diff --git a/config.ru b/config.ru index 1cefb2b..eb19990 100644 --- a/config.ru +++ b/config.ru @@ -1,16 +1,12 @@ require 'rack' -require_relative 'lib/lxc_collector' -require_relative 'lib/authorized_keys_collector' +require 'json' require 'prometheus/client/formats/text' +require_relative 'lib/lxc_collector' run lambda {|env| req = Rack::Request.new env case req.path - when '/authorized_keys' - collector = AuthorizedKeysCollector.new - [200, {"Content-Type" => "text/javascript"}, [collector.collect.to_json]}] - when '/metrics' collector = LxcCollector.new [200, {"Content-Type" => "text/plain"}, [Prometheus::Client::Formats::Text.marshal( collector.collect)]] diff --git a/lib/authorized_keys.rb b/lib/authorized_keys.rb deleted file mode 100644 index c6246af..0000000 --- a/lib/authorized_keys.rb +++ /dev/null @@ -1,59 +0,0 @@ -class AuthorizedKeys - LINE = %r/^ - (?: - (? .+?) - \s+)? - (? (?:sk-)?ssh-[a-zA-Z0-9.@-]+) - \s+ - (? \S+) - (?:\s+ - (? .*) - )? - $/x - - def self.parse line - opts, m = {}, LINE.match( line) - raise "Invalid authorized keys line: #{line}" unless m - if m[:options] - o = m[:options].dup - while not o.empty? - case o - - when /^([a-z0-9_-]+)(.*)$/i - k, o = $1.to_sym, $2 - case o - when '' then opts[k] = true - when /^,(.*)$/ then opts[k], o = true, $1 - when /^="([^"]*)"(.*)$/i, /^=([a-z_0-9:-]*)(.*?)$/i - opts[k], o = $1, $2 - case o - when /^,(.*)/ then o = $1 - when '' then o = '' - else raise "Invalid options-string at: #{o}" - end - else raise "Invalid options-string at: #{o}" - end - - when /^\s*#/ - # comment - end - end - end - new m[:type], m[:key], m[:comment], **opts - end - - attr_reader :type, :key, :comment, :options - - def initialize type, key, comment, **options - @type, @key, @comment, @options = type, key, comment, options - end - - def to_h() {type: @type, key: @key, comment: @comment, options: @options} end - def to_a() [@type, @key, @comment, @options] end - def to_s - [ - @options.map {|k,v| case v when true then "#{k}" else "#{k}=\"#{v}\"" end }.join( ','), - @type, @key, @comment - ].join ' ' - end -end diff --git a/lib/authorized_keys_collector.rb b/lib/authorized_keys_collector.rb deleted file mode 100755 index 58eab69..0000000 --- a/lib/authorized_keys_collector.rb +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/bin/env ruby - -require 'pathname' -require 'lxc' -require 'etc' - -require_relative 'ns' -require_relative 'cborio' -require_relative 'lxc_extend' -require_relative 'authorized_keys' - -class AuthorizedKeysCollector - def initialize - end - - def forked wr - LXC.running_containers do |ct| - pid = ct.init_pid - NS.change pid, :pid, :mnt do - name = ct.config_item( 'lxc.uts.name') - conf = Hash.new {|h,k| h[k] = []} - IO.popen %w[sshd -T], err: "/dev/null" do |s| - s.each_line do |l| - k, v = l.chomp.split( ' ', 2) - conf[k.to_sym].push v - end - end - akf = conf[:authorizedkeysfile].flat_map {|e| e.split ' ' } - akf.map! do |pn| - pn = "%h/#{pn}" if Pathname.new( pn).relative? - pn.gsub( /%h/, "%s").gsub( /%u/, "%s") - end - while pw = Etc.getpwent - wr.write [ - :authkeys, ct.name, pw.name, - akf.each.flat_map do |pn| - pn = Pathname.new pn % {name: pw.name, home: pw.dir} - pn.exist? ? pn.readlines.map( &:chomp) : [] - end - ] - end - Etc.endpwent - end - end - end - - def collect - pid, io = CBORIO.popen {|io| forked io } - io.map do |l| - case l[0].to_sym - when :authkeys - host, user, keys = l[1..3] - keys.map! {|k| AuthorizedKeys.parse k } - {host: host, user: user, keys: keys} - end - end - end -end - -if Pathname.new( __FILE__).expand_path == Pathname.new( $0).expand_path - AuthorizedKeysCollector.new.collect.each {|e| p e } -end