def setvalue(*args): ''' Set a value for a specific augeas path CLI Example:: salt '*' augeas.setvalue /files/etc/hosts/1/canonical localhost This will set the first entry in /etc/hosts to localhost CLI Example:: salt '*' augeas.setvalue /files/etc/hosts/01/ipaddr 192.168.1.1 \\ /files/etc/hosts/01/canonical test Adds a new host to /etc/hosts the ip address 192.168.1.1 and hostname test CLI Example:: salt '*' augeas.setvalue prefix=/files/etc/sudoers/ \\ "spec[user = '******']/user" "%wheel" \\ "spec[user = '******']/host_group/host" 'ALL' \\ "spec[user = '******']/host_group/command[1]" 'ALL' \\ "spec[user = '******']/host_group/command[1]/tag" 'PASSWD' \\ "spec[user = '******']/host_group/command[2]" '/usr/bin/apt-get' \\ "spec[user = '******']/host_group/command[2]/tag" NOPASSWD Ensures that the following line is present in /etc/sudoers:: %wheel ALL = PASSWD : ALL , NOPASSWD : /usr/bin/apt-get , /usr/bin/aptitude ''' aug = Augeas() ret = {'retval': False} tuples = filter(lambda x: not x.startswith('prefix='), args) prefix = filter(lambda x: x.startswith('prefix='), args) if prefix: prefix = prefix[0].split('=', 1)[1] if len(tuples) % 2 != 0: return ret # ensure we have multiple of twos tuple_iter = iter(tuples) for path, value in zip(tuple_iter, tuple_iter): target_path = path if prefix: target_path = "{0}/{1}".format(prefix.rstrip('/'), path.lstrip('/')) try: aug.set(target_path, str(value)) except ValueError as err: ret['error'] = "Multiple values: " + str(err) try: aug.save() ret['retval'] = True except IOError as err: ret['error'] = str(err) return ret
class SysConfig(object): def __init__(self, system_ip=None, system_id=None, system_type=None): """ Initialize this object with non system related data, like the OSSIM administration IP address. """ self.__system_ip = system_ip if is_ipv4(system_ip) else None self.__system_id = system_id self.__system_type = system_type self.__augeas = Augeas() self.__pending = {} # System data self.__net_ifaces = {} self.__hosts_entries = {} # Initialize pure system data. self.__reload_config__() # # Public methods # def is_pending(self): """ Are there pending changes? """ return self.__pending != {} def get_pending(self): """ Get which changes are pending """ return self.__pending def get_pending_str(self): """ Same as get_pending(), but in human format. """ data = '' for key, value in self.__pending.iteritems(): data += '\n[%s]\n%s' % (key, value) return data def apply_changes(self): """ Apply pending changes and reload configuration. """ if not self.is_pending(): return AVConfigParserErrors.ALL_OK try: self.__augeas.save() except IOError, msg: return AVConfigParserErrors.get_error_msg( AVConfigParserErrors.CANNOT_SAVE_SYSCONFIG, str(msg)) self.__pending = {} self.__reload_config__() return AVConfigParserErrors.ALL_OK
def remove(path): ''' Get matches for path expression CLI Example: .. code-block:: bash salt '*' augeas.remove /files/etc/sysctl.conf/net.ipv4.conf.all.log_martians ''' aug = Augeas() ret = {'retval': False} try: count = aug.remove(path) aug.save() if count == -1: ret['error'] = 'Invalid node' else: ret['retval'] = True except (RuntimeError, IOError) as err: ret['error'] = str(err) ret['count'] = count return ret
def rm(self,entryPath,param='',hierarchy='/files'): """Delete a parameter (and all its children) in a config. file, with the help of Augeas, a configuration API (cf http://augeas.net)""" try: from augeas import Augeas aug=Augeas() except Exception, e: return str(e) path=(hierarchy+entryPath.rstrip('/')+'/'+param).rstrip('/') try: result=aug.remove(path) #aug.close() except Exception, e: return str(e) # Here is a little workaround for a bug in save for augeas. # In the future this should not be necessary anymore. try: aug.save() except: pass # End of workaround try: aug.save() except Exception, e: return str(e) if result == -1: msg = 'Invalid node' else: msg = repr(result)+' node(s) removed.' return msg
def remove(path): """ Get matches for path expression CLI Example:: salt '*' augeas.remove /files/etc/sysctl.conf/net.ipv4.conf.all.log_martians """ from augeas import Augeas aug = Augeas() ret = {"retval": False} try: count = aug.remove(path) aug.save() if count == -1: ret["error"] = "Invalid node" else: ret["retval"] = True except (RuntimeError, IOError) as err: ret["error"] = str(err) ret["count"] = count return ret
def configure_chrony(ntp_servers, ntp_pool=None, fstore=None, sysstore=None, debug=False): """ This method only configures chrony client with ntp_servers or ntp_pool """ module = "chrony" if sysstore: sysstore.backup_state(module, "enabled", services.knownservices.chronyd.is_enabled()) aug = Augeas(flags=Augeas.NO_LOAD | Augeas.NO_MODL_AUTOLOAD, loadpath=paths.USR_SHARE_IPA_DIR) try: logger.debug("Configuring chrony") chrony_conf = os.path.abspath(paths.CHRONY_CONF) aug.transform(module, chrony_conf) # loads chrony lens file aug.load() # loads augeas tree # augeas needs to prepend path with '/files' path = '/files{path}'.format(path=chrony_conf) # remove possible conflicting configuration of servers aug.remove('{}/server'.format(path)) aug.remove('{}/pool'.format(path)) aug.remove('{}/peer'.format(path)) if ntp_pool: logger.debug("Setting server pool:") logger.debug("'%s'", ntp_pool) aug.set('{}/pool[last()+1]'.format(path), ntp_pool) aug.set('{}/pool[last()]/iburst'.format(path), None) if ntp_servers: logger.debug("Setting time servers:") for server in ntp_servers: aug.set('{}/server[last()+1]'.format(path), server) aug.set('{}/server[last()]/iburst'.format(path), None) logger.debug("'%s'", server) # backup oginal conf file logger.debug("Backing up '%s'", chrony_conf) __backup_config(chrony_conf, fstore) logger.debug("Writing configuration to '%s'", chrony_conf) aug.save() logger.info('Configuration of chrony was changed by installer.') configured = True except IOError: logger.error("Augeas failed to configure file %s", chrony_conf) configured = False except RuntimeError as e: logger.error("Configuration failed with: %s", e) configured = False finally: aug.close() tasks.restore_context(chrony_conf) return configured
def set(self,entryPath,param='',pvalue='',hierarchy='/files'): """Set/change a value for a config. parameter in a config. file, with the help of Augeas, a configuration API (cf http://augeas.net)""" try: from augeas import Augeas aug=Augeas() except Exception, e: return str(e) path=(hierarchy+entryPath.rstrip('/')+'/'+param).rstrip('/') try: aug.set(path,pvalue) except Exception, e: return str(e) # Here is a little workaround for a bug in save for augeas. # In the future this won't be necessary anymore. try: aug.save() except: pass # End of workaround try: aug.save() except Exception, e: return str(e) try: pvalue=aug.get(path) #aug.close() except Exception, e: return str(e) return { 'path': entryPath, 'parameter': param, 'value': pvalue, 'hierarchy': hierarchy }
def remove(path): ''' Get matches for path expression CLI Example:: salt '*' augeas.remove /files/etc/sysctl.conf/net.ipv4.conf.all.log_martians ''' from augeas import Augeas aug = Augeas() ret = {'retval': False} try: count = aug.remove(path) aug.save() if count == -1: ret['error'] = 'Invalid node' else: ret['retval'] = True except (RuntimeError, IOError) as err: ret['error'] = str(err) ret['count'] = count return ret
class SysConfig (object): def __init__ (self, system_ip = None, system_id = None, system_type = None): """ Initialize this object with non system related data, like the OSSIM administration IP address. """ self.__system_ip = system_ip if is_ipv4(system_ip) else None self.__system_id = system_id self.__system_type = system_type self.__augeas = Augeas() self.__pending = {} # System data self.__net_ifaces = {} self.__hosts_entries = {} # Initialize pure system data. self.__reload_config__ () # # Public methods # def is_pending (self): """ Are there pending changes? """ return self.__pending != {} def get_pending (self): """ Get which changes are pending """ return self.__pending def get_pending_str (self): """ Same as get_pending(), but in human format. """ data = '' for key, value in self.__pending.iteritems(): data += '\n[%s]\n%s' % (key, value) return data def apply_changes (self): """ Apply pending changes and reload configuration. """ if not self.is_pending(): return AVConfigParserErrors.ALL_OK try: self.__augeas.save() except IOError, msg: return AVConfigParserErrors.get_error_msg(AVConfigParserErrors.CANNOT_SAVE_SYSCONFIG, str(msg)) self.__pending = {} self.__reload_config__ () return AVConfigParserErrors.ALL_OK
def setvalue(*args): ''' Set a value for a specific augeas path CLI Example:: salt '*' augeas.setvalue /files/etc/hosts/1/canonical localhost salt '*' augeas.setvalue /files/etc/hosts/01/ipaddr 192.168.1.1 \ /files/etc/hosts/01/canonical hostname salt '*' augeas.setvalue prefix=/files/etc/sudoers/ \ "/spec[user = '******']/user" "%wheel" \ "/spec[user = '******']/host_group/host" 'ALL' \ "/spec[user = '******']/host_group/command[1]" 'ALL' \ "/spec[user = '******']/host_group/command[1]/tag" 'PASSWD' \ "/spec[user = '******']/host_group/command[2]" '/usr/bin/apt-get' \ "/spec[user = '******']/host_group/command[2]/tag" NOPASSWD ''' from augeas import Augeas aug = Augeas() ret = {'retval': False} prefix = None tuples = filter(lambda x: not x.startswith('prefix='), args) prefix = filter(lambda x: x.startswith('prefix='), args) if prefix: prefix = prefix[0].split('=', 1)[1] if len(tuples) % 2 != 0: return ret # ensure we have multiple of twos tuple_iter = iter(tuples) for path, value in zip(tuple_iter, tuple_iter): target_path = path if prefix: target_path = "{0}/{1}".format(prefix.rstrip('/'), path.lstrip('/')) try: aug.set(target_path, str(value)) except ValueError as err: ret['error'] = "Multiple values: " + str(err) try: aug.save() ret['retval'] = True except IOError as err: ret['error'] = str(err) return ret
def execute(*args, **kw): if conf.has_section('example.org'): primary_domain = conf.get('kolab', 'primary_domain') if not primary_domain == 'example.org': utils.multiline_message( _(""" Copying the configuration section for 'example.org' over to a section applicable to your domain '%s'. """) % (primary_domain)) conf.cfg_parser._sections[primary_domain] = \ conf.cfg_parser._sections['example.org'] conf.cfg_parser._sections.pop('example.org') fp = open(conf.cli_keywords.config_file, "w+") conf.cfg_parser.write(fp) fp.close() if os.path.isfile('/etc/default/kolab-server'): myaugeas = Augeas() setting = os.path.join('/files/etc/default/kolab-server', 'START') if not myaugeas.get(setting) == 'yes': myaugeas.set(setting, 'yes') myaugeas.save() myaugeas.close() if os.path.isfile('/bin/systemctl'): if os.path.isfile('/etc/debian_version'): subprocess.call( ['/bin/systemctl', 'restart', 'kolab-server.service']) else: subprocess.call(['/bin/systemctl', 'restart', 'kolabd.service']) elif os.path.isfile('/sbin/service'): subprocess.call(['/sbin/service', 'kolabd', 'restart']) elif os.path.isfile('/usr/sbin/service'): subprocess.call(['/usr/sbin/service', 'kolab-server', 'restart']) else: log.error(_("Could not start the kolab server service.")) if os.path.isfile('/bin/systemctl'): if os.path.isfile('/etc/debian_version'): subprocess.call( ['/bin/systemctl', 'enable', 'kolab-server.service']) else: subprocess.call(['/bin/systemctl', 'enable', 'kolabd.service']) elif os.path.isfile('/sbin/chkconfig'): subprocess.call(['/sbin/chkconfig', 'kolabd', 'on']) elif os.path.isfile('/usr/sbin/update-rc.d'): subprocess.call(['/usr/sbin/update-rc.d', 'kolab-server', 'defaults']) else: log.error(_("Could not configure to start on boot, the " + \ "kolab server service."))
