Create basic SSH config and key generataion, other minor updates
Basis ssh host config and ssh keygen script, does not hard create, but prints out commads Fix sudo set check in init.sh file Repository name to ssh config host name fix in the new clone script. Change was done to match ssh config create file
This commit is contained in:
50
src/bin/create_ssh_config.sh
Normal file → Executable file
50
src/bin/create_ssh_config.sh
Normal file → Executable file
@@ -11,9 +11,8 @@
|
|||||||
# IdentityFile ~/.ssh/<pem key name>
|
# IdentityFile ~/.ssh/<pem key name>
|
||||||
# [ProxyJump <jump proxy>]
|
# [ProxyJump <jump proxy>]
|
||||||
|
|
||||||
SSH_KEY_NAME="$1";
|
REPOSITORY="$1";
|
||||||
REPOSITORY="$2";
|
JUMP_PROXY="$2";
|
||||||
JUMP_PROXY="$3";
|
|
||||||
# below are only to skip error
|
# below are only to skip error
|
||||||
BRANCH="-"
|
BRANCH="-"
|
||||||
|
|
||||||
@@ -21,15 +20,17 @@ BASE_FOLDER=$(dirname "$(readlink -f "$0")")"/";
|
|||||||
# shellcheck source=init.sh
|
# shellcheck source=init.sh
|
||||||
. "${BASE_FOLDER}init.sh";
|
. "${BASE_FOLDER}init.sh";
|
||||||
|
|
||||||
SSH_CONFIG_BASE="${GIT_WEBHOOK_BASE_FOLDER}.ssh/config/";
|
# base folder for ssh config
|
||||||
if [ -f "${SSH_CONFIG_BASE}${SSH_KEY_NAME}.pem" ]; then
|
SSH_CONFIG_BASE="${GIT_WEBHOOK_BASE_FOLDER}.ssh/";
|
||||||
echo "SSH Key: ${SSH_KEY_NAME} already exists";
|
if [ ! -f "${SSH_CONFIG_BASE}config" ]; then
|
||||||
error=1
|
echo "[!] SSH config file does not exist: ${SSH_CONFIG_BASE}";
|
||||||
|
error=1;
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
if [[ "${REPOSITORY}" == *":"* ]]; then
|
if [[ "${REPOSITORY}" == *":"* ]]; then
|
||||||
REMOTE_HOST=$(echo "${REPOSITORY}" | cut -d ":" -f 1);
|
REMOTE_HOST=$(echo "${REPOSITORY}" | cut -d ":" -f 1);
|
||||||
else
|
else
|
||||||
echo "[!] Must set a remote host for the repository";
|
echo "[!] Must set a full repository path with remote host for the repository";
|
||||||
error=1;
|
error=1;
|
||||||
fi;
|
fi;
|
||||||
# if we have an ":" in the repository, split by it and replace it with the remote host
|
# if we have an ":" in the repository, split by it and replace it with the remote host
|
||||||
@@ -38,8 +39,17 @@ if [[ "${REPOSITORY}" == *":"* ]]; then
|
|||||||
fi;
|
fi;
|
||||||
GIT_REPOSITORY_NAME=$(basename "${REPOSITORY}" .git);
|
GIT_REPOSITORY_NAME=$(basename "${REPOSITORY}" .git);
|
||||||
|
|
||||||
if ! grep "Host ${GIT_REPOSITORY_NAME}" "${SSH_CONFIG_BASE}config"; then
|
if [ -f "${SSH_CONFIG_BASE}${GIT_REPOSITORY_NAME}.pem" ]; then
|
||||||
