sivel

import paramiko

# provide host and port variables

t = paramiko.transport.Transport('%s:%s' % (host, port))
t.start_client()
key = t.get_remote_server_key()

if int(port) != 22:
    host = '[%s]:%s' % (host, port)

sivel

pip install git+https://github.com/ansible/ansible.git@devel#egg=ansible
pip install git+https://github.com/sivel/ansible-testing.git#egg=ansible_testing
git clone https://github.com/ansible/ansible-modules-core.git
ansible-validate-modules ansible-modules-core

sivel

import os
import sys
import smtplib


def mail(subject='Ansible Command', sender='<root>', to='root', cc=None,
         bcc=None, body=None):
    if not body:
        body = subject

sivel

sudo rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
sudo yum install -y golang git mercurial make bzr
export GOPATH=~/Go 
export PATH=$PATH:$GOPATH/bin
mkdir $GOPATH
go get github.com/drone/drone
cd $GOPATH/src/github.com/drone/drone
make deps
make vendor
make clean

sivel

certs:
    www_example_com:
        key: |
            -----BEGIN RSA PRIVATE KEY-----
            MIIEowIBAAKCAQEA0cfBegr0ahA1PXrF3fBJURcBxoP8PZow1a6tRGe3ruJZBMSH
            vx2+dm2Sq3bCPHH2hUkC0Oj2U+54WMzn22ZwVsgOPG7ks1EqKy48K5VPrWDMJqjn
            MhxLpTaf6xaGUlkVA6xcO5+SNFqzkq8fFWSHmY+E3n03ym0zH/Loy1KYRI0xVPRq
            ITp7AoPbJ58Lz1X9CgBd7siaVjPvaS6WfosLwlI8gr1h6vqeO7nPrF8B9HnV7867
            bSZlkbb6vqgtLg73B4diRGvNn5X9Kpsi1jbp7DAXHj2pGA8kr8TjV6MG28Di/iWL
            oyiBDziIHe7iV0my+wl12x6o5JTuVVMkbD57AQIDAQABAoIBAB3ysoBFyBbMMY2R

sivel

#!/usr/bin/env python

import pyrax
pyrax.set_setting('identity_type', 'rackspace')
pyrax.set_credentials('myusername', 'myapikey', region='DFW')

def server_list_generator(detailed=True, search_opts=None, limit=None):
    servers = pyrax.cloudservers.servers.list(detailed=detailed,
                                              search_opts=search_opts,
                                              limit=limit)

sivel

Better SSH Authorized Keys Management

A seemingly common problem that people encounter is how to handle all of your users authorized_keys file.

People struggle over management, ensuring that users only have specific keys in the authorized_keys file or even a method for expiring keys. A centralized key management system could help provide all of this functionality with a little scripting.

One piece of functionality overlooked in OpenSSH is the AuthorizedKeysCommand configuration keyword. This configuration allows you to specify a command that will run during login to retrieve a users public key file from a remote source and perform validation just as if the authorized_keys file was local.

Here is an example directory structure for a set of users with SSH public keys that can be shared out via a web server:

sivel

@@ -22,9 +22,11 @@
 inventory: rax
 short_description: Rackspace Public Cloud external inventory script
 description:
-  - Generates inventory that Ansible can understand by making API request to Rackspace Public Cloud API
+  - Generates inventory that Ansible can understand by making API request to
+    Rackspace Public Cloud API
   - |
-    When run against a specific host, this script returns the following variables:
+    When run against a specific host, this script returns the following

sivel

This document is now live at http://docs.ansible.com/guide_rax.html

sivel

#!/usr/bin/env python

import requests
import sys
import json
import re


if len(sys.argv) == 2:
    markdown_file = sys.argv[1]