def setvalue(name, expressions): ret = {"name": name, "result": True, "changes": {}, "comment": "No changes made"} from augeas import Augeas if len(expressions) < 1: ret["comment"] = "No expressions given" ret["result"] = False return ret if __opts__["test"]: aug = Augeas(flags=Augeas.SAVE_NEWFILE) sfn = name dfn = "%s.augnew" % name else: aug = Augeas(flags=Augeas.SAVE_BACKUP) sfn = "%s.augsave" % name dfn = name if not os.path.isfile(name): ret["comment"] = "Unable to find file '%s'" % name ret["result"] = False return ret for (subpath, value) in expressions: try: path = "/files%s/%s" % (name, subpath) aug.set(path, value) except ValueError as e: ret["comment"] = '%s for\n"%s" = "%s"' % (e, path, value) ret["result"] = False return ret except TypeError as e: ret["comment"] = ( "Error setting values:\n" "%s\n" "Expression was '%s' '%s'\n" "Try quoting the value" % (e, path, value) ) ret["result"] = False return ret except e: ret["comment"] = "Unknown error:\n%s" % e ret["result"] = False return ret try: aug.save() except IOError as e: ret["comment"] = str(e) ret["result"] = False return ret ret.update(_resolve_changes(sfn, dfn)) return ret
def execute(*args, **kw): if conf.timezone == None: print >> sys.stderr, utils.multiline_message( _(""" Please supply the timezone PHP should be using. You have to use a Continent or Country / City locality name like 'Europe/Berlin', but not just 'CEST'. """) ) conf.timezone = utils.ask_question( _("Timezone ID"), default="UTC" ) if not conf.php_ini_path == None: if not os.path.isfile(conf.php_ini_path): log.error(_("Cannot configure PHP through %r (No such file or directory)") % (conf.php_ini_path)) return php_ini = conf.php_ini_path else: # Search and destroy php_ini = "/etc/php.ini" if not os.path.isfile(php_ini): php_ini = "/etc/php5/apache2/php.ini" if not os.path.isfile(php_ini): log.error(_("Could not find PHP configuration file php.ini")) return myaugeas = Augeas() setting_base = '/files%s/' % (php_ini) setting = os.path.join(setting_base, 'Date', 'date.timezone') current_value = myaugeas.get(setting) if current_value == None: insert_paths = myaugeas.match('/files%s/Date/*' % (php_ini)) insert_path = insert_paths[(len(insert_paths)-1)] myaugeas.insert(insert_path, 'date.timezone', False) log.debug(_("Setting key %r to %r") % ('Date/date.timezone', conf.timezone), level=8) myaugeas.set(setting, conf.timezone) myaugeas.save()
def execute(*args, **kw): if conf.timezone == None: print >> sys.stderr, utils.multiline_message( _(""" Please supply the timezone PHP should be using. You have to use a Continent or Country / City locality name like 'Europe/Berlin', but not just 'CEST'. """)) conf.timezone = utils.ask_question(_("Timezone ID"), default="UTC") if not conf.php_ini_path == None: if not os.path.isfile(conf.php_ini_path): log.error( _("Cannot configure PHP through %r (No such file or directory)" ) % (conf.php_ini_path)) return php_ini = conf.php_ini_path else: # Search and destroy php_ini = "/etc/php.ini" if not os.path.isfile(php_ini): php_ini = "/etc/php5/apache2/php.ini" if not os.path.isfile(php_ini): log.error(_("Could not find PHP configuration file php.ini")) return myaugeas = Augeas() setting_base = '/files%s/' % (php_ini) setting = os.path.join(setting_base, 'Date', 'date.timezone') current_value = myaugeas.get(setting) if current_value == None: insert_paths = myaugeas.match('/files%s/Date/*' % (php_ini)) insert_path = insert_paths[(len(insert_paths) - 1)] myaugeas.insert(insert_path, 'date.timezone', False) log.debug(_("Setting key %r to %r") % ('Date/date.timezone', conf.timezone), level=8) myaugeas.set(setting, conf.timezone) myaugeas.save()
def remove(name, values): ret = {"name": name, "result": True, "changes": {}, "comment": ""} from augeas import Augeas if len(values) < 1: ret["comment"] = "No values given" ret["result"] = False return ret if __opts__["test"]: aug = Augeas(flags=Augeas.SAVE_NEWFILE) sfn = name dfn = "%s.augnew" % name else: aug = Augeas(flags=Augeas.SAVE_BACKUP) sfn = "%s.augsave" % name dfn = name if not os.path.isfile(name): ret["comment"] = "Unable to find file '%s'" % name ret["result"] = False return ret for value in values: try: path = "/files%s/%s" % (name, value) aug.remove(path) except TypeError as e: ret["comment"] = "Error removing, wrong type\n" "Expression was '%s'" % path ret["result"] = False return ret try: aug.save() except IOError as e: ret["comment"] = str(e) ret["result"] = False return ret ret.update(_resolve_changes(sfn, dfn)) return ret
def __disable_mod_ssl_ocsp(self): aug = Augeas(flags=Augeas.NO_LOAD | Augeas.NO_MODL_AUTOLOAD) aug.set('/augeas/load/Httpd/lens', 'Httpd.lns') aug.set('/augeas/load/Httpd/incl', paths.HTTPD_SSL_CONF) aug.load() path = '/files{}/VirtualHost'.format(paths.HTTPD_SSL_CONF) ocsp_path = '{}/directive[.="{}"]'.format(path, OCSP_DIRECTIVE) ocsp_arg = '{}/arg'.format(ocsp_path) ocsp_comment = '{}/#comment[.="{}"]'.format(path, OCSP_DIRECTIVE) ocsp_dir = aug.get(ocsp_path) # there is SSLOCSPEnable directive in nss.conf file, comment it # otherwise just do nothing if ocsp_dir is not None: ocsp_state = aug.get(ocsp_arg) aug.remove(ocsp_arg) aug.rename(ocsp_path, '#comment') aug.set(ocsp_comment, '{} {}'.format(OCSP_DIRECTIVE, ocsp_state)) aug.save()
def set_api_timeouts(self, timeout): # Determine the file to change if self.https: config_file = self.abiquo_ssl_conf else: config_file = self.abiquo_conf logging.info("Setting Proxy timeouts in %s" % config_file) # Set timeout using Augeas a = Augeas() for loc in a.match("/files%s/VirtualHost/*[arg='/api']" % config_file): proxy_pass = a.match("%s/*[self::directive='ProxyPass']" % loc) if len(proxy_pass) == 1: # Proxy timeout already exists logging.info("ProxyPass found") arg1 = a.get("%s/arg" % proxy_pass[0]) arg2 = "timeout=%s" % timeout a.set("%s/arg[1]" % proxy_pass[0], arg1) a.set("%s/arg[2]" % proxy_pass[0], arg2) a.save() a.close()
def setvalue(*args): ''' Set a value for a specific augeas path CLI Example: .. code-block:: bash salt '*' augeas.setvalue /files/etc/hosts/1/canonical localhost This will set the first entry in /etc/hosts to localhost CLI Example: .. code-block:: bash salt '*' augeas.setvalue /files/etc/hosts/01/ipaddr 192.168.1.1 \\ /files/etc/hosts/01/canonical test Adds a new host to /etc/hosts the ip address 192.168.1.1 and hostname test CLI Example: .. code-block:: bash salt '*' augeas.setvalue prefix=/files/etc/sudoers/ \\ "spec[user = '******']/user" "%wheel" \\ "spec[user = '******']/host_group/host" 'ALL' \\ "spec[user = '******']/host_group/command[1]" 'ALL' \\ "spec[user = '******']/host_group/command[1]/tag" 'PASSWD' \\ "spec[user = '******']/host_group/command[2]" '/usr/bin/apt-get' \\ "spec[user = '******']/host_group/command[2]/tag" NOPASSWD Ensures that the following line is present in /etc/sudoers:: %wheel ALL = PASSWD : ALL , NOPASSWD : /usr/bin/apt-get , /usr/bin/aptitude ''' aug = Augeas() ret = {'retval': False} tuples = filter(lambda x: not str(x).startswith('prefix='), args) prefix = filter(lambda x: str(x).startswith('prefix='), args) if prefix: if len(prefix) > 1: raise SaltInvocationError( 'Only one \'prefix=\' value is permitted' ) else: prefix = prefix[0].split('=', 1)[1] if len(tuples) % 2 != 0: raise SaltInvocationError('Uneven number of path/value arguments') tuple_iter = iter(tuples) for path, value in zip(tuple_iter, tuple_iter): target_path = path if prefix: target_path = os.path.join(prefix.rstrip('/'), path.lstrip('/')) try: aug.set(target_path, str(value)) except ValueError as err: ret['error'] = 'Multiple values: {0}'.format(err) try: aug.save() ret['retval'] = True except IOError as err: ret['error'] = str(err) return ret
