[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Cluster-devel] conga/luci/utils luci_admin



CVSROOT:	/cvs/cluster
Module name:	conga
Changes by:	rmccabe sourceware org	2007-09-19 05:17:33

Modified files:
	luci/utils     : luci_admin 

Log message:
	- Fix 277711 (RFE: luci_admin should check that luci is running before asking for the password)
	- Improve error messages

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.56&r2=1.57

--- conga/luci/utils/luci_admin	2007/08/20 16:31:14	1.56
+++ conga/luci/utils/luci_admin	2007/09/19 05:17:32	1.57
@@ -7,7 +7,8 @@
 # GNU General Public License as published by the
 # Free Software Foundation.
 
-import sys, os, select, pwd
+import sys, os, pwd
+from select import select
 from stat import S_ISREG
 import types
 import xml
@@ -16,33 +17,34 @@
 sys.path.extend((
 	'/usr/lib/luci/zope/lib/python',
 	'/usr/lib/luci/zope/lib/python/Products',
-	'/usr/lib/zope/lib/python',
-	'/usr/lib/zope/lib/python/Products'
 	'/usr/lib64/luci/zope/lib/python',
 	'/usr/lib64/luci/zope/lib/python/Products',
 	'/usr/lib64/luci/zope/lib64/python',
 	'/usr/lib64/luci/zope/lib64/python/Products',
 	'/usr/lib64/zope/lib64/python',
 	'/usr/lib64/zope/lib/python',
+	'/usr/lib/zope/lib/python',
 	'/usr/lib64/zope/lib/python/Products',
 	'/usr/lib64/zope/lib64/python/Products',
+	'/usr/lib/zope/lib/python/Products'
 ))
 
 from Products import __path__
-
-for tmppath in [
+for pdir in [
 	'/usr/lib/luci/zope/lib/python/Products',
 	'/usr/lib64/luci/zope/lib/python/Products',
 	'/usr/lib64/luci/zope/lib64/python/Products',
 	'/usr/lib64/zope/lib/python/Products',
 	'/usr/lib64/zope/lib64/python/Products',
-	'/usr/lib/zope/lib/python/Products'
-]:
-	if os.path.isdir(tmppath):
-		__path__.append(tmppath)
+	'/usr/lib/zope/lib/python/Products']:
+
+	if os.path.isdir(pdir):
+		__path__.append(pdir)
 
-LUCI_USER	= 'luci'
-LUCI_GROUP	= 'luci'
+LUCI_ADMIN_DEBUG		= False
+
+LUCI_USER				= 'luci'
+LUCI_GROUP				= 'luci'
 
 LUCI_HOME_DIR			= '/var/lib/luci'
 LUCI_DB_PATH			= '%s/var/Data.fs' % LUCI_HOME_DIR
@@ -64,43 +66,50 @@
 SSL_HTTPS_PUBKEY_PATH	= '%s%s' % (LUCI_CERT_DIR, SSL_HTTPS_PUBKEY_NAME)
 SSL_KEYCONFIG_PATH		= '%s%s' % (LUCI_CERT_DIR, SSL_KEYCONFIG_NAME)
 
+err = sys.stderr
+
+# only root should run this
+if os.getuid() != 0:
+	err.write('Only the \'root\' user can run %s\n' % sys.argv[0])
+	err.write('Try again with root privileges.\n')
+	sys.exit(2)
+
 ssl_key_data = [
 	{	'id': SSL_PRIVKEY_PATH,
 		'name': SSL_PRIVKEY_NAME,
 		'type': 'private',
-		'mode': 0600 },
-	{ 	'id': SSL_HTTPS_PRIVKEY_PATH,
+		'mode': 0600
+	},{	'id' : SSL_HTTPS_PRIVKEY_PATH,
 		'name': SSL_HTTPS_PRIVKEY_NAME,
 		'type': 'private',
-		'mode': 0600 },
-	{ 	'id': SSL_PUBKEY_PATH,
+		'mode': 0600
+	},{	'id' : SSL_PUBKEY_PATH,
 		'name': SSL_PUBKEY_NAME,
 		'type': 'public',
-		'mode': 0644 },
-	{	'id': SSL_HTTPS_PUBKEY_PATH,
+		'mode': 0644
+	},{	'id' : SSL_HTTPS_PUBKEY_PATH,
 		'name': SSL_HTTPS_PUBKEY_NAME,
 		'type': 'public',
-		'mode': 0644 },
-	{	'id': SSL_KEYCONFIG_PATH,
+		'mode': 0644
+	},{	'id' : SSL_KEYCONFIG_PATH,
 		'name': SSL_KEYCONFIG_NAME,
 		'type': 'config',
-		'mode': 0644 }
+		'mode': 0644
+	}
 ]
 
 for name in os.listdir(LUCI_PEERS_DIR):
-	ssl_path = '%s%s' % (LUCI_PEERS_DIR, name)
-
-	if S_ISREG(os.stat(ssl_path).st_mode):
+	cert_path = '%s%s' % (LUCI_PEERS_DIR, name)
+	if S_ISREG(os.stat(cert_path).st_mode):
 		ssl_key_data.append({
-			'id': ssl_path,
-			'name': ssl_path.lstrip(LUCI_CERT_DIR),
+			'id': cert_path,
+			'name': cert_path.lstrip(LUCI_CERT_DIR),
 			'type': 'public',
 			'mode': 0644
 		})
 
-orig_stderr = sys.stderr
-
 if '--debug' in sys.argv or '--verbose' in sys.argv:
+	LUCI_ADMIN_DEBUG = True
 	try:
 		del sys.argv[sys.argv.index('--debug')]
 	except:
@@ -110,6 +119,8 @@
 		del sys.argv[sys.argv.index('--verbose')]
 	except:
 		pass
+
+if LUCI_ADMIN_DEBUG is True:
 	verbose = sys.stderr
 else:
 	verbose = file('/dev/null', 'rwb+', 0)
@@ -117,15 +128,33 @@
 def get_luci_uid_gid():
 	luci = pwd.getpwnam(LUCI_USER)[2:4]
 	if not luci:
-		raise Exception, 'user lookup failed'
+		raise Exception, 'The user "%s" does not exist' % LUCI_USER
+
 	if len(luci) != 2:
-		raise Exception, 'user lookup failed'
+		raise Exception, 'Unable to determine the UID and GID of %s' % LUCI_USER
 	return luci
 
