def HandleEvent(self, event=None):
"""
Updates which files this plugin handles based upon filesystem events.
Allows configuration items to be added/removed without server restarts.
"""
action = event.code2str()
if event.filename[0] == "/":
return
epath = "".join([self.data, self.handles[event.requestID], event.filename])
if posixpath.isdir(epath):
ident = self.handles[event.requestID] + event.filename
else:
ident = self.handles[event.requestID][:-1]
fname = "".join([ident, "/", event.filename])
if event.filename.endswith(".xml"):
if action in ["exists", "created", "changed"]:
if event.filename.endswith("key.xml"):
key_spec = dict(list(lxml.etree.parse(epath).find("Key").items()))
self.key_specs[ident] = {"bits": key_spec.get("bits", 2048), "type": key_spec.get("type", "rsa")}
self.Entries["Path"][ident] = self.get_key
elif event.filename.endswith("cert.xml"):
cert_spec = dict(list(lxml.etree.parse(epath).find("Cert").items()))
ca = cert_spec.get("ca", "default")
self.cert_specs[ident] = {
"ca": ca,
"format": cert_spec.get("format", "pem"),
"key": cert_spec.get("key"),
"days": cert_spec.get("days", 365),
"C": cert_spec.get("c"),
"L": cert_spec.get("l"),
"ST": cert_spec.get("st"),
"OU": cert_spec.get("ou"),
"O": cert_spec.get("o"),
"emailAddress": cert_spec.get("emailaddress"),
}
cp = ConfigParser()
cp.read(self.core.cfile)
self.CAs[ca] = dict(cp.items("sslca_" + ca))
self.Entries["Path"][ident] = self.get_cert
if action == "deleted":
if ident in self.Entries["Path"]:
del self.Entries["Path"][ident]
else:
if action in ["exists", "created"]:
if posixpath.isdir(epath):
self.AddDirectoryMonitor(epath[len(self.data) :])
if ident not in self.entries and posixpath.isfile(epath):
self.entries[fname] = self.__child__(epath)
self.entries[fname].HandleEvent(event)
if action == "changed":
self.entries[fname].HandleEvent(event)
elif action == "deleted":
if fname in self.entries:
del self.entries[fname]
else:
self.entries[fname].HandleEvent(event)
def getCFP(self):
if not self.__cfp:
self.__cfp = ConfigParser.ConfigParser()
# FIXME: Remove this hack when except: pass below is fixed
try:
self.__cfp.readfp(open(self.cfpath))
except IOError:
e = sys.exc_info()[1]
print("Unable to read bcfg2.conf: %s" % e)
return self.__cfp
def get_config(self, raw=False):
config = ConfigParser.SafeConfigParser()
for source in self.sources:
# get_urls() loads url_map as a side-effect
source.get_urls()
for url_map in source.url_map:
if url_map['arch'] in self.metadata.groups:
basereponame = source.get_repo_name(url_map)
reponame = basereponame
added = False
while not added:
try:
config.add_section(reponame)
added = True
except ConfigParser.DuplicateSectionError:
match = re.match("-(\d)", reponame)
if match:
rid = int(match.group(1)) + 1
else:
rid = 1
reponame = "%s-%d" % (basereponame, rid)
config.set(reponame, "name", reponame)
config.set(reponame, "baseurl", url_map['url'])
config.set(reponame, "enabled", "1")
if len(source.gpgkeys):
config.set(reponame, "gpgcheck", "1")
config.set(reponame, "gpgkey",
" ".join(source.gpgkeys))
else:
config.set(reponame, "gpgcheck", "0")
if len(source.blacklist):
config.set(reponame, "exclude",
" ".join(source.blacklist))
if len(source.whitelist):
config.set(reponame, "includepkgs",
" ".join(source.whitelist))
if raw:
return config
else:
# configparser only writes to file, so we have to use a
# StringIO object to get the data out as a string
buf = StringIO()
config.write(buf)
return "# This config was generated automatically by the Bcfg2 " \
"Packages plugin\n\n" + buf.getvalue()
def db_from_config(cfile):
cp = ConfigParser.ConfigParser()
cp.read([cfile])
driver = cp.get('snapshots', 'driver')
if driver == 'sqlite':
path = cp.get('snapshots', 'database')
return 'sqlite:///%s' % path
