it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Avoid exposing passwords in the process list, use a password file.

Browse source
This commit is contained in:
Andreas B. Mundt 2024-01-19 21:43:32 +01:00
parent 917b45aadc
commit 57ec856f49
7 changed files with 156 additions and 131 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
lmn-client.yml
View file

@ -57,6 +57,7 @@
## Local mirror for libdvdcss. Remove or leave empty to use no mirror: ## Local mirror for libdvdcss. Remove or leave empty to use no mirror:
mirror_dvdcss: "{{ vault_mirror_dvdcss }}" ## http://livebox.example.org/libdvdcss/ mirror_dvdcss: "{{ vault_mirror_dvdcss }}" ## http://livebox.example.org/libdvdcss/
uploadseed_pwd: "{{ vault_uploadseed_pwd }}"
rsyncsecret: "{{ vault_rsyncsecret }}" rsyncsecret: "{{ vault_rsyncsecret }}"
keys2deploy: "{{ vault_keys2deploy }}" ## ['ssh-ed25519 AAAAC…uYlnS0', 'ssh-ed25519 AAAA…KTM'] keys2deploy: "{{ vault_keys2deploy }}" ## ['ssh-ed25519 AAAAC…uYlnS0', 'ssh-ed25519 AAAA…KTM']
localuser: "{{ vault_localuser }}" ## needed here for the (universal) pam-mount configuration localuser: "{{ vault_localuser }}" ## needed here for the (universal) pam-mount configuration

