|
Packit Service |
a04d08 |
# Copyright (C) 2009-2011 Canonical Ltd.
|
|
Packit Service |
a04d08 |
# Copyright (C) 2012 Hewlett-Packard Development Company, L.P.
|
|
Packit Service |
a04d08 |
#
|
|
Packit Service |
a04d08 |
# Author: Marc Cluet <marc.cluet@canonical.com>
|
|
Packit Service |
a04d08 |
# Based on code by Scott Moser <scott.moser@canonical.com>
|
|
Packit Service |
a04d08 |
# Author: Juerg Haefliger <juerg.haefliger@hp.com>
|
|
Packit Service |
a04d08 |
#
|
|
Packit Service |
a04d08 |
# This file is part of cloud-init. See LICENSE file for license information.
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
"""
|
|
Packit Service |
a04d08 |
Mcollective
|
|
Packit Service |
a04d08 |
-----------
|
|
Packit Service |
a04d08 |
**Summary:** install, configure and start mcollective
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
This module installs, configures and starts mcollective. If the ``mcollective``
|
|
Packit Service |
a04d08 |
key is present in config, then mcollective will be installed and started.
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
Configuration for ``mcollective`` can be specified in the ``conf`` key under
|
|
Packit Service |
a04d08 |
``mcollective``. Each config value consists of a key value pair and will be
|
|
Packit Service |
a04d08 |
written to ``/etc/mcollective/server.cfg``. The ``public-cert`` and
|
|
Packit Service |
a04d08 |
``private-cert`` keys, if present in conf may be used to specify the public and
|
|
Packit Service |
a04d08 |
private certificates for mcollective. Their values will be written to
|
|
Packit Service |
a04d08 |
``/etc/mcollective/ssl/server-public.pem`` and
|
|
Packit Service |
a04d08 |
``/etc/mcollective/ssl/server-private.pem``.
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
.. note::
|
|
Packit Service |
a04d08 |
The ec2 metadata service is readable by non-root users.
|
|
Packit Service |
a04d08 |
If security is a concern, use include-once and ssl urls.
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
**Internal name:** ``cc_mcollective``
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
**Module frequency:** per instance
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
**Supported distros:** all
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
**Config keys**::
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
mcollective:
|
|
Packit Service |
a04d08 |
conf:
|
|
Packit Service |
a04d08 |
<key>: <value>
|
|
Packit Service |
a04d08 |
public-cert: |
|
|
Packit Service |
a04d08 |
-------BEGIN CERTIFICATE--------
|
|
Packit Service |
a04d08 |
<cert data>
|
|
Packit Service |
a04d08 |
-------END CERTIFICATE--------
|
|
Packit Service |
a04d08 |
private-cert: |
|
|
Packit Service |
a04d08 |
-------BEGIN CERTIFICATE--------
|
|
Packit Service |
a04d08 |
<cert data>
|
|
Packit Service |
a04d08 |
-------END CERTIFICATE--------
|
|
Packit Service |
a04d08 |
"""
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
import errno
|
|
Packit Service |
751c4a |
import io
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
# Used since this can maintain comments
|
|
Packit Service |
a04d08 |
# and doesn't need a top level section
|
|
Packit Service |
a04d08 |
from configobj import ConfigObj
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
from cloudinit import log as logging
|
|
Packit Service |
751c4a |
from cloudinit import subp
|
|
Packit Service |
a04d08 |
from cloudinit import util
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
PUBCERT_FILE = "/etc/mcollective/ssl/server-public.pem"
|
|
Packit Service |
a04d08 |
PRICERT_FILE = "/etc/mcollective/ssl/server-private.pem"
|
|
Packit Service |
a04d08 |
SERVER_CFG = '/etc/mcollective/server.cfg'
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
LOG = logging.getLogger(__name__)
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
def configure(config, server_cfg=SERVER_CFG,
|
|
Packit Service |
a04d08 |
pubcert_file=PUBCERT_FILE, pricert_file=PRICERT_FILE):