elif driver in ['mysql', 'postgres']:
user = cp.get('snapshots', 'user')
password = cp.get('snapshots', 'password')
host = cp.get('snapshots', 'host')
db = cp.get('snapshots', 'database')
return '%s://%s:%s@%s/%s' % (driver, user, password, host, db)
else:
raise Exception("unsupported db driver %s" % driver)
def build_req_config(self, entry, metadata):
"""
generates a temporary openssl configuration file that is
used to generate the required certificate request
"""
# create temp request config file
conffile = open(tempfile.mkstemp()[1], 'w')
cp = ConfigParser.ConfigParser({})
cp.optionxform = str
defaults = {
'req': {
'default_md': 'sha1',
'distinguished_name': 'req_distinguished_name',
'req_extensions': 'v3_req',
'x509_extensions': 'v3_req',
'prompt': 'no'
},
'req_distinguished_name': {},
'v3_req': {
'subjectAltName': '@alt_names'
},
'alt_names': {}
}
for section in list(defaults.keys()):
cp.add_section(section)
for key in defaults[section]:
cp.set(section, key, defaults[section][key])
x = 1
altnames = list(metadata.aliases)
altnames.append(metadata.hostname)
for altname in altnames:
cp.set('alt_names', 'DNS.' + str(x), altname)
x += 1
for item in ['C', 'L', 'ST', 'O', 'OU', 'emailAddress']:
if self.cert_specs[entry.get('name')][item]:
cp.set('req_distinguished_name', item,
self.cert_specs[entry.get('name')][item])
cp.set('req_distinguished_name', 'CN', metadata.hostname)
cp.write(conffile)
conffile.close()
return conffile.name
def __init__(self, logger, cfg, setup):
self._initialised = False
Bcfg2.Client.Tools.PkgTool.__init__(self, logger, cfg, setup)
self._initialised = True
self.__important__ = self.__important__ + ['/etc/make.conf']
self._pkg_pattern = re.compile('(.*)-(\d.*)')
self._ebuild_pattern = re.compile('(ebuild|binary)')
self.cfg = cfg
self.installed = {}
self._binpkgonly = True
# Used to get options from configuration file
parser = ConfigParser.ConfigParser()
parser.read(self.setup.get('setup'))
for opt in ['binpkgonly']:
if parser.has_option(self.name, opt):
setattr(self, ('_%s' % opt),
self._StrToBoolIfBool(parser.get(self.name, opt)))
if self._binpkgonly:
self.pkgtool = self._binpkgtool
self.RefreshPackages()
def copy_section(src_file, tgt_cfg, section, newsection=None):
if newsection is None:
newsection = section
cfg = ConfigParser.ConfigParser()
if len(cfg.read(src_file)) == 1:
if cfg.has_section(section):
try:
tgt_cfg.add_section(newsection)
except ConfigParser.DuplicateSectionError:
print("[%s] section already exists in %s, adding options" %
(newsection, setup['cfile']))
for opt in cfg.options(section):
val = cfg.get(section, opt)
if tgt_cfg.has_option(newsection, opt):
print("%s in [%s] already populated in %s, skipping" %
(opt, newsection, setup['cfile']))
print(" %s: %s" %
(setup['cfile'], tgt_cfg.get(newsection, opt)))
print(" %s: %s" % (src_file, val))
else:
print("Set %s in [%s] to %s" % (opt, newsection, val))
tgt_cfg.set(newsection, opt, val)
def getCFP(self):
if not self.__cfp:
self.__cfp = ConfigParser.ConfigParser()
self.__cfp.read(self.configfile)
return self.__cfp
import django
import os
import sys
# Compatibility import
from Bcfg2.Bcfg2Py3k import ConfigParser
# Django settings for bcfg2 reports project.
c = ConfigParser.ConfigParser()
if 'BCFG2_CONFIG_FILE' in os.environ:
cfiles = os.environ['BCFG2_CONFIG_FILE']
else:
cfiles = ['/etc/bcfg2.conf', '/etc/bcfg2-web.conf']
if len(c.read(cfiles)) == 0:
raise ImportError("Please check that bcfg2.conf or bcfg2-web.conf exists "
"and is readable by your web server.")
try:
DEBUG = c.getboolean('statistics', 'web_debug')
except:
DEBUG = False
if DEBUG:
print("Warning: Setting web_debug to True causes extraordinary memory "
"leaks. Only use this setting if you know what you're doing.")
