def ls(path): # pylint: disable-msg=C0103
'''
List the direct children of a node
CLI Example::
salt '*' augeas.ls /files/etc/passwd
'''
def _match(path):
''' Internal match function '''
try:
matches = aug.match(path)
except RuntimeError:
return {}
ret = {}
for _ma in matches:
ret[_ma] = aug.get(_ma)
return ret
aug = Augeas()
path = path.rstrip('/') + '/'
match_path = path + '*'
matches = _match(match_path)
ret = {}
for key, value in matches.iteritems():
name = _lstrip_word(key, path)
if _match(key + '/*'):
ret[name + '/'] = value # has sub nodes, e.g. directory
else:
ret[name] = value
return ret
def create_sample_config(context, service):
service = service.strip()
# Create parser
parser = Augeas(root=getattr(context, 'AUGEAS_ROOT'),
loadpath=os.path.join(getattr(context, 'AUGEAS_LENS_LIB'),
'{}_lens'.format(service)),
flags=1 << 0)
LOG.info('Created augeas instance for parsing %s service.' % service)
# Get config path from lens
key = '/augeas/load/{}/incl'.format(service.capitalize())
LOG.info('augtool> get %s' % key)
res = parser.get(key)
LOG.info('result > %s' % res)
assert res, '{} lens was not load properly.'.format(service.capitalize())
# Create sample config
config_path = res[1:] if res.startswith('/') else res
setattr(context, 'config_path', config_path)
sample_config = os.path.join(getattr(context, 'AUGEAS_ROOT'), config_path)
if not os.path.exists(os.path.dirname(sample_config)):
os.makedirs(os.path.dirname(sample_config))
with open(sample_config, "w") as f:
f.write(context.text)
assert os.path.exists(sample_config) or not os.path.getsize(sample_config),\
"Can't create sample config: {}".format(sample_config)
LOG.info('Config %s was successfully created' % sample_config)
setattr(context, 'parser', parser)
setattr(context, 'service', service)
def install_syco(args):
"""
Install/configure this script on the current computer.
"""
app.print_verbose("Install syco version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallSYCO", SCRIPT_VERSION)
version_obj.check_executed()
app.print_verbose("Install required packages for syco")
x("yum install pexpect python-crypto augeas -y")
app.print_verbose("Create symlink /sbin/syco")
set_syco_permissions()
if not os.path.exists('/sbin/syco'):
os.symlink('%sbin/syco.py' % SYCO_PATH, '/sbin/syco')
x("cat %syum/CentOS-Base.repo > /etc/yum.repos.d/CentOS-Base.repo" %
app.SYCO_VAR_PATH)
#Use augeas to set max kernels to 2 since more won't fit on /boot
from augeas import Augeas
augeas = Augeas(x)
augeas.set_enhanced("/files/etc/yum.conf/main/installonly_limit", "2")
version_obj.mark_executed()
def configure_chrony(ntp_servers, ntp_pool=None,
fstore=None, sysstore=None, debug=False):
"""
This method only configures chrony client with ntp_servers or ntp_pool
"""
module = "chrony"
if sysstore:
sysstore.backup_state(module, "enabled",
services.knownservices.chronyd.is_enabled())
aug = Augeas(flags=Augeas.NO_LOAD | Augeas.NO_MODL_AUTOLOAD,
loadpath=paths.USR_SHARE_IPA_DIR)
try:
logger.debug("Configuring chrony")
chrony_conf = os.path.abspath(paths.CHRONY_CONF)
aug.transform(module, chrony_conf) # loads chrony lens file
aug.load() # loads augeas tree
# augeas needs to prepend path with '/files'
path = '/files{path}'.format(path=chrony_conf)
# remove possible conflicting configuration of servers
aug.remove('{}/server'.format(path))
aug.remove('{}/pool'.format(path))
aug.remove('{}/peer'.format(path))
if ntp_pool:
logger.debug("Setting server pool:")
logger.debug("'%s'", ntp_pool)
aug.set('{}/pool[last()+1]'.format(path), ntp_pool)
aug.set('{}/pool[last()]/iburst'.format(path), None)
if ntp_servers:
logger.debug("Setting time servers:")
for server in ntp_servers:
aug.set('{}/server[last()+1]'.format(path), server)
aug.set('{}/server[last()]/iburst'.format(path), None)
logger.debug("'%s'", server)
# backup oginal conf file
logger.debug("Backing up '%s'", chrony_conf)
__backup_config(chrony_conf, fstore)
logger.debug("Writing configuration to '%s'", chrony_conf)
aug.save()
logger.info('Configuration of chrony was changed by installer.')
configured = True
except IOError:
logger.error("Augeas failed to configure file %s", chrony_conf)
configured = False
except RuntimeError as e:
logger.error("Configuration failed with: %s", e)
configured = False
finally:
aug.close()
tasks.restore_context(chrony_conf)
return configured
def install_sssd(args):
"""
Install ldap client on current host and connect to networks ldap server.
"""
app.print_verbose("Install sssd script-version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallSssd", SCRIPT_VERSION)
version_obj.check_executed()
# Get all passwords from installation user at the start of the script.
app.get_ldap_sssd_password()
install_packages()
installOpenLdap.setup_hosts()
iptables.add_ldap_chain()
iptables.save()
ip = config.general.get_ldap_server_ip()
general.wait_for_server_to_start(ip, "636")
install_certs()
