[Cluster-devel] conga/luci site/luci/var/Data.fs utils/luci_admin
rmccabe at sourceware.org
rmccabe at sourceware.org
Mon Aug 13 21:41:01 UTC 2007
CVSROOT: /cvs/cluster
Module name: conga
Branch: RHEL4
Changes by: rmccabe at sourceware.org 2007-08-13 21:41:00
Modified files:
luci/site/luci/var: Data.fs
luci/utils : luci_admin
Log message:
- Update the luci zope database file.
- Fixes for the luci_manage script for the RHEL5 CVS branch
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/var/Data.fs.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.20.2.14&r2=1.20.2.15
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.52.2.2&r2=1.52.2.3
Binary files /cvs/cluster/conga/luci/site/luci/var/Data.fs 2007/08/10 02:00:49 1.20.2.14 and /cvs/cluster/conga/luci/site/luci/var/Data.fs 2007/08/13 21:40:47 1.20.2.15 differ
rcsdiff: /cvs/cluster/conga/luci/site/luci/var/Data.fs: diff failed
--- conga/luci/utils/luci_admin 2007/08/10 18:33:30 1.52.2.2
+++ conga/luci/utils/luci_admin 2007/08/13 21:40:59 1.52.2.3
@@ -2,13 +2,13 @@
# Copyright (C) 2006-2007 Red Hat, Inc.
-import sys, os, stat, select, string, pwd
-from sys import stderr, argv
+import sys, os, pwd
+from select import select
+from stat import S_ISREG
import types
import xml
import xml.dom
-from xml.dom import minidom
-
+
sys.path.extend((
'/usr/lib/luci/zope/lib/python',
'/usr/lib/luci/zope/lib/python/Products',
@@ -25,14 +25,14 @@
))
from Products import __path__
-for i in ['/usr/lib/luci/zope/lib/python/Products',
+for pdir in ['/usr/lib/luci/zope/lib/python/Products',
'/usr/lib64/luci/zope/lib/python/Products',
'/usr/lib64/luci/zope/lib64/python/Products',
'/usr/lib64/zope/lib/python/Products',
'/usr/lib64/zope/lib64/python/Products',
'/usr/lib/zope/lib/python/Products']:
- if os.path.isdir(i):
- __path__.append(i)
+ if os.path.isdir(pdir):
+ __path__.append(pdir)
LUCI_INIT_DEBUG = 0
@@ -59,6 +59,12 @@
SSL_HTTPS_PUBKEY_PATH = LUCI_CERT_DIR + SSL_HTTPS_PUBKEY_NAME
SSL_KEYCONFIG_PATH = LUCI_CERT_DIR + SSL_KEYCONFIG_NAME
+# only root should run this
+if os.getuid() != 0:
+ sys.stderr.write('Only the \'root\' user can run %s\n' % sys.argv[0])
+ sys.stderr.write('Try again with root privileges.\n')
+ sys.exit(2)
+
ssl_key_data = [
{ 'id' : SSL_PRIVKEY_PATH,
'name': SSL_PRIVKEY_NAME,
@@ -81,12 +87,14 @@
'type': 'config',
'mode': 0644 }
]
+
for name in os.listdir(LUCI_PEERS_DIR):
- path = LUCI_PEERS_DIR + name
- if stat.S_ISREG(os.stat(path).st_mode):
- ssl_key_data.append({'id' : path,
- 'name' : path.lstrip(LUCI_CERT_DIR),
- 'type' : 'public',
+ cert_path = LUCI_PEERS_DIR + name
+ if S_ISREG(os.stat(cert_path).st_mode):
+ ssl_key_data.append({
+ 'id' : cert_path,
+ 'name' : cert_path.lstrip(LUCI_CERT_DIR),
+ 'type' : 'public',
'mode' : 0644})
#null = file(os.devnull, 'rwb+', 0) - available on python 2.4 and above!!!