def execute(*args, **kw): """ Apply the necessary settings to /etc/imapd.conf """ imapd_settings = { "ldap_servers": conf.get('ldap', 'ldap_uri'), "ldap_base": conf.get('ldap', 'base_dn'), "ldap_bind_dn": conf.get('ldap', 'service_bind_dn'), "ldap_password": conf.get('ldap', 'service_bind_pw'), "ldap_filter": '(|(&(|(uid=%s)(uid=cyrus-murder))(uid=%%U))(&(|(uid=%%U)(mail=%%U@%%d)(mail=%%U@%%r))(objectclass=kolabinetorgperson)))' % (conf.get('cyrus-imap', 'admin_login')), "ldap_user_attribute": conf.get('cyrus-sasl', 'result_attribute'), "ldap_group_base": conf.get('ldap', 'base_dn'), "ldap_group_filter": "(&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))", "ldap_group_scope": "one", "ldap_member_base": conf.get('ldap','user_base_dn'), "ldap_member_method": "attribute", "ldap_member_attribute": "nsrole", "admins": conf.get('cyrus-imap', 'admin_login'), "postuser": "******", } template_file = None if os.path.isfile('/etc/kolab/templates/imapd.conf.tpl'): template_file = '/etc/kolab/templates/imapd.conf.tpl' elif os.path.isfile('/usr/share/kolab/templates/imapd.conf.tpl'): template_file = '/usr/share/kolab/templates/imapd.conf.tpl' elif os.path.isfile(os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'imapd.conf.tpl'))): template_file = os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'imapd.conf.tpl')) if not template_file == None: fp = open(template_file, 'r') template_definition = fp.read() fp.close() t = Template(template_definition, searchList=[imapd_settings]) fp = open('/etc/imapd.conf', 'w') fp.write(t.__str__()) fp.close() else: log.error(_("Could not write out Cyrus IMAP configuration file /etc/imapd.conf")) return cyrus_settings = {} template_file = None if os.path.isfile('/etc/kolab/templates/cyrus.conf.tpl'): template_file = '/etc/kolab/templates/cyrus.conf.tpl' elif os.path.isfile('/usr/share/kolab/templates/cyrus.conf.tpl'): template_file = '/usr/share/kolab/templates/cyrus.conf.tpl' elif os.path.isfile(os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'cyrus.conf.tpl'))): template_file = os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'cyrus.conf.tpl')) if not template_file == None: fp = open(template_file, 'r') template_definition = fp.read() fp.close() t = Template(template_definition, searchList=[cyrus_settings]) fp = open('/etc/cyrus.conf', 'w') fp.write(t.__str__()) fp.close() else: log.error(_("Could not write out Cyrus IMAP configuration file /etc/cyrus.conf")) return annotations = [ "/vendor/kolab/activesync,mailbox,string,backend,value.priv,r", "/vendor/kolab/color,mailbox,string,backend,value.shared value.priv,a", "/vendor/kolab/displayname,mailbox,string,backend,value.shared value.priv,a", "/vendor/kolab/folder-test,mailbox,string,backend,value.shared value.priv,a", "/vendor/kolab/folder-type,mailbox,string,backend,value.shared value.priv,a", "/vendor/kolab/incidences-for,mailbox,string,backend,value.shared value.priv,a", "/vendor/kolab/pxfb-readable-for,mailbox,string,backend,value.shared value.priv,a", "/vendor/kolab/uniqueid,mailbox,string,backend,value.shared value.priv,a", "/vendor/kolab/h-share-attr-desc,mailbox,string,backend,value.shared value.priv,a", "/vendor/horde/share-params,mailbox,string,backend,value.shared value.priv,a", "/vendor/x-toltec/test,mailbox,string,backend,value.shared value.priv,a", ] fp = open('/etc/imapd.annotations.conf', 'w') fp.write("\n".join(annotations)) fp.close() if os.path.isfile('/etc/default/kolab-saslauthd'): myaugeas = Augeas() setting = os.path.join('/files/etc/default/kolab-saslauthd','START') if not myaugeas.get(setting) == 'yes': myaugeas.set(setting,'yes') myaugeas.save() myaugeas.close() if os.path.isfile('/bin/systemctl'): subprocess.call(['systemctl', 'stop', 'saslauthd.service']) subprocess.call(['systemctl', 'restart', 'kolab-saslauthd.service']) subprocess.call(['systemctl', 'restart', 'cyrus-imapd.service']) elif os.path.isfile('/sbin/service'): subprocess.call(['service', 'saslauthd', 'stop']) subprocess.call(['service', 'kolab-saslauthd', 'restart']) subprocess.call(['service', 'cyrus-imapd', 'restart']) elif os.path.isfile('/usr/sbin/service'): subprocess.call(['/usr/sbin/service','saslauthd','stop']) subprocess.call(['/usr/sbin/service','kolab-saslauthd','restart']) subprocess.call(['/usr/sbin/service','cyrus-imapd','restart']) else: log.error(_("Could not start the cyrus-imapd and kolab-saslauthd services.")) if os.path.isfile('/bin/systemctl'): subprocess.call(['systemctl', 'disable', 'saslauthd.service']) subprocess.call(['systemctl', 'enable', 'kolab-saslauthd.service']) subprocess.call(['systemctl', 'enable', 'cyrus-imapd.service']) elif os.path.isfile('/sbin/chkconfig'): subprocess.call(['chkconfig', 'saslauthd', 'off']) subprocess.call(['chkconfig', 'kolab-saslauthd', 'on']) subprocess.call(['chkconfig', 'cyrus-imapd', 'on']) elif os.path.isfile('/usr/sbin/update-rc.d'): subprocess.call(['/usr/sbin/update-rc.d', 'saslauthd', 'disable']) subprocess.call(['/usr/sbin/update-rc.d', 'kolab-saslauthd', 'defaults']) subprocess.call(['/usr/sbin/update-rc.d', 'cyrus-imapd', 'defaults']) else: log.error(_("Could not configure to start on boot, the " + \ "cyrus-imapd and kolab-saslauthd services."))
class LVMConfig(object): def __init__(self, path="/etc/lvm/lvm.conf"): self.path = path # Augeas loads by default tons of unneeded lenses and configuration # files. On my test host, it fails to load, trying to read my 500 MiB # /etc/lvm/archive/. # # These are the standard LVM lens includes: # /augeas/load/LVM/incl[1] /etc/lvm/lvm.conf # /augeas/load/LVM/incl[2] /etc/lvm/backup/* # /augeas/load/LVM/incl[3] /etc/lvm/archive/*.vg # # We need only the first entry to work with lvm.conf. Using customized # load setup, as explained in # https://github.com/hercules-team/augeas/wiki/Loading-specific-files # # Removing the archive and backup entries, we can load augeas in 0.7 # seconds on my test vm. Removing all other lenses shorten the time to # 0.04 seconds. log.debug("Loading LVM configuration from %r", path) self.aug = Augeas(flags=Augeas.NO_MODL_AUTOLOAD | Augeas.SAVE_BACKUP) self.aug.add_transform("lvm.lns", [path]) self.aug.load() # Context manager interface def __enter__(self): return self def __exit__(self, t, v, tb): try: self.close() except Exception as e: # Caller succeeded, raise the close error. if t is None: raise # Caller has failed, do not hide the original error. log.exception("Error closing %s: %s" % (self, e)) # Accessing list of strings def getlist(self, section, option): pat = "/files%s/%s/dict/%s/list/*/str" % (self.path, section, option) matches = self.aug.match(pat) if not matches: return None # Cannot store/read empty list return [self.aug.get(m) for m in matches] def setlist(self, section, option, value): log.debug("Setting %s/%s to %s", section, option, value) opt_path = "/files%s/%s/dict/%s" % (self.path, section, option) self.aug.remove(opt_path) item_path = opt_path + "/list/%d/str" for i, item in enumerate(value, 1): self.aug.set(item_path % i, item) # Accessing flat values (int, string) def getint(self, section, option): val = self._get_flat(section, option, "int") return int(val) if val is not None else None def setint(self, section, option, value): self._set_flat(section, option, "int", str(value)) def getstr(self, section, option): return self._get_flat(section, option, "str") def setstr(self, section, option, value): self._set_flat(section, option, "str", value) def _get_flat(self, section, option, opt_type): path = self._flat_path(section, option, opt_type) return self.aug.get(path) def _set_flat(self, section, option, opt_type, value): log.debug("Setting %s/%s to %r", section, option, value) path = self._flat_path(section, option, opt_type) return self.aug.set(path, value) def _flat_path(self, section, option, opt_type): return "/files%s/%s/dict/%s/%s" % ( self.path, section, option, opt_type) # Removing options def remove(self, section, option): log.debug("Removing %s/%s", section, option) path = "/files%s/%s/dict/%s" % (self.path, section, option) self.aug.remove(path) # File operations def save(self): log.info("Saving new LVM configuration to %r, previous configuration " "saved to %r", self.path, self.path + ".augsave") self.aug.save() def close(self): log.debug("Closing LVM configuration %s", self.path) self.aug.close()
def setvalue(*args): ''' Set a value for a specific augeas path CLI Example: .. code-block:: bash salt '*' augeas.setvalue /files/etc/hosts/1/canonical localhost This will set the first entry in /etc/hosts to localhost CLI Example: .. code-block:: bash salt '*' augeas.setvalue /files/etc/hosts/01/ipaddr 192.168.1.1 \\ /files/etc/hosts/01/canonical test Adds a new host to /etc/hosts the ip address 192.168.1.1 and hostname test CLI Example: .. code-block:: bash salt '*' augeas.setvalue prefix=/files/etc/sudoers/ \\ "spec[user = '******']/user" "%wheel" \\ "spec[user = '******']/host_group/host" 'ALL' \\ "spec[user = '******']/host_group/command[1]" 'ALL' \\ "spec[user = '******']/host_group/command[1]/tag" 'PASSWD' \\ "spec[user = '******']/host_group/command[2]" '/usr/bin/apt-get' \\ "spec[user = '******']/host_group/command[2]/tag" NOPASSWD Ensures that the following line is present in /etc/sudoers:: %wheel ALL = PASSWD : ALL , NOPASSWD : /usr/bin/apt-get , /usr/bin/aptitude ''' aug = Augeas() ret = {'retval': False} tuples = filter(lambda x: not x.startswith('prefix='), args) prefix = filter(lambda x: x.startswith('prefix='), args) if prefix: if len(prefix) > 1: raise SaltInvocationError( 'Only one \'prefix=\' value is permitted' ) else: prefix = prefix[0].split('=', 1)[1] if len(tuples) % 2 != 0: raise SaltInvocationError('Uneven number of path/value arguments') tuple_iter = iter(tuples) for path, value in zip(tuple_iter, tuple_iter): target_path = path if prefix: target_path = os.path.join(prefix.rstrip('/'), path.lstrip('/')) try: aug.set(target_path, str(value)) except ValueError as err: ret['error'] = 'Multiple values: {0}'.format(err) try: aug.save() ret['retval'] = True except IOError as err: ret['error'] = str(err) return ret
