def allow_dhcp_broadcast(self): #Open DHCP port if iptables is enabled. # We supress error logging on error. shellutil.run("iptables -D INPUT -p udp --dport 68 -j ACCEPT", chk_err=False) shellutil.run("iptables -I INPUT -p udp --dport 68 -j ACCEPT", chk_err=False)
def allow_dhcp_broadcast(self): #Open DHCP port if iptables is enabled. # We supress error logging on error. shellutil.run("iptables -D INPUT -p udp --dport 68 -j ACCEPT", chk_err=False) shellutil.run("iptables -I INPUT -p udp --dport 68 -j ACCEPT", chk_err=False)
def set_hostname(self, hostname): """ Set /etc/sysconfig/network """ fileutil.update_conf_file('/etc/sysconfig/network', 'HOSTNAME', 'HOSTNAME={0}'.format(hostname)) shellutil.run("hostname {0}".format(hostname), chk_err=False)
def set_hostname(self, hostname): """ Set /etc/sysconfig/network """ fileutil.update_conf_file('/etc/sysconfig/network', 'HOSTNAME', 'HOSTNAME={0}'.format(hostname)) shellutil.run("hostname {0}".format(hostname), chk_err=False)
def gen_transport_cert(self, prv_file, crt_file): """ Create ssl certificate for https communication with endpoint server. """ cmd = ("{0} req -x509 -nodes -subj /CN=LinuxTransport -days 32768 " "-newkey rsa:2048 -keyout {1} " "-out {2}").format(self.openssl_cmd, prv_file, crt_file) shellutil.run(cmd)
def reg_ssh_host_key(self): keypair_type = conf.get_ssh_host_keypair_type() if conf.get_regenerate_ssh_host_key(): shellutil.run("rm -f /etc/ssh/ssh_host_*key*") shellutil.run(("ssh-keygen -N '' -t {0} -f /etc/ssh/ssh_host_{1}_key" "").format(keypair_type, keypair_type)) thumbprint = self.get_ssh_host_key_thumbprint(keypair_type) return thumbprint
def gen_transport_cert(self, prv_file, crt_file): """ Create ssl certificate for https communication with endpoint server. """ cmd = ("{0} req -x509 -nodes -subj /CN=LinuxTransport -days 32768 " "-newkey rsa:2048 -keyout {1} " "-out {2}").format(self.openssl_cmd, prv_file, crt_file) shellutil.run(cmd)
def download(self): self.logger.info("Download extension package") self.set_operation(WALAEventOperation.Download) if self.pkg is None: raise ExtensionError("No package uri found") package = None for uri in self.pkg.uris: try: package = self.protocol.download_ext_handler_pkg(uri.uri) except ProtocolError as e: logger.warn("Failed download extension: {0}", e) if package is None: raise ExtensionError("Failed to download extension") self.logger.info("Unpack extension package") pkg_file = os.path.join(conf.get_lib_dir(), os.path.basename(uri.uri) + ".zip") try: fileutil.write_file(pkg_file, bytearray(package), asbin=True) zipfile.ZipFile(pkg_file).extractall(self.get_base_dir()) except IOError as e: raise ExtensionError(u"Failed to write and unzip plugin", e) chmod = "find {0} -type f | xargs chmod u+x".format( self.get_base_dir()) shellutil.run(chmod) self.report_event(message="Download succeeded") self.logger.info("Initialize extension directory") #Save HandlerManifest.json man_file = fileutil.search_file(self.get_base_dir(), 'HandlerManifest.json') if man_file is None: raise ExtensionError("HandlerManifest.json not found") try: man = fileutil.read_file(man_file, remove_bom=True) fileutil.write_file(self.get_manifest_file(), man) except IOError as e: raise ExtensionError(u"Failed to save HandlerManifest.json", e) #Create status and config dir try: status_dir = self.get_status_dir() fileutil.mkdir(status_dir, mode=0o700) conf_dir = self.get_conf_dir() fileutil.mkdir(conf_dir, mode=0o700) except IOError as e: raise ExtensionError(u"Failed to create status or config dir", e) #Save HandlerEnvironment.json self.create_handler_env()
def download(self): self.logger.info("Download extension package") self.set_operation(WALAEventOperation.Download) if self.pkg is None: raise ExtensionError("No package uri found") package = None for uri in self.pkg.uris: try: package = self.protocol.download_ext_handler_pkg(uri.uri) except ProtocolError as e: logger.warn("Failed download extension: {0}", e) if package is None: raise ExtensionError("Failed to download extension") self.logger.info("Unpack extension package") pkg_file = os.path.join(conf.get_lib_dir(), os.path.basename(uri.uri) + ".zip") try: fileutil.write_file(pkg_file, bytearray(package), asbin=True) zipfile.ZipFile(pkg_file).extractall(self.get_base_dir()) except