# For some reason it needs to be executed twice.
authconfig()
authconfig()
installOpenLdap.configure_client_cert_for_ldaptools()
augeas = Augeas(x)
create_sss_folders()
configure_sssd(augeas)
configure_sudo(augeas)
version_obj.mark_executed()
def _libvirt_init_config():
x("yum install augeas -y")
#Initialize augeas
augeas = Augeas(x)
augeas.set_enhanced("/files/etc/sysconfig/libvirt-guests/ON_SHUTDOWN","shutdown")
def get(path, value=''):
'''
Get a value for a specific augeas path
CLI Example::
salt '*' augeas.get /files/etc/hosts/1/ ipaddr
'''
from augeas import Augeas
aug = Augeas()
ret = {}
path = path.rstrip('/')
if value:
path += "/{0}".format(value.strip('/'))
try:
_match = aug.match(path)
except RuntimeError as err:
return {'error': str(err)}
if _match:
ret[path] = aug.get(path)
else:
ret[path] = '' # node does not exist
return ret
def match(path, value=''):
'''
Get matches for path expression
CLI Example::
salt '*' augeas.match /files/etc/services/service-name ssh
'''
from augeas import Augeas
aug = Augeas()
ret = {}
try:
matches = aug.match(path)
except RuntimeError:
return ret
for _match in matches:
if value and aug.get(_match) == value:
ret[_match] = value
elif not value:
ret[_match] = aug.get(_match)
return ret
def setvalue(*args):
'''
Set a value for a specific augeas path
CLI Example::
salt '*' augeas.setvalue /files/etc/hosts/1/canonical localhost
This will set the first entry in /etc/hosts to localhost
CLI Example::
salt '*' augeas.setvalue /files/etc/hosts/01/ipaddr 192.168.1.1 \\
/files/etc/hosts/01/canonical test
Adds a new host to /etc/hosts the ip address 192.168.1.1 and hostname test
CLI Example::
salt '*' augeas.setvalue prefix=/files/etc/sudoers/ \\
"spec[user = '******']/user" "%wheel" \\
"spec[user = '******']/host_group/host" 'ALL' \\
"spec[user = '******']/host_group/command[1]" 'ALL' \\
"spec[user = '******']/host_group/command[1]/tag" 'PASSWD' \\
"spec[user = '******']/host_group/command[2]" '/usr/bin/apt-get' \\
"spec[user = '******']/host_group/command[2]/tag" NOPASSWD
Ensures that the following line is present in /etc/sudoers::
%wheel ALL = PASSWD : ALL , NOPASSWD : /usr/bin/apt-get , /usr/bin/aptitude
'''
aug = Augeas()
ret = {'retval': False}
tuples = filter(lambda x: not x.startswith('prefix='), args)
prefix = filter(lambda x: x.startswith('prefix='), args)
if prefix:
prefix = prefix[0].split('=', 1)[1]
if len(tuples) % 2 != 0:
return ret # ensure we have multiple of twos
tuple_iter = iter(tuples)
for path, value in zip(tuple_iter, tuple_iter):
target_path = path
if prefix:
target_path = "{0}/{1}".format(prefix.rstrip('/'),
path.lstrip('/'))
try:
aug.set(target_path, str(value))
except ValueError as err:
ret['error'] = "Multiple values: " + str(err)
try:
aug.save()
ret['retval'] = True
except IOError as err:
ret['error'] = str(err)
return ret
def remove(path):
'''
Get matches for path expression
CLI Example::
salt '*' augeas.remove /files/etc/sysctl.conf/net.ipv4.conf.all.log_martians
'''
from augeas import Augeas
aug = Augeas()
ret = {'retval': False}
try:
count = aug.remove(path)
aug.save()
if count == -1:
ret['error'] = 'Invalid node'
else:
ret['retval'] = True
except (RuntimeError, IOError) as err:
ret['error'] = str(err)
ret['count'] = count
return ret
def set(self, entryPath, param='', pvalue='', hierarchy='/files'):
"""Set/change a value for a config. parameter in a config. file,
with the help of Augeas, a configuration API (cf http://augeas.net)"""
try:
from augeas import Augeas
aug = Augeas()
except Exception, e:
return str(e)
def rm(self, entryPath, param='', hierarchy='/files'):
"""Delete a parameter (and all its children) in a config. file,
with the help of Augeas, a configuration API (cf http://augeas.net)"""
try:
from augeas import Augeas
aug = Augeas()
except Exception, e:
return str(e)
def ls(self, entryPath, hierarchy='/files'):
"""List the direct children of an entry in a config. file,
with the help of Augeas, a configuration API (cf http://augeas.net)"""
try:
from augeas import Augeas
aug = Augeas()
except Exception, e:
return str(e)
def printconf(self, entryPath, hierarchy='/files'):
"""Print all tree children nodes from the path provided,
with the help of Augeas, a configuration API (cf http://augeas.net)"""
path = hierarchy + entryPath
try:
from augeas import Augeas
aug = Augeas()
except Exception, e:
return str(e)
def execute(*args, **kw):
if conf.has_section('example.org'):
primary_domain = conf.get('kolab', 'primary_domain')
if not primary_domain == 'example.org':
utils.multiline_message(
_("""
Copying the configuration section for 'example.org' over to
a section applicable to your domain '%s'.
""") % (primary_domain))
conf.cfg_parser._sections[primary_domain] = \
conf.cfg_parser._sections['example.org']
conf.cfg_parser._sections.pop('example.org')
fp = open(conf.cli_keywords.config_file, "w+")
conf.cfg_parser.write(fp)
fp.close()
if os.path.isfile('/etc/default/kolab-server'):
myaugeas = Augeas()
setting = os.path.join('/files/etc/default/kolab-server', 'START')
if not myaugeas.get(setting) == 'yes':
myaugeas.set(setting, 'yes')
myaugeas.save()
myaugeas.close()
if os.path.isfile('/bin/systemctl'):
if os.path.isfile('/etc/debian_version'):
subprocess.call(
['/bin/systemctl', 'restart', 'kolab-server.service'])
else:
subprocess.call(['/bin/systemctl', 'restart', 'kolabd.service'])
elif os.path.isfile('/sbin/service'):
subprocess.call(['/sbin/service', 'kolabd', 'restart'])
elif os.path.isfile('/usr/sbin/service'):
subprocess.call(['/usr/sbin/service', 'kolab-server', 'restart'])
else:
log.error(_("Could not start the kolab server service."))