@@ -109,21 +117,42 @@
raise
return luci
except:
- msg = 'Cannot find the \"' + LUCI_USER + '\" user.\n'
+ msg = 'Cannot find the "%s" user.\n' % LUCI_USER
sys.stderr.write(msg)
- raise msg
-
+ raise Exception, msg
+
def set_default_passwd_reset_flag():
# set flag marking admin password has been set
- uid, gid = get_luci_uid_gid()
- open(LUCI_ADMIN_SET_PATH, 'w').write('True')
+
+ try:
+ uid, gid = get_luci_uid_gid()
+ except:
+ sys.stderr.write('Unable to find the luci user\'s UID\n')
+ return False
+
+ try:
+ open(LUCI_ADMIN_SET_PATH, 'w').write('True')
+ except IOError, e:
+ if e[0] != 2:
+ sys.stderr.write('Unable to open "%s" for writing: %s\n' \
+ % (LUCI_ADMIN_SET_PATH, e[1]))
+ return False
+ except Exception, e:
+ sys.stderr.write('Unable to open "%s" for writing: %s\n' \
+ % (LUCI_ADMIN_SET_PATH, str(e)))
+ return False
+
os.chown(LUCI_ADMIN_SET_PATH, uid, gid)
os.chmod(LUCI_ADMIN_SET_PATH, 0640)
return True
def get_default_passwd_reset_flag():
- return open(LUCI_ADMIN_SET_PATH, 'r').read(16).strip() == 'True'
+ try:
+ return open(LUCI_ADMIN_SET_PATH, 'r').read(16).strip() == 'True'
+ except:
+ return False
+ return False
def read_passwd(prompt, confirm_prompt):
@@ -138,7 +167,7 @@
continue
s2 = getpass(confirm_prompt)
if s1 != s2:
- print 'Passwords mismatch, try again'
+ print 'Password mismatch, try again'
continue
return s1
@@ -146,41 +175,37 @@
def restore_luci_db_fsattr():
uid, gid = -1, -1
+
try:
uid, gid = get_luci_uid_gid()
except:
return -1
-
+
try:
os.chown(LUCI_DB_PATH, uid, gid)
os.chmod(LUCI_DB_PATH, 0600)
- for i in [ '.tmp', '.old', '.index', '.lock' ]:
+
+ for fext in [ '.tmp', '.old', '.index', '.lock' ]:
try:
- os.chown(LUCI_DB_PATH + i, uid, gid)
- os.chmod(LUCI_DB_PATH + i, 0600)
- except: pass
- except:
- sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
+ os.chown('%s%s' % (LUCI_DB_PATH, fext), uid, gid)
+ os.chmod('%s%s' % (LUCI_DB_PATH, fext), 0600)
+ except:
+ pass
+ except Exception, e:
+ sys.stderr.write('Unable to change ownership of the Luci database back to user "%s": %s\n' % (LUCI_USER, str(e)))
return -1
def set_zope_passwd(user, passwd):