IOError as e: raise ExtensionError(u"Failed to write and unzip plugin", e) chmod = "find {0} -type f | xargs chmod u+x".format(self.get_base_dir()) shellutil.run(chmod) self.report_event(message="Download succeeded") self.logger.info("Initialize extension directory") #Save HandlerManifest.json man_file = fileutil.search_file(self.get_base_dir(), 'HandlerManifest.json') if man_file is None: raise ExtensionError("HandlerManifest.json not found") try: man = fileutil.read_file(man_file, remove_bom=True) fileutil.write_file(self.get_manifest_file(), man) except IOError as e: raise ExtensionError(u"Failed to save HandlerManifest.json", e) #Create status and config dir try: status_dir = self.get_status_dir() fileutil.mkdir(status_dir, mode=0o700) conf_dir = self.get_conf_dir() fileutil.mkdir(conf_dir, mode=0o700) except IOError as e: raise ExtensionError(u"Failed to create status or config dir", e) #Save HandlerEnvironment.json self.create_handler_env()
def del_account(self, username): if self.is_sys_user(username): logger.error("{0} is a system user. Will not delete it.", username) shellutil.run("> /var/run/utmp") shellutil.run("userdel -f -r " + username) #Remove user from suders if os.path.isfile("/etc/suders.d/waagent"): try: content = fileutil.read_file("/etc/sudoers.d/waagent") sudoers = content.split("\n") sudoers = [x for x in sudoers if username not in x] fileutil.write_file("/etc/sudoers.d/waagent", "\n".join(sudoers)) except IOError as e: raise OSUtilError("Failed to remove sudoer: {0}".format(e))
def del_account(self, username): if self.is_sys_user(username): logger.error("{0} is a system user. Will not delete it.", username) shellutil.run("> /var/run/utmp") shellutil.run("userdel -f -r " + username) #Remove user from suders if os.path.isfile("/etc/suders.d/waagent"): try: content = fileutil.read_file("/etc/sudoers.d/waagent") sudoers = content.split("\n") sudoers = [x for x in sudoers if username not in x] fileutil.write_file("/etc/sudoers.d/waagent", "\n".join(sudoers)) except IOError as e: raise OSUtilError("Failed to remove sudoer: {0}".format(e))
def set_selinux_context(self, path, con): """ Calls shell 'chcon' with 'path' and 'con' context. Returns exit result. """ if self.is_selinux_system(): return shellutil.run('chcon ' + con + ' ' + path)
def set_selinux_context(self, path, con): """ Calls shell 'chcon' with 'path' and 'con' context. Returns exit result. """ if self.is_selinux_system(): return shellutil.run('chcon ' + con + ' ' + path)
def save_customdata(self, ovfenv): customdata = ovfenv.customdata if customdata is None: return logger.info("Save custom data") lib_dir = conf.get_lib_dir() if conf.get_decode_customdata(): customdata= self.distro.osutil.decode_customdata(customdata) customdata_file = os.path.join(lib_dir, CUSTOM_DATA_FILE) fileutil.write_file(customdata_file, customdata) if conf.get_execute_customdata(): logger.info("Execute custom data") os.chmod(customdata_file, 0o700) shellutil.run(customdata_file)
def route_add(self, net, mask, gateway): """ Add specified route using /sbin/route add -net. """ cmd = ("/sbin/route add -net " "{0} netmask {1} gw {2}").format(net, mask, gateway) return shellutil.run(cmd, chk_err=False)
def route_add(self, net, mask, gateway): """ Add specified route using /sbin/route add -net. """ cmd = ("/sbin/route add -net " "{0} netmask {1} gw {2}").format(net, mask, gateway) return shellutil.run(cmd, chk_err=False)
def set_selinux_enforce(self, state): """ Calls shell command 'setenforce' with 'state' and returns resulting exit code. """ if self.is_selinux_system(): if state: s = '1' else: s = '0' return shellutil.run("setenforce " + s)
def is_atapiix_mod_loaded(self, max_retry=1): for retry in range(0, max_retry): ret = shellutil.run("lsmod | grep ata_piix", chk_err=False) if ret == 0: logger.info("Module driver for ATAPI CD-ROM is already present.") return True if retry < max_retry - 1: time.sleep(1) return False
def set_selinux_enforce(self, state): """ Calls shell command 'setenforce' with 'state' and returns resulting exit code. """ if self.is_selinux_system(): if state: s = '1' else: s='0' return shellutil.run("setenforce "+s)