if os.path.isfile('/bin/systemctl'):
if os.path.isfile('/etc/debian_version'):
subprocess.call(
['/bin/systemctl', 'enable', 'kolab-server.service'])
else:
subprocess.call(['/bin/systemctl', 'enable', 'kolabd.service'])
elif os.path.isfile('/sbin/chkconfig'):
subprocess.call(['/sbin/chkconfig', 'kolabd', 'on'])
elif os.path.isfile('/usr/sbin/update-rc.d'):
subprocess.call(['/usr/sbin/update-rc.d', 'kolab-server', 'defaults'])
else:
log.error(_("Could not configure to start on boot, the " + \
"kolab server service."))
def init_augeas() -> Augeas:
""" Initialize the actual Augeas instance """
if not Augeas: # pragma: no cover
raise errors.NoInstallationError("Problem in Augeas installation")
return Augeas(
# specify a directory to load our preferred lens from
loadpath=constants.AUGEAS_LENS_DIR,
# Do not save backup (we do it ourselves), do not load
# anything by default
flags=(Augeas.NONE | Augeas.NO_MODL_AUTOLOAD | Augeas.ENABLE_SPAN))
def setup_clam_and_freshclam():
#
# Setup clamav and freshclam
#
app.print_verbose("Setup clamav and freshclam")
app.print_verbose(" Setup config files.")
x("cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf")
clamd = scOpen("/usr/local/etc/clamd.conf")
clamd.replace("^[#]\?Example.*", "#Example")
clamd.replace("^[#]\?LogFileMaxSize.*", "LogFileMaxSize 100M")
clamd.replace("^[#]\?LogFile.*", "LogFile /var/log/clamav/clamd.log")
clamd.replace("^[#]\?LogTime.*", "LogTime yes")
clamd.replace("^[#]\?LogSyslog.*", "LogSyslog yes")
clamd.replace("^[#]\?TCPSocket.*", "TCPSocket 3310")
clamd.replace("^[#]\?TCPAddr.*", "TCPAddr 127.0.0.1")
clamd.replace("^[#]\?ExcludePath.*/proc.*", "ExcludePath ^/proc")
clamd.replace("^[#]\?ExcludePath.*/sys.*", "ExcludePath ^/sys")
clamd.replace("^[#]\?User.*", "User clamav")
clamd.replace("^[#]\?LocalSocket.*", "LocalSocket /var/run/clamav/clamd.socket")
clamd.replace("^[#]\?PidFile.*", "PidFile /var/run/clamav/clamd.pid")
clamd.replace("^[#]\?DatabaseDirectory.*", "DatabaseDirectory /var/lib/clamav")
x("cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf")
freshclam = scOpen("/usr/local/etc/freshclam.conf")
freshclam.replace("^[#]\?Example.*", "#Example")
freshclam.replace("^[#]\?LogFileMaxSize.*", "LogFileMaxSize 100M")
freshclam.replace("^[#]\?LogTime.*", "LogTime yes")
freshclam.replace("^[#]\?LogSyslog.*", "LogSyslog yes")
freshclam.replace("^[#]\?DatabaseOwner.*", "DatabaseOwner clamav")
freshclam.replace("^[#]\?PidFile.*", "PidFile /var/run/clamav/freshclam.pid")
freshclam.replace("^[#]\?DatabaseMirror.*", "DatabaseMirror db.northeu.clamav.net")
freshclam.replace("^[#]\?UpdateLogFile.*", "UpdateLogFile /var/log/clamav/freshclam.log")
freshclam.replace("^[#]\?DatabaseDirectory.*", "DatabaseDirectory /var/lib/clamav")
#TODO: Change replace statements above to augeas since that tends to be more stable.
app.print_verbose(" Install augeas and add clam lens that is not available on CentOS 6")
x("yum install -y augeas")
x("cp %s/augeas/lenses/clamav.aug /usr/share/augeas/lenses/dist/" % app.SYCO_VAR_PATH)
#Help augeas find freshclam.conf
if x("readlink /etc/freshclam.conf").find("/usr/local/etc/freshclam.conf") == -1:
x("rm -f /etc/freshclam.conf")
x("ln -s /usr/local/etc/freshclam.conf /etc/")
#Initialize augeas
augeas = Augeas(x)
if config.general.get_proxy_host() and config.general.get_proxy_port():
app.print_verbose(" Configure proxy for freshclam")
augeas.set_enhanced("/files/etc/freshclam.conf/HTTPProxyPort", "%s" % config.general.get_proxy_port())
augeas.set_enhanced("/files/etc/freshclam.conf/HTTPProxyServer", "%s" % config.general.get_proxy_host())
def tree(path):
'''
Returns recursively the complete tree of a node
CLI Example::
salt '*' augeas.tree /files/etc/
'''
aug = Augeas()
path = path.rstrip('/') + '/'
match_path = path
return dict([i for i in _recurmatch(match_path, aug)])
def epel_repo():
"""
Setup EPEL repository.
"""
# Check if epel is already installed and enabled
augeas = Augeas(x)
epel_enabled = augeas.find_values(
'/files/etc/yum.repos.d/epel.repo/epel/enabled')
if len(epel_enabled) != 1 or epel_enabled[0] != '1':
x("yum install -y epel-release")
augeas.set_enhanced('/files/etc/yum.repos.d/epel.repo/epel/enabled',
'1')
def execute(*args, **kw):
if conf.timezone == None:
print >> sys.stderr, utils.multiline_message(
_("""
Please supply the timezone PHP should be using.
You have to use a Continent or Country / City locality name
like 'Europe/Berlin', but not just 'CEST'.
