def map_minions(self, get_only_alive=False):
"""
Builds a recursive map of the minions currently assigned to this
overlord
"""
maphash = {}
current_minions = []
if get_only_alive:
ping_results = fc.Overlord("*").test.ping()
for minion in ping_results.keys():
if ping_results[minion] == 1: #if minion is alive
current_minions.append(minion) #add it to the list
else:
cm = certmaster.CertMaster()
if cm == None: # this is minion only setup
return maphash
current_minions = cm.get_signed_certs()
for current_minion in current_minions:
if current_minion in func_utils.get_hostname_by_route():
maphash[current_minion] = {} #prevent infinite recursion
else:
next_hop = fc.Overlord(current_minion)
mapresults = next_hop.overlord.map_minions()[current_minion]
if not cm_utils.is_error(mapresults):
maphash[current_minion] = mapresults
else:
maphash[current_minion] = {}
return maphash
def main(argv):
"""
Start things up.
"""
sys.excepthook = excepthook
if len(sys.argv) > 1 and sys.argv[1] == "--list-modules":
module_names = module_loader.load_modules().keys()
module_names.sort()
print "loaded modules:"
for foo in module_names:
print "\t" + foo
sys.exit(0)
if "--version" in sys.argv or "-v" in sys.argv:
print >> sys.stderr, file("/etc/func/version").read().strip()
sys.exit(0)
if "daemon" in sys.argv or "--daemon" in sys.argv:
utils.daemonize("/var/run/funcd.pid")
else:
print "serving...\n"
try:
hn = futils.get_hostname_by_route()
requester.request_cert(hn)
serve()
except codes.FuncException, e:
print >> sys.stderr, 'error: %s' % e
sys.exit(1)
def __init__(self, args, module_list=[]):
self.allow_reuse_address = True
self.modules = module_loader.load_modules(module_list=module_list)
#load facts methods
self.fact_methods = load_fact_methods()
self.minion_query = FactsMinion(method_fact_list=self.fact_methods)
XmlRpcInterface.__init__(self)
hn = func_utils.get_hostname_by_route()
if self.config.key_file != '':
self.key = self.config.key_file
else:
# search case-insensitively to find the right key - take the first one - if there are
# more than one differing only by case then the user is going to get 'unique' behavior :)
self.key = func_utils.find_files_by_hostname(
hn, self.cm_config.cert_dir, '.pem')[0]
if self.config.cert_file != '':
self.cert = self.config.cert_file
else:
self.cert = func_utils.find_files_by_hostname(
hn, self.cm_config.cert_dir, '.cert')[0]
if self.config.ca_file != '':
self.ca = self.config.ca_file
else:
self.ca = "%s/ca.cert" % self.cm_config.cert_dir
self._our_ca = certs.retrieve_cert_from_file(self.ca)
self.acls = acls_mod.Acls(config=self.config)
AuthedXMLRPCServer.AuthedSSLXMLRPCServer.__init__(
self, args, self.key, self.cert, self.ca)
def __init__(self, args):
self.allow_reuse_address = True
self.modules = module_loader.load_modules()
#load facts methods
self.fact_methods = load_fact_methods()
self.minion_query = FactsMinion(method_fact_list=self.fact_methods)
XmlRpcInterface.__init__(self)
hn = func_utils.get_hostname_by_route()
if self.config.key_file != '':
self.key = self.config.key_file
else:
self.key = "%s/%s.pem" % (self.cm_config.cert_dir, hn)
if self.config.cert_file != '':
self.cert = self.config.cert_file
else:
self.cert = "%s/%s.cert" % (self.cm_config.cert_dir, hn)
if self.config.ca_file != '':
self.ca = self.config.ca_file
else:
self.ca = "%s/ca.cert" % self.cm_config.cert_dir
self._our_ca = certs.retrieve_cert_from_file(self.ca)
self.acls = acls_mod.Acls(config=self.config)
AuthedXMLRPCServer.AuthedSSLXMLRPCServer.__init__(self, args,
self.key, self.cert,
self.ca)
def __init__(self, args):
self.allow_reuse_address = True
self.modules = module_loader.load_modules()
#load facts methods
self.fact_methods = load_fact_methods()
self.minion_query = FactsMinion(method_fact_list=self.fact_methods)
XmlRpcInterface.__init__(self)
hn = func_utils.get_hostname_by_route()
if self.config.key_file != '':
self.key = self.config.key_file
else:
# search case-insensitively to find the right key - take the first one - if there are
# more than one differing only by case then the user is going to get 'unique' behavior :)
self.key = func_utils.find_files_by_hostname(hn, self.cm_config.cert_dir, '.pem')[0]
if self.config.cert_file != '':
self.cert = self.config.cert_file
else:
self.cert = func_utils.find_files_by_hostname(hn, self.cm_config.cert_dir, '.cert')[0]
if self.config.ca_file != '':
self.ca = self.config.ca_file
else:
self.ca = "%s/ca.cert" % self.cm_config.cert_dir
self._our_ca = certs.retrieve_cert_from_file(self.ca)
self.acls = acls_mod.Acls(config=self.config)
AuthedXMLRPCServer.AuthedSSLXMLRPCServer.__init__(self, args,
self.key, self.cert,
self.ca)
def do(self, args):
conf_dir = sys.exec_prefix
self.minion_config = read_config('%s/etc/certmaster/minion.conf' % conf_dir, MinionConfig)
self.funcd_config = read_config('%s/etc/func/minion.conf' % conf_dir, FuncdConfig)
if not self.check_certmaster and not self.check_minion:
print "* specify --certmaster, --minion, or both"
return
else:
print "SCAN RESULTS:"
hostname = func_utils.get_hostname_by_route()
print "* FQDN is detected as %s, verify that is correct" % hostname
self.check_iptables()
if not os.getuid() == 0:
print "* root is required to run these setup tests"
return
if self.check_minion:
# check that funcd is running
self.check_service("funcd")
# check that the configured certmaster is reachable
self.check_talk_to_certmaster()
if self.check_certmaster:
# check that certmasterd is running
self.check_service("certmasterd")
# see if we have any waiting CSRs
# FIXME: TODO
# see if we have signed any certs
# FIXME: TODO
self.server_spec = self.parentCommand.server_spec
self.getOverlord()
results = self.overlord_obj.test.add(1,2)
hosts = results.keys()
if len(hosts) == 0:
print "* no systems have signed certs"
else:
failed = 0
for x in hosts:
if results[x] != 3:
failed = failed+1
if failed != 0:
print "* unable to connect to %s registered minions from overlord" % failed
print "* run func '*' ping to check status"
# see if any of our certs have expired
# warn about iptables if running
print "End of Report."