echo "[!] ssh config for ${GIT_REPOSITORY_NAME} already exists";
|
echo "SSH Key: ${SSH_KEY_NAME} already exists";
|
||||||
|
error=1
|
||||||
|
fi;
|
||||||
|
|
||||||
|
if
|
||||||
|
[ -f "${SSH_CONFIG_BASE}config" ] &&
|
||||||
|
[ -n "${GIT_REPOSITORY_NAME}" ] &&
|
||||||
|
grep "Host ${GIT_REPOSITORY_NAME}" "${SSH_CONFIG_BASE}config";
|
||||||
|
then
|
||||||
|
echo "[!] ssh config entry for Host '${GIT_REPOSITORY_NAME}' already exists";
|
||||||
error=1
|
error=1
|
||||||
fi;
|
fi;
|
||||||
if [ $error -eq 1 ]; then
|
if [ $error -eq 1 ]; then
|
||||||
@@ -49,8 +59,24 @@ fi;
|
|||||||
# SUDO_COMMAND= as base
|
# SUDO_COMMAND= as base
|
||||||
# ssh-keygen -t ed25519 -N "" -C "${GIT_REPOSITORY_NAME}" -f "${SSH_CONFIG_BASE}${SSH_KEY_NAME}"
|
# ssh-keygen -t ed25519 -N "" -C "${GIT_REPOSITORY_NAME}" -f "${SSH_CONFIG_BASE}${SSH_KEY_NAME}"
|
||||||
# must add ".pem" if key name does not end in .pem
|
# must add ".pem" if key name does not end in .pem
|
||||||
# SSH_COMMAND=("${SUDO_COMMAND[@]}" "ssh-keygen" "-t" "ed25519" "-N" "" "-C" "${GIT_REPOSITORY_NAME}" "-f" "${SSH_CONFIG_BASE}${SSH_KEY_NAME}")
|
SSH_COMMAND=("${SUDO_COMMAND[@]}" "ssh-keygen" "-t" "ed25519" "-N" "" "-C" "${GIT_REPOSITORY_NAME}" "-f" "${SSH_CONFIG_BASE}${GIT_REPOSITORY_NAME}.pem")
|
||||||
|
|
||||||
|
|
||||||
|
# debug output for now
|
||||||
|
echo "";
|
||||||
|
echo "* SSH-KEYGEN:"
|
||||||
|
echo "";
|
||||||
|
echo "${SSH_COMMAND[*]}";
|
||||||
|
echo "";
|
||||||
|
echo "* ADD TO: ${SSH_CONFIG_BASE}config";
|
||||||
|
echo "";
|
||||||
|
echo "Host ${GIT_REPOSITORY_NAME}":
|
||||||
|
echo " Hostname ${REMOTE_HOST}";
|
||||||
|
echo " User git";
|
||||||
|
echo " PreferredAuthentications publickey";
|
||||||
|
echo " IdentityFile ~/.ssh/${GIT_REPOSITORY_NAME}.pem";
|
||||||
|
if [ -n "${JUMP_PROXY}" ]; then
|
||||||
|
echo " ProxyJump ${JUMP_PROXY}";
|
||||||
|
fi;
|
||||||
|
echo "";
|
||||||
|
|
||||||
# __END__
|
# __END__
|
||||||
|
|||||||
@@ -23,7 +23,7 @@ if [ -z "$(command -v git)" ]; then
|
|||||||
fi;
|
fi;
|
||||||
GIT_COMMAND_BASE=("git");
|
GIT_COMMAND_BASE=("git");
|
||||||
SUDO_COMMAND=()
|
SUDO_COMMAND=()
|
||||||
if [ -n "${USE_SUDO}" ]; then
|
if [ "${USE_SUDO}" == 1 ]; then
|
||||||
# if we are root -> ok, else we must be SUDO USER
|
# if we are root -> ok, else we must be SUDO USER
|
||||||
if [ "$(whoami)" = "root" ]; then
|
if [ "$(whoami)" = "root" ]; then
|
||||||
SUDO_COMMAND=("sudo" "-u" "${SUDO_USER}");
|
SUDO_COMMAND=("sudo" "-u" "${SUDO_USER}");
|
||||||
|
|||||||
@@ -27,7 +27,7 @@ if [ -z "${REMOTE_HOST}" ]; then
|
|||||||