"""))
conf.timezone = utils.ask_question(_("Timezone ID"), default="UTC")
if not conf.php_ini_path == None:
if not os.path.isfile(conf.php_ini_path):
log.error(
_("Cannot configure PHP through %r (No such file or directory)"
) % (conf.php_ini_path))
return
php_ini = conf.php_ini_path
else:
# Search and destroy
php_ini = "/etc/php.ini"
if not os.path.isfile(php_ini):
php_ini = "/etc/php5/apache2/php.ini"
if not os.path.isfile(php_ini):
log.error(_("Could not find PHP configuration file php.ini"))
return
myaugeas = Augeas()
setting_base = '/files%s/' % (php_ini)
setting = os.path.join(setting_base, 'Date', 'date.timezone')
current_value = myaugeas.get(setting)
if current_value == None:
insert_paths = myaugeas.match('/files%s/Date/*' % (php_ini))
insert_path = insert_paths[(len(insert_paths) - 1)]
myaugeas.insert(insert_path, 'date.timezone', False)
log.debug(_("Setting key %r to %r") %
('Date/date.timezone', conf.timezone),
level=8)
myaugeas.set(setting, conf.timezone)
myaugeas.save()
def get_augeas(self, entry):
""" Get an augeas object for the given entry. """
if entry.get("name") not in self._augeas:
aug = Augeas()
if entry.get("lens"):
self.logger.debug("Augeas: Adding %s to include path for %s" %
(entry.get("name"), entry.get("lens")))
incl = "/augeas/load/%s/incl" % entry.get("lens")
ilen = len(aug.match(incl))
if ilen == 0:
self.logger.error("Augeas: Lens %s does not exist" %
entry.get("lens"))
else:
aug.set("%s[%s]" % (incl, ilen + 1), entry.get("name"))
aug.load()
self._augeas[entry.get("name")] = aug
return self._augeas[entry.get("name")]
def __init__(self, system_ip=None, system_id=None, system_type=None):
"""
Initialize this object with non system related data, like the OSSIM administration IP address.
"""
self.__system_ip = system_ip if is_ipv4(system_ip) else None
self.__system_id = system_id
self.__system_type = system_type
self.__augeas = Augeas()
self.__pending = {}
# System data
self.__net_ifaces = {}
self.__hosts_entries = {}
# Initialize pure system data.
self.__reload_config__()
def install_syco(args):
"""
Install/configure this script on the current computer.
"""
app.print_verbose("Install syco version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallSYCO", SCRIPT_VERSION)
version_obj.check_executed()
# Override base repo to one that works
x("cat %syum/CentOS-Base.repo > /etc/yum.repos.d/CentOS-Base.repo" %
app.SYCO_VAR_PATH)
# Run all yum updates through proxy if available
proxy_host = config.general.get_proxy_host()
proxy_port = config.general.get_proxy_port()
if proxy_host and proxy_port:
x('echo proxy=%s >> /etc/yum.conf' % "http://%s:%s" %
(proxy_host, proxy_port))
app.print_verbose("Install required packages for syco")
install_packages("augeas")
app.print_verbose("Create symlink /sbin/syco")
set_syco_permissions()
if not os.path.exists('/sbin/syco'):
os.symlink('%sbin/syco.py' % SYCO_PATH, '/sbin/syco')
# Use augeas to set max kernels to 2 since more won't fit on /boot
from augeas import Augeas
augeas = Augeas(x)
augeas.set_enhanced("/files/etc/yum.conf/main/installonly_limit", "2")
# Set Swappiness to 0 on all hosts to avoid excessive swapping
augeas.set_enhanced("/files/etc/sysctl.conf/vm.swappiness", "0")
if proxy_host and proxy_port:
# Set proxy again with augeas to ensure there are no duplicates/inconsistencies
augeas.set_enhanced("/files/etc/yum.conf/main/proxy",
"http://%s:%s" % (proxy_host, proxy_port))
version_obj.mark_executed()
def __init__(self,
confpath,
lens,
root=None,
loadpath=None,
flags=Augeas.NO_MODL_AUTOLOAD | Augeas.NO_LOAD
| Augeas.ENABLE_SPAN):
"""Parse configuration file using given lens.
Params:
confpath (str): Absolute path to the configuration file
lens (str): Name of module containing Augeas lens
root: passed down to original Augeas
flags: passed down to original Augeas
loadpath: passed down to original Augeas
flags: passed down to original Augeas
"""
log.debug('loadpath: %s', loadpath)
log.debug('confpath: %s', confpath)
self._aug = Augeas(root=root, loadpath=loadpath, flags=flags)
# /augeas/load/{lens}
aug_load_path = join(AUGEAS_LOAD_PATH, lens)
# /augeas/load/{lens}/lens = {lens}.lns
self._aug.set(join(aug_load_path, 'lens'), '%s.lns' % lens)
# /augeas/load/{lens}/incl[0] = {confpath}
self._aug.set(join(aug_load_path, 'incl[0]'), confpath)
self._aug.load()
errors = self._aug.match(AUGEAS_ERROR_PATH)
if errors:
err_msg = '\n'.join(
["{}: {}".format(e, self._aug.get(e)) for e in errors])
raise RuntimeError(err_msg)
path = join(AUGEAS_FILES_PATH, confpath)
paths = self._aug.match(path)
if len(paths) != 1:
raise ValueError('path %s did not match exactly once' % path)
self.tree = AugeasNode(self._aug, path)
self._loaded = True
def _configure_keepalived():
"""
* Keepalived needs the possibility to bind on non local adresses.
* It will replace the variables in the config file with the hostname.
* It is not environmental dependent and can be installed on any server.