def is_selinux_system(self): """ Checks and sets self.selinux = True if SELinux is available on system. """ if self.selinux == None: if shellutil.run("which getenforce", chk_err=False) == 0: self.selinux = True else: self.selinux = False return self.selinux
def is_selinux_system(self): """ Checks and sets self.selinux = True if SELinux is available on system. """ if self.selinux == None: if shellutil.run("which getenforce", chk_err=False) == 0: self.selinux = True else: self.selinux = False return self.selinux
def is_atapiix_mod_loaded(self, max_retry=1): for retry in range(0, max_retry): ret = shellutil.run("lsmod | grep ata_piix", chk_err=False) if ret == 0: logger.info( "Module driver for ATAPI CD-ROM is already present.") return True if retry < max_retry - 1: time.sleep(1) return False
def set_admin_access_to_ip(self, dest_ip): #This allows root to access dest_ip rm_old = "iptables -D OUTPUT -d {0} -j ACCEPT -m owner --uid-owner 0" rule = "iptables -A OUTPUT -d {0} -j ACCEPT -m owner --uid-owner 0" shellutil.run(rm_old.format(dest_ip), chk_err=False) shellutil.run(rule.format(dest_ip)) #This blocks all other users to access dest_ip rm_old = "iptables -D OUTPUT -d {0} -j DROP" rule = "iptables -A OUTPUT -d {0} -j DROP" shellutil.run(rm_old.format(dest_ip), chk_err=False) shellutil.run(rule.format(dest_ip))
def set_admin_access_to_ip(self, dest_ip): #This allows root to access dest_ip rm_old= "iptables -D OUTPUT -d {0} -j ACCEPT -m owner --uid-owner 0" rule = "iptables -A OUTPUT -d {0} -j ACCEPT -m owner --uid-owner 0" shellutil.run(rm_old.format(dest_ip), chk_err=False) shellutil.run(rule.format(dest_ip)) #This blocks all other users to access dest_ip rm_old = "iptables -D OUTPUT -d {0} -j DROP" rule = "iptables -A OUTPUT -d {0} -j DROP" shellutil.run(rm_old.format(dest_ip), chk_err=False) shellutil.run(rule.format(dest_ip))
def create_swap_space(self, mount_point, size_mb): size_kb = size_mb * 1024 size = size_kb * 1024 swapfile = os.path.join(mount_point, 'swapfile') swaplist = shellutil.run_get_output("swapon -s")[1] if swapfile in swaplist and os.path.getsize(swapfile) == size: logger.info("Swap already enabled") return if os.path.isfile(swapfile) and os.path.getsize(swapfile) != size: logger.info("Remove old swap file") shellutil.run("swapoff -a", chk_err=False) os.remove(swapfile) if not os.path.isfile(swapfile): logger.info("Create swap file") shellutil.run(("dd if=/dev/zero of={0} bs=1024 " "count={1}").format(swapfile, size_kb)) shellutil.run("mkswap {0}".format(swapfile)) if shellutil.run("swapon {0}".format(swapfile)): raise ResourceDiskError("{0}".format(swapfile)) logger.info("Enabled {0}KB of swap at {1}".format(size_kb, swapfile))
def create_swap_space(self, mount_point, size_mb): size_kb = size_mb * 1024 size = size_kb * 1024 swapfile = os.path.join(mount_point, 'swapfile') swaplist = shellutil.run_get_output("swapon -s")[1] if swapfile in swaplist and os.path.getsize(swapfile) == size: logger.info("Swap already enabled") return if os.path.isfile(swapfile) and os.path.getsize(swapfile) != size: logger.info("Remove old swap file") shellutil.run("swapoff -a", chk_err=False) os.remove(swapfile) if not os.path.isfile(swapfile): logger.info("Create swap file") shellutil.run(("dd if=/dev/zero of={0} bs=1024 " "count={1}").format(swapfile, size_kb)) shellutil.run("mkswap {0}".format(swapfile)) if shellutil.run("swapon {0}".format(swapfile)): raise ResourceDiskError("{0}".format(swapfile)) logger.info("Enabled {0}KB of swap at {1}".format(size_kb, swapfile))
def restart_if(self, iface): shellutil.run("systemctl restart systemd-networkd")
def restart_ssh_service(self): return shellutil.run("systemctl restart sshd", chk_err=False)
def remove_route_for_dhcp_broadcast(self, ifname): shellutil.run("route del 255.255.255.255 dev {0}".format(ifname), chk_err=False)
def unregister_agent_service(self): return shellutil.run("systemctl disable waagent", chk_err=False)
def start_network(self): return shellutil.run("/sbin/service networking start", chk_err=False)
def start_agent_service(self): return shellutil.run("/sbin/service waagent start", chk_err=False)
def unregister_agent_service(self): return shellutil.run("/sbin/insserv -r waagent", chk_err=False)
