authorized_keys collector removed
This commit is contained in:
parent
d128087789
commit
0dfe23a9f2
|
@ -1,16 +1,12 @@
|
||||||
require 'rack'
|
require 'rack'
|
||||||
require_relative 'lib/lxc_collector'
|
require 'json'
|
||||||
require_relative 'lib/authorized_keys_collector'
|
|
||||||
require 'prometheus/client/formats/text'
|
require 'prometheus/client/formats/text'
|
||||||
|
require_relative 'lib/lxc_collector'
|
||||||
|
|
||||||
run lambda {|env|
|
run lambda {|env|
|
||||||
req = Rack::Request.new env
|
req = Rack::Request.new env
|
||||||
case req.path
|
case req.path
|
||||||
|
|
||||||
when '/authorized_keys'
|
|
||||||
collector = AuthorizedKeysCollector.new
|
|
||||||
[200, {"Content-Type" => "text/javascript"}, [collector.collect.to_json]}]
|
|
||||||
|
|
||||||
when '/metrics'
|
when '/metrics'
|
||||||
collector = LxcCollector.new
|
collector = LxcCollector.new
|
||||||
[200, {"Content-Type" => "text/plain"}, [Prometheus::Client::Formats::Text.marshal( collector.collect)]]
|
[200, {"Content-Type" => "text/plain"}, [Prometheus::Client::Formats::Text.marshal( collector.collect)]]
|
||||||
|
|
|
@ -1,59 +0,0 @@
|
||||||
class AuthorizedKeys
|
|
||||||
LINE = %r/^
|
|
||||||
(?:
|
|
||||||
(?<options> .+?)
|
|
||||||
\s+)?
|
|
||||||
(?<type> (?:sk-)?ssh-[a-zA-Z0-9.@-]+)
|
|
||||||
\s+
|
|
||||||
(?<key> \S+)
|
|
||||||
(?:\s+
|
|
||||||
(?<comment> .*)
|
|
||||||
)?
|
|
||||||
$/x
|
|
||||||
|
|
||||||
def self.parse line
|
|
||||||
opts, m = {}, LINE.match( line)
|
|
||||||
raise "Invalid authorized keys line: #{line}" unless m
|
|
||||||
if m[:options]
|
|
||||||
o = m[:options].dup
|
|
||||||
while not o.empty?
|
|
||||||
case o
|
|
||||||
|
|
||||||
when /^([a-z0-9_-]+)(.*)$/i
|
|
||||||
k, o = $1.to_sym, $2
|
|
||||||
case o
|
|
||||||
when '' then opts[k] = true
|
|
||||||
when /^,(.*)$/ then opts[k], o = true, $1
|
|
||||||
when /^="([^"]*)"(.*)$/i, /^=([a-z_0-9:-]*)(.*?)$/i
|
|
||||||
opts[k], o = $1, $2
|
|
||||||
case o
|
|
||||||
when /^,(.*)/ then o = $1
|
|
||||||
when '' then o = ''
|
|
||||||
else raise "Invalid options-string at: #{o}"
|
|
||||||
end
|
|
||||||
else raise "Invalid options-string at: #{o}"
|
|
||||||
end
|
|
||||||
|
|
||||||
when /^\s*#/
|
|
||||||
# comment
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
new m[:type], m[:key], m[:comment], **opts
|
|
||||||
end
|
|
||||||
|
|
||||||
attr_reader :type, :key, :comment, :options
|
|
||||||
|
|
||||||
def initialize type, key, comment, **options
|
|
||||||
@type, @key, @comment, @options = type, key, comment, options
|
|
||||||
end
|
|
||||||
|
|
||||||
def to_h() {type: @type, key: @key, comment: @comment, options: @options} end
|
|
||||||
def to_a() [@type, @key, @comment, @options] end
|
|
||||||
def to_s
|
|
||||||
[
|
|
||||||
@options.map {|k,v| case v when true then "#{k}" else "#{k}=\"#{v}\"" end }.join( ','),
|
|
||||||
@type, @key, @comment
|
|
||||||
].join ' '
|
|
||||||
end
|
|
||||||
end
|
|
|
@ -1,62 +0,0 @@
|
||||||
#!/usr/bin/env ruby
|
|
||||||
|
|
||||||
require 'pathname'
|
|
||||||
require 'lxc'
|
|
||||||
require 'etc'
|
|
||||||
|
|
||||||
require_relative 'ns'
|
|
||||||
require_relative 'cborio'
|
|
||||||
require_relative 'lxc_extend'
|
|
||||||
require_relative 'authorized_keys'
|
|
||||||
|
|
||||||
class AuthorizedKeysCollector
|
|
||||||
def initialize
|
|
||||||
end
|
|
||||||
|
|
||||||
def forked wr
|
|
||||||
LXC.running_containers do |ct|
|
|
||||||
pid = ct.init_pid
|
|
||||||
NS.change pid, :pid, :mnt do
|
|
||||||
name = ct.config_item( 'lxc.uts.name')
|
|
||||||
conf = Hash.new {|h,k| h[k] = []}
|
|
||||||
IO.popen %w[sshd -T], err: "/dev/null" do |s|
|
|
||||||
s.each_line do |l|
|
|
||||||
k, v = l.chomp.split( ' ', 2)
|
|
||||||
conf[k.to_sym].push v
|
|
||||||
end
|
|
||||||
end
|
|
||||||
akf = conf[:authorizedkeysfile].flat_map {|e| e.split ' ' }
|
|
||||||
akf.map! do |pn|
|
|
||||||
pn = "%h/#{pn}" if Pathname.new( pn).relative?
|
|
||||||
pn.gsub( /%h/, "%<home>s").gsub( /%u/, "%<name>s")
|
|
||||||
end
|
|
||||||
while pw = Etc.getpwent
|
|
||||||
wr.write [
|
|
||||||
:authkeys, ct.name, pw.name,
|
|
||||||
akf.each.flat_map do |pn|
|
|
||||||
pn = Pathname.new pn % {name: pw.name, home: pw.dir}
|
|
||||||
pn.exist? ? pn.readlines.map( &:chomp) : []
|
|
||||||
end
|
|
||||||
]
|
|
||||||
end
|
|
||||||
Etc.endpwent
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def collect
|
|
||||||
pid, io = CBORIO.popen {|io| forked io }
|
|
||||||
io.map do |l|
|
|
||||||
case l[0].to_sym
|
|
||||||
when :authkeys
|
|
||||||
host, user, keys = l[1..3]
|
|
||||||
keys.map! {|k| AuthorizedKeys.parse k }
|
|
||||||
{host: host, user: user, keys: keys}
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
if Pathname.new( __FILE__).expand_path == Pathname.new( $0).expand_path
|
|
||||||
AuthorizedKeysCollector.new.collect.each {|e| p e }
|
|
||||||
end
|
|
Loading…
Reference in a new issue