 def set_default_passwd_reset_flag():
 	# set flag marking admin password has been set
-	uid, gid = get_luci_uid_gid()
-	open(LUCI_ADMIN_SET_PATH, 'w').write('True')
+
+	try:
+		uid, gid = get_luci_uid_gid()
+	except Exception, e:
+		err.write('Unable to find the luci user\'s UID and GID: %s\n' % str(e))
+		return False
+
+	try:
+		open(LUCI_ADMIN_SET_PATH, 'w').write('True')
+	except IOError, e:
+		if e[0] != 2:
+			err.write('Unable to open "%s" for writing: %s\n' \
+				% (LUCI_ADMIN_SET_PATH, e[1]))
+			return False
+	except Exception, e:
+		err.write('Unable to open "%s" for writing: %s\n' \
+			% (LUCI_ADMIN_SET_PATH, str(e)))
+		return False
+
 	os.chown(LUCI_ADMIN_SET_PATH, uid, gid)
 	os.chmod(LUCI_ADMIN_SET_PATH, 0640)
 	return True
@@ -134,8 +163,8 @@
 	try:
 		return open(LUCI_ADMIN_SET_PATH, 'r').read(16).strip() == 'True'
 	except Exception, e:
-		verbose.write('Failed to write to "%s": %s\n' \
-			% (LUCI_ADMIN_SET_PATH, str(e)))
+		verbose.write('Error reading %s: %s\n' % (LUCI_ADMIN_SET_PATH, str(e)))
+		return False
 	return False
 
 def read_passwd(prompt, confirm_prompt):
@@ -144,51 +173,46 @@
 	while True:
 		s1 = getpass(prompt)
 		if len(s1) < 6:
-			sys.stderr.write('Passwords must be at least 6 characters long.\n')
+			err.write('Password has to be at least 6 characters long\n')
 			continue
 
 		if ' ' in s1 or '\t' in s1:
-			sys.stderr.write('Spaces are not allowed in passwords.\n')
+			err.write('Spaces are not allowed in passwords\n')
 			continue
 
 		s2 = getpass(confirm_prompt)
 		if s1 != s2:
-			sys.stderr.write('Passwords don\'t match. Try again.\n')
+			err.write('Password mismatch, try again\n')
 			continue
 		return s1
 
 def restore_luci_db_fsattr():
 	uid, gid = -1, -1
+
 	try:
 		uid, gid = get_luci_uid_gid()
-	except:
-		sys.stderr.write('Unable to determine the user and group of the luci user "%s"\n' \
-			% LUCI_USER)
+	except Exception, e:
+		err.write('Unable to find the luci user\'s UID and GID: %s\n' % str(e))
 		return -1
 
 	try:
 		os.chown(LUCI_DB_PATH, uid, gid)
 		os.chmod(LUCI_DB_PATH, 0600)
-		for ext in [ '.tmp', '.old', '.index', '.lock' ]:
-			cur_path = '%s%s' % (LUCI_DB_PATH, ext)
 
+		for fext in [ '.tmp', '.old', '.index', '.lock' ]:
+			cur_file = '%s%s' % (LUCI_DB_PATH, fext)
 			try:
-				os.chown(cur_path, uid, gid)
-				os.chmod(cur_path, 0600)
-			except OSError, eieio:
-				if eieio[0] != 2:
-					sys.stderr.write('Unable to change ownership of "%s" back to user "%s": %s\n' \
-						% (cur_path, LUCI_USER, str(eieio)))
-			except Exception, ei:
-				sys.stderr.write('Unable to change ownership of "%s" to user "%s": %s %r\n' \
-					% (cur_path, LUCI_USER, str(ei), ei))
+				os.chown(cur_file, uid, gid)
+				os.chmod(cur_file, 0600)
+			except Exception, e:
+				verbose.write('Error: %s: %s\n' % (cur_file, str(e)))
 	except Exception, e:
-		sys.stderr.write('Unable to change ownership of the Luci database "%s" back to user "%s": %s\n' \
-			% (LUCI_DB_PATH, LUCI_USER, str(e)))
+		err.write('Unable to change the ownership of the luci database back to user "%s": %s\n' % (LUCI_USER, str(e)))
 		return -1
 
 def set_zope_passwd(user, passwd):
 	sys.stderr = verbose
+
 	from ZODB.FileStorage import FileStorage
 	from ZODB.DB import DB
 	from OFS.Application import AppInitializer
@@ -198,43 +222,43 @@
 	from AccessControl.SecurityManagement import newSecurityManager
 	import transaction
 	import App.ImageFile
+
 	# Zope wants to open a www/ok.gif and images/error.gif
 	# when you initialize the application object. This keeps
 	# the AppInitializer(app).initialize() call below from failing.
 	App.ImageFile.__init__ = lambda x, y: None
-	sys.stderr = orig_stderr
 
+	sys.stderr = err
 	try:
 		fs = FileStorage(LUCI_DB_PATH)
 		db = DB(fs)
 		conn = db.open()
 	except IOError, e:
 		if e[0] == 11:
-			sys.stderr.write('It appears that the luci service is running. You must stop the luci service before using this tool to reset passwords.\n')
+			err.write('It appears that luci is running. Please stop luci before attempting to reset passwords.\n')
 			return -1
 		else:
-			sys.stderr.write('Unable to open the Luci database "%s": %s\n' \
+			err.write('Unable to open the luci database "%s": %s\n' \
 				% (LUCI_DB_PATH, str(e)))
 			return -1
 	except Exception, e:
-		sys.stderr.write('Unable to open the Luci database "%s": %s\n' \
+		err.write('Unable to open the luci database "%s": %s\n' \
 			% (LUCI_DB_PATH, str(e)))
 		return -1
 
 	try:
 		sys.stderr = verbose
 		tempuser = AccessControl.User.UnrestrictedUser('admin', '',
-					('manage', 'Manager', 'Owner', 'View', 'Authenticated'), [])
+					('manage','Manager', 'Owner', 'View', 'Authenticated'), [])
 
 		newSecurityManager(None, tempuser)
 
 		app = conn.root()['Application']
 		AppInitializer(app).initialize()
-		sys.stderr = orig_stderr
+		sys.stderr = err
 	except Exception, e:
-		sys.stderr = orig_stderr
-		sys.stderr.write('An error occurred while setting the password for user "%s": %s\n' \
-			% (user, str(e)))
+		sys.stderr = err
+		err.write('An error occurred while setting the password for user "%s": %s\n' % (user, str(e)))
 		return -1
 
 	ret = -1
@@ -242,15 +266,16 @@
 		pwd_scheme = SSHADigestScheme
 		pwd_hash = '{SSHA}%s' % pwd_scheme.encrypt(SSHADigestScheme(), passwd)
 		acl_users = app.acl_users.users
+
 		if len(acl_users):
 			acl_users._user_passwords[user] = pwd_hash
 			transaction.commit()
 			ret = 0
 		else:
-			raise Exception, 'failed to set password'
+			raise Exception, 'no admin user account exists'
 	except Exception, e:
-		sys.stderr = orig_stderr
-		sys.stderr.write('Unable to set the password for user "%s": %s\n' \
+		sys.stderr = err
+		err.write('Unable to set the password for user "%s": %s\n' \
 			% (user, str(e)))
 
 	conn.close()
@@ -266,33 +291,30 @@
 
 	return ret
 
-def luci_restore_certs(path, certList):
+def luci_restore_certs(certList):
 	if not certList or len(certList) < 1:
-		sys.stderr.write('Backup file "%s" contains no certificate data\n' \
-			% path)
-		sys.stderr.write('Please check that your backup file is not corrupt.\n')
+		err.write('Your backup file contains no certificate data. Please check that your backup file is not corrupt.\n')
 		return -1
 
 	certList = certList[0].getElementsByTagName('certificate')
 	if not certList or len(certList) < 1:
-		sys.stderr.write('Backup file "%s" contains no certificate data\n' \
-			% path)
-		sys.stderr.write('Please check that your backup file is not corrupt.\n')
+		err.write('Your backup file contains no certificate data. Please check that your backup file is not corrupt.\n')
 		return -1
 