|
|
Packit Service |
a04d08 |
# Read server.cfg (if it exists) values from the
|
|
Packit Service |
a04d08 |
# original file in order to be able to mix the rest up.
|
|
Packit Service |
a04d08 |
try:
|
|
Packit Service |
a04d08 |
old_contents = util.load_file(server_cfg, quiet=False, decode=False)
|
|
Packit Service |
751c4a |
mcollective_config = ConfigObj(io.BytesIO(old_contents))
|
|
Packit Service |
a04d08 |
except IOError as e:
|
|
Packit Service |
a04d08 |
if e.errno != errno.ENOENT:
|
|
Packit Service |
a04d08 |
raise
|
|
Packit Service |
a04d08 |
else:
|
|
Packit Service |
a04d08 |
LOG.debug("Did not find file %s (starting with an empty"
|
|
Packit Service |
a04d08 |
" config)", server_cfg)
|
|
Packit Service |
a04d08 |
mcollective_config = ConfigObj()
|
|
Packit Service |
a04d08 |
for (cfg_name, cfg) in config.items():
|
|
Packit Service |
a04d08 |
if cfg_name == 'public-cert':
|
|
Packit Service |
a04d08 |
util.write_file(pubcert_file, cfg, mode=0o644)
|
|
Packit Service |
a04d08 |
mcollective_config[
|
|
Packit Service |
a04d08 |
'plugin.ssl_server_public'] = pubcert_file
|
|
Packit Service |
a04d08 |
mcollective_config['securityprovider'] = 'ssl'
|
|
Packit Service |
a04d08 |
elif cfg_name == 'private-cert':
|
|
Packit Service |
a04d08 |
util.write_file(pricert_file, cfg, mode=0o600)
|
|
Packit Service |
a04d08 |
mcollective_config[
|
|
Packit Service |
a04d08 |
'plugin.ssl_server_private'] = pricert_file
|
|
Packit Service |
a04d08 |
mcollective_config['securityprovider'] = 'ssl'
|
|
Packit Service |
a04d08 |
else:
|
|
Packit Service |
751c4a |
if isinstance(cfg, str):
|
|
Packit Service |
a04d08 |
# Just set it in the 'main' section
|
|
Packit Service |
a04d08 |
mcollective_config[cfg_name] = cfg
|
|
Packit Service |
a04d08 |
elif isinstance(cfg, (dict)):
|
|
Packit Service |
a04d08 |
# Iterate through the config items, create a section if
|
|
Packit Service |
a04d08 |
# it is needed and then add/or create items as needed
|
|
Packit Service |
a04d08 |
if cfg_name not in mcollective_config.sections:
|
|
Packit Service |
a04d08 |
mcollective_config[cfg_name] = {}
|
|
Packit Service |
a04d08 |
for (o, v) in cfg.items():
|
|
Packit Service |
a04d08 |
mcollective_config[cfg_name][o] = v
|
|
Packit Service |
a04d08 |
else:
|
|
Packit Service |
a04d08 |
# Otherwise just try to convert it to a string
|
|
Packit Service |
a04d08 |
mcollective_config[cfg_name] = str(cfg)
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
try:
|
|
Packit Service |
a04d08 |
# We got all our config as wanted we'll copy
|
|
Packit Service |
a04d08 |
# the previous server.cfg and overwrite the old with our new one
|
|
Packit Service |
a04d08 |
util.copy(server_cfg, "%s.old" % (server_cfg))
|
|
Packit Service |
a04d08 |
except IOError as e:
|
|
Packit Service |
a04d08 |
if e.errno == errno.ENOENT:
|
|
Packit Service |
a04d08 |
# Doesn't exist to copy...
|
|
Packit Service |
a04d08 |
pass
|
|
Packit Service |
a04d08 |
else:
|
|
Packit Service |
a04d08 |
raise
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
# Now we got the whole (new) file, write to disk...
|
|
Packit Service |
751c4a |
contents = io.BytesIO()
|
|
Packit Service |
a04d08 |
mcollective_config.write(contents)
|
|
Packit Service |
a04d08 |
util.write_file(server_cfg, contents.getvalue(), mode=0o644)
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
def handle(name, cfg, cloud, log, _args):
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
# If there isn't a mcollective key in the configuration don't do anything
|
|
Packit Service |
a04d08 |
if 'mcollective' not in cfg:
|
|
Packit Service |
a04d08 |
log.debug(("Skipping module named %s, "
|
|
Packit Service |
a04d08 |
"no 'mcollective' key in configuration"), name)
|
|
Packit Service |
a04d08 |
return
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
mcollective_cfg = cfg['mcollective']
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
# Start by installing the mcollective package ...
|
|
Packit Service |
a04d08 |
cloud.distro.install_packages(("mcollective",))
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
# ... and then update the mcollective configuration
|
|
Packit Service |
a04d08 |
if 'conf' in mcollective_cfg:
|
|
Packit Service |
a04d08 |
configure(config=mcollective_cfg['conf'])
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
# restart mcollective to handle updated config
|
|
Packit Service |
751c4a |
subp.subp(['service', 'mcollective', 'restart'], capture=False)
|
|
Packit Service |
a04d08 |
|
|
Packit Service |
a04d08 |
# vi: ts=4 expandtab
|