Setup cron in rpm (#48)

* Have the RPM handle setting up the cron to import the users

* Fix path to config file and make sure the RPM_BUILD_ROOT has the config and cron.d directories

* Update readme to state the RPM installs a crontab config

* When installed using the RPM, tell the user they need to configure the tool before it will actually do some work.

Author: mvanbaak

README.md

@@ -50,12 +50,7 @@ A picture is worth a thousand words:
 2. Attach the IAM permissions defined in `iam_ssh_policy.json` to the EC2 instances (by creating an IAM role and an Instance Profile)
 3. Install the RPM: `rpm -i ttps://s3-eu-west-1.amazonaws.com/widdix-aws-ec2-ssh-releases-eu-west-1/aws-ec2-ssh-1.1.0-1.el7.centos.noarch.rpm`
 4. The configuration file is placed into `/etc/aws-ec2-ssh.conf`
-5. Install a cronjob to sync the IAM users
-```
-echo "*/10 * * * * root /usr/bin/import_users.sh" > /etc/cron.d/import_users
-chmod 0644 /etc/cron.d/import_users
-/usr/bin/import_users.sh
-```
+5. The RPM creates a crontab file to run import_users.sh every 10 minutes. This file is placed in `/etc/cron.d/import_users`
 
 ### Install via install.sh script
 

aws-ec2-ssh.conf

@@ -3,3 +3,8 @@ LOCAL_MARKER_GROUP="iam-synced-users"
 LOCAL_GROUPS=""
 SUDOERSGROUP=""
 ASSUMEROLE=""
+
+# Remove or set to 0 if you are done with configuration
+# To change the interval of the sync change the file
+# /etc/cron.d/aws-ec2-ssh
+DONOTSYNC=0

aws-ec2-ssh.spec

@@ -34,20 +34,28 @@ Use your IAM user's public SSH key to get access via SSH to an EC2 instance.
 %install
 rm -rf ${RPM_BUILD_ROOT}
 mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
+mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.d
 install -m 755 import_users.sh ${RPM_BUILD_ROOT}%{_bindir}
 install -m 755 authorized_keys_command.sh ${RPM_BUILD_ROOT}%{_bindir}
-install -m 755 aws-ec2-ssh.conf ${RPM_BUILD_ROOT}/etc/aws-ec2-ssh.conf
+install -m 755 aws-ec2-ssh.conf ${RPM_BUILD_ROOT}%{_sysconfdir}/aws-ec2-ssh.conf
+sed -i '/DONOTSYNC=0/DONOTSYNC=1/' ${RPM_BUILD_ROOT}%{_sysconfdir}/aws-ec2-ssh.conf
+echo "*/10 * * * * root /usr/bin/import_users.sh" > ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.d/import_users
+chmod 0644 ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.d/import_users
 
 %post
 sed -i 's:#AuthorizedKeysCommand none:AuthorizedKeysCommand /usr/bin/authorized_keys_command.sh:g' /etc/ssh/sshd_config
 sed -i 's:#AuthorizedKeysCommandUser nobody:AuthorizedKeysCommandUser nobody:g' /etc/ssh/sshd_config
 /etc/init.d/sshd restart
+/sbin/service crond condrestart 2>&1 > /dev/null || :
+
+echo "To configure the aws-ec2-ssh package, edit /etc/aws-ec-ssh.conf. No users will be synchronized before you did this."
 
 
 %postun
 sed -i 's:AuthorizedKeysCommand /usr/bin/authorized_keys_command.sh:#AuthorizedKeysCommand none:g' /etc/ssh/sshd_config
 sed -i 's:AuthorizedKeysCommandUser nobody:#AuthorizedKeysCommandUser nobody:g' /etc/ssh/sshd_config
 /etc/init.d/sshd restart
+/sbin/service crond condrestart 2>&1 > /dev/null || :
 
 
 %clean
@@ -58,11 +66,15 @@ rm -rf ${RPM_BUILD_ROOT}
 %defattr(-,root,root)
 %attr(755,root,root) %{_bindir}/import_users.sh
 %attr(755,root,root) %{_bindir}/authorized_keys_command.sh
-%config /etc/aws-ec2-ssh.conf
+%config %{_sysconfdir}/aws-ec2-ssh.conf
+%config %{_sysconfdir}/cron.d/import_users
 
 
 %changelog
 
+* Wed May 3 2017 Michiel van Baak <[email protected]> - 1.1.0-2
+- Create cron.d file and run import_users on install
+
 * Thu Apr 27 2017 Michiel van Baak <[email protected]> - post-1.0-master
 - use correct versioning based on fedora package versioning guide
 

import_users.sh

@@ -3,6 +3,15 @@
 # source configuration if it exists
 [ -f /etc/aws-ec2-ssh.conf ] && . /etc/aws-ec2-ssh.conf
 
+# Should we actually do something?
+: ${DONOTSYNC:=0}
+
+if [ ${DONOTSYNC} -eq 1 ]
+then
+    echo "Please configure aws-ec2-ssh by editing /etc/aws-ec2-ssh.conf"
+    exit 1
+fi
+
 # Which IAM groups have access to this instance
 # Comma seperated list of IAM groups. Leave empty for all available IAM users
 : ${IAM_AUTHORIZED_GROUPS:=""}