+	uid, gid = -1, -1
 	try:
 		uid, gid = get_luci_uid_gid()
 	except Exception, e:
-		verbose.write('Error getting uid: %s' % str(e))
+		err.write('Unable to find the luci user\'s UID and GID: %s\n' \
+			% str(e))
 		return -1
 
 	for c in certList:
-		cert_path = c.getAttribute('name')
-		if not cert_path :
-			sys.stderr.write('Backup file "%s" is missing the "name" attribute for a certificate.\n' \
-				% path)
+		path = c.getAttribute('name')
+		if not path:
+			err.write('Missing "name" field for certificate.\n')
 			return -1
-		cert_path = '%s%s' % (LUCI_CERT_DIR, str(cert_path))
+		path = '%s%s' % (LUCI_CERT_DIR, str(path))
 
 		mode = c.getAttribute('mode')
 		if not mode:
@@ -302,40 +324,33 @@
 
 		data = c.firstChild
 		if not data or not data.wholeText:
-			sys.stderr.write('Backup file "%s" contains no certificate data.\n' \
-				% path)
+			err.write('"%s" contains no certificate data.' % path)
 			return -1
 
 		# Because .prettyprint() was called to write the backup..
 		data = data.wholeText.strip()
 		if len(data) < 1:
-			sys.stderr.write('Backup file "%s" contains no certificate data.\n' \
-				% path)
+			err.write('"%s" contains no certificate data.' % path)
 			return -1
 		data = str(data)
 
 		try:
-			f = file(cert_path, 'wb+')
-		except Exception, e:
-			sys.stderr.write('Unable to open certificate file "%s" for writing: %s\n' \
-				% (cert_path, str(e)))
-			return -1
-
-		try:
-			os.chown(path, uid, gid)
-			os.chmod(path, mode)
-			f.write(data)
-			f.write('\n')
-			f.close()
+			f = file(path, 'wb+')
 		except Exception, e:
-			sys.stderr.write('Unable to restore certificate file "%s": %s\n' \
-				% (cert_path, str(e)))
+			err.write('Unable to create "%s" for writing: %s\n' \
+				% (path, str(e)))
 			return -1
 
+		os.chmod(path, mode)
+		f.write('%s\n' % data)
+		os.chown(path, uid, gid)
+		f.close()
 	return None
 
+
 def luci_restore(argv):
 	sys.stderr = verbose
+
 	from ZODB.FileStorage import FileStorage
 	from ZODB.DB import DB
 	from OFS.Application import AppInitializer
@@ -347,7 +362,7 @@
 	from DateTime import DateTime
 
 	App.ImageFile.__init__ = lambda x, y: None
-	sys.stderr = orig_stderr
+	sys.stderr = err
 
 	if len(argv) > 0:
 		dbfn = argv[0]
@@ -366,38 +381,35 @@
 		conn = db.open()
 	except IOError, e:
 		if e[0] == 11:
-			sys.stderr.write('It appears that the luci service is running.\n')
-			sys.stderr.write('You must stop the luci service before using this tool restore from a backup.\n')
+			err.write('It appears that luci is running. Please stop luci before attempting to restore your installation.\n')
 			return -1
 		else:
-			sys.stderr.write('Unable to open the Luci database "%s": %s\n' \
+			err.write('Unable to open the luci database "%s": %s\n' \
 				% (dbfn, str(e)))
 			return -1
 	except Exception, e:
-		sys.stderr.write('Unable to open the Luci database "%s": %s\n' \
+		err.write('Unable to open the luci database "%s": %s\n' \
 			% (dbfn, str(e)))
 		return -1
 
 	try:
 		node = xml.dom.minidom.parse(backupfn)
 	except Exception, e:
-		sys.stderr.write('Unable to parse backup data contained in file "%s": %s\n' \
+		err.write('Unable to open the luci backup file "%s": %s\n' \
 			% (backupfn, str(e)))
 		return -1
 
 	node = node.getElementsByTagName('luci')
 	if not node or len(node) < 1:
-		sys.stderr.write('Backup file "%s" is missing the "luci" XML tag.\n' \
-			% backupfn)
+		err.write('Backup file is missing the "luci" XML tag\n')
 		return -1
 
 	node = node[0].getElementsByTagName('backupData')
 	if not node or len(node) < 1:
-		sys.stderr.write('Backup file "%s" is missing the "backupData" XML tag\n' \
-			% backupfn)
+		err.write('Backup file is missing the "backupData" XML tag\n')
 		return -1
-
 	node = node[0]
+
 	try:
 		sys.stderr = verbose
 		tempuser = AccessControl.User.UnrestrictedUser('admin', '',
@@ -407,11 +419,10 @@
 
 		app = conn.root()['Application']
 		AppInitializer(app).initialize()
-		sys.stderr = orig_stderr
+		sys.stderr = err
 	except Exception, e:
-		sys.stderr = orig_stderr
-		sys.stderr.write('An error occurred while restoring from backup file "%s": %s\n' \
-			% (backupfn, str(e)))
+		sys.stderr = err
+		err.write('An error occurred while initializing the luci installation for restoration from backup: %s\n' % str(e))
 		return -1
 
 	try:
@@ -419,59 +430,53 @@
 		portal_mem = app.luci.portal_membership
 		portal_reg = app.luci.portal_registration
 		if not (acl_users and len(acl_users) and portal_mem and portal_reg):
-			raise Exception, 'no users are present'
+			raise Exception, 'no admin user account exists'
 	except Exception, e:
-		sys.stderr.write('Your Luci installation appears to be corrupt: %s' % str(e))
+		err.write('Your luci installation appears to be corrupt: %s\n' % str(e))
 		return -1
 
 	userList = node.getElementsByTagName('userList')
 	if not userList or len(userList) < 1:
-		sys.stderr.write('Backup file "%s" contains no users.\n' % backupfn)
-		sys.stderr.write('The admin user must exist.\n')
-		sys.stderr.write('Please check that your backup file is not corrupt.\n')
+		err.write('Your backup file contains no users. At the very least, the admin user must exist. Please check that your backup file is not corrupt.\n')
 		return -1
 
 	userList = userList[0].getElementsByTagName('user')
 	if not userList or len(userList) < 1:
-		sys.stderr.write('Backup file "%s" contains no users.\n' % backupfn)
-		sys.stderr.write('The admin user must exist.\n')
-		sys.stderr.write('Please check that your backup file is not corrupt.\n')
+		err.write('Your backup file contains no users. At the very least, the admin user must exist. Please check that your backup file is not corrupt.\n')
 		return -1
 
 	for u in userList:
-		uid = u.getAttribute('id')
-		if not uid:
+		id = u.getAttribute('id')
+		if not id:
 			transaction.abort()
-			sys.stderr.write('Missing the id attribute for a user in backup file "%s"\n' \
-				% backupfn)
+			err.write('Missing ID for user\n')
 			return -1
-		uid = str(uid)
+		id = str(id)
 
 		passwd = u.getAttribute('passwd')
 		if not passwd:
 			transaction.abort()
-			sys.stderr.write('Missing password for user "%s" in backup file "%s"\n' \
-				% (uid, backupfn))
+			err.write('Missing password for user "%s"\n' % id)
 			return -1
 		passwd = str(passwd)
 
