Merge branch 'master' into 8286-fav-projects

[arvados.git] / services / login-sync / bin / arvados-login-sync

diff --git a/services/login-sync/bin/arvados-login-sync b/services/login-sync/bin/arvados-login-sync
index 641c510251728ccc598f246a1c23657bb1615a65..e1b8c484f0413cb8ff6bfe3ac0be77aebbcd2aa7 100755 (executable)
--- a/services/login-sync/bin/arvados-login-sync
+++ b/services/login-sync/bin/arvados-login-sync
@@ -7,50 +7,27 @@ require 'etc'
 require 'fileutils'
 require 'yaml'
 
-# This script does the actual account/key management on disk for the shell machine(s).
-#
-# Ward Vandewege <ward@curoverse.com>
-
-# Default is development
-production = ARGV[0] == "production"
-
-ENV["RAILS_ENV"] = "development"
-ENV["RAILS_ENV"] = "production" if production
-
-DEBUG = 1
-
-# load and merge in the environment-specific application config info
-# if present, overriding base config parameters as specified
-path = File.dirname(__FILE__) + '/config/arvados-clients.yml'
-if File.exists?(path) then
-       cp_config = YAML.load_file(path)[ENV['RAILS_ENV']]
-else
-       puts "Please create a\n " + File.dirname(__FILE__) + "/config/arvados-clients.yml\n file"
-       exit 1
+req_envs = %w(ARVADOS_API_HOST ARVADOS_API_TOKEN ARVADOS_VIRTUAL_MACHINE_UUID)
+req_envs.each do |k|
+  unless ENV[k]
+    abort "Fatal: These environment vars must be set: #{req_envs}"
+  end
 end
 
-shell_hostname = cp_config['arvados_shell_hostname']
-
-ENV['ARVADOS_API_HOST'] = cp_config['arvados_api_host']
-ENV['ARVADOS_API_TOKEN'] = cp_config['arvados_api_token']
-
 keys = ''
 
 seen = Hash.new
 
 begin
-
   uids = Hash[Etc.to_enum(:passwd).map { |ent| [ent.name, ent.uid] }]
   gids = Hash[Etc.to_enum(:group).map { |ent| [ent.name, ent.gid] }]
-  arv = Arvados.new( { :suppress_ssl_warnings => false } )
+  arv = Arvados.new({ :suppress_ssl_warnings => false })
 
-  begin
-    logins = arv.virtual_machine.get_all_logins(limit: 10000, uuid: cp_config['vm_uuid'])[:items]
-  rescue
-    logins = arv.virtual_machine.logins(:uuid => cp_config['vm_uuid'])[:items]
-  end
+  vm_uuid = ENV['ARVADOS_VIRTUAL_MACHINE_UUID']
+
+  logins = arv.virtual_machine.logins(:uuid => vm_uuid)[:items]
   logins = [] if logins.nil?
-  logins = logins.reject { |l| l[:username].nil? or l[:hostname].nil? or l[:public_key].nil? or l[:hostname] != shell_hostname }
+  logins = logins.reject { |l| l[:username].nil? or l[:hostname].nil? or l[:public_key].nil? or l[:virtual_machine_uuid] != vm_uuid }
 
   # No system users
   uid_min = 1000
@@ -91,7 +68,6 @@ begin
   logins.each do |l|
     next if seen[l[:username]]
     seen[l[:username]] = true if not seen.has_key?(l[:username])
-    @homedir = "/home/#{l[:username]}"
 
     unless uids[l[:username]]
       STDERR.puts "Creating account #{l[:username]}"
@@ -100,7 +76,7 @@ begin
       groups << "fuse"
       groups.select! { |name| gids[name] }
       # Create new user
-      next unless system("/usr/sbin/useradd", "-m",
+      next unless system("useradd", "-m",
                          "-c", l[:username],
                          "-s", "/bin/bash",
                          "-G", groups.join(","),
@@ -108,6 +84,7 @@ begin
                          out: devnull)
     end
     # Create .ssh directory if necessary
+    @homedir = Etc.getpwnam(l[:username]).dir
     userdotssh = File.join(@homedir, ".ssh")
     Dir.mkdir(userdotssh) if !File.exists?(userdotssh)
     @key = "#######################################################################################
@@ -123,6 +100,7 @@ begin
     FileUtils.chown_R(l[:username], l[:username], userdotssh)
     File.chmod(0700, userdotssh)
     File.chmod(0750, @homedir)
+    File.chmod(0600, userauthkeys)
   end
 
   devnull.close
@@ -131,4 +109,3 @@ rescue Exception => bang
   puts bang.backtrace.join("\n")
   exit 1
 end
-