def execute(*args, **kw): group_filter = conf.get('ldap', 'kolab_group_filter') if group_filter == None: group_filter = conf.get('ldap', 'group_filter') user_filter = conf.get('ldap', 'kolab_user_filter') if user_filter == None: user_filter = conf.get('ldap', 'user_filter') resource_filter = conf.get('ldap', 'resource_filter') sharedfolder_filter = conf.get('ldap', 'sharedfolder_filter') server_host = utils.parse_ldap_uri(conf.get('ldap', 'ldap_uri'))[1] files = { "/etc/postfix/ldap/local_recipient_maps.cf": """ server_host = %(server_host)s server_port = 389 version = 3 search_base = %(base_dn)s scope = sub domain = ldap:/etc/postfix/ldap/mydestination.cf bind_dn = %(service_bind_dn)s bind_pw = %(service_bind_pw)s query_filter = (&(|(mail=%%s)(alias=%%s))(|%(kolab_user_filter)s%(kolab_group_filter)s%(resource_filter)s%(sharedfolder_filter)s)) result_attribute = mail """ % { "base_dn": conf.get('ldap', 'base_dn'), "server_host": server_host, "service_bind_dn": conf.get('ldap', 'service_bind_dn'), "service_bind_pw": conf.get('ldap', 'service_bind_pw'), "kolab_user_filter": user_filter, "kolab_group_filter": group_filter, "resource_filter": resource_filter, "sharedfolder_filter": sharedfolder_filter, }, "/etc/postfix/ldap/mydestination.cf": """ server_host = %(server_host)s server_port = 389 version = 3 search_base = %(domain_base_dn)s scope = sub bind_dn = %(service_bind_dn)s bind_pw = %(service_bind_pw)s query_filter = %(domain_filter)s result_attribute = %(domain_name_attribute)s """ % { "server_host": server_host, "domain_base_dn": conf.get('ldap', 'domain_base_dn'), "domain_filter": conf.get('ldap', 'domain_filter').replace( '*', '%s'), "domain_name_attribute": conf.get('ldap', 'domain_name_attribute'), "service_bind_dn": conf.get('ldap', 'service_bind_dn'), "service_bind_pw": conf.get('ldap', 'service_bind_pw'), }, "/etc/postfix/ldap/mailenabled_distgroups.cf": """ server_host = %(server_host)s server_port = 389 version = 3 search_base = %(group_base_dn)s scope = sub domain = ldap:/etc/postfix/ldap/mydestination.cf bind_dn = %(service_bind_dn)s bind_pw = %(service_bind_pw)s # This finds the mail enabled distribution group LDAP entry query_filter = (&(|(mail=%%s)(alias=%%s))(objectClass=kolabgroupofuniquenames)(objectclass=groupofuniquenames)(!(objectclass=groupofurls))) # From this type of group, get all uniqueMember DNs special_result_attribute = uniqueMember # Only from those DNs, get the mail result_attribute = leaf_result_attribute = mail """ % { "server_host": server_host, "group_base_dn": conf.get('ldap', 'group_base_dn'), "service_bind_dn": conf.get('ldap', 'service_bind_dn'), "service_bind_pw": conf.get('ldap', 'service_bind_pw'), }, "/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf": """ server_host = %(server_host)s server_port = 389 version = 3 search_base = %(group_base_dn)s scope = sub domain = ldap:/etc/postfix/ldap/mydestination.cf bind_dn = %(service_bind_dn)s bind_pw = %(service_bind_pw)s # This finds the mail enabled dynamic distribution group LDAP entry query_filter = (&(|(mail=%%s)(alias=%%s))(objectClass=kolabgroupofuniquenames)(objectClass=groupOfURLs)) # From this type of group, get all memberURL searches/references special_result_attribute = memberURL # Only from those DNs, get the mail result_attribute = leaf_result_attribute = mail """ % { "server_host": server_host, "group_base_dn": conf.get('ldap', 'group_base_dn'), "service_bind_dn": conf.get('ldap', 'service_bind_dn'), "service_bind_pw": conf.get('ldap', 'service_bind_pw'), }, "/etc/postfix/ldap/transport_maps.cf": """ server_host = %(server_host)s server_port = 389 version = 3 search_base = %(base_dn)s scope = sub domain = ldap:/etc/postfix/ldap/mydestination.cf bind_dn = %(service_bind_dn)s bind_pw = %(service_bind_pw)s query_filter = (&(|(mailAlternateAddress=%%s)(alias=%%s)(mail=%%s))(objectclass=kolabinetorgperson)) result_attribute = mail result_format = lmtp:unix:/var/lib/imap/socket/lmtp """ % { "base_dn": conf.get('ldap', 'base_dn'), "server_host": server_host, "service_bind_dn": conf.get('ldap', 'service_bind_dn'), "service_bind_pw": conf.get('ldap', 'service_bind_pw'), }, "/etc/postfix/ldap/virtual_alias_maps.cf": """ server_host = %(server_host)s server_port = 389 version = 3 search_base = %(base_dn)s scope = sub domain = ldap:/etc/postfix/ldap/mydestination.cf bind_dn = %(service_bind_dn)s bind_pw = %(service_bind_pw)s query_filter = (&(|(mail=%%s)(alias=%%s))(objectclass=kolabinetorgperson)) result_attribute = mail """ % { "base_dn": conf.get('ldap', 'base_dn'), "server_host": server_host, "service_bind_dn": conf.get('ldap', 'service_bind_dn'), "service_bind_pw": conf.get('ldap', 'service_bind_pw'), }, "/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf": """ server_host = %(server_host)s server_port = 389 version = 3 search_base = %(base_dn)s scope = sub domain = ldap:/etc/postfix/ldap/mydestination.cf bind_dn = %(service_bind_dn)s bind_pw = %(service_bind_pw)s query_filter = (&(|(mail=%%s)(alias=%%s))(objectclass=mailrecipient)(objectclass=inetorgperson)(mailforwardingaddress=*)) result_attribute = mailForwardingAddress """ % { "base_dn": conf.get('ldap', 'base_dn'), "server_host": server_host, "service_bind_dn": conf.get('ldap', 'service_bind_dn'), "service_bind_pw": conf.get('ldap', 'service_bind_pw'), }, "/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf": """ server_host = %(server_host)s server_port = 389 version = 3 search_base = %(base_dn)s scope = sub domain = ldap:/etc/postfix/ldap/mydestination.cf bind_dn = %(service_bind_dn)s bind_pw = %(service_bind_pw)s query_filter = (&(|(mail=%%s)(alias=%%s))(objectclass=kolabsharedfolder)(kolabFolderType=mail)) result_attribute = kolabtargetfolder result_format = "shared+%%s" """ % { "base_dn": conf.get('ldap', 'base_dn'), "server_host": server_host, "service_bind_dn": conf.get('ldap', 'service_bind_dn'), "service_bind_pw": conf.get('ldap', 'service_bind_pw'), }, } if not os.path.isdir('/etc/postfix/ldap'): os.mkdir('/etc/postfix/ldap/', 0770) for filename in files.keys(): fp = open(filename, 'w') fp.write(files[filename]) fp.close() fp = open('/etc/postfix/transport', 'a') fp.write( "\n# Shared Folder Delivery for %(domain)s:\nshared@%(domain)s\t\tlmtp:unix:/var/lib/imap/socket/lmtp\n" % {'domain': conf.get('kolab', 'primary_domain')}) fp.close() subprocess.call(["postmap", "/etc/postfix/transport"]) postfix_main_settings = { "inet_interfaces": "all", "recipient_delimiter": "+", "local_recipient_maps": "ldap:/etc/postfix/ldap/local_recipient_maps.cf", "mydestination": "ldap:/etc/postfix/ldap/mydestination.cf", "transport_maps": "ldap:/etc/postfix/ldap/transport_maps.cf, hash:/etc/postfix/transport", "virtual_alias_maps": "$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf", "smtpd_tls_auth_only": "yes", "smtpd_tls_security_level": "may", "smtp_tls_security_level": "may", "smtpd_sasl_auth_enable": "yes", "smtpd_sender_login_maps": "$local_recipient_maps", "smtpd_data_restrictions": "permit_mynetworks, check_policy_service unix:private/recipient_policy_incoming", "smtpd_recipient_restrictions": "permit_mynetworks, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_non_fqdn_recipient, reject_invalid_helo_hostname, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/recipient_policy_incoming, permit", "smtpd_sender_restrictions": "permit_mynetworks, reject_sender_login_mismatch, check_policy_service unix:private/sender_policy_incoming", "submission_recipient_restrictions": "check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject", "submission_sender_restrictions": "reject_non_fqdn_sender, check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject", "submission_data_restrictions": "check_policy_service unix:private/submission_policy", "content_filter": "smtp-amavis:[127.0.0.1]:10024" } if os.path.isfile( '/etc/pki/tls/certs/make-dummy-cert' ) and not os.path.isfile('/etc/pki/tls/private/localhost.pem'): subprocess.call([ '/etc/pki/tls/certs/make-dummy-cert', '/etc/pki/tls/private/localhost.pem' ]) if os.path.isfile('/etc/pki/tls/private/localhost.pem'): postfix_main_settings[ 'smtpd_tls_cert_file'] = "/etc/pki/tls/private/localhost.pem" postfix_main_settings[ 'smtpd_tls_key_file'] = "/etc/pki/tls/private/localhost.pem" if not os.path.isfile('/etc/postfix/main.cf'): if os.path.isfile('/usr/share/postfix/main.cf.debian'): shutil.copy('/usr/share/postfix/main.cf.debian', '/etc/postfix/main.cf') # Copy header checks files for hc_file in ['inbound', 'internal', 'submission']: if not os.path.isfile("/etc/postfix/header_checks.