TEMPLATE_DEBUG = DEBUG
ADMINS = (('Root', 'root'), )
MANAGERS = ADMINS
try:
self.indent_level = self.indent_level + 1
self._write_common_entries(pkgdata)
self._write_perarch_entries(pkgdata)
for group in self.groups:
self.indent_level = self.indent_level - 1
self._write_to_file('</Group>')
self.indent_level = self.indent_level - 1
self._write_to_file('</PackageList>')
self._close_file()
self._rename_file()
if __name__ == '__main__':
main_conf_parser = ConfigParser.SafeConfigParser()
main_conf_parser.read(['/etc/bcfg2.conf'])
repo = main_conf_parser.get('server', 'repository')
confparser = ConfigParser.SafeConfigParser()
confparser.read(os.path.join(repo, "etc/debian-pkglist.conf"))
# We read the whole configuration file before processing each entries
# to avoid doing work if there is a problem in the file.
sources_list = []
for section in confparser.sections():
sources_list.append(Source(confparser, section, repo))
for source in sources_list:
source.process()
self.indent_level = self.indent_level + 1
self._write_common_entries(pkgdata)
self._write_perarch_entries(pkgdata)
for group in self.groups:
self.indent_level = self.indent_level - 1
self._write_to_file('</Group>')
self.indent_level = self.indent_level - 1
self._write_to_file('</PackageList>')
self._close_file()
self._rename_file()
if __name__ == '__main__':
# Prefix is relative to script path
complete_script_path = os.path.join(os.getcwd(), sys.argv[0])
prefix = complete_script_path[:-len('etc/create-debian-pkglist.py')]
confparser = ConfigParser.SafeConfigParser()
confparser.read(prefix + "etc/debian-pkglist.conf")
# We read the whole configuration file before processing each entries
# to avoid doing work if there is a problem in the file.
sources_list = []
for section in confparser.sections():
sources_list.append(Source(confparser, section, prefix))
for source in sources_list:
source.process()
def HandleEvent(self, event=None):
"""
Updates which files this plugin handles based upon filesystem events.
Allows configuration items to be added/removed without server restarts.
"""
action = event.code2str()
if event.filename[0] == '/':
return
epath = "".join([self.data, self.handles[event.requestID],
event.filename])
if posixpath.isdir(epath):
ident = self.handles[event.requestID] + event.filename
else:
ident = self.handles[event.requestID][:-1]
fname = "".join([ident, '/', event.filename])
if event.filename.endswith('.xml'):
if action in ['exists', 'created', 'changed']:
if event.filename.endswith('key.xml'):
key_spec = dict(list(lxml.etree.parse(epath).find('Key').items()))
self.key_specs[ident] = {
'bits': key_spec.get('bits', 2048),
'type': key_spec.get('type', 'rsa')
}
self.Entries['Path'][ident] = self.get_key
elif event.filename.endswith('cert.xml'):
cert_spec = dict(list(lxml.etree.parse(epath).find('Cert').items()))
ca = cert_spec.get('ca', 'default')
self.cert_specs[ident] = {
'ca': ca,
'format': cert_spec.get('format', 'pem'),
'key': cert_spec.get('key'),
'days': cert_spec.get('days', 365),
'C': cert_spec.get('c'),
'L': cert_spec.get('l'),
'ST': cert_spec.get('st'),
'OU': cert_spec.get('ou'),
'O': cert_spec.get('o'),
'emailAddress': cert_spec.get('emailaddress')
}
cp = ConfigParser()
cp.read(self.core.cfile)
self.CAs[ca] = dict(cp.items('sslca_' + ca))
self.Entries['Path'][ident] = self.get_cert
if action == 'deleted':
if ident in self.Entries['Path']:
del self.Entries['Path'][ident]
else:
if action in ['exists', 'created']:
if posixpath.isdir(epath):
self.AddDirectoryMonitor(epath[len(self.data):])
if ident not in self.entries and posixpath.isfile(epath):
self.entries[fname] = self.__child__(epath)
self.entries[fname].HandleEvent(event)
if action == 'changed':
self.entries[fname].HandleEvent(event)