-		if uid == 'admin':
+		if id == 'admin':
 			try:
 				acl_users._user_passwords['admin'] = passwd
 			except Exception, e:
 				transaction.abort()
-				sys.stderr.write('Unable to restore admin password from backup file "%s": %s\n' \
-					% (backupfn, str(e)))
+				err.write('Unable to restore admin password: %s\n' \
+					% str(e))
 				return -1
 		else:
 			email = u.getAttribute('email')
 			if not email:
-				email = '%s luci example org' % uid
+				email = '%s luci example org' % id
 			else:
 				email = str(email)
 
 			props = {
-				'username': uid,
+				'username': id,
 				'roles': [ 'Member' ],
 				'domains': [],
 				'email': email,
@@ -492,38 +497,35 @@
 				if must_change_passwd == 'True' or '1':
 					props['must_change_password'] = True
 
-			portal_reg.addMember(uid, passwd, props)
+			portal_reg.addMember(id, passwd, props)
 
-			member = portal_mem.getMemberById(uid)
+			member = portal_mem.getMemberById(id)
 			if not member:
 				transaction.abort()
-				sys.stderr.write('An error occurred while restoring the user "%s" from backup file "%s"\n' \
-					% (uid, backupfn))
+				err.write('An error occurred while restoring the user "%s"\n' \
+					% id)
 				return -1
 
 			try:
 				aclu = app.luci.acl_users.source_users
 				if aclu and len(aclu):
-					aclu._user_passwords[uid] = passwd
+					aclu._user_passwords[id] = passwd
 				else:
-					raise Exception, 'unable to set password for %s' % uid
+					raise Exception, 'unable to set password for %s' % id
 			except Exception, e:
 				transaction.abort()
-				sys.stderr.write('An error occurred while restoring the password for user "%s" from backup file "%s": %s\n'
-					% (uid, backupfn, str(e)))
+				err.write('An error occurred while restoring the password for user "%s": %s\n' % (id, str(e)))
 				return -1
-			verbose.write('Added user "%s"' % uid)
+			verbose.write('Added user "%s"\n' % id)
 	transaction.commit()
 
 	try:
 		x = app.luci.systems.storage
 		if not x:
-			raise
+			raise Exception, 'no storage directory'
 	except Exception, e:
 		transaction.abort()
-		sys.stderr.write('Cannot find the Luci storage systems directory.\n')
-		sys.stderr.write('Your Luci installation may be corrupt.\n')
-		sys.stderr.write('Server error: %s\n' % str(e))
+		err.write('Cannot find the luci storage systems directory. Your luci installation may be corrupt.\n')
 		return -1
 
 	systemList = node.getElementsByTagName('systemList')
@@ -535,58 +537,59 @@
 			verbose.write('No storage systems to add\n')
 
 	for s in systemList:
-		uid = s.getAttribute('id')
-		if not uid:
+		id = s.getAttribute('id')
+		if not id:
 			transaction.abort()
-			sys.stderr.write('Missing ID for storage system. Your backup may be corrupt.\n')
+			err.write('Missing ID for storage system. Your backup may be corrupt.\n')
 			return -1
-		uid = str(uid)
+		id = str(id)
 		try:
 			title = str(s.getAttribute('title'))
 		except:
-			title = '__luci__:system'
+			title = ''
 
-		x.manage_addFolder(uid, title)
+		x.manage_addFolder(id, title)
 		try:
-			new_system = app.luci.systems.storage.get(uid)
+			new_system = app.luci.systems.storage.get(id)
+
 			if not new_system:
-				raise
+				raise Exception, 'unable to add system %s' % id
+
 			new_system.manage_acquiredPermissions([])
-			new_system.manage_role('View', [ 'Access contents information', 'View' ])
+			new_system.manage_role('View',
+				[ 'Access contents information', 'View' ])
 		except Exception, e:
 			transaction.abort()
-			sys.stderr.write('An error occurred while restoring storage system "%s": %s\n' \
-				% (uid, str(e)))
+			err.write('An error occurred while restoring storage system "%s": %s\n' % (id, str(e)))
 			return -1
 
 		userPerms = s.getElementsByTagName('permList')
 		if not userPerms or len(userPerms) < 1:
-			verbose.write('Added storage system "%s"\n' % uid)
+			verbose.write('Added storage system "%s"\n' % id)
 			continue
+
 		userPerms = userPerms[0].getElementsByTagName('ref')
 		for i in userPerms:
 			newuser = i.getAttribute('name')
 			if not newuser:
 				continue
+
 			try:
-				new_system.manage_setLocalRoles(newuser, ['View'])
-				verbose.write('Added view permission to storage system "%s" for "%s"\n' \
-					% (uid, newuser))
+				new_system.manage_setLocalRoles(newuser, [ 'View' ])
+				verbose.write('Added view permission to storage system "%s" for "%s"\n' % (id, newuser))
 			except Exception, e:
-				sys.stderr.write('An error occurred while restoring permission for storage system "%s" for "%s": %s\n' \
-					% (uid, newuser, str(e)))
+				err.write('An error occurred while restoring permission for system "%s" for user "%s": %s\n' % (id, newuser, str(e)))
 
-		verbose.write('Added storage system "%s"\n' % uid)
+		verbose.write('Added storage system "%s"\n' % id)
 		transaction.commit()
 
 	try:
 		x = app.luci.systems.cluster
 		if not x:
 			raise
-	except Exception, e:
+	except:
 		transaction.abort()
-		sys.stderr.write('Cannot find the Luci cluster directory. Your Luci installation may be corrupt.\n')
-		sys.stderr.write('Error reported: %s\n' % str(e))
+		err.write('Cannot find the luci cluster directory. Your luci installation may be corrupt.\n')
 		return -1
 
 	clusterList = node.getElementsByTagName('clusterList')
@@ -598,31 +601,32 @@
 			verbose.write('No clusters to add\n')
 
 	for c in clusterList:
-		uid = c.getAttribute('id')
-		if not uid:
+		id = c.getAttribute('id')
+		if not id:
 			transaction.abort()
-			sys.stderr.write('Cluster element is missing id attribute\n')
+			err.write('Cluster element is missing id\n')
 			return -1
-		uid = str(id)
+		id = str(id)
 
 		title = c.getAttribute('title')
 		if not title:
-			title = '__luci__:cluster'
+			title = ''
 		else:
 			title = str(title)
 
 		try:
-			x.manage_addFolder(uid, title)
-			new_cluster = app.luci.systems.cluster.get(uid)
+			x.manage_addFolder(id, title)
+			new_cluster = app.luci.systems.cluster.get(id)
 