%s" % (hc_file)): if os.path.isfile('/etc/kolab/templates/header_checks.%s' % (hc_file)): input_file = '/etc/kolab/templates/header_checks.%s' % ( hc_file) elif os.path.isfile('/usr/share/kolab/templates/header_checks.%s' % (hc_file)): input_file = '/usr/share/kolab/templates/header_checks.%s' % ( hc_file) elif os.path.isfile( os.path.abspath( os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'header_checks.%s' % (hc_file)))): input_file = os.path.abspath( os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'header_checks.%s' % (hc_file))) shutil.copy(input_file, "/etc/postfix/header_checks.%s" % (hc_file)) subprocess.call( ["postmap", "/etc/postfix/header_checks.%s" % (hc_file)]) myaugeas = Augeas() setting_base = '/files/etc/postfix/main.cf/' for setting_key in postfix_main_settings.keys(): setting = os.path.join(setting_base, setting_key) current_value = myaugeas.get(setting) if current_value == None: try: myaugeas.set(setting, postfix_main_settings[setting_key]) except: insert_paths = myaugeas.match('/files/etc/postfix/main.cf/*') insert_path = insert_paths[(len(insert_paths) - 1)] myaugeas.insert(insert_path, setting_key, False) log.debug(_("Setting key %r to %r") % (setting_key, postfix_main_settings[setting_key]), level=8) myaugeas.set(setting, postfix_main_settings[setting_key]) myaugeas.save() postfix_master_settings = {} if os.path.exists('/usr/lib/postfix/kolab_smtp_access_policy'): postfix_master_settings[ 'kolab_sap_executable_path'] = '/usr/lib/postfix/kolab_smtp_access_policy' else: postfix_master_settings[ 'kolab_sap_executable_path'] = '/usr/libexec/postfix/kolab_smtp_access_policy' template_file = None if os.path.isfile('/etc/kolab/templates/master.cf.tpl'): template_file = '/etc/kolab/templates/master.cf.tpl' elif os.path.isfile('/usr/share/kolab/templates/master.cf.tpl'): template_file = '/usr/share/kolab/templates/master.cf.tpl' elif os.path.isfile( os.path.abspath( os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'master.cf.tpl'))): template_file = os.path.abspath( os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'master.cf.tpl')) if not template_file == None: fp = open(template_file, 'r') template_definition = fp.read() fp.close() t = Template(template_definition, searchList=[postfix_master_settings]) fp = open('/etc/postfix/master.cf', 'w') fp.write(t.__str__()) fp.close() else: log.error( _("Could not write out Postfix configuration file /etc/postfix/master.cf" )) return if os.path.isdir('/etc/postfix/sasl/'): fp = open('/etc/postfix/sasl/smtpd.conf', 'w') fp.write("pwcheck_method: saslauthd\n") fp.write("mech_list: plain login\n") fp.close() amavisd_settings = { 'ldap_server': '%(server_host)s', 'ldap_bind_dn': conf.get('ldap', 'service_bind_dn'), 'ldap_bind_pw': conf.get('ldap', 'service_bind_pw'), 'primary_domain': conf.get('kolab', 'primary_domain'), 'ldap_filter': "(|(mail=%m)(alias=%m))", 'ldap_base_dn': conf.get('ldap', 'base_dn'), 'clamdsock': '/var/spool/amavisd/clamd.sock', } template_file = None # On RPM installations, Amavis configuration is contained within a single file. amavisconf_paths = [ "/etc/amavisd.conf", "/etc/amavis/amavisd.conf", "/etc/amavisd/amavisd.conf" ] amavis_conf = '' for amavisconf_path in amavisconf_paths: if os.path.isfile(amavisconf_path): amavis_conf = amavisconf_path break if os.path.isfile(amavis_conf): if os.path.isfile('/etc/kolab/templates/amavisd.conf.tpl'): template_file = '/etc/kolab/templates/amavisd.conf.tpl' elif os.path.isfile('/usr/share/kolab/templates/amavisd.conf.tpl'): template_file = '/usr/share/kolab/templates/amavisd.conf.tpl' elif os.path.isfile( os.path.abspath( os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'amavisd.conf.tpl'))): template_file = os.path.abspath( os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'amavisd.conf.tpl')) if not template_file == None: fp = open(template_file, 'r') template_definition = fp.read() fp.close() if os.path.isfile('/etc/clamd.d/amavisd.conf'): amavisdconf_content = file('/etc/clamd.d/amavisd.conf') for line in amavisdconf_content: if line.startswith('LocalSocket'): amavisd_settings['clamdsock'] = line[len('LocalSocket ' ):].strip() t = Template(template_definition, searchList=[amavisd_settings]) fp = None fp = open(amavis_conf, 'w') if not fp == None: fp.write(t.__str__()) fp.close() else: log.error( _("Could not write out Amavis configuration file amavisd.conf") ) return # On APT installations, /etc/amavis/conf.d/ is a directory with many more files. # # Somebody could work on enhancement request #1080 to configure LDAP lookups, # while really it isn't required. else: log.info(_("Not writing out any configuration for Amavis.")) # On debian wheezy amavisd-new expects '/etc/mailname' - possibly remediable through # the #1080 enhancement mentioned above, but here's a quick fix. f = open('/etc/mailname', 'w') f.writelines(conf.get('kolab', 'primary_domain')) f.close() if os.path.isfile('/etc/default/spamassassin'): myaugeas = Augeas() setting = os.path.join('/files/etc/default/spamassassin', 'ENABLED') if not myaugeas.get(setting) == '1': myaugeas.set(setting, '1') myaugeas.save() myaugeas.close() if os.path.isfile('/etc/default/wallace'): myaugeas = Augeas() setting = os.path.join('/files/etc/default/wallace', 'START') if not myaugeas.get(setting) == 'yes': myaugeas.set(setting, 'yes') myaugeas.save() myaugeas.close() if os.path.isfile('/usr/lib/systemd/system/[email protected]'): from ConfigParser import SafeConfigParser unitfile = SafeConfigParser() unitfile.optionxform = str unitfile.read('/usr/lib/systemd/system/[email protected]') if not unitfile.has_section('Install'): unitfile.add_section('Install') if not unitfile.has_option('Install', 'WantedBy'): unitfile.set('Install', 'WantedBy', 'multi-user.target') with open('/etc/systemd/system/[email protected]', 'wb') as f: unitfile.write(f) log.info(_("Configuring and refreshing Anti-Virus...")) if os.path.isfile('/etc/kolab/templates/freshclam.conf.tpl'): shutil.copy('/etc/kolab/templates/freshclam.conf.tpl', '/etc/freshclam.conf') elif os.path.isfile('/usr/share/kolab/templates/freshclam.conf.tpl'): shutil.copy('/usr/share/kolab/templates/freshclam.conf.tpl', '/etc/freshclam.conf') else: log.error(_("Could not find a ClamAV update configuration file")) if os.path.isfile('/etc/freshclam.conf'): subprocess.call( ['/usr/bin/freshclam', '--quiet', '--datadir="/var/lib/clamav"']) amavisservice = 'amavisd.service' clamavservice = '*****@*****.**' if os.path.isfile('/usr/lib/systemd/system/amavis.service'): amavisservice = 'amavis.service' if os.path.isfile('/lib/systemd/system/amavis.service'): amavisservice = 'amavis.service' if os.path.isfile('/usr/lib/systemd/system/clamd.service'): clamavservice = 'clamd.service' if os.path.isfile('/lib/systemd/system/clamd.service'): clamavservice = 'clamd.service' if os.path.isfile('/lib/systemd/system/clamav-daemon.service'): clamavservice = 'clamav-daemon.service' if os.path.isfile('/bin/systemctl'): subprocess.call(['systemctl', 'restart', 'postfix.service']) subprocess.call(['systemctl', 'restart', amavisservice]) subprocess.call(['systemctl', 'restart', clamavservice]) subprocess.call(['systemctl', 'restart', 'wallace.service']) elif os.path.isfile('/sbin/service'): subprocess.call(['service', 'postfix', 'restart']) subprocess.call(['service', 'amavisd', 'restart']) subprocess.call(['service', 'clamd.amavisd', 'restart']) subprocess.call(['service', 'wallace', 'restart']) elif os.path.isfile('/usr/sbin/service'): subprocess.call(['/usr/sbin/service', 'postfix', 'restart']) subprocess.call(['/usr/sbin/service', 'amavis', 'restart']) subprocess.call(['/usr/sbin/service', 'clamav-daemon', 'restart']) subprocess.call(['/usr/sbin/service', 'wallace', 'restart']) else: log.error( _("Could not start the postfix, clamav and amavisd services services." )) if os.path.isfile('/bin/systemctl'): subprocess.call(['systemctl', 'enable', 'postfix.service']) subprocess.call(['systemctl', 'enable', amavisservice]) subprocess.call(['systemctl', 'enable', clamavservice]) subprocess.call(['systemctl', 'enable', 'wallace.service']) elif os.path.isfile('/sbin/chkconfig'): subprocess.call(['chkconfig', 'postfix', 'on']) subprocess.call(['chkconfig', 'amavisd', 'on']) subprocess.call(['chkconfig', 'clamd.amavisd', 'on']) subprocess.call(['chkconfig', 'wallace', 'on']) elif os.path.isfile('/usr/sbin/update-rc.d'): subprocess.call(['/usr/sbin/update-rc.d', 'postfix', 'defaults']) subprocess.call(['/usr/sbin/update-rc.d', 'amavis', 'defaults']) subprocess.call(['/usr/sbin/update-rc.d', 'clamav-daemon', 'defaults']) subprocess.call(['/usr/sbin/update-rc.d', 'wallace', 'defaults']) else: log.error(_("Could not configure to start on boot, the " + \ "postfix, clamav and amavisd services."))