220
lmn-vault
View file

@ -1,110 +1,112 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
37663931383332613032386465663865336137383262383139636136653636623834343537316539 65646637366132333430346461646331313431363233363736306264633633396665626332623934
3930303237653661363630656261323537663931646161370a626232346237383930396362646564 6439363764316132383635626137313764633162636362340a613832323934646431663632396361
34336337383932663166336166363933316238336632323364623161643136636438336637616530 36323539663238363738393131363034333561343233383238396234613434633334323235626637
3064373439646363620a326433316565333630643238373062343037653038316263383233346533 6266326166333334650a353637383131313136613635333237616361353732663734613833306538
34396639656533656664323665653231633537366362616265343436626466393836363439636633 35643831653332346634616139363032656433623032383832363837653231306465353766343961
32656532373038396638393861313832386466643735393737626138373032353362613039336530 65313134303434333635306634633731313462396535383662616134653762343732366431373032
31306131616263333861346434636162303632356536656134346263623863306162643063353039 65346564663335633936636662626162636134636339343463376166666333346133616136626665
32623930356561356333326334613666393639633436363539326436333530326337626538396562 66373064303562323564363864366363663336383862336632373436666330373465636135623762
34353230306637623265623465313064623536343730396661306331313365343731366332613037 36656632346664326463646666313663343662363865343166376363313866663536623234383561
33303534643231653439653962636237333962656631636634353730313535616637343666626364 61616637653630316230626337653135396134323636303538346435663639643662646133383363
63633736393832663932636230356665626538313133333331323334336333353238623561313939 39393234333934656166366633356663326162396431383362306339623534646162613339383836
66653138666335633330386263623937326164346663616131363833383536306162323737313736 39666464666163633033653434306365393933383232653364363062356133356239626538633338
31343162633534366438306538376238333062646266666136376265383236363162313061326531 32303030626538373637323533303964643838383331366365326465666530623965613731663261
62333531353630613639353166323035393038666263623931653631646263323062326434386361 33626563386262353531353635356430333633633665393230613561633836653636636639313663
63646538656134616435663531393132663638383165643037303461643939373839626665663265 37373736346234313134313232376164633332386563383863343266626231373237643063663533
61303961306238343635383231646362626639623232623333366338356361343737656665613431 39343939393331653665633335653264376531383364376565646239616231343531336134626531
34363161626266346438303235363032646235303933383634303034343536626332623761306361 38396630363865376161313835376261646637383438323537626433323232353632386439393933
39616239383161303334313936393632633866623031373265386661353330396432396364373330 32306238643436653666333561643764633831343962643165356232663932633763396437383634
36386264633866316337393765333039373361653338663462663939323839373732393736393361 35313763323633643439376333643836613637613339343731636633313064386231613135623832
32333034663966323665303532313039333438663466366435653136623166366263636434303966 32643934376233663865326534313735633535316635393932646263313135373633636333333737
61303934633939373463373664376230363831383630633639663031303237356166663931386635 33386365363830336139323763303734383966616165356462333734333666343830356234616662
30303461663236326536383439396139316232323162343965353034656464616431643439633837 30616434623237653138623538643331373432663137323333376632343065316431313734333965
30346231643561636263343738613239396361383238636261646262373137383461373432343635 64333237396236666664613466623039626634343238363136363438663730626132646562646536
33386631653139316436313532646630626230613335633538306666386163653439613462343662 61653562666636613164373464663931356565623862306332653230396230326636363638393862
30626130326463393336643039396433643266393266646238353566306633643561386430613161 62663765373436303831613435383866323138316633336532336632383065343537326332653235
30363263616231353661303030356638323438373466633466323833393463663562343933326631 30383764396361396565323035346531396365623130636538396238613037353438346365363331
34313162383433356662346166383761636438636466633462396230383133613038323666643233 64383636376566306136653033613638323865653266383136373231353063303434636332363166
63383138616637363830613661313236336564636162383262373064336365303435313463323564 37373462353530326663386139333536616138386431373763383838336365336634366339636637
39313539656136613564393239343032373038393266656366643639303662646534306665396237 32356263653964343461393162396539303534343562653032643461626235373339666363646637
35393264626430373662376231323165316333353263306637313962663736353633636661663961 37633934393036356331363563303330316234393535376338646235663235383966396634383166
37336134643031323361333538613933666634666363313535636631323366613066633037653939 37656633373562643530663037333735396638363963323837653831396233653962356536616236
32643165393631353534623435613732653364303833356436356263356438363961303665626364 37323139306131323561303061633136303234316335363361633766623530303762663465353163
66363463633665393737616265613439326361353134623537626437303566343962626364623134 33313733386265346333663065366536616533326364613231313330373137616130373539313131
34343165626230383039316134343238653933386134303936346162613261386539353064303330 37316637653934653035373965636633626262626561313338646261313530356163356364663834
36353135323235663165353662643735636361646239333238306163393235663461613938643163 64663037666133626261386266666633336666323362373237626639373535333937336331353039
34373464376163623961646262363437303563386333633764346366343066313065386530633334 30313833353766626332376432326531616464643364313232386633613361623234653536313830