"""
augeas = Augeas(x)
augeas.set_enhanced("/files/etc/sysctl.conf/net.ipv4.ip_nonlocal_bind",
"1")
x("sysctl -p")
x("mv {0}keepalived.conf {0}org.keepalived.conf".format(KA_CONF_DIR))
x("cp {0}/{1}.keepalived.conf {2}keepalived.conf".format(
SYCO_PLUGIN_PATH, ka_env, KA_CONF_DIR))
scopen.scOpen(KA_CONF_DIR + "keepalived.conf").replace(
"${KA_SERVER_NAME_UP}",
socket.gethostname().upper())
scopen.scOpen(KA_CONF_DIR + "keepalived.conf").replace(
"${KA_SERVER_NAME_DN}",
socket.gethostname().lower())
_chkconfig("keepalived", "on")
_service("keepalived", "restart")
def set_api_timeouts(self, timeout):
# Determine the file to change
if self.https:
config_file = self.abiquo_ssl_conf
else:
config_file = self.abiquo_conf
logging.info("Setting Proxy timeouts in %s" % config_file)
# Set timeout using Augeas
a = Augeas()
for loc in a.match("/files%s/VirtualHost/*[arg='/api']" % config_file):
proxy_pass = a.match("%s/*[self::directive='ProxyPass']" % loc)
if len(proxy_pass) == 1:
# Proxy timeout already exists
logging.info("ProxyPass found")
arg1 = a.get("%s/arg" % proxy_pass[0])
arg2 = "timeout=%s" % timeout
a.set("%s/arg[1]" % proxy_pass[0], arg1)
a.set("%s/arg[2]" % proxy_pass[0], arg2)
a.save()
a.close()
def __disable_mod_ssl_ocsp(self):
aug = Augeas(flags=Augeas.NO_LOAD | Augeas.NO_MODL_AUTOLOAD)
aug.set('/augeas/load/Httpd/lens', 'Httpd.lns')
aug.set('/augeas/load/Httpd/incl', paths.HTTPD_SSL_CONF)
aug.load()
path = '/files{}/VirtualHost'.format(paths.HTTPD_SSL_CONF)
ocsp_path = '{}/directive[.="{}"]'.format(path, OCSP_DIRECTIVE)
ocsp_arg = '{}/arg'.format(ocsp_path)
ocsp_comment = '{}/#comment[.="{}"]'.format(path, OCSP_DIRECTIVE)
ocsp_dir = aug.get(ocsp_path)
# there is SSLOCSPEnable directive in nss.conf file, comment it
# otherwise just do nothing
if ocsp_dir is not None:
ocsp_state = aug.get(ocsp_arg)
aug.remove(ocsp_arg)
aug.rename(ocsp_path, '#comment')
aug.set(ocsp_comment, '{} {}'.format(OCSP_DIRECTIVE, ocsp_state))
aug.save()
def __init__(self, path="/etc/lvm/lvm.conf"):
self.path = path
# Augeas loads by default tons of unneeded lenses and configuration
# files. On my test host, it fails to load, trying to read my 500 MiB
# /etc/lvm/archive/.
#
# These are the standard LVM lens includes:
# /augeas/load/LVM/incl[1] /etc/lvm/lvm.conf
# /augeas/load/LVM/incl[2] /etc/lvm/backup/*
# /augeas/load/LVM/incl[3] /etc/lvm/archive/*.vg
#
# We need only the first entry to work with lvm.conf. Using customized
# load setup, as explained in
# https://github.com/hercules-team/augeas/wiki/Loading-specific-files
#
# Removing the archive and backup entries, we can load augeas in 0.7
# seconds on my test vm. Removing all other lenses shorten the time to
# 0.04 seconds.
log.debug("Loading LVM configuration from %r", path)
self.aug = Augeas(flags=Augeas.NO_MODL_AUTOLOAD | Augeas.SAVE_BACKUP)
self.aug.add_transform("lvm.lns", [path])
self.aug.load()
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA. A copy of the GNU General Public License is
# also available at http://www.gnu.org/copyleft/gpl.html.
from ovirt.node import base
from ovirt.node.utils.fs import Config
from augeas import Augeas
import os
aug_unwrapped = Augeas()
aug_unwrapped.set("/augeas/save/copy_if_rename_fails", "")
class ConfigMigrationRunner(base.Base):
def run_if_necessary(self):
"""Migrate the configs if needed
"""
migration_func = self._determine_migration_func()
if migration_func:
self._run(migration_func)
else:
self.logger.debug("No config migration needed")
def _determine_migration_func(self):
def execute(*args, **kw):
group_filter = conf.get('ldap', 'kolab_group_filter')
if group_filter == None:
group_filter = conf.get('ldap', 'group_filter')
user_filter = conf.get('ldap', 'kolab_user_filter')
if user_filter == None:
user_filter = conf.get('ldap', 'user_filter')
resource_filter = conf.get('ldap', 'resource_filter')
sharedfolder_filter = conf.get('ldap', 'sharedfolder_filter')
server_host = utils.parse_ldap_uri(conf.get('ldap', 'ldap_uri'))[1]
files = {
"/etc/postfix/ldap/local_recipient_maps.cf": """
server_host = %(server_host)s
server_port = 389
version = 3
search_base = %(base_dn)s
scope = sub
domain = ldap:/etc/postfix/ldap/mydestination.cf
bind_dn = %(service_bind_dn)s
bind_pw = %(service_bind_pw)s
query_filter = (&(|(mail=%%s)(alias=%%s))(|%(kolab_user_filter)s%(kolab_group_filter)s%(resource_filter)s%(sharedfolder_filter)s))
result_attribute = mail
""" % {
"base_dn": conf.get('ldap', 'base_dn'),
"server_host": server_host,
"service_bind_dn": conf.get('ldap', 'service_bind_dn'),
"service_bind_pw": conf.get('ldap', 'service_bind_pw'),
"kolab_user_filter": user_filter,
"kolab_group_filter": group_filter,
"resource_filter": resource_filter,
"sharedfolder_filter": sharedfolder_filter,
},
"/etc/postfix/ldap/mydestination.cf": """
server_host = %(server_host)s
server_port = 389
version = 3
search_base = %(domain_base_dn)s
scope = sub
bind_dn = %(service_bind_dn)s
bind_pw = %(service_bind_pw)s
query_filter = %(domain_filter)s
result_attribute = %(domain_name_attribute)s
""" % {
"server_host": server_host,
"domain_base_dn": conf.get('ldap', 'domain_base_dn'),
"domain_filter": conf.get('ldap', 'domain_filter').replace(
'*', '%s'),
"domain_name_attribute": conf.get('ldap', 'domain_name_attribute'),
"service_bind_dn": conf.get('ldap', 'service_bind_dn'),
"service_bind_pw": conf.get('ldap', 'service_bind_pw'),
},
"/etc/postfix/ldap/mailenabled_distgroups.cf": """
server_host = %(server_host)s
server_port = 389
version = 3
search_base = %(group_base_dn)s