def publish_hostname(self, hostname): """ Restart NetworkManager first before publishing hostname """ shellutil.run("service NetworkManager restart") super(RedhatOSUtil, self).publish_hostname(hostname)
def restart_ssh_service(self): return shellutil.run("/sbin/service sshd restart", chk_err=False)
def start_agent_service(self): return shellutil.run("/sbin/service waagent start", chk_err=False)
def start_network(self) : return shellutil.run("/sbin/service start network", chk_err=False)
def start_dhcp_service(self): cmd = "/sbin/service {0} start".format(self.dhclient_name) return shellutil.run(cmd, chk_err=False)
def set_hostname(self, hostname): fileutil.write_file('/etc/HOSTNAME', hostname) shellutil.run("hostname {0}".format(hostname), chk_err=False)
def start_dhcp_service(self): return shellutil.run("systemctl start systemd-networkd", chk_err=False)
def start_dhcp_service(self): cmd = "systemctl start {0}".format(self.dhclient_name) return shellutil.run(cmd, chk_err=False)
def stop_agent_service(self): return shellutil.run("systemctl stop wagent", chk_err=False)
def start_network(self) : return shellutil.run("systemctl start network", chk_err=False)
def unregister_agent_service(self): return shellutil.run("systemctl disable waagent", chk_err=False)
def restart_ssh_service(self): return shellutil.run("systemctl restart sshd", chk_err=False)
def restart_ssh_service(self): return shellutil.run("/sbin/service sshd condrestart", chk_err=False)
def mount_resource_disk(self, mount_point, fs): device = self.distro.osutil.device_for_ide_port(1) if device is None: raise ResourceDiskError("unable to detect disk topology") device = "/dev/" + device mountlist = shellutil.run_get_output("mount")[1] existing = self.distro.osutil.get_mount_point(mountlist, device) if (existing): logger.info("Resource disk {0}1 is already mounted", device) return existing fileutil.mkdir(mount_point, mode=0o755) logger.info("Detect GPT...") partition = device + "1" ret = shellutil.run_get_output("parted {0} print".format(device)) if ret[0]: raise ResourceDiskError("({0}) {1}".format(device, ret[1])) if "gpt" in ret[1]: logger.info("GPT detected") logger.info("Get GPT partitions") parts = [ x for x in ret[1].split("\n") if re.match("^\s*[0-9]+", x) ] logger.info("Found more than {0} GPT partitions.", len(parts)) if len(parts) > 1: logger.info("Remove old GPT partitions") for i in range(1, len(parts) + 1): logger.info("Remove partition: {0}", i) shellutil.run("parted {0} rm {1}".format(device, i)) logger.info( "Create a new GPT partition using entire disk space") shellutil.run( "parted {0} mkpart primary 0% 100%".format(device)) logger.info("Format partition: {0} with fstype {1}", partition, fs) shellutil.run("mkfs." + fs + " " + partition + " -F") else: logger.info("GPT not detected") logger.info("Check fstype") ret = shellutil.run_get_output("sfdisk -q -c {0} 1".format(device)) if ret[1].rstrip() == "7" and fs != "ntfs": logger.info("The partition is formatted with ntfs") logger.info("Format partition: {0} with fstype {1}", partition, fs) shellutil.run("sfdisk -c {0} 1 83".format(device)) shellutil.run("mkfs." + fs + " " + partition + " -F") logger.info("Mount resource disk") ret = shellutil.run("mount {0} {1}".format(partition, mount_point), chk_err=False) if ret: logger.warn("Failed to mount resource disk. Retry mounting") shellutil.run("mkfs." + fs + " " + partition + " -F") ret = shellutil.run("mount {0} {1}".format(partition, mount_point)) if ret: raise ResourceDiskError("({0}) {1}".format(partition, ret)) logger.info("Resource disk ({0}) is mounted at {1} with fstype {2}", device, mount_point, fs) return mount_point
def unregister_agent_service(self): return shellutil.run("chkconfig --del waagent", chk_err=False)
def remove_route_for_dhcp_broadcast(self, ifname): shellutil.run("route del 255.255.255.255 dev {0}".format(ifname), chk_err=False)
def start_agent_service(self): return shellutil.run("systemctl start waagent", chk_err=False)
def set_route_for_dhcp_broadcast(self, ifname): return shellutil.run("route add 255.255.255.255 dev {0}".format(ifname), chk_err=False)
def restart_if(self, ifname): shellutil.run("ifdown {0} && ifup {1}".format(ifname, ifname))
def restart_if(self, ifname): shellutil.run("ifdown {0} && ifup {1}".format(ifname, ifname))