Versions Compared

Old Version 1

changes.mady.by.user Chris Green

Saved on

compared with

New Version Current

changes.mady.by.user Jacob Ward

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Outline

This script will add a list of fed IDs or openstack account names to the VM it is run on. Make sure that all the accounts you are attempting to add exist within the Openstack project the VM is in.

Method

Here is the script. Save this as addusers-ubuntu.sh to the VM.

Code Block
#!/bin/bash

FEDIDS=$(cat $1)
for fedID in $FEDIDS
do
        $(echo -e "\n\nn" | adduser $fedID -q --gecos ",,,,") &>/dev/null
done

To run this script, first create a file called fedIDs.txt containing the fed IDs you want to add as user accounts. Seperate each ID with a new line. Then, run the script with sudo (you will need sudo privileges to add users) as follows, passing the file containing the fedIDs as an argument:

Code Block
sudo bash addusers-ubuntu.sh fedIDs.txt

To check that the users have been added correctly, you can check the contents of the /etc/passwd file. You should see the new accounts at the bottom of this file, e.g.

Code Block
$ tail -n 1 /etc/passwd
<fedID>:x:1008:1006:,,,:/home/<fedID>:/bin/bash

Adding a user account to multiple cloud hosts within a project

Outline

For some types of Openstack projects, it’s common to have a list of user accounts, that may or may not be external users, that need ssh access to a (large) number of hosts within that project. This document provides an outline approach as to how to approach this task.

Method

Make sure you have root access to the systems, or at the very least, have a login to each system with sudo access. If you are using a ssh key pair to login (the preferred method within STFC), make sure you have your private key loaded on a ssh-agent and ensure that “Agent forwarding” feature is enabled. If this is a common task that you have to do, it is worth using the same “command and control” hosts in all of your operations for running scripts on the hosts within projects. Step 1 – Find the list of hosts within a project Find the project from: Openstack project list | grep –v 844e | grep –v rally …from there, you can list all of the virtual machines that are in a particular project:- Openstack server list –project “Rucio at RAL” This will return a list of hostnames and their IP addresses (and float IP addresses). You can make this just a list of IP addresses using something like:- openstack server list –project “Rucio at RAL” | awk -F| ‘{ print $5 }’ | grep ‘Internal’ | sed ‘s/^ Internal=//’ ….which just returns a list of the 172.16.x.y network IP addresses – there is no point in returning the 192.168.x.y IP addresses as you cannot directly ssh to these anyway, but any float IP addresses, you could append as needed. Output this to a file “all_IP_addresses.text”. Check login to each host, identify host and check which hosts have users enabled on themThis document provides instructions and commands to add additional user accounts to existing cloud VMs, steps are provided for each supported operating system.

Prerequisites

  1. sudo level access to the machines you wish to add the new users to.

  2. The username of each user you wish to add.

    1. For STFC users we recommend using their Fed ID (STFC Username) for consistency.

  3. The corresponding SSH Public Key for each user.

Note

We do not recommend setting passwords for added users and as such the following instructions only provide steps to allow additional users to authenticate using SSH Key based authentication.

Rocky Linux

Expand
titleRocky 8

Expand
titleRocky 9

Ubuntu

Expand
titleUbuntu 20.04 Focal

For each user, do the following:

First you create the user account using the adduser command. Note that this command will prompt you for some additional details.

Code Block
sudo adduser <username> --disabled-password

You then want to set up the user’s SSH authorized keys file and add their SSH public key to it using an editor of your choice. Please note that key formatting is very important, several examples of acceptable key types and formats are provided below.

Code Block
languagenone
sudo mkdir /home/<username>/.ssh
sudo touch /home/<username>/.ssh/authorized_keys

sudo vim /home/<username>/.ssh/authorized_keys

sudo chown -R <username>:<username> /home/<fed-id>/.ssh
sudo chmod -R 0700 /home/<username>/.ssh

Your user should now be able to log in to your machine with their SSH public key using the following command.

Code Block
ssh <username>@<ip address>

If you also want the newly added user to have sudo permissions then you need to edit the /etc/sudoers.d/cloud file using the following command.

Code Block
sudo visudo /etc/sudoers.d/cloud

Adding the following line to the bottom. Note that because we do not set a password for the user, the NOPASSWD option is necessary.

Code Block
<username> ALL=(ALL) NOPASSWD: ALL

Example Public Keys

The following keys are all examples used to demonstrate acceptable formatting of public keys in authorized keys files.

Code Block
# RSA-2048
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDdIsfXr82WFXNfw+RfECqitp/5wPeR670TO8gj/F7ypRPi80wLRKBF85LVN9T/E0b0+Ur6E1sMRWI9xAnxW2O1uSZ4f1TqlzbL4jqmbQuGRNIKroyOtHwmHiLca5fbwLRyXLXXyjSOp//8QMzM8SaslavAv8sGPvrGMtceytGIpVi90OrArFJYfDbUOs7mqfNATYBcMl2Ql/cnnHPrHiRU9VCMc05cjymoy9DHZN5Enfnew+Q/NBODpQd8yvQV2EJj3mduKJc3MGj/xR8ODux0hI3iPUM9DRHxEYl3+RzQV3xXHRycv3tJzvDIgtCYT3cp/scXKiecmMh6Kprq+JH rsa-key-20240816

# ECDSA (nistp384)
ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBE60HgYZDYWngeNi88Ymy0TVhYQsTJ7SvKT6XFeun5tIfUJ1jssy7yZVygZguK9ci9ojdP5s70XDjoOdM0C0wdqyC3KX/dRz6iwrwadT4IqZZOsNJrddKJBxsqZ3TNTqKA== ecdsa-key-20240816

# EdDSA (Ed25519)
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJx6CptzpgLxJwvHXa1OAh2CzyaDHw0esi7ZuWKK9quy eddsa-key-20240816