From d67b634b9afe9bebeaef461dfdd2edfa4e5740fd Mon Sep 17 00:00:00 2001 From: Peter Amstutz Date: Thu, 27 Aug 2020 13:09:16 -0400 Subject: [PATCH] 16749: Command line user management for arvbox Arvados-DCO-1.1-Signed-off-by: Peter Amstutz --- doc/install/arvbox.html.textile.liquid | 11 +++ tools/arvbox/bin/arvbox | 19 +++++ .../arvbox/lib/arvbox/docker/Dockerfile.base | 2 +- .../lib/arvbox/docker/cluster-config.sh | 19 +++-- tools/arvbox/lib/arvbox/docker/edit_users.py | 70 +++++++++++++++++++ 5 files changed, 113 insertions(+), 8 deletions(-) create mode 100755 tools/arvbox/lib/arvbox/docker/edit_users.py diff --git a/doc/install/arvbox.html.textile.liquid b/doc/install/arvbox.html.textile.liquid index 5db8cfc19a..c01ec61fa0 100644 --- a/doc/install/arvbox.html.textile.liquid +++ b/doc/install/arvbox.html.textile.liquid @@ -17,8 +17,11 @@ h2. Quick start $ git clone https://github.com/arvados/arvados.git $ cd arvados/tools/arvbox/bin $ ./arvbox start localdemo +$ ./arvbox adduser demouser demo@example.com +You can now log in as @demouser@ using the password you selected. + h2. Requirements * Linux 3.x+ and Docker 1.9+ @@ -46,6 +49,9 @@ update stop, pull latest image, run build build arvbox Docker image reboot stop, build arvbox Docker image, run rebuild build arvbox Docker image, no layer cache +checkpoint create database backup +restore restore checkpoint +hotreset reset database and restart API without restarting container reset delete arvbox arvados data (be careful!) destroy delete all arvbox code and data (be careful!) log tail log of specified service @@ -55,6 +61,11 @@ pipe run a bash script piped in from stdin sv change state of service inside arvbox clone clone dev arvbox +adduser + add a user login +removeuser + remove user login +listusers list user logins h2. Install root certificate diff --git a/tools/arvbox/bin/arvbox b/tools/arvbox/bin/arvbox index 8f13215bcf..a15da4694f 100755 --- a/tools/arvbox/bin/arvbox +++ b/tools/arvbox/bin/arvbox @@ -619,6 +619,20 @@ sv restart keepproxy EOF ;; + adduser) + docker exec -ti $ARVBOX_CONTAINER /usr/local/lib/arvbox/edit_users.py /var/lib/arvados/cluster_config.yml.override $(getclusterid) add $@ + docker exec $ARVBOX_CONTAINER sv restart controller + ;; + + removeuser) + docker exec -ti $ARVBOX_CONTAINER /usr/local/lib/arvbox/edit_users.py /var/lib/arvados/cluster_config.yml.override $(getclusterid) remove $@ + docker exec $ARVBOX_CONTAINER sv restart controller + ;; + + listusers) + exec docker exec -ti $ARVBOX_CONTAINER /usr/local/lib/arvbox/edit_users.py /var/lib/arvados/cluster_config.yml $(getclusterid) list + ;; + *) echo "Arvados-in-a-box https://doc.arvados.org/install/arvbox.html" echo @@ -649,5 +663,10 @@ EOF echo "sv " echo " change state of service inside arvbox" echo "clone clone dev arvbox" + echo "adduser " + echo " add a user login" + echo "removeuser " + echo " remove user login" + echo "listusers list user logins" ;; esac diff --git a/tools/arvbox/lib/arvbox/docker/Dockerfile.base b/tools/arvbox/lib/arvbox/docker/Dockerfile.base index b6d6c68e31..c5c3774a96 100644 --- a/tools/arvbox/lib/arvbox/docker/Dockerfile.base +++ b/tools/arvbox/lib/arvbox/docker/Dockerfile.base @@ -109,7 +109,7 @@ ADD gitolite.rc \ keep-setup.sh common.sh createusers.sh \ logger runsu.sh waitforpostgres.sh \ yml_override.py api-setup.sh \ - go-setup.sh devenv.sh cluster-config.sh \ + go-setup.sh devenv.sh cluster-config.sh edit_users.py \ /usr/local/lib/arvbox/ ADD runit /etc/runit diff --git a/tools/arvbox/lib/arvbox/docker/cluster-config.sh b/tools/arvbox/lib/arvbox/docker/cluster-config.sh index 1413984655..3ae1abe62e 100755 --- a/tools/arvbox/lib/arvbox/docker/cluster-config.sh +++ b/tools/arvbox/lib/arvbox/docker/cluster-config.sh @@ -134,13 +134,6 @@ Clusters: Login: Test: Enable: true - Users: - admin: - Email: admin@example.com - Password: admin - user: - Email: user@example.com - Password: user Users: NewUsersAreActive: true AutoAdminUserWithEmail: admin@example.com @@ -173,6 +166,18 @@ EOF cp /var/lib/arvados/cluster_config.yml /etc/arvados/config.yml +chmod og-rw \ + /var/lib/arvados/cluster_config.yml.override \ + /var/lib/arvados/cluster_config.yml \ + /etc/arvados/config.yml \ + /var/lib/arvados/api_secret_token \ + /var/lib/arvados/blob_signing_key \ + /var/lib/arvados/management_token \ + /var/lib/arvados/system_root_token \ + /var/lib/arvados/api_database_pw \ + /var/lib/arvados/workbench_secret_token \ + /var/lib/arvados/superuser_token \ + mkdir -p /var/lib/arvados/run_tests cat >/var/lib/arvados/run_tests/config.yml < add [pass]" % (sys.argv[0])) + print("%s remove " % (" " * len(sys.argv[0]))) + print("%s list" % (" " * len(sys.argv[0]))) + exit() + +if len(sys.argv) < 4: + print_help() + +fn = sys.argv[1] +cl = sys.argv[2] +op = sys.argv[3] + +if op == "remove" and len(sys.argv) < 5: + print_help() +if op == "add" and len(sys.argv) < 6: + print_help() + +if op in ("add", "remove"): + user = sys.argv[4] + +if not os.path.exists(fn): + open(fn, "w").close() + +with open(fn, "r") as f: + conf = ruamel.yaml.round_trip_load(f) + +if not conf: + conf = {} + +conf["Clusters"] = conf.get("Clusters", {}) +conf["Clusters"][cl] = conf["Clusters"].get(cl, {}) +conf["Clusters"][cl]["Login"] = conf["Clusters"][cl].get("Login", {}) +conf["Clusters"][cl]["Login"]["Test"] = conf["Clusters"][cl]["Login"].get("Test", {}) +conf["Clusters"][cl]["Login"]["Test"]["Users"] = conf["Clusters"][cl]["Login"]["Test"].get("Users", {}) + +users_obj = conf["Clusters"][cl]["Login"]["Test"]["Users"] + +if op == "add": + email = sys.argv[5] + if len(sys.argv) == 7: + p = sys.argv[6] + else: + p = getpass.getpass("Password for %s: " % user) + + users_obj[user] = { + "Email": email, + "Password": p + } + print("Added %s" % user) +elif op == "remove": + del users_obj[user] + print("Removed %s" % user) +elif op == "list": + print(ruamel.yaml.round_trip_dump(users_obj)) +else: + print("Operations are 'add', 'remove' and 'list'") + +with open(fn, "w") as f: + f.write(ruamel.yaml.round_trip_dump(conf)) -- 2.30.2