class AugeasWrapper(object): """python-augeas higher-level wrapper. Load single augeas lens and configuration file. Exposes configuration file as AugeasNode object with dict-like interface. AugeasWrapper can be used in with statement in the same way as file does. """ def __init__(self, confpath, lens, root=None, loadpath=None, flags=Augeas.NO_MODL_AUTOLOAD | Augeas.NO_LOAD | Augeas.ENABLE_SPAN): """Parse configuration file using given lens. Params: confpath (str): Absolute path to the configuration file lens (str): Name of module containing Augeas lens root: passed down to original Augeas flags: passed down to original Augeas loadpath: passed down to original Augeas flags: passed down to original Augeas """ log.debug('loadpath: %s', loadpath) log.debug('confpath: %s', confpath) self._aug = Augeas(root=root, loadpath=loadpath, flags=flags) # /augeas/load/{lens} aug_load_path = join(AUGEAS_LOAD_PATH, lens) # /augeas/load/{lens}/lens = {lens}.lns self._aug.set(join(aug_load_path, 'lens'), '%s.lns' % lens) # /augeas/load/{lens}/incl[0] = {confpath} self._aug.set(join(aug_load_path, 'incl[0]'), confpath) self._aug.load() errors = self._aug.match(AUGEAS_ERROR_PATH) if errors: err_msg = '\n'.join( ["{}: {}".format(e, self._aug.get(e)) for e in errors]) raise RuntimeError(err_msg) path = join(AUGEAS_FILES_PATH, confpath) paths = self._aug.match(path) if len(paths) != 1: raise ValueError('path %s did not match exactly once' % path) self.tree = AugeasNode(self._aug, path) self._loaded = True def __enter__(self): return self def __exit__(self, exc_type, exc_value, traceback): self.save() self.close() def save(self): """Save Augeas tree to its original file.""" assert self._loaded try: self._aug.save() except IOError as exc: log.exception(exc) for err_path in self._aug.match('//error'): log.error('%s: %s', err_path, self._aug.get(os.path.join(err_path, 'message'))) raise def close(self): """ close Augeas library After calling close() the object must not be used anymore. """ assert self._loaded self._aug.close() del self._aug self._loaded = False def match(self, path): """Yield AugeasNodes matching given expression.""" assert self._loaded assert path log.debug('tree match %s', path) for matched_path in self._aug.match(path): yield AugeasNode(self._aug, matched_path)
def execute(*args, **kw): group_filter = conf.get('ldap','kolab_group_filter') if group_filter == None: group_filter = conf.get('ldap','group_filter') user_filter = conf.get('ldap','kolab_user_filter') if user_filter == None: user_filter = conf.get('ldap','user_filter') resource_filter = conf.get('ldap', 'resource_filter') sharedfolder_filter = conf.get('ldap', 'sharedfolder_filter') server_host = utils.parse_ldap_uri(conf.get('ldap', 'ldap_uri'))[1] files = { "/etc/postfix/ldap/local_recipient_maps.cf": """ server_host = %(server_host)s server_port = 389 version = 3 search_base = %(base_dn)s scope = sub domain = ldap:/etc/postfix/ldap/mydestination.cf bind_dn = %(service_bind_dn)s bind_pw = %(service_bind_pw)s query_filter = (&(|(mail=%%s)(alias=%%s))(|%(kolab_user_filter)s%(kolab_group_filter)s%(resource_filter)s%(sharedfolder_filter)s)) result_attribute = mail """ % { "base_dn": conf.get('ldap', 'base_dn'), "server_host": server_host, "service_bind_dn": conf.get('ldap', 'service_bind_dn'), "service_bind_pw": conf.get('ldap', 'service_bind_pw'), "kolab_user_filter": user_filter, "kolab_group_filter": group_filter, "resource_filter": resource_filter, "sharedfolder_filter": sharedfolder_filter, }, "/etc/postfix/ldap/mydestination.cf": """ server_host = %(server_host)s server_port = 389 version = 3 search_base = %(domain_base_dn)s scope = sub bind_dn = %(service_bind_dn)s bind_pw = %(service_bind_pw)s query_filter = %(domain_filter)s result_attribute = %(domain_name_attribute)s """ % { "server_host": server_host, "domain_base_dn": conf.get('ldap', 'domain_base_dn'), "domain_filter": conf.get('ldap', 'domain_filter').replace('*', '%s'), "domain_name_attribute": conf.get('ldap', 'domain_name_attribute'), "service_bind_dn": conf.get('ldap', 'service_bind_dn'), "service_bind_pw": conf.get('ldap', 'service_bind_pw'), }, "/etc/postfix/ldap/mailenabled_distgroups.cf": """ server_host = %(server_host)s server_port = 389 version = 3 search_base = %(group_base_dn)s scope = sub domain = ldap:/etc/postfix/ldap/mydestination.cf bind_dn = %(service_bind_dn)s bind_pw = %(service_bind_pw)s # This finds the mail enabled distribution group LDAP entry query_filter = (&(|(mail=%%s)(alias=%%s))(objectClass=kolabgroupofuniquenames)(objectclass=groupofuniquenames)(!(objectclass=groupofurls))) # From this type of group, get all uniqueMember DNs special_result_attribute = uniqueMember # Only from those DNs, get the mail result_attribute = leaf_result_attribute = mail """ % { "server_host": server_host, "group_base_dn": conf.get('ldap', 'group_base_dn'), "service_bind_dn": conf.get('ldap', 'service_bind_dn'), "service_bind_pw": conf.get('ldap', 'service_bind_pw'), }, "/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf": """ server_host = %(server_host)s server_port = 389 version = 3 search_base = %(group_base_dn)s scope = sub domain = ldap:/etc/postfix/ldap/mydestination.cf bind_dn = %(service_bind_dn)s bind_pw = %(service_bind_pw)s # This finds the mail enabled dynamic distribution group LDAP entry query_filter = (&(|(mail=%%s)(alias=%%s))(objectClass=kolabgroupofuniquenames)(objectClass=groupOfURLs)) # From this type of group, get all memberURL searches/references special_result_attribute = memberURL # Only from those DNs, get the mail result_attribute = leaf_result_attribute = mail """ % { "server_host": server_host, "group_base_dn": conf.get('ldap', 'group_base_dn'), "service_bind_dn": conf.get('ldap', 'service_bind_dn'), "service_bind_pw": conf.get('ldap', 'service_bind_pw'), }, "/etc/postfix/ldap/transport_maps.cf": """ server_host = %(server_host)s server_port = 389 version = 3 search_base = %(base_dn)s scope = sub domain = ldap:/etc/postfix/ldap/mydestination.cf bind_dn = %(service_bind_dn)s bind_pw = %(service_bind_pw)s query_filter = (&(|(mailAlternateAddress=%%s)(alias=%%s)(mail=%%s))(objectclass=kolabinetorgperson)) result_attribute = mail result_format = lmtp:unix:/var/lib/imap/socket/lmtp """ % { "base_dn": conf.get('ldap', 'base_dn'), "server_host": server_host, "service_bind_dn": conf.get('ldap', 'service_bind_dn'), "service_bind_pw": conf.get('ldap', 'service_bind_pw'), }, "/etc/postfix/ldap/virtual_alias_maps.cf": """ server_host = %(server_host)s server_port = 389 version = 3 search_base = %(base_dn)s scope = sub domain = ldap:/etc/postfix/ldap/mydestination.cf bind_dn = %(service_bind_dn)s bind_pw = %(service_bind_pw)s query_filter = (&(|(mail=%%s)(alias=%%s))(objectclass=kolabinetorgperson)) result_attribute = mail """ % { "base_dn": conf.get('ldap', 'base_dn'), "server_host": server_host, "service_bind_dn": conf.get('ldap', 'service_bind_dn'), "service_bind_pw": conf.get('ldap', 'service_bind_pw'), }, "/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf": """ server_host = %(server_host)s server_port = 389 version = 3 search_base = %(base_dn)s scope = sub domain = ldap:/etc/postfix/ldap/mydestination.cf bind_dn = %(service_bind_dn)s bind_pw = %(service_bind_pw)s query_filter = (&(|(mail=%%s)(alias=%%s))(objectclass=mailrecipient)(objectclass=inetorgperson)(mailforwardingaddress=*)) result_attribute = mailForwardingAddress """ % { "base_dn": conf.get('ldap', 'base_dn'), "server_host": server_host, "service_bind_dn": conf.get('ldap', 'service_bind_dn'), "service_bind_pw": conf.get('ldap', 'service_bind_pw'), }, "/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf": """ server_host = %(server_host)s server_port = 389 version = 3 search_base = %(base_dn)s scope = sub domain = ldap:/etc/postfix/ldap/mydestination.cf bind_dn = %(service_bind_dn)s bind_pw = %(service_bind_pw)s query_filter = (&(|(mail=%%s)(alias=%%s))(objectclass=kolabsharedfolder)(kolabFolderType=mail)) result_attribute = kolabtargetfolder result_format = shared+%%s """ % { "base_dn": conf.get('ldap', 'base_dn'), "server_host": server_host, "service_bind_dn": conf.get('ldap', 'service_bind_dn'), "service_bind_pw": conf.get('ldap', 'service_bind_pw'), }, } if not os.path.isdir('/etc/postfix/ldap'): os.mkdir('/etc/postfix/ldap/', 0770) for filename in files.keys(): fp = open(filename, 'w') fp.write(files[filename]) fp.close() fp = open('/etc/postfix/transport', 'a') fp.write("\n# Shared Folder Delivery for %(domain)s:\nshared@%(domain)s\t\tlmtp:unix:/var/lib/imap/socket/lmtp\n" % {'domain': conf.get('kolab', 'primary_domain')}) fp.close() subprocess.call(["postmap", "/etc/postfix/transport"]) postfix_main_settings = { "inet_interfaces": "all", "recipient_delimiter": "+", "local_recipient_maps": "ldap:/etc/postfix/ldap/local_recipient_maps.cf", "mydestination": "ldap:/etc/postfix/ldap/mydestination.cf", "transport_maps": "ldap:/etc/postfix/ldap/transport_maps.cf, hash:/etc/postfix/transport", "virtual_alias_maps": "$alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf", "smtpd_tls_auth_only": "yes", "smtpd_tls_security_level": "may", "smtp_tls_security_level": "may", "smtpd_sasl_auth_enable": "yes", "smtpd_sender_login_maps": "$local_recipient_maps", "smtpd_sender_restrictions": "permit_mynetworks, reject_sender_login_mismatch", "smtpd_recipient_restrictions": "permit_mynetworks, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_non_fqdn_recipient, reject_invalid_helo_hostname, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/recipient_policy_incoming, permit", "smtpd_sender_restrictions": "permit_mynetworks, check_policy_service unix:private/sender_policy_incoming", "submission_recipient_restrictions": "check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject", "submission_sender_restrictions": "reject_non_fqdn_sender, check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject", "submission_data_restrictions": "check_policy_service unix:private/submission_policy", "content_filter": "smtp-amavis:[127.0.0.1]:10024" } if os.path.isfile('/etc/pki/tls/certs/make-dummy-cert') and not os.path.isfile('/etc/pki/tls/private/localhost.pem'): subprocess.call(['/etc/pki/tls/certs/make-dummy-cert', '/etc/pki/tls/private/localhost.pem']) if os.path.isfile('/etc/pki/tls/private/localhost.pem'): postfix_main_settings['smtpd_tls_cert_file'] = "/etc/pki/tls/private/localhost.pem" postfix_main_settings['smtpd_tls_key_file'] = "/etc/pki/tls/private/localhost.pem" if not os.path.isfile('/etc/postfix/main.cf'): if os.path.isfile('/usr/share/postfix/main.cf.debian'): shutil.copy( '/usr/share/postfix/main.cf.debian', '/etc/postfix/main.cf' ) # Copy header checks files for hc_file in [ 'inbound', 'internal', 'submission' ]: if not os.path.isfile("/etc/postfix/header_checks.%s" % (hc_file)): if os.path.isfile('/etc/kolab/templates/header_checks.%s' % (hc_file)): input_file = '/etc/kolab/templates/header_checks.%s' % (hc_file) elif os.path.isfile('/usr/share/kolab/templates/header_checks.%s' % (hc_file)): input_file = '/usr/share/kolab/templates/header_checks.%s' % (hc_file) elif os.path.isfile(os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'header_checks.%s' % (hc_file)))): input_file = os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'header_checks.%s' % (hc_file))) shutil.copy(input_file, "/etc/postfix/header_checks.%s" % (hc_file)) subprocess.call(["postmap", "/etc/postfix/header_checks.%s" % (hc_file)]) myaugeas = Augeas() setting_base = '/files/etc/postfix/main.cf/' for setting_key in postfix_main_settings.keys(): setting = os.path.join(setting_base,setting_key) current_value = myaugeas.get(setting) if current_value == None: try: myaugeas.set(setting, postfix_main_settings[setting_key]) except: insert_paths = myaugeas.match('/files/etc/postfix/main.cf/*') insert_path = insert_paths[(len(insert_paths)-1)] myaugeas.insert(insert_path, setting_key, False) log.debug(_("Setting key %r to %r") % (setting_key, postfix_main_settings[setting_key]), level=8) myaugeas.set(setting, postfix_main_settings[setting_key]) myaugeas.save() postfix_master_settings = { } if os.path.exists('/usr/lib/postfix/kolab_smtp_access_policy'): postfix_master_settings['kolab_sap_executable_path'] = '/usr/lib/postfix/kolab_smtp_access_policy' else: postfix_master_settings['kolab_sap_executable_path'] = '/usr/libexec/postfix/kolab_smtp_access_policy' template_file = None if os.path.isfile('/etc/kolab/templates/master.cf.tpl'): template_file = '/etc/kolab/templates/master.cf.tpl' elif os.path.isfile('/usr/share/kolab/templates/master.cf.tpl'): template_file = '/usr/share/kolab/templates/master.cf.tpl' elif os.path.isfile(os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'master.cf.tpl'))): template_file = os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'master.cf.tpl')) if not template_file == None: fp = open(template_file, 'r') template_definition = fp.read() fp.close() t = Template(template_definition, searchList=[postfix_master_settings]) fp = open('/etc/postfix/master.cf', 'w') fp.write(t.__str__()) fp.close() else: log.error(_("Could not write out Postfix configuration file /etc/postfix/master.cf")) return if os.path.isdir('/etc/postfix/sasl/'): fp = open('/etc/postfix/sasl/smtpd.conf', 'w') fp.write("pwcheck_method: saslauthd\n") fp.write("mech_list: plain login\n") fp.close() amavisd_settings = { 'ldap_server': '%(server_host)s', 'ldap_bind_dn': conf.get('ldap', 'service_bind_dn'), 'ldap_bind_pw': conf.get('ldap', 'service_bind_pw'), 'primary_domain': conf.get('kolab', 'primary_domain'), 'ldap_filter': "(|(mail=%m)(alias=%m))", 'ldap_base_dn': conf.get('ldap', 'base_dn'), } template_file = None # On RPM installations, Amavis configuration is contained within a single file. if os.path.isfile("/etc/amavisd/amavisd.conf"): if os.path.isfile('/etc/kolab/templates/amavisd.conf.tpl'): template_file = '/etc/kolab/templates/amavisd.conf.tpl' elif os.path.isfile('/usr/share/kolab/templates/amavisd.conf.tpl'): template_file = '/usr/share/kolab/templates/amavisd.conf.tpl' elif os.path.isfile(os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'amavisd.conf.tpl'))): template_file = os.path.abspath(os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'amavisd.conf.tpl')) if not template_file == None: fp = open(template_file, 'r') template_definition = fp.read() fp.close() t = Template(template_definition, searchList=[amavisd_settings]) fp = None if os.path.isdir('/etc/amavisd'): fp = open('/etc/amavisd/amavisd.conf', 'w') elif os.path.isdir('/etc/amavis'): fp = open('/etc/amavis/amavisd.conf', 'w') elif os.path.isfile('/etc/amavisd.conf'): fp = open('/etc/amavisd.conf', 'w') if not fp == None: fp.write(t.__str__()) fp.close() else: log.error(_("Could not write out Amavis configuration file amavisd.conf")) return # On APT installations, /etc/amavis/conf.d/ is a directory with many more files. # # Somebody could work on enhancement request #1080 to configure LDAP lookups, # while really it isn't required. else: log.info(_("Not writing out any configuration for Amavis.")) # On debian wheezy amavisd-new expects '/etc/mailname' - possibly remediable through # the #1080 enhancement mentioned above, but here's a quick fix. f = open('/etc/mailname','w') f.writelines(conf.get('kolab', 'primary_domain')) f.close() if os.path.isfile('/etc/default/spamassassin'): myaugeas = Augeas() setting = os.path.join('/files/etc/default/spamassassin','ENABLED') if not myaugeas.get(setting) == '1': myaugeas.set(setting,'1') myaugeas.save() myaugeas.close() if os.path.isfile('/etc/default/wallace'): myaugeas = Augeas() setting = os.path.join('/files/etc/default/wallace','START') if not myaugeas.get(setting) == 'yes': myaugeas.set(setting,'yes') myaugeas.save() myaugeas.close() if os.path.isfile('/bin/systemctl'): subprocess.call(['systemctl', 'restart', 'postfix.service']) subprocess.call(['systemctl', 'restart', 'amavisd.service']) subprocess.call(['systemctl', 'restart', '*****@*****.**']) subprocess.call(['systemctl', 'restart', 'wallace.service']) elif os.path.isfile('/sbin/service'): subprocess.call(['service', 'postfix', 'restart']) subprocess.call(['service', 'amavisd', 'restart']) subprocess.call(['service', 'clamd.amavisd', 'restart']) subprocess.call(['service', 'wallace', 'restart']) elif os.path.isfile('/usr/sbin/service'): subprocess.call(['/usr/sbin/service','postfix','restart']) subprocess.call(['/usr/sbin/service','amavis','restart']) subprocess.call(['/usr/sbin/service','clamav-daemon','restart']) subprocess.call(['/usr/sbin/service','wallace','restart']) else: log.error(_("Could not start the postfix, clamav and amavisd services services.")) if os.path.isfile('/bin/systemctl'): subprocess.call(['systemctl', 'enable', 'postfix.service']) subprocess.call(['systemctl', 'enable', 'amavisd.service']) subprocess.call(['systemctl', 'enable', '*****@*****.**']) subprocess.call(['systemctl', 'enable', 'wallace.service']) elif os.path.isfile('/sbin/chkconfig'): subprocess.call(['chkconfig', 'postfix', 'on']) subprocess.call(['chkconfig', 'amavisd', 'on']) subprocess.call(['chkconfig', 'clamd.amavisd', 'on']) subprocess.call(['chkconfig', 'wallace', 'on']) elif os.path.isfile('/usr/sbin/update-rc.d'): subprocess.call(['/usr/sbin/update-rc.d', 'postfix', 'defaults']) subprocess.call(['/usr/sbin/update-rc.d', 'amavis', 'defaults']) subprocess.call(['/usr/sbin/update-rc.d', 'clamav-daemon', 'defaults']) subprocess.call(['/usr/sbin/update-rc.d', 'wallace', 'defaults']) else: log.error(_("Could not configure to start on boot, the " + \ "postfix, clamav and amavisd services."))