 			if not new_cluster:
-				raise
+				raise Exception, 'unable to add cluster %s' % id
+
 			new_cluster.manage_acquiredPermissions([])
-			new_cluster.manage_role('View', [ 'Access contents information', 'View' ])
+			new_cluster.manage_role('View',
+				[ 'Access contents information', 'View' ])
 		except Exception, e:
 			transaction.abort()
-			sys.stderr.write('An error occurred while restoring the cluster "%s": %s\n' \
-				% (uid, str(e)))
+			err.write('An error occurred while restoring the cluster "%s": %s\n' % (id, str(e)))
 			return -1
 
 		viewperm = list()
@@ -637,63 +641,60 @@
 				newuser = str(newuser)
 
 				try:
-					new_cluster.manage_setLocalRoles(newuser, ['View'])
-					verbose.write('Added view permission to cluster "%s" for "%s"\n' \
-						% (uid, newuser))
+					new_cluster.manage_setLocalRoles(newuser, [ 'View' ])
+					verbose.write('Added view permission to cluster "%s" for "%s"\n' % (id, newuser))
 				except Exception, e:
-					sys.stderr.write('An error occurred while restoring permission for cluster "%s" for "%s": %s' \
-						% (uid, newuser, str(e)))
+					err.write('An error occurred while restoring permission for cluster "%s" for user "%s"\n' % (id, newuser))
 				viewperm.append(newuser)
 
 		clusterSystems = c.getElementsByTagName('csystemList')
 		if not clusterSystems or len(clusterSystems) < 1:
-			verbose.write('Cluster "%s" has no storage systems\n' % uid)
+			verbose.write('Cluster "%s" has no nodes\n' % id)
 		else:
 			clusterSystems = clusterSystems[0].getElementsByTagName('csystem')
 			for i in clusterSystems:
 				newsys = i.getAttribute('id')
 				if not newsys:
 					transaction.abort()
-					sys.stderr.write('Storage system missing id attribute for cluster "%s"\n' \
-						% uid)
+					err.write('Missing node name for cluster "%s"\n' % id)
 					return -1
 
 				newsys = str(newsys)
 				stitle = i.getAttribute('title')
 				if not stitle:
-					stitle = '__luci__:csystem:%s' % uid
+					stitle = ''
 				else:
 					stitle = str(stitle)
 
 				try:
 					new_cluster.manage_addFolder(newsys, stitle)
-					newcs = app.luci.systems.cluster.get(uid).get(newsys)
+					newcs = app.luci.systems.cluster.get(id).get(newsys)
 					if not newcs:
-						raise
+						raise Exception, 'unable to add node %s to cluster %s' \
+								% (newsys, id)
+
 					newcs.manage_acquiredPermissions([])
-					newcs.manage_role('View', [ 'Access contents information', 'View' ])
+					newcs.manage_role('View',
+						[ 'Access contents information', 'View' ])
 				except Exception, e:
 					transaction.abort()
-					sys.stderr.write('An error occurred while restoring the storage system "%s" for cluster "%s": %s' \
-						% (newsys, uid, str(e)))
+					err.write('An error occurred while restoring node "%s" for cluster "%s": %s\n' % (newsys, id, str(e)))
 					return -1
 				transaction.commit()
 
 				try:
 					for i in viewperm:
-						newcs.manage_setLocalRoles(i, ['View'])
-						verbose.write('Added view permission to cluster system "%s" for "%s"\n' \
-							% (newsys, i))
-				except:
+						newcs.manage_setLocalRoles(i, [ 'View' ])
+						verbose.write('Added view permission to node "%s" in cluster "%s" for user "%s"\n' % (newsys, id, i))
+				except Exception, e:
 					transaction.abort()
-					sys.stderr.write('An error occurred while restoring permissions for cluster system "%s" in cluster "%s" for user "%s"\n' \
-						% (newsys, uid, i))
+					err.write('An error occurred while restoring view permission to node "%s" in cluster "%s" for user "%s"\n' % (newsys, id, i))
 					return -1
 
-				verbose.write('Added storage system "%s" for cluster "%s"\n' \
-					% (newsys, uid))
+				verbose.write('Added node "%s" to cluster "%s"\n' \
+					% (newsys, id))
 
-		verbose.write('Added cluster "%s"\n' % uid)
+		verbose.write('Added cluster "%s"\n' % id)
 		transaction.commit()
 
 	transaction.commit()
@@ -704,35 +705,34 @@
 
 	certList = node.getElementsByTagName('certificateList')
 	if not certList or len(certList) < 1:
-		sys.stderr.write('Backup file "%s" contains no certificate data.\n' \
-			% backupfn)
+		err.write('No certificate data was found.\n')
 		return -1
 
-	if luci_restore_certs(backupfn, certList):
-		sys.stderr.write('An error occurred while restoring certificate data.\n')
+	if luci_restore_certs(certList):
+		err.write('An error occurred while restoring certificate data.\n')
 		return -1
 
 	return 0
 
 # This function's ability to work is dependent
-# upon the structure of @ddict
-def dataToXML(doc, ddict, tltag):
+# upon the structure of @obj_dict
+def dataToXML(doc, obj_dict, tltag):
 	node = doc.createElement(tltag)
-	for i in ddict:
-		if isinstance(ddict[i], types.DictType):
+	for i in obj_dict:
+		if isinstance(obj_dict[i], types.DictType):
 			if i[-4:] == 'List':
 				tagname = i
 			else:
 				tagname = tltag[:-4]
-			temp = dataToXML(doc, ddict[i], tagname)
+			temp = dataToXML(doc, obj_dict[i], tagname)
 			node.appendChild(temp)
-		elif isinstance(ddict[i], types.StringType) or isinstance(ddict[i], types.IntType):
-			node.setAttribute(i, str(ddict[i]))
-		elif isinstance(ddict[i], types.ListType):
-			if len(ddict[i]) < 1:
+		elif isinstance(obj_dict[i], types.StringType) or isinstance(obj_dict[i], types.IntType):
+			node.setAttribute(i, str(obj_dict[i]))
+		elif isinstance(obj_dict[i], types.ListType):
+			if len(obj_dict[i]) < 1:
 				continue
 			temp = doc.createElement(i)
-			for x in ddict[i]:
+			for x in obj_dict[i]:
 				t = doc.createElement('ref')
 				t.setAttribute('name', x)
 				temp.appendChild(t.cloneNode(True))
@@ -741,6 +741,7 @@
 
 def luci_backup(argv):
 	sys.stderr = verbose
+
 	from ZODB.FileStorage import FileStorage
 	from ZODB.DB import DB
 	from OFS.Application import AppInitializer
@@ -748,10 +749,11 @@
 	import AccessControl.User
 	from AccessControl.SecurityManagement import newSecurityManager
 	import transaction
-	import CMFPlone
+	from CMFPlone.utils import getToolByName
 	import App.ImageFile
+
 	App.ImageFile.__init__ = lambda x, y: None
-	sys.stderr = orig_stderr
+	sys.stderr = err
 
 	if len(argv) > 0:
 		dbfn = argv[0]
@@ -765,14 +767,14 @@
 		conn = db.open()
 	except IOError, e:
 		if e[0] == 11:
-			sys.stderr.write('It appears that Luci is running. Please stop Luci before attempting to backup your installation.\n')
+			err.write('It appears that luci is running. Please stop luci before attempting to backup your installation.\n')
 			return -1
 		else:
-			sys.stderr.write('Unable to open the Luci database "%s: %s\n' \
+			err.write('Unable to open the luci database "%s": %s\n' \
 				% (dbfn, str(e)))
 			return -1
 	except Exception, e:
-		sys.stderr.write('Unable to open the Luci database "%s: %s\n' \
+		err.write('Unable to open the luci database "%s": %s\n' \
 			% (dbfn, str(e)))
 		return -1
 
