authorized_keys collector removed

This commit is contained in:
root 2024-09-03 15:38:09 +02:00
parent d128087789
commit 0dfe23a9f2
3 changed files with 2 additions and 127 deletions

View file

@ -1,16 +1,12 @@
require 'rack' require 'rack'
require_relative 'lib/lxc_collector' require 'json'
require_relative 'lib/authorized_keys_collector'
require 'prometheus/client/formats/text' require 'prometheus/client/formats/text'
require_relative 'lib/lxc_collector'
run lambda {|env| run lambda {|env|
req = Rack::Request.new env req = Rack::Request.new env
case req.path case req.path
when '/authorized_keys'
collector = AuthorizedKeysCollector.new
[200, {"Content-Type" => "text/javascript"}, [collector.collect.to_json]}]
when '/metrics' when '/metrics'
collector = LxcCollector.new collector = LxcCollector.new
[200, {"Content-Type" => "text/plain"}, [Prometheus::Client::Formats::Text.marshal( collector.collect)]] [200, {"Content-Type" => "text/plain"}, [Prometheus::Client::Formats::Text.marshal( collector.collect)]]

View file

@ -1,59 +0,0 @@
class AuthorizedKeys
LINE = %r/^
(?:
(?<options> .+?)
\s+)?
(?<type> (?:sk-)?ssh-[a-zA-Z0-9.@-]+)
\s+
(?<key> \S+)
(?:\s+
(?<comment> .*)
)?
$/x
def self.parse line
opts, m = {}, LINE.match( line)
raise "Invalid authorized keys line: #{line}" unless m
if m[:options]
o = m[:options].dup
while not o.empty?
case o
when /^([a-z0-9_-]+)(.*)$/i
k, o = $1.to_sym, $2
case o
when '' then opts[k] = true
when /^,(.*)$/ then opts[k], o = true, $1
when /^="([^"]*)"(.*)$/i, /^=([a-z_0-9:-]*)(.*?)$/i
opts[k], o = $1, $2
case o
when /^,(.*)/ then o = $1
when '' then o = ''
else raise "Invalid options-string at: #{o}"
end
else raise "Invalid options-string at: #{o}"
end
when /^\s*#/
# comment
end
end
end
new m[:type], m[:key], m[:comment], **opts
end
attr_reader :type, :key, :comment, :options
def initialize type, key, comment, **options
@type, @key, @comment, @options = type, key, comment, options
end
def to_h() {type: @type, key: @key, comment: @comment, options: @options} end
def to_a() [@type, @key, @comment, @options] end
def to_s
[
@options.map {|k,v| case v when true then "#{k}" else "#{k}=\"#{v}\"" end }.join( ','),
@type, @key, @comment
].join ' '
end
end

View file

@ -1,62 +0,0 @@
#!/usr/bin/env ruby
require 'pathname'
require 'lxc'
require 'etc'
require_relative 'ns'
require_relative 'cborio'
require_relative 'lxc_extend'
require_relative 'authorized_keys'
class AuthorizedKeysCollector
def initialize
end
def forked wr
LXC.running_containers do |ct|
pid = ct.init_pid
NS.change pid, :pid, :mnt do
name = ct.config_item( 'lxc.uts.name')
conf = Hash.new {|h,k| h[k] = []}
IO.popen %w[sshd -T], err: "/dev/null" do |s|
s.each_line do |l|
k, v = l.chomp.split( ' ', 2)
conf[k.to_sym].push v
end
end
akf = conf[:authorizedkeysfile].flat_map {|e| e.split ' ' }
akf.map! do |pn|
pn = "%h/#{pn}" if Pathname.new( pn).relative?
pn.gsub( /%h/, "%<home>s").gsub( /%u/, "%<name>s")
end
while pw = Etc.getpwent
wr.write [
:authkeys, ct.name, pw.name,
akf.each.flat_map do |pn|
pn = Pathname.new pn % {name: pw.name, home: pw.dir}
pn.exist? ? pn.readlines.map( &:chomp) : []
end
]
end
Etc.endpwent
end
end
end
def collect
pid, io = CBORIO.popen {|io| forked io }
io.map do |l|
case l[0].to_sym
when :authkeys
host, user, keys = l[1..3]
keys.map! {|k| AuthorizedKeys.parse k }
{host: host, user: user, keys: keys}
end
end
end
end
if Pathname.new( __FILE__).expand_path == Pathname.new( $0).expand_path
AuthorizedKeysCollector.new.collect.each {|e| p e }
end