def execute(*args, **kw): """ Apply the necessary settings to /etc/imapd.conf """ imapd_settings = { "ldap_servers": conf.get('ldap', 'ldap_uri'), "ldap_base": conf.get('ldap', 'base_dn'), "ldap_bind_dn": conf.get('ldap', 'service_bind_dn'), "ldap_password": conf.get('ldap', 'service_bind_pw'), "ldap_filter": '(|(&(|(uid=%s)(uid=cyrus-murder))(uid=%%U))(&(|(uid=%%U)(mail=%%U@%%d)(mail=%%U@%%r))(objectclass=kolabinetorgperson)))' % (conf.get('cyrus-imap', 'admin_login')), "ldap_user_attribute": conf.get('cyrus-sasl', 'result_attribute'), "ldap_group_base": conf.get('ldap', 'base_dn'), "ldap_group_filter": "(&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))", "ldap_group_scope": "one", "ldap_member_base": conf.get('ldap', 'user_base_dn'), "ldap_member_method": "attribute", "ldap_member_attribute": "nsrole", "admins": conf.get('cyrus-imap', 'admin_login'), "postuser": "******", } template_file = None if os.path.isfile('/etc/kolab/templates/imapd.conf.tpl'): template_file = '/etc/kolab/templates/imapd.conf.tpl' elif os.path.isfile('/usr/share/kolab/templates/imapd.conf.tpl'): template_file = '/usr/share/kolab/templates/imapd.conf.tpl' elif os.path.isfile( os.path.abspath( os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'imapd.conf.tpl'))): template_file = os.path.abspath( os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'imapd.conf.tpl')) if not template_file == None: fp = open(template_file, 'r') template_definition = fp.read() fp.close() t = Template(template_definition, searchList=[imapd_settings]) fp = open('/etc/imapd.conf', 'w') fp.write(t.__str__()) fp.close() else: log.error( _("Could not write out Cyrus IMAP configuration file /etc/imapd.conf" )) return cyrus_settings = {} template_file = None if os.path.isfile('/etc/kolab/templates/cyrus.conf.tpl'): template_file = '/etc/kolab/templates/cyrus.conf.tpl' elif os.path.isfile('/usr/share/kolab/templates/cyrus.conf.tpl'): template_file = '/usr/share/kolab/templates/cyrus.conf.tpl' elif os.path.isfile( os.path.abspath( os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'cyrus.conf.tpl'))): template_file = os.path.abspath( os.path.join(__file__, '..', '..', '..', 'share', 'templates', 'cyrus.conf.tpl')) if not template_file == None: fp = open(template_file, 'r') template_definition = fp.read() fp.close() t = Template(template_definition, searchList=[cyrus_settings]) fp = open('/etc/cyrus.conf', 'w') fp.write(t.__str__()) fp.close() else: log.error( _("Could not write out Cyrus IMAP configuration file /etc/cyrus.conf" )) return annotations = [ "/vendor/kolab/activesync,mailbox,string,backend,value.priv,r", "/vendor/kolab/color,mailbox,string,backend,value.shared value.priv,a", "/vendor/kolab/displayname,mailbox,string,backend,value.shared value.priv,a", "/vendor/kolab/folder-test,mailbox,string,backend,value.shared value.priv,a", "/vendor/kolab/folder-type,mailbox,string,backend,value.shared value.priv,a", "/vendor/kolab/incidences-for,mailbox,string,backend,value.shared value.priv,a", "/vendor/kolab/pxfb-readable-for,mailbox,string,backend,value.shared value.priv,a", "/vendor/kolab/uniqueid,mailbox,string,backend,value.shared value.priv,a", "/vendor/kolab/h-share-attr-desc,mailbox,string,backend,value.shared value.priv,a", "/vendor/horde/share-params,mailbox,string,backend,value.shared value.priv,a", "/vendor/x-toltec/test,mailbox,string,backend,value.shared value.priv,a", ] fp = open('/etc/imapd.annotations.conf', 'w') fp.write("\n".join(annotations)) fp.close() if os.path.isfile('/etc/default/kolab-saslauthd'): myaugeas = Augeas() setting = os.path.join('/files/etc/default/kolab-saslauthd', 'START') if not myaugeas.get(setting) == 'yes': myaugeas.set(setting, 'yes') myaugeas.save() myaugeas.close() imapservice = 'cyrus-imapd.service' if os.path.isfile('/usr/lib/systemd/system/cyrus.service'): imapservice = 'cyrus.service' if os.path.isfile('/bin/systemctl'): subprocess.call(['systemctl', 'stop', 'saslauthd.service']) subprocess.call(['systemctl', 'restart', 'kolab-saslauthd.service']) subprocess.call(['systemctl', 'restart', imapservice]) elif os.path.isfile('/sbin/service'): subprocess.call(['service', 'saslauthd', 'stop']) subprocess.call(['service', 'kolab-saslauthd', 'restart']) subprocess.call(['service', 'cyrus-imapd', 'restart']) elif os.path.isfile('/usr/sbin/service'): subprocess.call(['/usr/sbin/service', 'saslauthd', 'stop']) subprocess.call(['/usr/sbin/service', 'kolab-saslauthd', 'restart']) subprocess.call(['/usr/sbin/service', 'cyrus-imapd', 'restart']) else: log.error( _("Could not start the cyrus-imapd and kolab-saslauthd services.")) if os.path.isfile('/bin/systemctl'): subprocess.call(['systemctl', 'disable', 'saslauthd.service']) subprocess.call(['systemctl', 'enable', 'kolab-saslauthd.service']) subprocess.call(['systemctl', 'enable', imapservice]) elif os.path.isfile('/sbin/chkconfig'): subprocess.call(['chkconfig', 'saslauthd', 'off']) subprocess.call(['chkconfig', 'kolab-saslauthd', 'on']) subprocess.call(['chkconfig', 'cyrus-imapd', 'on']) elif os.path.isfile('/usr/sbin/update-rc.d'): subprocess.call(['/usr/sbin/update-rc.d', 'saslauthd', 'disable']) subprocess.call( ['/usr/sbin/update-rc.d', 'kolab-saslauthd', 'defaults']) subprocess.call(['/usr/sbin/update-rc.d', 'cyrus-imapd', 'defaults']) else: log.error(_("Could not configure to start on boot, the " + \ "cyrus-imapd and kolab-saslauthd services."))
class HAProxyConfManager(object): conf_path = 'etc/haproxy/haproxy.cfg' def __init__(self, root_path=None): if root_path is None: root_path = '/' self.conf_path = root_path + self.conf_path self._conf_xpath = '/files' + self.conf_path + '/' self._augeas = Augeas(root=root_path, loadpath=HAPROXY_LENS_DIR) def load(self): LOG.debug('Loading haproxy.conf') self._augeas.load() def save(self): LOG.debug('Saving haproxy.conf') self._augeas.save() def get(self, xpath): """ Returns values of label at given xpath. If label is presented but has no value, returns True xpath is relative to haproxy.cfg file """ if self._augeas.match(self._conf_xpath + xpath) == []: return None value = self._augeas.get(self._conf_xpath + xpath) return value if value is not None else True def _find_xpath_gen(self, base_xpath, sublabel, value_pattern): section_xpaths = self._augeas.match(self._conf_xpath + base_xpath) for xpath in section_xpaths: match = re.search(value_pattern, self._augeas.get(xpath + '/' + sublabel)) if match != None: yield xpath.replace(self._conf_xpath, '') def find_all_xpaths(self, base_xpath, sublabel, value_pattern): """ Returns list of all labels from given base_xpath which sublabel matches `value_pattern` `value_pattern` is regexp This metod is useful when you need to find certain section from config that contains number of such sections (listen[1], listen[2]...) ..Example: cnf.get_matched_xpaths('listen', 'name', 'test*') this will find every listen whose name begins with 'test' """ return list(self._find_xpath_gen(base_xpath, sublabel, value_pattern)) def find_one_xpath(self, base_xpath, sublabel, value_pattern): """ Returns label xpath by given value_pattern of sublabel. Returns None if no label is found. This metod is useful when you need to find certain section from config that contains number of such sections (listen[1], listen[2]...) """ try: return self._find_xpath_gen(base_xpath, sublabel, value_pattern).next() except StopIteration: return None def get_all_xpaths(self, base_xpath): return [ x.replace(self._conf_xpath, '') for x in self._augeas.match(self._conf_xpath + base_xpath) ] def set(self, xpath, value=None, save_conf=True): """ Sets label at given xpath with given value. If there is no label - creates one. If there is - updates its value. `value` can be None/True to set label without actual value or string or iterable or dict to set number of sublabels at once. `xpath` is relative to haproxy.cfg file. """ LOG.debug('Setting %s with value: %s' % (xpath, value)) if isinstance(value, dict): self._augeas.set(self._conf_xpath + xpath, None) for k, v in value.items(): self.set(xpath + '/' + k, v, save_conf=False) elif hasattr(value, '__iter__'): for v in value: self.add(xpath, v, save_conf=False) else: if value == True: value = None elif value == False: return self.remove(xpath) elif value is not None: value = str(value) self._augeas.set(self._conf_xpath + xpath, value) if save_conf: self.save() def add(self, xpath, value=None, save_conf=True): """ Adds node at given xpath. New nodes are appended xpath is relative to haproxy.cfg file Returns xpath of created node """ nodes_qty = len(self._augeas.match(self._conf_xpath + xpath)) if nodes_qty != 0: xpath += '[%s]' % (nodes_qty + 1) self.set(xpath, value, save_conf) return xpath def insert(self, xpath, label, value=None, before=True): """ Inserts label before or after given in xpath xpath is relative to haproxy.cfg file """ xpath = self._conf_xpath + xpath self._augeas.insert(xpath, label, before) if value is not None: labels = self._augeas.match(os.path.dirname(xpath)) base_label = os.path.basename(xpath) inserted_xpath = None if label == base_label: if xpath.endswith(']'): inserted_xpath = xpath if before else labels[ labels.index(xpath) + 1] else: inserted_xpath += '[1]' if before else '[2]' else: index = labels.index(xpath) + (-1 if before else 1) inserted_xpath = labels[index] self.set(inserted_xpath.replace(self._conf_xpath, ''), value) def add_conf(self, conf, append=False): """ Append raw conf to the end of haproxy.conf file or insert at the beginning before everything """ LOG.debug('Adding raw conf part to haproxy.conf:\n%s' % conf) raw = None with open(self.conf_path, 'r') as conf_file: raw = conf_file.read() if not conf.endswith('\n'): conf += '\n' raw = '\n'.join((raw, conf) if append else (conf, raw)) with open(self.conf_path, 'w') as conf_file: conf_file.write(raw) self.load() def extend_section(self, conf, section_name): """ Appends raw conf to the section with given name """ LOG.debug( 'Adding raw conf part to section of haproxy.conf with name %s :\n%s' % (section_name, conf)) raw = None with open(self.conf_path, 'r') as conf_file: raw = conf_file.read() if conf.endswith('\n'): conf = conf[:-1] # reindenting conf conf = dedent(conf) conf = ' ' + conf.replace('\n', '\n ') raw = re.sub(section_name + r'\s*\n', '%s\n%s\n' % (section_name, conf), raw) with open(self.conf_path, 'w') as conf_file: conf_file.write(raw) self.load() def remove(self, xpath): LOG.debug('Removing %s' % xpath) return self._augeas.remove(self._conf_xpath + xpath)