-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathcoreos-check-ssh-keys
49 lines (43 loc) · 1.67 KB
/
coreos-check-ssh-keys
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#!/usr/bin/bash
# This script will print a message in the serial console
# if no ssh keys were added by Ignition/Afterburn.
main() {
# Change the output color to yellow
warn='\033[0;33m'
# No color
nc='\033[0m'
# See https://github.com/coreos/ignition/pull/964 for the MESSAGE_ID
# source. It will track the authorized-ssh-keys entries in journald
# provided via Ignition. Limit journal output to the most recent boot
# so we don't get output from re-used /var/ partitions.
ignitionusers=$(
journalctl -b 0 -o json-pretty MESSAGE_ID=225067b87bbd4a0cb6ab151f82fa364b | \
jq -r '.MESSAGE' | \
xargs -I{} echo "Ignition: {}")
# See https://github.com/coreos/afterburn/pull/397 for the MESSAGE_ID
# source. It will track the authorized-ssh-keys entries in journald
# provided via Afterburn.Limit journal output to the most recent boot
# so we don't get output from re-used /var/ partitions.
afterburnusers=$(
journalctl -b 0 -o json-pretty MESSAGE_ID=0f7d7a502f2d433caa1323440a6b4190 | \
jq -r '.MESSAGE' | \
xargs -I{} echo "Afterburn: {}")
output=''
if [ -n "$ignitionusers" ]; then
output+="$ignitionusers"
fi
if [ -n "$afterburnusers" ]; then
# add newline if needed
if [ -n "$output" ]; then
output+=$'\n'
fi
output+="$afterburnusers"
fi
if [ -n "$output" ]; then
echo "$output" > /etc/issue.d/30_ssh_authorized_keys.issue
else
echo -e "${warn}No SSH authorized keys provided by Ignition or Afterburn${nc}" \
> /etc/issue.d/30_ssh_authorized_keys.issue
fi
}
main