sys.stderr = null
- import ZODB
from ZODB.FileStorage import FileStorage
from ZODB.DB import DB
- import OFS
from OFS.Application import AppInitializer
- import OFS.Folder
import AccessControl
import AccessControl.User
from AccessControl.AuthEncoding import SSHADigestScheme
from AccessControl.SecurityManagement import newSecurityManager
import transaction
- import Products.CMFCore
- import Products.CMFCore.MemberDataTool
import App.ImageFile
- import Products.PluggableAuthService.plugins.ZODBUserManager
- import BTrees.OOBTree
# Zope wants to open a www/ok.gif and images/error.gif
# when you initialize the application object. This keeps
# the AppInitializer(app).initialize() call below from failing.
@@ -196,10 +221,10 @@
sys.stderr.write('It appears that Luci is running. Please stop Luci before attempting to reset passwords.\n')
return -1
else:
- sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ sys.stderr.write('Unable to open the Luci database \"' + LUCI_DB_PATH + '\":' + str(e) + '\n')
return -1
except Exception, e:
- sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ sys.stderr.write('Unable to open the Luci database \"' + LUCI_DB_PATH + '\":' + str(e) + '\n')
return -1
try:
@@ -238,10 +263,10 @@
if restore_luci_db_fsattr():
return -1
-
+
if user == 'admin' and ret == 0:
set_default_passwd_reset_flag()
-
+
return ret
@@ -254,6 +279,7 @@
if not certList or len(certList) < 1:
sys.stderr.write('Your backup file contains no certificate data. Please check that your backup file is not corrupt.\n')
return -1
+
uid, gid = -1, -1
try:
uid, gid = get_luci_uid_gid()
@@ -300,22 +326,14 @@
def luci_restore(argv):
sys.stderr = null
- import ZODB
from ZODB.FileStorage import FileStorage
from ZODB.DB import DB
- import OFS
from OFS.Application import AppInitializer
- import OFS.Folder
import AccessControl
import AccessControl.User
- from AccessControl.AuthEncoding import SSHADigestScheme
from AccessControl.SecurityManagement import newSecurityManager
import transaction
- import Products.CMFCore
- import Products.CMFCore.MemberDataTool
import App.ImageFile
- import Products.PluggableAuthService.plugins.ZODBUserManager
- import BTrees.OOBTree
from DateTime import DateTime
App.ImageFile.__init__ = lambda x, y: None
sys.stderr = orig_stderr
@@ -497,7 +515,7 @@
try:
title = str(s.getAttribute('title'))
except:
- title = '__luci__:system'
+ title = ''
x.manage_addFolder(id, title)
try:
@@ -505,7 +523,8 @@
if not new_system:
raise
new_system.manage_acquiredPermissions([])
- new_system.manage_role('View', ['Access contents information','View'])
+ new_system.manage_role('View',
+ ['Access contents information', 'View'])
except:
transaction.abort()
sys.stderr.write('An error occurred while restoring storage system \"' + id + '\"\n')
@@ -556,7 +575,7 @@
title = c.getAttribute('title')
if not title:
- title = '__luci__:cluster'
+ title = ''
else:
title = str(title)
@@ -567,7 +586,8 @@
if not new_cluster:
raise
new_cluster.manage_acquiredPermissions([])
- new_cluster.manage_role('View', ['Access contents information','View'])
+ new_cluster.manage_role('View',
+ ['Access contents information', 'View'])
except:
transaction.abort()
sys.stderr.write('An error occurred while restoring the cluster \"' + id + '\"\n')
@@ -606,7 +626,7 @@
newsys = str(newsys)
stitle = i.getAttribute('title')
if not stitle:
- stitle = '__luci__:csystem:' + id
+ stitle = ''
else:
stitle = str(stitle)
@@ -616,7 +636,8 @@
if not newcs:
raise
newcs.manage_acquiredPermissions([])
- newcs.manage_role('View', ['Access contents information','View'])
+ newcs.manage_role('View',
+ ['Access contents information', 'View'])
except:
transaction.abort()
sys.stderr.write('An error occurred while restoring the storage system \"' + newsys + '\" for cluster \"' + id + '\"\n')
@@ -655,24 +676,24 @@
return 0
# This function's ability to work is dependent
-# upon the structure of @dict
-def dataToXML(doc, dict, tltag):
+# upon the structure of @obj_dict
+def dataToXML(doc, obj_dict, tltag):
node = doc.createElement(tltag)
- for i in dict:
- if isinstance(dict[i], types.DictType):
+ for i in obj_dict:
+ if isinstance(obj_dict[i], types.DictType):
if i[-4:] == 'List':
tagname = i
else:
tagname = tltag[:-4]
- temp = dataToXML(doc, dict[i], tagname)
+ temp = dataToXML(doc, obj_dict[i], tagname)
node.appendChild(temp)
- elif isinstance(dict[i], types.StringType) or isinstance(dict[i], types.IntType):
