Beispiel #1
0
    def set(self, timestamp=None):
        # ensure directory for timestamp exists
        fs.create_dir(remote.path.dirname(self.rpath), 0o755)

        # update timestamp
        fs.touch(self.rpath, timestamp)

        # update cached values
        if timestamp is not None:
            self._current = timestamp
            self.synced = True
        log.debug('Timestamp {} set to {}'.format(self.rpath, self._current))
Beispiel #2
0
Datei: apt.py Projekt: mbr/remand
    def set(self, timestamp=None):
        # ensure directory for timestamp exists
        fs.create_dir(remote.path.dirname(self.rpath), 0o755)

        # update timestamp
        fs.touch(self.rpath, timestamp)

        # update cached values
        if timestamp is not None:
            self._current = timestamp
            self.synced = True
        log.debug('Timestamp {} set to {}'.format(self.rpath, self._current))
Beispiel #3
0
Datei: ssh.py Projekt: mbr/remand
def init_authorized_keys(user='******', fix_permissions=True):
    ak_file = get_authorized_keys_file(user)
    ak_dir = remote.path.dirname(ak_file)

    changed = False

    # ensure the directory exists
    changed |= fs.create_dir(ak_dir, mode=AK_DIR_PERMS).changed

    if fix_permissions:
        changed |= fs.chmod(ak_dir, AK_DIR_PERMS).changed

    # check if the authorized keys file exists
    if not remote.lstat(ak_file):
        changed |= fs.touch(ak_file).changed

    if fix_permissions:
        changed |= fs.chmod(ak_file, AK_FILE_PERMS).changed

    # at this point, we have fixed permissions for file and dir, as well as
    # ensured they exist. however, they might still be owned by root

    if changed:
        return Changed(ak_file,
                       msg='Changed permissions or owner on authorized keys')
    return Unchanged(
        ak_file,
        msg='authorized keys file has correct owner and permissions')
Beispiel #4
0
Datei: ssh.py Projekt: mbr/remand
def install_private_key(key_file,
                        user='******',
                        key_type='rsa',
                        target_path=None):

    if target_path is None:
        # FIXME: auto-determine key type if None
        if key_type not in ('rsa', ):
            raise NotImplementedError('Key type {} not supported')

        fn = 'id_' + key_type
        target_path = remote.path.join(info['posix.users'][user].home, '.ssh',
                                       fn)

    changed = False

    # blocked: SSH transport does not suppoort
    # with remote.umasked(0o777 - KEY_FILE_PERMS):
    changed |= fs.create_dir(
        remote.path.dirname(target_path),
        mode=AK_DIR_PERMS).changed

    changed |= fs.upload_file(key_file, target_path).changed
    changed |= fs.chmod(target_path, mode=KEY_FILE_PERMS).changed

    if changed:
        return Changed(msg='Installed private key {}'.format(target_path))
    return Unchanged(
        msg='Private key {} already installed'.format(target_path))
Beispiel #5
0
def init_authorized_keys(user='******', fix_permissions=True):
    ak_file = get_authorized_keys_file(user)
    ak_dir = remote.path.dirname(ak_file)

    changed = False

    # ensure the directory exists
    changed |= fs.create_dir(ak_dir, mode=AK_DIR_PERMS).changed

    if fix_permissions:
        changed |= fs.chmod(ak_dir, AK_DIR_PERMS).changed
        changed |= fs.chown(ak_dir, uid=user).changed

    # check if the authorized keys file exists
    if not remote.lstat(ak_file):
        changed |= fs.touch(ak_file).changed

    if fix_permissions:
        changed |= fs.chmod(ak_file, AK_FILE_PERMS).changed
        changed |= fs.chown(ak_dir, uid=user).changed

