def config_user_account(self, ovfenv):
logger.info("Create user account if not exists")
self.osutil.useradd(ovfenv.username)
if ovfenv.user_password is not None:
logger.info("Set user password.")
crypt_id = conf.get_password_cryptid()
salt_len = conf.get_password_crypt_salt_len()
self.osutil.chpasswd(ovfenv.username,
ovfenv.user_password,
crypt_id=crypt_id,
salt_len=salt_len)
logger.info("Configure sudoer")
self.osutil.conf_sudoer(ovfenv.username,
nopasswd=ovfenv.user_password is None)
logger.info("Configure sshd")
self.osutil.conf_sshd(ovfenv.disable_ssh_password_auth)
#Disable selinux temporary
sel = self.osutil.is_selinux_enforcing()
if sel:
self.osutil.set_selinux_enforce(0)
self.deploy_ssh_pubkeys(ovfenv)
self.deploy_ssh_keypairs(ovfenv)
if sel:
self.osutil.set_selinux_enforce(1)
def add_user(self, username, encrypted_password, account_expiration):
try:
expiration_date = (account_expiration + timedelta(days=1)).strftime(DATE_FORMAT)
logger.verbose("Adding user {0} with expiration date {1}"
.format(username, expiration_date))
self.os_util.useradd(username, expiration_date, REMOTE_ACCESS_ACCOUNT_COMMENT)
except OSError as oe:
logger.error("Error adding user {0}. {1}"
.format(username, oe.strerror))
return
except Exception as e:
logger.error("Error adding user {0}. {1}".format(username, ustr(e)))
return
try:
prv_key = os.path.join(conf.get_lib_dir(), TRANSPORT_PRIVATE_CERT)
pwd = self.cryptUtil.decrypt_secret(encrypted_password, prv_key)
self.os_util.chpasswd(username, pwd, conf.get_password_cryptid(), conf.get_password_crypt_salt_len())
self.os_util.conf_sudoer(username)
logger.info("User '{0}' added successfully with expiration in {1}"
.format(username, expiration_date))
return
except OSError as oe:
self.handle_failed_create(username, oe.strerror)
except Exception as e:
self.handle_failed_create(username, ustr(e))
def add_user(self, username, encrypted_password, account_expiration):
try:
expiration_date = (account_expiration +
timedelta(days=1)).strftime(DATE_FORMAT)
logger.verbose("Adding user {0} with expiration date {1}".format(
username, expiration_date))
self.os_util.useradd(username, expiration_date,
REMOTE_ACCESS_ACCOUNT_COMMENT)
except Exception as e:
raise RemoteAccessError("Error adding user {0}. {1}".format(
username, ustr(e)))
try:
prv_key = os.path.join(conf.get_lib_dir(), TRANSPORT_PRIVATE_CERT)
pwd = self.cryptUtil.decrypt_secret(encrypted_password, prv_key)
self.os_util.chpasswd(username, pwd, conf.get_password_cryptid(),
conf.get_password_crypt_salt_len())
self.os_util.conf_sudoer(username)
logger.info(
"User '{0}' added successfully with expiration in {1}".format(
username, expiration_date))
except Exception as e:
error = "Error adding user {0}. {1} ".format(username, str(e))
try:
self.handle_failed_create(username)
error += "cleanup successful"
except RemoteAccessError as rae:
error += "and error cleaning up {0}".format(str(rae))
raise RemoteAccessError(
"Error adding user {0} cleanup successful".format(username),
ustr(e))
def config_user_account(self, ovfenv):
logger.info("Create user account if not exists")
self.osutil.useradd(ovfenv.username)
if ovfenv.user_password is not None:
logger.info("Set user password.")
crypt_id = conf.get_password_cryptid()
salt_len = conf.get_password_crypt_salt_len()
self.osutil.chpasswd(ovfenv.username, ovfenv.user_password,
crypt_id=crypt_id, salt_len=salt_len)
logger.info("Configure sudoer")
self.osutil.conf_sudoer(ovfenv.username,
nopasswd=ovfenv.user_password is None)
logger.info("Configure sshd")
self.osutil.conf_sshd(ovfenv.disable_ssh_password_auth)
# Disable selinux temporary
sel = self.osutil.is_selinux_enforcing()
if sel:
self.osutil.set_selinux_enforce(0)
self.deploy_ssh_pubkeys(ovfenv)
self.deploy_ssh_keypairs(ovfenv)
if sel:
self.osutil.set_selinux_enforce(1)
def _add_user(self, username, encrypted_password, account_expiration):
user_added = False
try:
expiration_date = (account_expiration + timedelta(days=1)).strftime(DATE_FORMAT)
logger.info("Adding remote access user '{0}' with expiration date {1}", username, expiration_date)
self._os_util.useradd(username, expiration_date, REMOTE_ACCESS_ACCOUNT_COMMENT)
user_added = True
logger.info("Adding remote access user '{0}' to sudoers", username)
prv_key = os.path.join(conf.get_lib_dir(), TRANSPORT_PRIVATE_CERT)
pwd = self._cryptUtil.decrypt_secret(encrypted_password, prv_key)
self._os_util.chpasswd(username, pwd, conf.get_password_cryptid(), conf.get_password_crypt_salt_len())
self._os_util.conf_sudoer(username)
except Exception:
if user_added:
self._remove_user(username)
raise