- node.setAttribute(i, str(dict[i]))
- elif isinstance(dict[i], types.ListType):
- if len(dict[i]) < 1:
+ elif isinstance(obj_dict[i], types.StringType) or isinstance(obj_dict[i], types.IntType):
+ node.setAttribute(i, str(obj_dict[i]))
+ elif isinstance(obj_dict[i], types.ListType):
+ if len(obj_dict[i]) < 1:
continue
temp = doc.createElement(i)
- for x in dict[i]:
+ for x in obj_dict[i]:
t = doc.createElement('ref')
t.setAttribute('name', x)
temp.appendChild(t.cloneNode(True))
@@ -681,23 +702,15 @@
def luci_backup(argv):
sys.stderr = null
- import ZODB
from ZODB.FileStorage import FileStorage
from ZODB.DB import DB
- import OFS
from OFS.Application import AppInitializer
- import OFS.Folder
import AccessControl
import AccessControl.User
- from AccessControl.AuthEncoding import SSHADigestScheme
from AccessControl.SecurityManagement import newSecurityManager
import transaction
- import Products.CMFCore
- import Products.CMFCore.MemberDataTool
from CMFPlone.utils import getToolByName
import App.ImageFile
- import Products.PluggableAuthService.plugins.ZODBUserManager
- import BTrees.OOBTree
App.ImageFile.__init__ = lambda x, y: None
sys.stderr = orig_stderr
@@ -706,11 +719,6 @@
else:
dbfn = LUCI_DB_PATH
- if len(argv) > 1:
- backupfn = argv[1]
- else:
- backupfn = LUCI_BACKUP_PATH
-
try:
fs = FileStorage(dbfn)
db = DB(fs)
@@ -800,7 +808,7 @@
continue
except:
pass
-
+
try:
storagedir = app.luci.systems.storage
clusterdir = app.luci.systems.cluster
@@ -822,7 +830,7 @@
systems[i[0]]['permList'] = map(lambda x: x[0], filter(lambda x: len(x) > 1 and 'View' in x[1], roles.items()))
else:
systems[i[0]]['permList'] = {}
-
+
if clusterdir and len(clusterdir):
for i in clusterdir.objectItems():
cluster_name = i[0]
@@ -854,7 +862,7 @@
db.close()
fs.close()
- backup = {
+ backup_data = {
'userList': users,
'systemList': systems,
'clusterList': clusters
@@ -863,7 +871,7 @@
doc = xml.dom.minidom.Document()
luciData = doc.createElement('luci')
doc.appendChild(luciData)
- dataNode = dataToXML(doc, backup, 'backupData')
+ dataNode = dataToXML(doc, backup_data, 'backupData')
certList = doc.createElement('certificateList')
for i in ssl_key_data:
@@ -898,15 +906,16 @@
def _execWithCaptureErrorStatus(command, argv, searchPath = 0, root = '/', stdin = 0, catchfd = 1, catcherrfd = 2, closefd = -1):
if not os.access (root + command, os.X_OK):
- raise RuntimeError, command + " can not be run"
+ raise RuntimeError, '%s is not executable' % command
(read, write) = os.pipe()
- (read_err,write_err) = os.pipe()
+ (read_err, write_err) = os.pipe()
childpid = os.fork()
if (not childpid):
# child
- if (root and root != '/'): os.chroot (root)
+ if (root and root != '/'):
+ os.chroot (root)
if isinstance(catchfd, tuple):
for fd in catchfd:
os.dup2(write, fd)
@@ -943,7 +952,7 @@
rc_err = ""
in_list = [read, read_err]
while len(in_list) != 0:
- i,o,e = select.select(in_list, [], [], 0.1)
+ i, o, e = select(in_list, [], [], 0.1)
for fd in i:
if fd == read:
s = os.read(read, 1000)
@@ -992,17 +1001,17 @@
command = '/bin/rm'
args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
_execWithCaptureErrorStatus(command, args)
-
+
# /usr/bin/openssl genrsa -out /var/lib/luci/var/certs/privkey.pem 2048 > /dev/null 2>&1
command = '/usr/bin/openssl'
args = [command, 'genrsa', '-out', SSL_PRIVKEY_PATH, '2048']
_execWithCaptureErrorStatus(command, args)
-
+
# /usr/bin/openssl req -new -x509 -key /var/lib/luci/var/certs/privkey.pem -out /var/lib/luci/var/certs/cacert.pem -days 1825 -config /var/lib/luci/var/certs/cacert.config
command = '/usr/bin/openssl'
args = [command, 'req', '-new', '-x509', '-key', SSL_PRIVKEY_PATH, '-out', SSL_PUBKEY_PATH, '-days', '1825', '-config', SSL_KEYCONFIG_PATH]
_execWithCaptureErrorStatus(command, args)
-
+
# take ownership and restrict access
try:
uid, gid = get_luci_uid_gid()
@@ -1015,7 +1024,7 @@
args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
_execWithCaptureErrorStatus(command, args)
return False
-
+
return True
@@ -1037,37 +1046,37 @@
sys.stderr.write('If you want to reset admin password, execute\n')
sys.stderr.write('\t' + argv[0] + ' password\n')
sys.exit(1)
-
+
print 'Initializing the Luci server\n'
-
+
print '\nCreating the \'admin\' user\n'
- password = read_passwd('Enter password: ', 'Confirm password: ')
+ new_password = read_passwd('Enter password: ', 'Confirm password: ')
print '\nPlease wait...'