if [[ "${REPOSITORY}" == *":"* ]]; then
|
if [[ "${REPOSITORY}" == *":"* ]]; then
|
||||||
REMOTE_HOST=$(echo "${REPOSITORY}" | cut -d ":" -f 1);
|
REMOTE_HOST=$(echo "${REPOSITORY}" | cut -d ":" -f 1);
|
||||||
else
|
else
|
||||||
echo "[!] Must set a remote host for the repository";
|
echo "[!] Must set a repository path with remote host for the repository";
|
||||||
error=1;
|
error=1;
|
||||||
fi;
|
fi;
|
||||||
fi;
|
fi;
|
||||||
@@ -35,14 +35,20 @@ fi;
|
|||||||
if [[ "${REPOSITORY}" == *":"* ]]; then
|
if [[ "${REPOSITORY}" == *":"* ]]; then
|
||||||
REPOSITORY=$(echo "${REPOSITORY}" | cut -d ":" -f 2);
|
REPOSITORY=$(echo "${REPOSITORY}" | cut -d ":" -f 2);
|
||||||
fi;
|
fi;
|
||||||
|
# strip .git from the repository path, this is folder and ssh key Host name
|
||||||
|
if [ -z "${REPOSITORY_FOLDER}" ]; then
|
||||||
|
GIT_REPOSITORY_NAME=$(basename "${REPOSITORY}" .git);
|
||||||
|
else
|
||||||
|
GIT_REPOSITORY_NAME="${REPOSITORY_FOLDER}";
|
||||||
|
fi;
|
||||||
if [ $error -eq 1 ]; then
|
if [ $error -eq 1 ]; then
|
||||||
exit;
|
exit;
|
||||||
fi;
|
fi;
|
||||||
|
|
||||||
error=0
|
error=0
|
||||||
echo "* Validate SSH PEM Key exist and SSH config";
|
echo "* Validate SSH PEM Key exist and SSH config";
|
||||||
if ! grep "Host ${REMOTE_HOST}" "${GIT_WEBHOOK_BASE_FOLDER}"/.ssh/config; then
|
if ! grep "Host ${GIT_REPOSITORY_NAME}" "${GIT_WEBHOOK_BASE_FOLDER}"/.ssh/config; then
|
||||||
echo "ssh config entry for Host ${REMOTE_HOST} is missing";
|
echo "[!] ssh config entry for Host ${GIT_REPOSITORY_NAME} is missing";
|
||||||
error=1;
|
error=1;
|
||||||
else
|
else
|
||||||
# make sure the identiy file is there
|
# make sure the identiy file is there
|
||||||
@@ -63,12 +69,6 @@ fi;
|
|||||||
|
|
||||||
unique_id=$(uuidgen | tr -d '-' | head -c 8);
|
unique_id=$(uuidgen | tr -d '-' | head -c 8);
|
||||||
|
|
||||||
# strip .git from the repository path
|
|
||||||
if [ -z "${REPOSITORY_FOLDER}" ]; then
|
|
||||||
GIT_REPOSITORY_NAME=$(basename "${REPOSITORY}" .git);
|
|
||||||
else
|
|
||||||
GIT_REPOSITORY_NAME="${REPOSITORY_FOLDER}";
|
|
||||||
fi;
|
|
||||||
# log folder target
|
# log folder target
|
||||||
LOG_FILE="${GIT_WEBHOOK_BASE_FOLDER}${LOG_FOLDER}${GIT_REPOSITORY_NAME}.log";
|
LOG_FILE="${GIT_WEBHOOK_BASE_FOLDER}${LOG_FOLDER}${GIT_REPOSITORY_NAME}.log";
|
||||||
# from the repository get the last path without the .git so we have the target folder
|
# from the repository get the last path without the .git so we have the target folder
|
||||||
|
|||||||
Reference in New Issue
Block a user