Hash :
f603c593
Author :
Thomas de Grivel
Date :
2020-04-10T18:49:33
Adams is our new cybernetic DevOps. Please welcome him and make him feel at home, I hope he will find a nice place to work amongst us. So far he’s been a brilliant student though a bit dumb and formal, I hope he will find a warm and welcoming place in our hearts. For the next months he will remain in formation so if you would please consider handing him any rookie task you might have he shall gladly take them upon him and will probably crash the system and need your help to fix it but, hey, that’s what unpaid interns are for, right ?
Adams is currently able to use a local shell or connect to remote hosts via ssh. He is quite the hardcore hacker wannabe using only /bin/sh though ksh and bash suit him fine too. He’s still green but he can already gather basic information about users, groups and files.
We are currently teaching him about new kinds of resources and how to read resource specification manifests.
You should only allow Adams what you would allow your system operators :
All commands issued to the remote hosts can be logged.
Adams does not grant the hosts access to its workstation while it works. Adams does not grant access to data belonging to any host. Adams does not send any data that is not of direct concern to the host. In short, all UNIX permissions are respected, Adams is a regular UNIX user.
Install repo.
Install adams
$ sbcl --eval '(repo:install :adams)'
Build and install adams binary
$ cd ~/common-lisp/cl-adams/adams && make
$ sudo cp build/adams /usr/local/bin/adams
Use shebang in your executable script File: my-config.adams
#!/usr/local/bin/adams --script
(resource 'host "adams.kmx.io"
:user "adams"
(resource 'user "adams"
:shell "/bin/sh"))
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
Adams
=====
Adams is our new cybernetic DevOps. Please welcome him and make him feel
at home, I hope he will find a nice place to work amongst us. So far he's
been a brilliant student though a bit dumb and formal, I hope he will find
a warm and welcoming place in our hearts.
For the next months he will remain in formation so if you would please
consider handing him any rookie task you might have he shall gladly take
them upon him and will probably crash the system and need your help to fix it
but, hey, that's what unpaid interns are for, right ?
Current status
--------------
Adams is currently able to use a local shell or connect to remote hosts via
ssh.
He is quite the hardcore hacker wannabe using only /bin/sh though ksh and
bash suit him fine too.
He's still green but he can already gather basic information about users,
groups and files.
We are currently teaching him about new kinds of resources and how to read
resource specification manifests.
Security design
---------------
You should only allow Adams what you would allow your system operators :
- a shell accessible through SSH using a public key
- apropriate sudo permissions
All commands issued to the remote hosts can be logged.
Adams does not grant the hosts access to its workstation while it works.
Adams does not grant access to data belonging to any host.
Adams does not send any data that is not of direct concern to the host.
In short, all UNIX permissions are respected, Adams is a regular UNIX user.
Usage
-----
1. Install [repo](https://github.com/common-lisp-repo/repo).
2. Install adams
```
$ sbcl --eval '(repo:install :adams)'
```
3. Build and install adams binary
```
$ cd ~/common-lisp/cl-adams/adams && make
$ sudo cp build/adams /usr/local/bin/adams
```
4. Use shebang in your executable script
File: my-config.adams
```
#!/usr/local/bin/adams --script
(resource 'host "adams.kmx.io"
:user "adams"
(resource 'user "adams"
:shell "/bin/sh"))
```