scope = sub
domain = ldap:/etc/postfix/ldap/mydestination.cf
bind_dn = %(service_bind_dn)s
bind_pw = %(service_bind_pw)s
# This finds the mail enabled distribution group LDAP entry
query_filter = (&(|(mail=%%s)(alias=%%s))(objectClass=kolabgroupofuniquenames)(objectclass=groupofuniquenames)(!(objectclass=groupofurls)))
# From this type of group, get all uniqueMember DNs
special_result_attribute = uniqueMember
# Only from those DNs, get the mail
result_attribute =
leaf_result_attribute = mail
""" % {
"server_host": server_host,
"group_base_dn": conf.get('ldap', 'group_base_dn'),
"service_bind_dn": conf.get('ldap', 'service_bind_dn'),
"service_bind_pw": conf.get('ldap', 'service_bind_pw'),
},
"/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf": """
server_host = %(server_host)s
server_port = 389
version = 3
search_base = %(group_base_dn)s
scope = sub
domain = ldap:/etc/postfix/ldap/mydestination.cf
bind_dn = %(service_bind_dn)s
bind_pw = %(service_bind_pw)s
# This finds the mail enabled dynamic distribution group LDAP entry
query_filter = (&(|(mail=%%s)(alias=%%s))(objectClass=kolabgroupofuniquenames)(objectClass=groupOfURLs))
# From this type of group, get all memberURL searches/references
special_result_attribute = memberURL
# Only from those DNs, get the mail
result_attribute =
leaf_result_attribute = mail
""" % {
"server_host": server_host,
"group_base_dn": conf.get('ldap', 'group_base_dn'),
"service_bind_dn": conf.get('ldap', 'service_bind_dn'),
"service_bind_pw": conf.get('ldap', 'service_bind_pw'),
},
"/etc/postfix/ldap/transport_maps.cf": """
server_host = %(server_host)s
server_port = 389
version = 3
search_base = %(base_dn)s
scope = sub
domain = ldap:/etc/postfix/ldap/mydestination.cf
bind_dn = %(service_bind_dn)s
bind_pw = %(service_bind_pw)s
query_filter = (&(|(mailAlternateAddress=%%s)(alias=%%s)(mail=%%s))(objectclass=kolabinetorgperson))
result_attribute = mail
result_format = lmtp:unix:/var/lib/imap/socket/lmtp
""" % {
"base_dn": conf.get('ldap', 'base_dn'),
"server_host": server_host,
"service_bind_dn": conf.get('ldap', 'service_bind_dn'),
"service_bind_pw": conf.get('ldap', 'service_bind_pw'),
},
"/etc/postfix/ldap/virtual_alias_maps.cf": """
server_host = %(server_host)s
server_port = 389
version = 3
search_base = %(base_dn)s
scope = sub
domain = ldap:/etc/postfix/ldap/mydestination.cf
bind_dn = %(service_bind_dn)s
bind_pw = %(service_bind_pw)s
query_filter = (&(|(mail=%%s)(alias=%%s))(objectclass=kolabinetorgperson))
result_attribute = mail
""" % {
"base_dn": conf.get('ldap', 'base_dn'),
"server_host": server_host,
"service_bind_dn": conf.get('ldap', 'service_bind_dn'),
"service_bind_pw": conf.get('ldap', 'service_bind_pw'),
},
"/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf": """
server_host = %(server_host)s
server_port = 389
version = 3
search_base = %(base_dn)s
scope = sub
domain = ldap:/etc/postfix/ldap/mydestination.cf
bind_dn = %(service_bind_dn)s
bind_pw = %(service_bind_pw)s
query_filter = (&(|(mail=%%s)(alias=%%s))(objectclass=mailrecipient)(objectclass=inetorgperson)(mailforwardingaddress=*))
result_attribute = mailForwardingAddress
""" % {
"base_dn": conf.get('ldap', 'base_dn'),
"server_host": server_host,
"service_bind_dn": conf.get('ldap', 'service_bind_dn'),
"service_bind_pw": conf.get('ldap', 'service_bind_pw'),
},
"/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf": """
server_host = %(server_host)s
server_port = 389
version = 3
search_base = %(base_dn)s
scope = sub
domain = ldap:/etc/postfix/ldap/mydestination.cf
bind_dn = %(service_bind_dn)s
bind_pw = %(service_bind_pw)s
query_filter = (&(|(mail=%%s)(alias=%%s))(objectclass=kolabsharedfolder)(kolabFolderType=mail))
result_attribute = kolabtargetfolder
result_format = "shared+%%s"
""" % {
"base_dn": conf.get('ldap', 'base_dn'),
"server_host": server_host,
"service_bind_dn": conf.get('ldap', 'service_bind_dn'),
"service_bind_pw": conf.get('ldap', 'service_bind_pw'),
},
}
if not os.path.isdir('/etc/postfix/ldap'):
os.mkdir('/etc/postfix/ldap/', 0770)
for filename in files.keys():
fp = open(filename, 'w')
fp.write(files[filename])
fp.close()
fp = open('/etc/postfix/transport', 'a')
fp.write(
"\n# Shared Folder Delivery for %(domain)s:\nshared@%(domain)s\t\tlmtp:unix:/var/lib/imap/socket/lmtp\n"
% {'domain': conf.get('kolab', 'primary_domain')})
fp.close()
subprocess.call(["postmap", "/etc/postfix/transport"])
postfix_main_settings = {
"inet_interfaces": "all",
"recipient_delimiter": "+",
"local_recipient_maps":
"ldap:/etc/postfix/ldap/local_recipient_maps.cf",
"mydestination": "ldap:/etc/postfix/ldap/mydestination.cf",
"transport_maps":
"ldap:/etc/postfix/ldap/transport_maps.cf, hash:/etc/postfix/transport",
"virtual_alias_maps":
"$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf",
"smtpd_tls_auth_only": "yes",
"smtpd_tls_security_level": "may",
"smtp_tls_security_level": "may",
"smtpd_sasl_auth_enable": "yes",
"smtpd_sender_login_maps": "$local_recipient_maps",
"smtpd_data_restrictions":
"permit_mynetworks, check_policy_service unix:private/recipient_policy_incoming",
"smtpd_recipient_restrictions":
"permit_mynetworks, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_non_fqdn_recipient, reject_invalid_helo_hostname, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/recipient_policy_incoming, permit",
"smtpd_sender_restrictions":
"permit_mynetworks, reject_sender_login_mismatch, check_policy_service unix:private/sender_policy_incoming",
"submission_recipient_restrictions":