38306138616436653732316638373335353437363162373830623864633139313130386464666233 61626666333037393564303738646333643534623138366264353339326331386433343733623837
31366165373539343766643135363136346430623335333061656664656338386661353366613865 63646431646533383331356334656466316465623735613537646536623364636632323566626233
31323036633662636364343664626165346561323664366263383762343036373338346236353738 31663263623539343562383836366134366236346539386532373735633237373363636438366632
31666361613036663861343937613364323130356565353161373431303732396337343134373538 39613330336365626137363765313930623262666263393835626532333262343265313761356333
34326666346132656234623365643137343864363138666139333032393636333537626336313365 34623663633636373734326662363865396635613933393464356436393161303132663564366437
65343136356261323637303833633132343334303366633063363437316331383434313164616332 35323166643762333862656561306239343034643562316534316236636362363162306131633961
35636430643666626631353164646361303034366461343331376363323535303265353435323764 31653736613732643930666338333131373634333166633466656663636163396266306538626666
63393935353731633364326365316238313031623662323235316237356663303236633838336365 65326163646137373236633363663063383162393435356163366665653033666161333037303035
30323862656562643134363362323335396336666532336338346561623163653861316165633731 35396334663135373863646664613137666565356161353865316164633939323037323664346331
61383736353137643339353638373035373136353161643737353839663833646230633230333962 63313230333565336232663166616465363038326663633066623531363338623430313332333138
33363030333139613338396635396332613738363837356566646661336638613838303764616334 34363532643036343831353463356665646363363239643835396661356665393035303561653337
32653234656265313566316463363235373337623634393764663066613530306166613238653164 62663335636533366334643636653366303231353630633166343832313133303663393836623036
33636339336135666661303338376439636334326634373538326233653566346663376166346239 33616563636266356130356635663538343236356632376461626532626436616334386330356430
33376130633439663130313637653865626464363531663035643466343932323439333638303663 62323864323534333032643737656164343633636365623664336236626239633138626230383536
37346234316233373663303230353631646437616534396639396139616262383238323938666533 39306534383933326638666130383139316334373530373335633238316238353038643136366533
38613061613632333637303731323564343664386365646562363766323734613332323462303266 38396661626661373964363630633963373732343161663065386539306637313633303534663466
38626133643638376663343337393836663265633763326136336436346130316533373131366534 66396361373163313865373131636239613930333963663462306636626431363934343136616330
32386465353938383266343930386362636265363761303431333730373261306564333137326562 30643763343838316338643463323833666639616437336361303363393361356431356266353233
37643362316161643436633066343537336561623033326165623837633464663163326630346531 63366366336231386530313961356538613136366530343338353063343332333165323763613566
38653233336639353938323932383761386230383639666265346536653035313530363665653562 34653133633532613332376634616234383237666261363038613437646366356332636530623534
39333834313736316430666534353134373561343337323330376331323532643137663938306463 30613735663666636232623230633161663064666436333161633334356336383038386535336133
30313162383230333138316339663432633962303161323065613039356464626166643430373465 39663963333031383961643232636539313137346132336462336165313862653366303135353730
38343536343261346232636464316332336664643638653665333535366362303461633665666237 63303834313462646633333232646661623731613439633434663266303834376635346438356438
31333937373762363166663936623034313934353137636266663665623066373239363164633731 39303066663633656234633131366330356363636535373034613037363837326562306562663538
66303066336134343566313030613866313332626338363634336639636239613032343166366331 61316666643230626662663266373330643865393938313232306130376333306536393930363037
64626130613163626230343366643063333766313530383734626161336565633635643639633361 66636562396339633763656431653036646361313632313932636231626333303337366266623238
39663931656632333539383430393465636634663734656662393831316639316138663636373761 39616336656537363439373231643132363264306135346437386465326265666137353032336261
34346363343966626235326338333264313266343334303533393932633032616661643236303537 61323234643662653233353737346661373630376630343635383834313038373162643135343434
32653239393133373331623538313365636538326262373865373533646332663862373530363130 37613634333330326132623437623834363539343037643764303631613463343863643065643063
32663938663266643461356237333139373133613833653333616464663635663131643336363534 33326537376130346365323361343266663331343038663037623438666362656236613065366235
31313131376163633331326434303961353032633862366137326439363838383064323462643964 65363130356133353739623733376531636438643535633731646431653837343531313531373436
30623433326361666136326237653866386534626133363334373838643635613436333035313364 31356139393363646262623664663261613931636330663436336466633038643763336337336330
64393030323230393336373566393966326637363932336133333762626437373163626231336562 33393433346332623538653262303462636363363338346538376463373838363036343634363131
64316538306366343732333031373765303339373436313535636231623739653932363064646461 31636332343931643436393464656165616631373339336537623130343630346164383830313165
35323735393032333433633462313938626666303466356336323031343533346466383631653839 36316364653739646330663762356332393262653931613933643963626433633532353766663632
32306139393039333336633639363034343566646164646334663561373563393434326233353863 65616262666433383763363636303131373064636261616661613139373766336639376336393962
32336437623662396430623261633338623130386631616333373732383239386139326138643761 65336332303164353763636332323031363363653262386331313038646564393131303366653834
