root_password.py 1.32 KiB
#!/usr/bin/env python3
#
""" Geant Root Password Changer """
import os
import string
import random
import configparser
import hvac
def vault_upload(vault_host, vault_token, key_name, key_value):
""" upload key to vault """
client = hvac.Client()
client = hvac.Client(
url='https://{}'.format(vault_host),
token=vault_token
)
try:
_ = client.write(key_name, value=key_value)
except Exception as err: #pylint: disable=w0703
print('could not write key {} to Vault {}: {}'.format(
key_name, vault_host, err))
print('giving up...')
os.sys.exit(1)
# Here we Go.
if __name__ == "__main__":
CONFIG = configparser.RawConfigParser()
CONFIG.read_file(open('/root/.geant_acme.ini'))
VAULT_TOKEN = CONFIG.get('geant_acme', 'vault_token')
VAULT_HOST = CONFIG.get('geant_acme', 'vault_host')
os.sys.stdout = os.sys.stderr = open('/var/log/pass_changer.log', 'a', 1)
RAND_PASS = ''.join(random.choice(string.ascii_uppercase +
string.digits +
string.ascii_lowercase) for _ in range(12))
VAULT_FULL_PATH = 'puppet/common/vault_root_password'
print('uploading to Vault: {}'.format(VAULT_FULL_PATH))
vault_upload(VAULT_HOST, VAULT_TOKEN, VAULT_FULL_PATH, RAND_PASS)