def _configureSudo(self):
Util.appendOrReplaceInFile(self.sudoersFilePath,
'Defaults:%s !requiretty' % self.cloudUsername,
'Defaults:%s !requiretty' % self.cloudUsername)
Util.appendOrReplaceInFile(self.sudoersFilePath,
'%s ALL= NOPASSWD: %s' % (self.cloudUsername, self.firewall.binary),
'%s ALL= NOPASSWD: %s' % (self.cloudUsername, self.firewall.binary))
def _writeTgtdConfig(self):
iscsi_config_filename = os.path.join(Defaults.ETC_DIR, 'iscsi.conf')
if not os.path.exists(iscsi_config_filename):
with open(iscsi_config_filename, 'w') as config:
config.write(' ')
pattern = 'include %s' % iscsi_config_filename
Util.appendOrReplaceInFile('/etc/tgt/targets.conf', pattern, pattern)
def _configure(self):
Util.printStep('Configuring OpenLDAP server')
Util.printStep('Updating sysconfig')
shutil.copyfile(self._sysconfigLdapTemplate, self._sysconfigLdap)
Util.appendOrReplaceInFile(self._sysconfigLdap, 'SLAPD_LDAP=', 'SLAPD_LDAP=yes')
Util.printStep('Setting root account access')
Util.appendOrReplaceMultilineBlockInFile(self._openLdapConfig,
self._accessValue,
start='olcAccess: {0}to *',
until='olcAddContentAcl:')
Util.printStep('(Re-)starting slapd')
cmd = 'service %s restart' % self._serviceName
self._executeExitOnError(cmd)
Util.printStep('Generating test certificate and moving into place')
self._executeExitOnError(self._testCertCmd)
self._executeExitOnError('mkdir -p /etc/openldap/cacerts')
self._executeExitOnError('mv -f cacrt.jks /etc/openldap/cacerts/cacrt.jks')
self._executeExitOnError('mv -f cacrt.pem /etc/openldap/cacerts/cacrt.pem')
self._executeExitOnError('mv -f serverkey.pem /etc/openldap/serverkey.pem')
self._executeExitOnError('mv -f servercrt.pem /etc/openldap/servercrt.pem')
os.chmod('/etc/openldap/serverkey.pem', stat.S_IRUSR | stat.S_IWUSR)
self._executeExitOnError('chown ldap:ldap /etc/openldap/serverkey.pem')
Util.printStep('Updating server config. for generated certs')
cmd = "ldapmodify -Y EXTERNAL -H ldapi:/// -f %s" % self._certConfigLdif
Util.execute(cmd.split(' '))
Util.printStep('Updating client config. for generated certs')
Util.appendOrReplaceInFile(self._ldapClientConfig,
'TLS_CACERT',
'TLS_CACERT /etc/openldap/cacerts/cacrt.pem')
Util.printStep('Creating o=cloud database')
Util.filePutContent(self._completeDatabaseTemplate,
Util.fileGetContent(self._databaseTemplate) % self.__dict__)
cmd = "ldapadd -Y EXTERNAL -H ldapi:/// -f %s" % self._completeDatabaseTemplate
Util.execute(cmd.split(' '))
Util.printStep('Adding cloud database entries')
cmd = "ldapadd -x -H ldaps://%s -D %s -w %s -f %s" % (self._nodename,
self._openLdapAdminDn,
self.openldapPassword,
self._cloudDatabaseSkeleton)
self._executeExitOnError(cmd)
def _fixUdevForLvmMonitoring(self):
"""See the issue: https://bugzilla.redhat.com/show_bug.cgi?id=577798#c5
1. Modify 80-udisks.rules
2. Install a cron job to modify 80-udisks.rules file to safeguard against
udev package updates.
"""
fileName = '/lib/udev/rules.d/80-udisks.rules'
if not os.path.exists(fileName):
return
search = 'KERNEL=="dm-*", OPTIONS+="watch"'
replace = '#KERNEL=="dm-*", OPTIONS+="watch"'
if re.search('^KERNEL=="dm-\*", OPTIONS\+="watch"', Util.fileGetContent(fileName), re.MULTILINE):
Util.appendOrReplaceInFile(fileName, search, replace)
#self.system.restartService('udev')
data = """*/15 * * * * root sed -i -e 's/^KERNEL==\"dm-\*\", OPTIONS+=\"watch\"/%s/' %s""" % \
(replace, fileName)
Util.filePutContent('/etc/cron.d/fix-udev-for-lvm-monitoring.cron', data)
def _configureProxyDefaultUsersUsernamePassword(self):
filename = Defaults.AUTHN_CONFIG_FILE
search = self.oneUsername
replace = '%(oneUsername)s=%(proxyOneadminPassword)s,cloud-access' % self.__dict__
Util.appendOrReplaceInFile(filename, search, replace)
def configureQuarantine(self):
filename = os.path.join(Defaults.ETC_DIR, 'quarantine.cfg')
search = '^PERIOD.*$'
replace = 'PERIOD=%(quarantinePeriod)s' % self.__dict__
Util.appendOrReplaceInFile(filename, search, replace)