- if not set_zope_passwd('admin', password):
+ if not set_zope_passwd('admin', new_password):
restore_luci_db_fsattr()
print 'The admin password has been successfully set.'
else:
sys.stderr.write('Unable to set the admin user\'s password.\n')
sys.exit(1)
-
+
print 'Generating SSL certificates...'
if generate_ssl_certs() == False:
sys.stderr.write('failed. exiting ...\n')
sys.exit(1)
-
+
print 'Luci server has been successfully initialized'
restart_message()
-
+
return
def password(argv):
- password = None
+ passwd = None
if '--random' in argv:
print 'Resetting the admin user\'s password to some random value\n'
try:
rand = open('/dev/urandom', 'r')
- password = rand.read(16)
+ passwd = rand.read(16)
rand.close()
except:
sys.stderr.write('Unable to read from /dev/urandom\n')
@@ -1078,12 +1087,12 @@
sys.stderr.write('To initialize it, execute\n')
sys.stderr.write('\t' + argv[0] + ' init\n')
sys.exit(1)
-
+
print 'Resetting the admin user\'s password\n'
- password = read_passwd('Enter new password: ', 'Confirm password: ')
-
+ passwd = read_passwd('Enter new password: ', 'Confirm password: ')
+
print '\nPlease wait...'
- if not set_zope_passwd('admin', password):
+ if not set_zope_passwd('admin', passwd):
print 'The admin password has been successfully reset.'
else:
sys.stderr.write('Unable to set the admin user\'s password.\n')
@@ -1118,7 +1127,7 @@
# The LUCI_BACKUP_DIR must not be world-writable
# as the code below is obviously not safe against
# races.
- stat = os.stat(LUCI_BACKUP_PATH)
+ os.stat(LUCI_BACKUP_PATH)
trynum = 1
basename = '/luci_backup-'
@@ -1128,7 +1137,7 @@
try:
os.rename(LUCI_BACKUP_PATH, oldbackup)
except:
- sys.stderr.stderr('Unable to rename the existing backup file.\n')
+ sys.stderr.write('Unable to rename the existing backup file.\n')
sys.stderr.write('The Luci backup failed.\n')
break
trynum += 1
@@ -1162,8 +1171,10 @@
def restore(argv):
print 'Restoring the Luci server...'
- try: os.umask(077)
- except: pass
+ try:
+ os.umask(077)
+ except:
+ pass
if luci_restore(argv[2:]):
ret = False
@@ -1197,7 +1208,7 @@
def test_luci_installation():
# perform basic checks
# TODO: do more tests
-
+
# check if luci user and group are present on the system
try:
get_luci_uid_gid()
@@ -1206,7 +1217,7 @@
sys.stderr.write('Mising luci\'s system account and group')
sys.stderr.write('Recommended action: reinstall luci\n\n')
sys.exit(3)
-
+
return True
@@ -1214,16 +1225,9 @@
if len(argv) < 2:
luci_help(argv)
sys.exit(1)
-
- # only root should run this
- if os.getuid() != 0:
- sys.stderr.write('Only \'root\' can run ' + argv[0] + '\n')
- sys.stderr.write('Try again with root privileges.\n')
- sys.exit(2)
- # test if luci installation is OK
test_luci_installation()
-
+
if 'init' in argv:
init(argv)
elif 'backup' in argv:
More information about the Cluster-devel
mailing list