.py'
|
cp $SETUP/get_iam_sshkeys.py $TARGET/usr/sbin
|
||||||
|
echo 'Installed route53.py and get_iam_sshkeys.py'
|
||||||
|
|
||||||
# ps_mem
|
# ps_mem
|
||||||
#wget https://raw.githubusercontent.com/pixelb/ps_mem/master/ps_mem.py
|
#wget https://raw.githubusercontent.com/pixelb/ps_mem/master/ps_mem.py
|
||||||
|
@ -63,12 +64,13 @@ echo 'Enable monit via init, hooked up cloudbender alerting'
|
||||||
|
|
||||||
# QoL
|
# QoL
|
||||||
mv $TARGET/etc/profile.d/color_prompt.sh.disabled $TARGET/etc/profile.d/color_prompt.sh
|
mv $TARGET/etc/profile.d/color_prompt.sh.disabled $TARGET/etc/profile.d/color_prompt.sh
|
||||||
echo 'alias rs="doas bash --login"' > $TARGET/etc/profile.d/alias.sh
|
echo 'alias rs="doas bash"' > $TARGET/etc/profile.d/alias.sh
|
||||||
|
|
||||||
# branding
|
# branding
|
||||||
rm -f $TARGET/etc/motd
|
rm -f $TARGET/etc/motd
|
||||||
cp $SETUP/neofetch.conf $TARGET/etc/neofetch.conf
|
cp $SETUP/neofetch.conf $TARGET/etc/neofetch.conf
|
||||||
cp $SETUP/zdt-ascii.txt $TARGET/etc/neofetch-logo.txt
|
cp $SETUP/zdt-ascii.txt $TARGET/etc/neofetch-logo.txt
|
||||||
echo 'neofetch --config /etc/neofetch.conf' > $TARGET/etc/profile.d/motd.sh
|
echo '[ -n "$SSH_TTY" -a "$SHLVL" -eq 1 ] && neofetch --config /etc/neofetch.conf' > $TARGET/etc/profile.d/motd.sh
|
||||||
|
echo 'Installed ZDT branding via neofetch'
|
||||||
|
|
||||||
printf '\n# Zero Down Time config applied'
|
printf '\n# Zero Down Time config applied'
|
||||||
|
|
|
@ -0,0 +1,63 @@
|
||||||
|
#!/usr/bin/python3
|
||||||
|
import sys
|
||||||
|
import boto3
|
||||||
|
import argparse
|
||||||
|
|
||||||
|
parser = argparse.ArgumentParser(description="Get SSH keys from IAM users")
|
||||||
|
parser.add_argument(
|
||||||
|
"--user", dest="user", action="store", required=True, help="requested user"
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--group", action="store", required=True, help="IAM group to search"
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--iamRole",
|
||||||
|
dest="iamRole",
|
||||||
|
action="store",
|
||||||
|
help="IAM role ARN to assume to search for IAM users",
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--allowedUser",
|
||||||
|
dest="allowedUsers",
|
||||||
|
action="append",
|
||||||
|
default=["alpine"],
|
||||||
|
help="Allowed users",
|
||||||
|
)
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
# Fail early if invalid user
|
||||||
|
if not args.user in args.allowedUsers:
|
||||||
|
sys.exit(0)
|
||||||
|
|
||||||
|
session = boto3.Session()
|
||||||
|
|
||||||
|
if args.iamRole:
|
||||||
|
sts = session.client("sts")
|
||||||
|
credentials = sts.assume_role(
|
||||||
|
RoleArn=args.iamRole, RoleSessionName="sshdKeyLookup"
|
||||||
|
)["Credentials"]
|
||||||
|
|
||||||
|
assumed_role_session = boto3.Session(
|
||||||
|
aws_access_key_id=credentials["AccessKeyId"],
|
||||||
|
aws_secret_access_key=credentials["SecretAccessKey"],
|
||||||
|
aws_session_token=credentials["SessionToken"],
|
||||||
|
)
|
||||||
|
iam = assumed_role_session.client("iam")
|
||||||
|
|
||||||
|
else:
|
||||||
|
iam = session.client("iam")
|
||||||
|
|
||||||
|
try:
|
||||||
|
for user in iam.get_group(GroupName=args.group)["Users"]:
|
||||||
|
for key_desc in iam.list_ssh_public_keys(UserName=user["UserName"])[
|
||||||
|
"SSHPublicKeys"
|
||||||
|
]:
|
||||||
|
key = iam.get_ssh_public_key(
|
||||||
|
UserName=user["UserName"],
|
||||||
|
SSHPublicKeyId=key_desc["SSHPublicKeyId"],
|
||||||
|
Encoding="SSH",
|
||||||
|
)
|
||||||
|
if key["SSHPublicKey"]["Status"] == "Active":
|
||||||
|
print(key["SSHPublicKey"]["SSHPublicKeyBody"], user["UserName"])
|
||||||
|
except:
|
||||||
|
pass
|
|
@ -4,7 +4,7 @@ print_info() {
|
||||||
prin "$(color 1)Welcome to Alpine - ZeroDownTime edition"
|
prin "$(color 1)Welcome to Alpine - ZeroDownTime edition"
|
||||||
echo
|
echo
|
||||||
prin "Release Notes:"
|
prin "Release Notes:"
|
||||||
prin " - <https://kubezero.com/releases/v1.23/README.md>"
|
prin " - <https://kubezero.com/releases/>"
|
||||||
prin " - <https://alpinelinux.org/releases/>"
|
prin " - <https://alpinelinux.org/releases/>"
|
||||||
echo
|
echo
|
||||||
|
|
||||||
|
|
|
@ -49,5 +49,4 @@ action = "UPSERT"
|
||||||
if args.delete:
|
if args.delete:
|
||||||
action = "DELETE"
|
action = "DELETE"
|
||||||
|
|
||||||
print(args)
|
|
||||||
update_dns(args.fqdn, args.record, action=action, ttl=args.ttl, record_type=args.record_type)
|
update_dns(args.fqdn, args.record, action=action, ttl=args.ttl, record_type=args.record_type)
|
||||||
|
|
Loading…
Reference in New Issue