@@ -785,11 +787,10 @@
 
 		app = conn.root()['Application']
 		AppInitializer(app).initialize()
-		sys.stderr = orig_stderr
+		sys.stderr = err
 	except Exception, e:
-		sys.stderr = orig_stderr
-		sys.stderr.write('An error occurred while initializing luci for restore from backup: %s\n' \
-			% str(e))
+		sys.stderr = err 
+		err.write('An error occurred while initializing the luci installation for restoration from backup: %s\n' % str(e))
 		return -1
 
 	app.luci.portal_memberdata.pruneMemberDataContents()
@@ -798,10 +799,9 @@
 	try:
 		acl_users = app.acl_users.users
 		if not (acl_users and len(acl_users)):
-			raise Exception, 'no luci users exist'
+			raise Exception, 'no admin user account exists'
 	except Exception, e:
-		sys.stderr.write('Your Luci installation appears to be corrupt: %s\n' \
-			% str(e))
+		err.write('Your luci installation appears to be corrupt: %s\n' % str(e))
 		return -1
 
 	users = {}
@@ -811,15 +811,15 @@
 	try:
 		acl_users = app.acl_users.users
 		if len(acl_users) < 1:
-			raise Exception, 'no users exist'
+			raise Exception, 'no admin user account exists'
 
 		users['admin'] = {
 			'id': 'admin',
 			'name': 'admin',
 			'passwd': app.acl_users.users._user_passwords['admin']
 		}
-	except:
-		sys.stderr.write('Unable to find the luci admin user.\n')
+	except Exception, e:
+		err.write('Unable to find the admin user account: %s\n' % str(e))
 		return -1
 
 	acl_users = app.luci.acl_users.source_users
@@ -833,17 +833,15 @@
 				}
 			except Exception, e:
 				try:
-					sys.stderr.write('An error occurred while saving details for user "%s": %s' \
-						% (i[0], str(e)))
+					err.write('An error occurred while saving details for user "%s": %s\n' % (i[0], str(e)))
 				except:
-					sys.stderr.write('An error occurred while saving user information: %s' \
-						% str(e))
+					err.write('An error occurred while saving user information.\n')
 				return -1
 
 	try:
-		membertool = CMFPlone.utils.getToolByName(app.luci, 'portal_membership')
+		membertool = getToolByName(app.luci, 'portal_membership')
 		if not membertool:
-			raise Exception, 'unable to retrieve luci users'
+			raise Exception, 'unable to find user list'
 
 		for mem in membertool.listMembers():
 			try:
@@ -856,14 +854,13 @@
 					% str(e1))
 				continue
 	except Exception, e:
-		verbose.write('Error retrieving luci user data: %s\n' % str(e))
+		verbose.write('Error: %s\n' % str(e))
 
 	try:
 		storagedir = app.luci.systems.storage
 		clusterdir = app.luci.systems.cluster
-	except Exception, e:
-		sys.stderr.write('Your Luci installation appears to be corrupt.\n')
-		sys.stderr.write('Server error: %s\n' % str(e))
+	except:
+		err.write('Your luci installation appears to be corrupt.')
 		return -1
 
 	if storagedir and len(storagedir):
@@ -903,7 +900,7 @@
 				if hasattr(csystem[1], 'title'):
 					csystem_hash['title'] = getattr(csystem[1], 'title')
 				else:
-					csystem_hash['title'] = '__luci__:csystem:' + cluster_name
+					csystem_hash['title'] = '__luci__:csystem:%s' % cluster_name
 				clusters[cluster_name]['csystemList'][csystem[0]] = csystem_hash
 
 	transaction.commit()
@@ -912,7 +909,7 @@
 	db.close()
 	fs.close()
 
-	backup = {
+	backup_data = {
 		'userList': users,
 		'systemList': systems,
 		'clusterList': clusters
@@ -921,7 +918,7 @@
 	doc = xml.dom.minidom.Document()
 	luciData = doc.createElement('luci')
 	doc.appendChild(luciData)
-	dataNode = dataToXML(doc, backup, 'backupData')
+	dataNode = dataToXML(doc, backup_data, 'backupData')
 
 	certList = doc.createElement('certificateList')
 	for i in ssl_key_data:
@@ -931,9 +928,11 @@
 			certfile.close()
 
 			if len(output) < 1:
-				raise
-		except:
-			sys.stderr.write('Unable to read "%s"\n' % i['id'])
+				raise Exception, '%s contains no data' % i['id']
+		except Exception, e:
+			err.write('Unable to read certificate data from "%s": %s\n' \
+				% (i['id'], str(e)))
+
 			# An error backing up anything other than the config
 			# is fatal.
 			if i['type'] != 'config':
@@ -944,7 +943,7 @@
 		certNode.setAttribute('name', i['name'])
 		certNode.setAttribute('type', i['type'])
 		certNode.setAttribute('mode', str(oct(i['mode'])))
-		textNode = doc.createTextNode('\n' + output)
+		textNode = doc.createTextNode('\n%s' % output)
 		certNode.appendChild(textNode)
 		certList.appendChild(certNode)
 
@@ -953,9 +952,10 @@
 
 	return doc
 
-def _execWithCaptureErrorStatus(command, argv, searchPath = 0, root = '/', stdin = 0, catchfd = 1, catcherrfd = 2, closefd = -1):
-	if not os.access (root + command, os.X_OK):
-		raise RuntimeError, '%s%s is not executable' % (root, command)
+
+def exec_cmd(command, argv, searchPath = 0, root = '/', stdin = 0, catchfd = 1, catcherrfd = 2, closefd = -1):
+	if not os.access ('%s%s' % (root, command), os.X_OK):
+		raise RuntimeError, '%s is not executable' % command
 