33393031396563323566326262363037663439333233373435343039633664643064386665383931 33303464303566656363343464336164363264626436306465633261386464663764636431353037
34653133373334346265656361333036636163386462316636643637313631323965623139313864 31363034323331333235346137653139323835326135653337323339346239383038363861313638
37346161386539636438636533623563646535373731653336313130343365633365663533316233 31363136353037396634326239306665303230616131363965653439656361356538623135613238
33343938333435333865653863363266326334383961396537373561366130316632376135393836 66366639333331306337323562343934313532323633613034353863623839636135393465383832
63363033616164326364613537343037343632383638656237613633633139626363666163646537 34323031326262306161613439323836646538363136336537313266343662383935373762666138
64393665373036396536376466633666653038613166353138636462633934306336396164323831 64336132356662366436326664653234303034623066313736353439396334653630643136336431
32613434623539666439653131393365643738383032303930386135336664636239313031356330 31386330326636303334313535363564383964623538656666376136366365633538386139333862
34643661643762313739386661326238343036633936376439643535383766323731353464616336 65336662653965343035306534393962616438636366646664383231316365366435663763643663
63316438303937333232666339393635653265653066626335393839313131316164383131626637 64383034336565663561626262636263616336303066396164633464313830363338303932356638
64313831306637313135633661333632376235656563323836656335303931663731303366326161 32373162313330303935316137366435373532346363386461303933643237383830623335626639
63386137393835303339643933333130646532393262613635366139326434333731633630393433 33383335653436353831303163656530613962303439383563376534663738383035346433303834
31646231616339363839623833326665333936316538343339663863356362356435666162633534 31663863343864656463643433383938393464613865356134346261663333616537663066333965
39313833363962666139326535636133663332316431323835383035616161363032383766366363 32366466373165633936323232333237383638313434366437376237653837363532393564323035
33653730616164313139623163356234633538356232386332656631643833663239663038643336 64623234376538666237653938346634346532656135333165353864383739353737643965636539
35396563653433376661303961663563663333313132326263366137373263623566626634636332 63626134376330346538656539333362633765363735656161323635323164323038633139653663
63393536303963626364653862333664616236386461323865363333663936363235653064383864 64616466353137623937333237633163646266326437663833393437336662356465336566353832
61363464313434643938366230613139353034333330383435336364623136626565663764633230 30653063666261613534393439663664326336353338393439336137386662316137666236636337
39383064323135336132356663366435333164313435363636353230386365316631393636613262 32326336396430633136333064383164373033366230333832333564616364663931653233333233
37373666303836653664363266303534633037616630656633333466643631313865646462363931 62353264343865663865323461643032633465336564646161303039356266303738306435353131
66353934393637623634326632326334616266393636343662396663373236326333663932333235 30376431616631613463313666383664343962306265613361376365353361303162653834623631
36616439333265396266616364333239306166646335383462353235323661353837616534333433 33643762306232636134666366373637353234353265303437306261383861333235383530383638
32623637326434613738326538323661356566373833393836343036373361393539363462393265 62353338323535333438376335636339386161326564623037323861343134396637366362646335
33316237333532663266306139323464656530363539316364666638386338633137363533313065 66633865386339666265396438353362333463376361306666313331353063313331636539343835
38626538323064656561613431613039323937333738353338323331656362306538613463393661 66326661386532343865653365356531663365663865666439653039643333363363653838616436
36306237646264383338666563656239353439303265623763353839363032326261636238353235 38333037353333373866316333613538373263386334626665363239353162376335373238613737
30353666373633396136336361363164353835646432643938316533613262373462626435646335 31616465326138663934356530353263653133636232396134316163343131316664633964643437
62646134663362366266663565633934616166353363663039653464353330366130623930623237 37353937653665326638663631383733646563336162643361643366633564663439396639373966
61353162376264646132393831376433303433663339336439623430346664353761363061363436 66356163343731353430626537326466393538363939313134343464643666323037356639323538
32616539333066356563646363333133626262366566616133623635323335363936336362333062 35626137303439316233313664326535396234326432396132646361663936636362626232383530
38303239353434306230663465623736313035376165623838346338383238383666313133333366 37366334333035656638383161663732393864333562373761303031353262303666626436373065
62396633386133613538303565663332333730346638656161356637623931333062313462393562 66396233393864373463363065373461353538626135663937656330326632663863353438643838
31336135326533653961393661656162653561653139333161643139363962373138383661303838 63663438356663313039616135393833623838366530353735333161663739366431393139623737
34396461616538396331306331666434396537663534616465376565313837373232366235313830 63306464353039323065623765363665663266393934653962303761383362646364373239313062
66393961346139393763333933326537383161373564656131323837376233393565333937616566 38353737663434646138303562303835373439653137656234653333313234366436623963386636
39643961323236316661353331346164363137323536626665643864393137353964313465323930 66313837393636373537663030393331613633306531306339306261636366343362333736363465
3334 32316662666664636437393736383130663235373266393263623131643339323266633633336334
30643737396364303462363262653332346637643466323339633435323436366430626339393537
633439343732646238343833663731646631