elif action == 'deleted':
if fname in self.entries:
del self.entries[fname]
else:
self.entries[fname].HandleEvent(event)
def build_req_config(self, entry, metadata):
"""
generates a temporary openssl configuration file that is
used to generate the required certificate request
"""
# create temp request config file
conffile = open(tempfile.mkstemp()[1], 'w')
cp = ConfigParser({})
cp.optionxform = str
defaults = {
'req': {
'default_md': 'sha1',
'distinguished_name': 'req_distinguished_name',
'req_extensions': 'v3_req',
'x509_extensions': 'v3_req',
'prompt': 'no'
},
'req_distinguished_name': {},
'v3_req': {
'subjectAltName': '@alt_names'
},
'alt_names': {}
}
for section in list(defaults.keys()):
cp.add_section(section)
for key in defaults[section]:
cp.set(section, key, defaults[section][key])
x = 1
altnames = list(metadata.aliases)
altnames.append(metadata.hostname)
for altname in altnames:
cp.set('alt_names', 'DNS.' + str(x), altname)
x += 1
for item in ['C', 'L', 'ST', 'O', 'OU', 'emailAddress']:
if self.cert_specs[entry.get('name')][item]:
cp.set('req_distinguished_name', item, self.cert_specs[entry.get('name')][item])
cp.set('req_distinguished_name', 'CN', metadata.hostname)
cp.write(conffile)
conffile.close()
return conffile.name
def main():
opts = {'repo': Bcfg2.Options.SERVER_REPOSITORY}
setup = Bcfg2.Options.OptionParser(opts)
setup.parse(sys.argv[1:])
repo = setup['repo']
configpath = os.path.join(repo, 'Packages')
oldconfigfile = os.path.join(configpath, 'config.xml')
newconfigfile = os.path.join(configpath, 'packages.conf')
newsourcesfile = os.path.join(configpath, 'sources.xml')
if not os.path.exists(oldconfigfile):
print("%s does not exist, nothing to do" % oldconfigfile)
return 1
if not os.path.exists(configpath):
print("%s does not exist, cannot write %s" % (configpath,
newconfigfile))
return 2
newconfig = ConfigParser.SafeConfigParser()
newconfig.add_section("global")
oldconfig = lxml.etree.parse(oldconfigfile).getroot()
config = oldconfig.xpath('//Sources/Config')
if config:
if config[0].get("resolver", "enabled").lower() == "disabled":
newconfig.add_option("global", "resolver", "disabled")
if config[0].get("metadata", "enabled").lower() == "disabled":
newconfig.add_option("global", "metadata", "disabled")
newconfig.write(open(newconfigfile, "w"))
print("%s written" % newconfigfile)
oldsources = [oldconfigfile]
while oldsources:
oldfile = oldsources.pop()
oldsource = lxml.etree.parse(oldfile).getroot()
if oldfile == oldconfigfile:
newfile = newsourcesfile
else:
newfile = os.path.join(configpath,
oldfile.replace("%s/" % configpath, ''))
newsource = lxml.etree.Element("Sources", nsmap=oldsource.nsmap)
for el in oldsource.getchildren():
if el.tag == lxml.etree.Comment or el.tag == 'Config':
# skip comments and Config
continue
if el.tag == XI + 'include':
oldsources.append(os.path.join(configpath, el.get('href')))
newsource.append(el)
continue
# element must be a *Source
newel = lxml.etree.Element("Source",
type=el.tag.replace("Source",
"").lower())
try:
newel.set('recommended', el.find('Recommended').text.lower())
except AttributeError:
pass
for tag in ['RawURL', 'URL', 'Version']:
try:
newel.set(tag.lower(), el.find(tag).text)
except AttributeError:
pass
for child in el.getchildren():
if child.tag in ['Component', 'Blacklist', 'Whitelist', 'Arch']:
newel.append(child)
groups = [e.text for e in el.findall("Group")]
newsource = place_source(newsource, newel, groups)
try:
open(newfile, 'w').write(lxml.etree.tostring(newsource,
pretty_print=True))
print("%s written" % newfile)
except IOError:
print("Failed to write %s" % newfile)
def HandleEvent(self, event=None):
"""
Updates which files this plugin handles based upon filesystem events.
