python-discord / king-arthur

King Arthur is the DevOps helper bot for Python Discord
MIT License
10 stars 7 forks source link

Execute commands on netcup nodes. #196

Open shtlrs opened 5 months ago

shtlrs commented 5 months ago

What should the command do?

The idea is us being able to execute specific actions on one of our NetCup boxes.

For this to happen, a King-Arthur user needs to be created on all of our boxes. Then, using its own private key, KA can SSH into a particular box and execute a command from there.

I am not sure how to scope this in terms of commands/cogs, but i thought we could have a NetCup cog which contains 2 commands

  1. a raw command, to allow flexibility of using any command we want, and this needs to be granted to only a set of particular people. Ideally this command will prompt user for confirmation before using it.
  2. A fail2ban group/command that will mostly just allow unbanning IPs from a particular host.

All these commands will need to take the box name in param obviously.

APIs

Who should be authorized to use this command?

DevOps

jchristgit commented 2 months ago

Do we still want this?

At present I can't think of commands we would run through this, except perhaps fail2ban. But so far that has worked, plus the affected team members have surely by now switched to password managers and no longer run into those issues.

jb3 commented 2 months ago

Fail2ban is the only thing that comes to mind right now also.

Potentially fetching info like things from "doveadm who" could be nice but isn't a big deal.

I think it's fine to keep open but not prioritize implementation, it doesn't hurt us.