34
roles/lmn_vm/files/uploadseed
View file

@ -7,24 +7,34 @@ import ssl
import argparse import argparse
parser = argparse.ArgumentParser(description='Upload a file to the bittorrent seeder.') parser = argparse.ArgumentParser(description='Upload a file to the bittorrent seeder.')
parser.add_argument('--rpc-server', required=True, parser.add_argument('--server', required=True,
help='the RPC server IPaddress:port') help="the server address and RPC port like 'IPaddress:port'")
parser.add_argument('--rpc-secret', required=True,
help='the RPC secret')
parser.add_argument('--dht-port', required=True, parser.add_argument('--dht-port', required=True,
help='the DHT port the RPC server is listening on') help='the DHT port the RPC server is listening on')
parser.add_argument('--no-cert', action='store_true', pwgrp = parser.add_mutually_exclusive_group(required=True)
help='do not use SSL certificate') pwgrp.add_argument('--passwd',
parser.add_argument('--cert', help='the certificate to use for verification') help='the RPC secret. Either this or --pwdfile needs to be ' \
parser.add_argument('file', help='the file to upload') 'provided')
pwgrp.add_argument('--pwdfile',
help="file containing the RPC secret in the form " \
"'secret = \"token:SECRET\"'. " \
'Either this or --secret needs to be provided')
certgrp = parser.add_mutually_exclusive_group(required=True)
certgrp.add_argument('--no-cert', action='store_true',
help='do not use SSL certificate')
certgrp.add_argument('--cert', help='the certificate to use for verification')
parser.add_argument('FILE', help='the file to upload')
args = parser.parse_args() args = parser.parse_args()
rpcseeder = 'https://' + args.rpc_server + '/rpc' rpcseeder = 'https://' + args.server + '/rpc'
secret = 'token:' + args.rpc_secret dhtentry = args.server.split(':')[0] + ':' + args.dht_port
dhtentry = args.rpc_server.split(':')[0] + ':' + args.dht_port file2send = args.FILE
file2send = args.file
torrent = '/tmp/' + os.path.basename(file2send) + '.torrent' torrent = '/tmp/' + os.path.basename(file2send) + '.torrent'
if args.passwd:
secret = 'token:' + args.passwd
else:
exec(open(args.pwdfile).read())
ssl_ctx = ssl.create_default_context() ssl_ctx = ssl.create_default_context()
if args.no_cert: if args.no_cert:

12
roles/lmn_vm/files/vm-sync
View file

@ -71,7 +71,8 @@ get_file() {
push_file() { push_file() {
cd "${VM_SYSDIR}" cd "${VM_SYSDIR}"
uploadseed --rpc-server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" --rpc-secret insecure --no-cert "${FILENAME}" uploadseed --server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" \
--pwdfile "${SEEDBOX_PWFILE}" --no-cert "${FILENAME}"
} }
if [[ "$(id -nu)" != "lmnsynci" ]]; then if [[ "$(id -nu)" != "lmnsynci" ]]; then
@ -106,26 +107,25 @@ case "$command" in
push_file) push_file)
for FILENAME in "$@"; do for FILENAME in "$@"; do
push_file push_file
done done
;; ;;
get_file) get_file)
for FILENAME in "$@"; do for FILENAME in "$@"; do
get_file get_file
done done
;; ;;
get_image) get_image)
for VM_NAME in "$@"; do for VM_NAME in "$@"; do
get_torrent get_torrent
done done
;; ;;
delete_outdated_image) delete_outdated_image)
for FILENAME in "$@"; do for FILENAME in "$@"; do
delete_outdated_image delete_outdated_image
done done
;; ;;
*) *)
show_help show_help
exit 1 exit 1
;; ;;
esac esac

6
roles/lmn_vm/files/vm-upload
View file

@ -39,8 +39,10 @@ upload_image() {
cp -a "${VM_DIR}/${VM_NAME}.xml" "${VM_SYSDIR}" cp -a "${VM_DIR}/${VM_NAME}.xml" "${VM_SYSDIR}"
fi fi
cd "${VM_SYSDIR}" cd "${VM_SYSDIR}"
uploadseed --rpc-server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" --rpc-secret insecure --no-cert "${VM_NAME}.qcow2" uploadseed --server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" \
uploadseed --rpc-server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" --rpc-secret insecure --no-cert "${VM_NAME}.xml" --pwdfile "${SEEDBOX_PWFILE}" --no-cert "${VM_NAME}.qcow2"
uploadseed --server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" \
--pwdfile "${SEEDBOX_PWFILE}" --no-cert "${VM_NAME}.xml"
} }
source /etc/lmn/vm.conf source /etc/lmn/vm.conf

3
roles/lmn_vm/files/vm.conf
View file

@ -1,8 +1,9 @@
# variables for LMN VM submodule # variables for LMN VM submodule
SEEDBOX_HOST=seedbox.pn.steinbeis.schule SEEDBOX_HOST="seedbox.pn.steinbeis.schule"
SEEDBOX_PORT=6789 SEEDBOX_PORT=6789
SEEDBOX_RPC_PORT=6800 SEEDBOX_RPC_PORT=6800
SEEDBOX_PWFILE="/etc/lmn/uploadseed.conf"
VM_SYSDIR="/lmn/vm" VM_SYSDIR="/lmn/vm"
if [[ -v SUDO_UID ]]; then if [[ -v SUDO_UID ]]; then

11
roles/lmn_vm/tasks/main.yml
View file

@ -163,12 +163,21 @@
- uploadseed - uploadseed
- name: Deploy vm configuration file vm.conf - name: Deploy vm configuration file vm.conf
copy: ansible.builtin.copy:
src: vm.conf src: vm.conf
dest: /etc/lmn/vm.conf dest: /etc/lmn/vm.conf
owner: root owner: root
group: root group: root
- name: Deploy aria2 RPC password file
ansible.builtin.copy:
dest: /etc/lmn/uploadseed.conf
owner: root
group: lmnsynci
mode: '0640'
content: |
"{{ uploadseed_pwd }}"
- name: Prepare directory for qemu bridge config - name: Prepare directory for qemu bridge config
ansible.builtin.file: ansible.builtin.file:
path: /etc/qemu/ path: /etc/qemu/