 	(read, write) = os.pipe()
 	(read_err, write_err) = os.pipe()
@@ -964,7 +964,7 @@
 	if (not childpid):
 		# child
 		if (root and root != '/'):
-			os.chroot(root)
+			os.chroot (root)
 		if isinstance(catchfd, tuple):
 			for fd in catchfd:
 				os.dup2(write, fd)
@@ -1001,18 +1001,18 @@
 	rc_err = ""
 	in_list = [read, read_err]
 	while len(in_list) != 0:
-		i, o, e = select.select(in_list, [], [], 0.1)
+		i, o, e = select(in_list, [], [], 0.1)
 		for fd in i:
 			if fd == read:
-				s = os.read(read, 1024)
+				s = os.read(read, 4096)
 				if s == '':
 					in_list.remove(read)
-				rc = rc + s
+				rc = '%s%s' % (rc, s)
 			if fd == read_err:
-				s = os.read(read_err, 1024)
+				s = os.read(read_err, 4096)
 				if s == '':
 					in_list.remove(read_err)
-				rc_err = rc_err + s
+				rc_err = '%s%s' % (rc_err, s)
 
 	os.close(read)
 	os.close(read_err)
@@ -1021,7 +1021,7 @@
 	try:
 		(pid, status) = os.waitpid(childpid, 0)
 	except OSError, (errno, msg):
-		sys.stderr.write('%s waitpid: %s\n' % (__name__ , msg))
+		err.write('%s waitpid: %s\n' % (__name__,  msg))
 
 	if os.WIFEXITED(status):
 		status = os.WEXITSTATUS(status)
@@ -1030,6 +1030,7 @@
 
 	return (rc, rc_err, status)
 
+
 def luci_initialized():
 	# existence of privkey.pem file and
 	# admin password (not the one Data.fs comes with)
@@ -1040,18 +1041,18 @@
 
 def generate_ssl_certs():
 	command = '/bin/rm'
-	args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
-	_execWithCaptureErrorStatus(command, args)
+	args = [ command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH ]
+	exec_cmd(command, args)
 
 	# /usr/bin/openssl genrsa -out /var/lib/luci/var/certs/privkey.pem 2048 > /dev/null 2>&1
 	command = '/usr/bin/openssl'
-	args = [command, 'genrsa', '-out', SSL_PRIVKEY_PATH, '2048']
-	_execWithCaptureErrorStatus(command, args)
+	args = [ command, 'genrsa', '-out', SSL_PRIVKEY_PATH, '2048' ]
+	exec_cmd(command, args)
 
 	# /usr/bin/openssl req -new -x509 -key /var/lib/luci/var/certs/privkey.pem -out /var/lib/luci/var/certs/cacert.pem -days 1825 -config /var/lib/luci/var/certs/cacert.config
 	command = '/usr/bin/openssl'
-	args = [command, 'req', '-new', '-x509', '-key', SSL_PRIVKEY_PATH, '-out', SSL_PUBKEY_PATH, '-days', '1825', '-config', SSL_KEYCONFIG_PATH]
-	_execWithCaptureErrorStatus(command, args)
+	args = [ command, 'req', '-new', '-x509', '-key', SSL_PRIVKEY_PATH, '-out', SSL_PUBKEY_PATH, '-days', '1825', '-config', SSL_KEYCONFIG_PATH ]
+	exec_cmd(command, args)
 
 	# take ownership and restrict access
 	try:
@@ -1061,92 +1062,96 @@
 		os.chmod(SSL_PRIVKEY_PATH, 0600)
 		os.chmod(SSL_PUBKEY_PATH, 0644)
 	except Exception, e:
-		verbose.write('Error setting SSL cert file perms: %s\n' % str(e))
+		err.write('Error generating SSL certificates: %s\n' % str(e))
 		command = '/bin/rm'
-		args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
-		_execWithCaptureErrorStatus(command, args)
+		args = [ command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH ]
+		exec_cmd(command, args)
 		return False
 
 	return True
 
 def restart_message():
-	print
-	print
-	print 'Restart the Luci server for changes to take effect'
-	print 'eg. service luci restart'
-	print
-	return
+	print '\n\nYou must restart the luci server for changes to take effect.\n'
+	print 'Run "service luci restart" to do so\n'
 
 def init(argv):
 	if luci_initialized():
-		sys.stderr.write('Luci site has been already initialized.\n')
-		sys.stderr.write('If you want to reset admin password, execute\n')
-		sys.stderr.write('\t%s password\n' % argv[0])
+		err.write('luci site has been already initialized.\n')
+		err.write('If you want to reset admin password, execute\n')
+		err.write('\t%s password\n' % argv[0])
 		sys.exit(1)
 
-	print 'Initializing the Luci server\n'
-
+	print 'Initializing the luci server\n'
 	print '\nCreating the \'admin\' user\n'
-	pwd_str = read_passwd('Enter password: ', 'Confirm password: ')
+
+	new_password = read_passwd('Enter password: ', 'Confirm password: ')
+
 	print '\nPlease wait...'
-	if not set_zope_passwd('admin', pwd_str):
+
+	if not set_zope_passwd('admin', new_password):
 		restore_luci_db_fsattr()
 		print 'The admin password has been successfully set.'
 	else:
-		sys.stderr.write('Unable to set the admin user\'s password.\n')
+		err.write('Unable to set the admin user\'s password.\n')
 		sys.exit(1)
 
-	print 'Generating SSL certificates...'
+	print 'Generating SSL certificates... '
 	if generate_ssl_certs() == False:
-		sys.stderr.write('failed. exiting ...\n')
 		sys.exit(1)
 
-	print 'Luci server has been successfully initialized'
+	print 'The luci server has been successfully initialized'
 	restart_message()
 
-	return
-
 def password(argv):
-	pwd_str = None
+	passwd = None
+
+	ret = exec_cmd('/sbin/service', [ 'service', 'luci', 'status' ])
+	if ret[2] == 0:
+		err.write('You must stop the luci server before attempting to set the admin password.\n')
+		sys.exit(1)
+
 	if '--random' in argv:
-		print 'Setting the admin user\'s password to a random value.\n'
+		print 'Setting the admin user password to a random string...\n'
+
 		try:
 			rand = open('/dev/urandom', 'r')
-			pwd_str = rand.read(16)
+			passwd = rand.read(16)
 			rand.close()
 		except Exception, e:
-			sys.stderr.write('Unable to read from /dev/urandom: %s\n' % str(e))
+			err.write('Unable to read from /dev/urandom: %s\n' % str(e))
 			sys.exit(1)
 	else:
 		if not luci_initialized():
-			sys.stderr.write('The Luci site has not been initialized.\n')
-			sys.stderr.write('To initialize it, execute:\n')
-			sys.stderr.write('\t%s init\n' % argv[0])
+			err.write('The luci site has not been initialized.\n')
+			err.write('To initialize it, execute\n')
+			err.write('\t%s init\n' % argv[0])
 			sys.exit(1)
 
-		print 'Resetting the admin user\'s password\n'
-		pwd_str = read_passwd('Enter new password: ', 'Confirm password: ')
+		print 'Setting the admin user\'s password\n'
+		passwd = read_passwd('Enter new password: ', 'Confirm password: ')
 
 	print '\nPlease wait...'
-	if not set_zope_passwd('admin', pwd_str):
-		print 'The admin password has been successfully reset.'
+	if not set_zope_passwd('admin', passwd):
+		print 'The admin password has been successfully set.'
 	else:
-		sys.stderr.write('Unable to set the admin user\'s password.\n')
 		sys.exit(1)
 
 	restart_message()
 
-	return
-
-def backup_db(argv):
+def backup(argv):
 	# If the site hasn't been initialized, there's nothing to
 	# save, and luci_backup() will fail
 	if not luci_initialized():
-		print 'The Luci site has not been initialized\n'
-		print 'Nothing to backup\n'
+		print 'The luci site has not been initialized\n'
+		print 'There is nothing to backup\n'
 		sys.exit(0)
 