Allows configuration items to be added/removed without server restarts.
"""
action = event.code2str()
if event.filename[0] == '/':
return
epath = "".join([self.data, self.handles[event.requestID],
event.filename])
if posixpath.isdir(epath):
ident = self.handles[event.requestID] + event.filename
else:
ident = self.handles[event.requestID][:-1]
fname = "".join([ident, '/', event.filename])
if event.filename.endswith('.xml'):
if action in ['exists', 'created', 'changed']:
if event.filename.endswith('key.xml'):
key_spec = dict(list(lxml.etree.parse(epath,
parser=Bcfg2.Server.XMLParser).find('Key').items()))
self.key_specs[ident] = {
'bits': key_spec.get('bits', 2048),
'type': key_spec.get('type', 'rsa')
}
self.Entries['Path'][ident] = self.get_key
elif event.filename.endswith('cert.xml'):
cert_spec = dict(list(lxml.etree.parse(epath,
parser=Bcfg2.Server.XMLParser).find('Cert').items()))
ca = cert_spec.get('ca', 'default')
self.cert_specs[ident] = {
'ca': ca,
'format': cert_spec.get('format', 'pem'),
'key': cert_spec.get('key'),
'days': cert_spec.get('days', 365),
'C': cert_spec.get('c'),
'L': cert_spec.get('l'),
'ST': cert_spec.get('st'),
'OU': cert_spec.get('ou'),
'O': cert_spec.get('o'),
'emailAddress': cert_spec.get('emailaddress')
}
cp = ConfigParser.ConfigParser()
cp.read(self.core.cfile)
self.CAs[ca] = dict(cp.items('sslca_' + ca))
self.Entries['Path'][ident] = self.get_cert
if action == 'deleted':
if ident in self.Entries['Path']:
del self.Entries['Path'][ident]
else:
if action in ['exists', 'created']:
if posixpath.isdir(epath):
self.AddDirectoryMonitor(epath[len(self.data):])
if ident not in self.entries and posixpath.isfile(epath):
self.entries[fname] = self.__child__(epath)
self.entries[fname].HandleEvent(event)
if action == 'changed':
self.entries[fname].HandleEvent(event)
elif action == 'deleted':
if fname in self.entries:
del self.entries[fname]
else:
self.entries[fname].HandleEvent(event)
def getCFP(self):
if not self.__cfp:
self.__cfp = ConfigParser.ConfigParser()
self.__cfp.readfp(open(self.cfpath))
return self.__cfp
def build_req_config(self, entry, metadata):
"""
generates a temporary openssl configuration file that is
used to generate the required certificate request
"""
# create temp request config file
conffile = open(tempfile.mkstemp()[1], "w")
cp = ConfigParser({})
cp.optionxform = str
defaults = {
"req": {
"default_md": "sha1",
"distinguished_name": "req_distinguished_name",
"req_extensions": "v3_req",
"x509_extensions": "v3_req",
"prompt": "no",
},
"req_distinguished_name": {},
"v3_req": {"subjectAltName": "@alt_names"},
"alt_names": {},
}
for section in list(defaults.keys()):
cp.add_section(section)
for key in defaults[section]:
cp.set(section, key, defaults[section][key])
x = 1
altnames = list(metadata.aliases)
altnames.append(metadata.hostname)
for altname in altnames:
cp.set("alt_names", "DNS." + str(x), altname)
x += 1
for item in ["C", "L", "ST", "O", "OU", "emailAddress"]:
if self.cert_specs[entry.get("name")][item]:
cp.set("req_distinguished_name", item, self.cert_specs[entry.get("name")][item])
cp.set("req_distinguished_name", "CN", metadata.hostname)
cp.write(conffile)
conffile.close()
return conffile.name