"check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject",
"submission_sender_restrictions":
"reject_non_fqdn_sender, check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject",
"submission_data_restrictions":
"check_policy_service unix:private/submission_policy",
"content_filter": "smtp-amavis:[127.0.0.1]:10024"
}
if os.path.isfile(
'/etc/pki/tls/certs/make-dummy-cert'
) and not os.path.isfile('/etc/pki/tls/private/localhost.pem'):
subprocess.call([
'/etc/pki/tls/certs/make-dummy-cert',
'/etc/pki/tls/private/localhost.pem'
])
if os.path.isfile('/etc/pki/tls/private/localhost.pem'):
postfix_main_settings[
'smtpd_tls_cert_file'] = "/etc/pki/tls/private/localhost.pem"
postfix_main_settings[
'smtpd_tls_key_file'] = "/etc/pki/tls/private/localhost.pem"
if not os.path.isfile('/etc/postfix/main.cf'):
if os.path.isfile('/usr/share/postfix/main.cf.debian'):
shutil.copy('/usr/share/postfix/main.cf.debian',
'/etc/postfix/main.cf')
# Copy header checks files
for hc_file in ['inbound', 'internal', 'submission']:
if not os.path.isfile("/etc/postfix/header_checks.%s" % (hc_file)):
if os.path.isfile('/etc/kolab/templates/header_checks.%s' %
(hc_file)):
input_file = '/etc/kolab/templates/header_checks.%s' % (
hc_file)
elif os.path.isfile('/usr/share/kolab/templates/header_checks.%s' %
(hc_file)):
input_file = '/usr/share/kolab/templates/header_checks.%s' % (
hc_file)
elif os.path.isfile(
os.path.abspath(
os.path.join(__file__, '..', '..', '..', 'share',
'templates',
'header_checks.%s' % (hc_file)))):
input_file = os.path.abspath(
os.path.join(__file__, '..', '..', '..', 'share',
'templates', 'header_checks.%s' % (hc_file)))
shutil.copy(input_file,
"/etc/postfix/header_checks.%s" % (hc_file))
subprocess.call(
["postmap",
"/etc/postfix/header_checks.%s" % (hc_file)])
myaugeas = Augeas()
setting_base = '/files/etc/postfix/main.cf/'
for setting_key in postfix_main_settings.keys():
setting = os.path.join(setting_base, setting_key)
current_value = myaugeas.get(setting)
if current_value == None:
try:
myaugeas.set(setting, postfix_main_settings[setting_key])
except:
insert_paths = myaugeas.match('/files/etc/postfix/main.cf/*')
insert_path = insert_paths[(len(insert_paths) - 1)]
myaugeas.insert(insert_path, setting_key, False)
log.debug(_("Setting key %r to %r") %
(setting_key, postfix_main_settings[setting_key]),
level=8)
myaugeas.set(setting, postfix_main_settings[setting_key])
myaugeas.save()
postfix_master_settings = {}
if os.path.exists('/usr/lib/postfix/kolab_smtp_access_policy'):
postfix_master_settings[
'kolab_sap_executable_path'] = '/usr/lib/postfix/kolab_smtp_access_policy'
else:
postfix_master_settings[
'kolab_sap_executable_path'] = '/usr/libexec/postfix/kolab_smtp_access_policy'
template_file = None
if os.path.isfile('/etc/kolab/templates/master.cf.tpl'):
template_file = '/etc/kolab/templates/master.cf.tpl'
elif os.path.isfile('/usr/share/kolab/templates/master.cf.tpl'):
template_file = '/usr/share/kolab/templates/master.cf.tpl'
elif os.path.isfile(
os.path.abspath(
os.path.join(__file__, '..', '..', '..', 'share', 'templates',
'master.cf.tpl'))):
template_file = os.path.abspath(
os.path.join(__file__, '..', '..', '..', 'share', 'templates',
'master.cf.tpl'))
if not template_file == None:
fp = open(template_file, 'r')
template_definition = fp.read()
fp.close()
t = Template(template_definition, searchList=[postfix_master_settings])
fp = open('/etc/postfix/master.cf', 'w')
fp.write(t.__str__())
fp.close()
else:
log.error(
_("Could not write out Postfix configuration file /etc/postfix/master.cf"
))
return
if os.path.isdir('/etc/postfix/sasl/'):
fp = open('/etc/postfix/sasl/smtpd.conf', 'w')
fp.write("pwcheck_method: saslauthd\n")
fp.write("mech_list: plain login\n")
fp.close()
amavisd_settings = {
'ldap_server': '%(server_host)s',
'ldap_bind_dn': conf.get('ldap', 'service_bind_dn'),
'ldap_bind_pw': conf.get('ldap', 'service_bind_pw'),
'primary_domain': conf.get('kolab', 'primary_domain'),
'ldap_filter': "(|(mail=%m)(alias=%m))",
'ldap_base_dn': conf.get('ldap', 'base_dn'),
'clamdsock': '/var/spool/amavisd/clamd.sock',
}
template_file = None
# On RPM installations, Amavis configuration is contained within a single file.
amavisconf_paths = [
"/etc/amavisd.conf", "/etc/amavis/amavisd.conf",
"/etc/amavisd/amavisd.conf"
]
amavis_conf = ''
for amavisconf_path in amavisconf_paths:
if os.path.isfile(amavisconf_path):
amavis_conf = amavisconf_path
break
if os.path.isfile(amavis_conf):
if os.path.isfile('/etc/kolab/templates/amavisd.conf.tpl'):
template_file = '/etc/kolab/templates/amavisd.conf.tpl'
elif os.path.isfile('/usr/share/kolab/templates/amavisd.conf.tpl'):
template_file = '/usr/share/kolab/templates/amavisd.conf.tpl'
elif os.path.isfile(
os.path.abspath(
os.path.join(__file__, '..', '..', '..', 'share',
'templates', 'amavisd.conf.tpl'))):
template_file = os.path.abspath(
os.path.join(__file__, '..', '..', '..', 'share', 'templates',
'amavisd.conf.tpl'))
if not template_file == None:
fp = open(template_file, 'r')
template_definition = fp.read()
fp.close()
if os.path.isfile('/etc/clamd.d/amavisd.conf'):
amavisdconf_content = file('/etc/clamd.d/amavisd.conf')
for line in amavisdconf_content:
if line.startswith('LocalSocket'):
amavisd_settings['clamdsock'] = line[len('LocalSocket '
):].strip()
t = Template(template_definition, searchList=[amavisd_settings])
fp = None
fp = open(amavis_conf, 'w')
if not fp == None:
fp.write(t.__str__())
fp.close()
else:
log.error(
_("Could not write out Amavis configuration file amavisd.conf")
)