-	print 'Backing up the Luci server...'
+	ret = exec_cmd('/sbin/service', [ 'service', 'luci', 'status' ])
+	if ret[2] == 0:
+		err.write('You must stop the luci server before backing up the luci database.\n')
+		sys.exit(1)
+
+	print 'Backing up the luci server...'
 
 	try:
 		os.umask(077)
@@ -1156,7 +1161,7 @@
 	doc = luci_backup(argv[2:])
 	restore_luci_db_fsattr()
 	if doc == -1:
-		sys.stderr.write('The Luci backup failed. Exiting.\n')
+		err.write('The luci backup failed. Exiting.\n')
 		sys.exit(1)
 
 	try:
@@ -1165,18 +1170,15 @@
 		# races.
 		os.stat(LUCI_BACKUP_PATH)
 		trynum = 1
-		basename = '/luci_backup-'
 
 		while True:
-			oldbackup = '%s%s%s.xml' % (LUCI_BACKUP_DIR, basename, str(trynum))
+			oldbackup = '%s/luci-backup-%d.xml' % (LUCI_BACKUP_DIR, trynum)
 			if not os.path.exists(oldbackup):
 				try:
 					os.rename(LUCI_BACKUP_PATH, oldbackup)
-				except Exception, e1:
-					sys.stderr.write('Unable to rename the existing backup file "%s" to "%s": %s\n' \
-						% (LUCI_BACKUP_PATH, oldbackup, str(e1)))
-					sys.stderr.write('The Luci backup failed.\n')
-					sys.exit(1)
+				except Exception, e:
+					err.write('Unable to rename the existing backup file "%s" to "%s": %s\n' % (LUCI_BACKUP_PATH, oldbackup, str(e)))
+					err.write('The luci backup failed.\n')
 				break
 			trynum += 1
 	except OSError, e:
@@ -1185,33 +1187,35 @@
 
 	try:
 		f = file(LUCI_BACKUP_PATH, 'wb+')
-	except:
-		sys.stderr.write('Unable to open the file "%s" to write backup data.\n'
-			% LUCI_BACKUP_PATH)
-		sys.stderr.write('The Luci backup failed.\n')
+	except Exception, e:
+		err.write('Unable to open "%s" to write the backup: %s\n' \
+			% (LUCI_BACKUP_PATH, str(e)))
+		err.write('The luci backup failed.\n')
 		sys.exit(1)
 
 	try:
 		os.chmod(LUCI_BACKUP_PATH, 0600)
 	except OSError, e:
-		sys.stderr.write('An error occurred while setting file permissions on backup file "%s": %s\n' \
-			% (LUCI_BACKUP_PATH, str(e)))
-		sys.stderr.write('Please check that this file is not world-readable.\n')
+		err.write('An error occurred while setting file system permissions for "%s": %s\n' % (LUCI_BACKUP_PATH, str(e)))
+		err.write('Please ensure this file is not world-readable.\n')
 
 	try:
 		f.write(doc.toprettyxml())
 		f.close()
 	except Exception, e:
-		sys.stderr.write('An error occurred while writing backup file "%s": %s\n' \
-			% (LUCI_BACKUP_PATH, str(e)))
-		sys.stderr.write('Luci backup failed.\n')
+		err.write('The luci backup failed: %s\n' % str(e))
 		sys.exit(1)
 
-	print 'The luci backup procedure was successful.'
-	print 'Backup data is contained in the file "%s"' % LUCI_BACKUP_PATH
+	print 'The luci backup was successful.\n'
+	print 'The backup data is contained in the file "%s"\n' % LUCI_BACKUP_PATH
+
+def restore(argv):
+	ret = exec_cmd('/sbin/service', [ 'service', 'luci', 'status' ])
+	if ret[2] == 0:
+		err.write('You must stop the luci server before restoring the luci database from backup.\n')
+		sys.exit(1)
 
-def restore_db(argv):
-	print 'Restoring the Luci server...'
+	print 'Restoring the luci server...'
 
 	try:
 		os.umask(077)
@@ -1220,11 +1224,11 @@
 
 	if luci_restore(argv[2:]):
 		ret = False
-		sys.stderr.write('The Luci restore failed. Try reinstalling Luci, then restoring again.\n')
+		err.write('The luci restore failed. Try reinstalling luci, then restoring again.\n')
 	else:
 		set_default_passwd_reset_flag()
 		ret = True
-		print 'Restore was successful.'
+		print 'The luci restore was successful.'
 		restart_message()
 
 	if restore_luci_db_fsattr():
@@ -1234,15 +1238,13 @@
 
 def luci_help(argv):
 	print 'Usage:'
-	print argv[0] + ' [init|backup|restore|password|help]'
-	print
-	print '\tinit: initialize Luci site'
-	print '\tpassword: reset admin password'
-	print '\t\t--random: reset admin password to random value (disable account)'
-	print '\tbackup: backup Luci site to a file'
-	print '\trestore: restore Luci site from backup'
-	print '\thelp: this help message'
-	print
+	print '%s [init|backup|restore|password|help]\n' % argv[0]
+	print '\tinit: initialize the luci server'
+	print '\tpassword: reset the admin password'
+	print '\t\t--random: set the admin password to a random value (disable account)'
+	print '\tbackup: backup the luci database to an XML file'
+	print '\trestore: restore luci database from a backup'
+	print '\thelp: display this help message\n'
 
 def test_luci_installation():
 	# perform basic checks
@@ -1251,11 +1253,13 @@
 	# check if luci user and group are present on the system
 	try:
 		get_luci_uid_gid()
-	except:
-		sys.stderr.write('There is a problem with luci installation.\n')
-		sys.stderr.write('Mising luci\'s system account and group.\n')
-		sys.stderr.write('Recommended action: reinstall luci.\n\n')
+	except Exception, e:
+		err.write('There is a problem with your luci installation!\n')
+		err.write('The luci user\'s UID and GID could not be determined: %s\n' \
+			% str(e))
+		err.write('Reinstalling luci is recommended\n\n')
 		sys.exit(3)
+
 	return True
 
 def main(argv):
@@ -1263,27 +1267,20 @@
 		luci_help(argv)
 		sys.exit(1)
 
-	# only root should run this
-	if os.getuid() != 0:
-		sys.stderr.write('Only "root" can run %s\n' % argv[0])
-		sys.stderr.write('Try again with root privileges.\n')
-		sys.exit(2)
-
-	# test if luci installation is OK
 	test_luci_installation()
 
 	if 'init' in argv:
 		init(argv)
 	elif 'backup' in argv:
-		backup_db(argv)
+		backup(argv)
 	elif 'restore' in argv:
-		restore_db(argv)
+		restore(argv)
 	elif 'password' in argv:
 		password(argv)
 	elif 'help' in argv:
 		luci_help(argv)
 	else:
-		sys.stderr.write('Unknown command\n\n')
+		err.write('Unknown command\n\n')
 		luci_help(argv)
 		sys.exit(1)
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]