    # at this point, we have fixed permissions for file and dir, as well as
    # ensured they exist. however, they might still be owned by root

    if changed:
        return Changed(ak_file,
                       msg='Changed permissions or owner on authorized keys')
    return Unchanged(
        ak_file, msg='authorized keys file has correct owner and permissions')
Beispiel #6
0
def install_private_key(key_file,
                        user='******',
                        key_type='rsa',
                        target_path=None):

    if target_path is None:
        # FIXME: auto-determine key type if None
        if key_type not in ('rsa', ):
            raise NotImplementedError('Key type {} not supported')

        fn = 'id_' + key_type
        target_path = remote.path.join(info['posix.users'][user].home, '.ssh',
                                       fn)

    changed = False

    # blocked: SSH transport does not suppoort
    # with remote.umasked(0o777 - KEY_FILE_PERMS):
    changed |= fs.create_dir(remote.path.dirname(target_path),
                             mode=AK_DIR_PERMS).changed

    changed |= fs.upload_file(key_file, target_path).changed
    changed |= fs.chmod(target_path, mode=KEY_FILE_PERMS).changed

    if changed:
        return Changed(msg='Installed private key {}'.format(target_path))
    return Unchanged(
        msg='Private key {} already installed'.format(target_path))
Beispiel #7
0
def run():
    # create source.list.d
    fs.create_dir('/etc/apt/sources.list.d')

    if info['lsb.dist_id'] == 'Ubuntu':
        fs.upload_string(tpl.render(),
                         '/etc/apt/sources.list.d/ubuntu-mirrors.list')
    elif info['lsb.dist_id'] == 'Debian':
        raise NotImplementedError
    else:
        raise NotImplementedError

    # FIXME: do not do this for raspbian, needs os-release check
    fs.remove_file('/etc/apt/sources.list')

    apt.update(max_age=60)
    apt.update(max_age=60)
    apt.update(max_age=60)
Beispiel #8
0
def enable_letsencrypt(auto_reload=True, remove_default=True):
    changed = any_changed(
        fs.upload_file(nginx.files['acme-challenge'],
                       '/etc/nginx/sites-available/acme-challenge'),
        fs.symlink('/etc/nginx/sites-available/acme-challenge',
                   '/etc/nginx/sites-enabled/00_acme-challenge'),
    )

    fs.create_dir('/var/www/html/.well-known')
    fs.create_dir('/var/www/html/.well-known/acme-challenge')
    fs.chmod('/var/www/html/.well-known', mode=0o755)
    fs.chmod('/var/www/html/.well-known/acme-challenge', mode=0o755)

    if remove_default:
        changed |= fs.remove_file('/etc/nginx/sites-enabled/default').changed

    if changed:
        if auto_reload:
            systemd.reload_unit('nginx.service', only_if_running=True)

        return Changed(msg='Enabled nginx Let\'s encrypt support')
    return Unchanged(msg='nginx Let\'s encrypt support already enabled')
Beispiel #9
0
    def sync(self):
        log.debug('Syncing timestamp {}'.format(self.rpath))
        if self.synced:
            log.debug('Timestamp already synced')
            return

        # ensure directory for timestamp exists
        if fs.create_dir(remote.path.dirname(self.rpath), 0o755).changed:
            # had to create directory, new timestamp
            self.synced = True
            self._current = 0
            log.debug('Timestamp did not exist')
            return

        # directory already exists
        st = remote.stat(self.rpath)
        if not st:
            # file does not exist
            self._current = 0
            log.debug('Timestamp did not exist')
        else:
            self._current = st.st_mtime
            log.debug('Timestamp synced to {}'.format(self._current))
        self.synced = True
Beispiel #10
0
Datei: apt.py Projekt: mbr/remand
    def sync(self):
        log.debug('Syncing timestamp {}'.format(self.rpath))
        if self.synced:
            log.debug('Timestamp already synced')
            return

        # ensure directory for timestamp exists
        if fs.create_dir(remote.path.dirname(self.rpath), 0o755).changed:
            # had to create directory, new timestamp
            self.synced = True
            self._current = 0
            log.debug('Timestamp did not exist')
            return

        # directory already exists
        st = remote.stat(self.rpath)
        if not st:
            # file does not exist
            self._current = 0
            log.debug('Timestamp did not exist')
        else:
            self._current = st.st_mtime
            log.debug('Timestamp synced to {}'.format(self._current))
        self.synced = True