return
# On APT installations, /etc/amavis/conf.d/ is a directory with many more files.
#
# Somebody could work on enhancement request #1080 to configure LDAP lookups,
# while really it isn't required.
else:
log.info(_("Not writing out any configuration for Amavis."))
# On debian wheezy amavisd-new expects '/etc/mailname' - possibly remediable through
# the #1080 enhancement mentioned above, but here's a quick fix.
f = open('/etc/mailname', 'w')
f.writelines(conf.get('kolab', 'primary_domain'))
f.close()
if os.path.isfile('/etc/default/spamassassin'):
myaugeas = Augeas()
setting = os.path.join('/files/etc/default/spamassassin', 'ENABLED')
if not myaugeas.get(setting) == '1':
myaugeas.set(setting, '1')
myaugeas.save()
myaugeas.close()
if os.path.isfile('/etc/default/wallace'):
myaugeas = Augeas()
setting = os.path.join('/files/etc/default/wallace', 'START')
if not myaugeas.get(setting) == 'yes':
myaugeas.set(setting, 'yes')
myaugeas.save()
myaugeas.close()
if os.path.isfile('/usr/lib/systemd/system/[email protected]'):
from ConfigParser import SafeConfigParser
unitfile = SafeConfigParser()
unitfile.optionxform = str
unitfile.read('/usr/lib/systemd/system/[email protected]')
if not unitfile.has_section('Install'):
unitfile.add_section('Install')
if not unitfile.has_option('Install', 'WantedBy'):
unitfile.set('Install', 'WantedBy', 'multi-user.target')
with open('/etc/systemd/system/[email protected]', 'wb') as f:
unitfile.write(f)
log.info(_("Configuring and refreshing Anti-Virus..."))
if os.path.isfile('/etc/kolab/templates/freshclam.conf.tpl'):
shutil.copy('/etc/kolab/templates/freshclam.conf.tpl',
'/etc/freshclam.conf')
elif os.path.isfile('/usr/share/kolab/templates/freshclam.conf.tpl'):
shutil.copy('/usr/share/kolab/templates/freshclam.conf.tpl',
'/etc/freshclam.conf')
else:
log.error(_("Could not find a ClamAV update configuration file"))
if os.path.isfile('/etc/freshclam.conf'):
subprocess.call(
['/usr/bin/freshclam', '--quiet', '--datadir="/var/lib/clamav"'])
amavisservice = 'amavisd.service'
clamavservice = '*****@*****.**'
if os.path.isfile('/usr/lib/systemd/system/amavis.service'):
amavisservice = 'amavis.service'
if os.path.isfile('/lib/systemd/system/amavis.service'):
amavisservice = 'amavis.service'
if os.path.isfile('/usr/lib/systemd/system/clamd.service'):
clamavservice = 'clamd.service'
if os.path.isfile('/lib/systemd/system/clamd.service'):
clamavservice = 'clamd.service'
if os.path.isfile('/lib/systemd/system/clamav-daemon.service'):
clamavservice = 'clamav-daemon.service'
if os.path.isfile('/bin/systemctl'):
subprocess.call(['systemctl', 'restart', 'postfix.service'])
subprocess.call(['systemctl', 'restart', amavisservice])
subprocess.call(['systemctl', 'restart', clamavservice])
subprocess.call(['systemctl', 'restart', 'wallace.service'])
elif os.path.isfile('/sbin/service'):
subprocess.call(['service', 'postfix', 'restart'])
subprocess.call(['service', 'amavisd', 'restart'])
subprocess.call(['service', 'clamd.amavisd', 'restart'])
subprocess.call(['service', 'wallace', 'restart'])
elif os.path.isfile('/usr/sbin/service'):
subprocess.call(['/usr/sbin/service', 'postfix', 'restart'])
subprocess.call(['/usr/sbin/service', 'amavis', 'restart'])
subprocess.call(['/usr/sbin/service', 'clamav-daemon', 'restart'])
subprocess.call(['/usr/sbin/service', 'wallace', 'restart'])
else:
log.error(
_("Could not start the postfix, clamav and amavisd services services."
))
if os.path.isfile('/bin/systemctl'):
subprocess.call(['systemctl', 'enable', 'postfix.service'])
subprocess.call(['systemctl', 'enable', amavisservice])
subprocess.call(['systemctl', 'enable', clamavservice])
subprocess.call(['systemctl', 'enable', 'wallace.service'])
elif os.path.isfile('/sbin/chkconfig'):
subprocess.call(['chkconfig', 'postfix', 'on'])
subprocess.call(['chkconfig', 'amavisd', 'on'])
subprocess.call(['chkconfig', 'clamd.amavisd', 'on'])
subprocess.call(['chkconfig', 'wallace', 'on'])
elif os.path.isfile('/usr/sbin/update-rc.d'):
subprocess.call(['/usr/sbin/update-rc.d', 'postfix', 'defaults'])
subprocess.call(['/usr/sbin/update-rc.d', 'amavis', 'defaults'])
subprocess.call(['/usr/sbin/update-rc.d', 'clamav-daemon', 'defaults'])
subprocess.call(['/usr/sbin/update-rc.d', 'wallace', 'defaults'])
else:
log.error(_("Could not configure to start on boot, the " + \
"postfix, clamav and amavisd services."))