def map_minions(self,get_only_alive=False):
"""
Builds a recursive map of the minions currently assigned to this
overlord
"""
maphash = {}
current_minions = []
if get_only_alive:
ping_results = fc.Overlord("*").test.ping()
for minion in ping_results.keys():
if ping_results[minion] == 1: #if minion is alive
current_minions.append(minion) #add it to the list
else:
cm = certmaster.CertMaster()
current_minions = cm.get_signed_certs()
for current_minion in current_minions:
if current_minion in func_utils.get_hostname_by_route():
maphash[current_minion] = {} #prevent infinite recursion
else:
next_hop = fc.Overlord(current_minion)
mapresults = next_hop.overlord.map_minions()[current_minion]
if not cm_utils.is_error(mapresults):
maphash[current_minion] = mapresults
else:
maphash[current_minion] = {}
return maphash
def main(argv):
"""
Start things up.
"""
conf_dir = sys.exec_prefix
sys.excepthook = excepthook
if len(sys.argv) > 1 and sys.argv[1] == "--list-modules":
config = read_config("%s/etc/func/minion.conf" % conf_dir, FuncdConfig)
module_names = module_loader.load_modules(module_list = config.module_list).keys()
module_names.sort()
print "loaded modules:"
for foo in module_names:
print "\t" + foo
sys.exit(0)
if "--version" in sys.argv or "-v" in sys.argv:
print >> sys.stderr, file("%s/etc/func/version" % conf_dir).read().strip()
sys.exit(0)
if "--info" in sys.argv:
server = setup_server()
print 'config:'
for l in str(server.config).split('\n'):
print '\t' + l
print 'server name: %s' % server.server_name
print 'server listen addr: %s:%s' % server.server_address
print 'key file: %s' % server.key
print 'cert file: %s' % server.cert
print 'ca file: %s' % server.ca
cert = certs.retrieve_cert_from_file(server.cert)
print 'cert dn: %s' % cert.get_subject().CN
print 'certificate hash: %s' % cert.subject_name_hash()
print 'modules loaded:'
for mn in sorted(server.modules.keys()):
print '\t' + mn
print 'acls:'
for (host, methods) in server.acls.acls.items():
print '\t' + host + ' : ' + str(methods)
print 'facts:'
for (n, meth) in server.fact_methods.items():
print '\t' + n + ' : ' + meth()
sys.exit(0)
if "daemon" in sys.argv or "--daemon" in sys.argv:
utils.daemonize("%s/var/run/funcd.pid" % conf_dir)
else:
print "serving...\n"
try:
config = read_config("%s/etc/func/minion.conf" % conf_dir, FuncdConfig)
if config.use_certmaster:
hn = func_utils.get_hostname_by_route()
requester.request_cert(hn)
serve()
except codes.FuncException, e:
print >> sys.stderr, 'error: %s' % e
sys.exit(1)
def main(argv):
"""
Start things up.
"""
sys.excepthook = excepthook
if len(sys.argv) > 1 and sys.argv[1] == "--list-modules":
module_names = module_loader.load_modules().keys()
module_names.sort()
print "loaded modules:"
for foo in module_names:
print "\t" + foo
sys.exit(0)
if "--version" in sys.argv or "-v" in sys.argv:
print >> sys.stderr, file("/etc/func/version").read().strip()
sys.exit(0)
if "daemon" in sys.argv or "--daemon" in sys.argv:
utils.daemonize("/var/run/funcd.pid")
else:
print "serving...\n"
try:
hn = futils.get_hostname_by_route()
requester.request_cert(hn)
serve()
except codes.FuncException, e:
print >> sys.stderr, 'error: %s' % e
sys.exit(1)
def do(self, args):
self.minion_config = read_config('/etc/certmaster/minion.conf',
MinionConfig)
self.funcd_config = read_config('/etc/func/minion.conf', FuncdConfig)
if not self.check_certmaster and not self.check_minion:
print "* specify --certmaster, --minion, or both"
return
else:
print "SCAN RESULTS:"
hostname = func_utils.get_hostname_by_route()
print "* FQDN is detected as %s, verify that is correct" % hostname
self.check_iptables()
if not os.getuid() == 0:
print "* root is required to run these setup tests"
return
if self.check_minion:
# check that funcd is running
self.check_service("funcd")
# check that the configured certmaster is reachable
self.check_talk_to_certmaster()
if self.check_certmaster:
# check that certmasterd is running
self.check_service("certmasterd")
# see if we have any waiting CSRs
# FIXME: TODO
# see if we have signed any certs
# FIXME: TODO
self.server_spec = self.parentCommand.server_spec
self.getOverlord()
results = self.overlord_obj.test.add(1, 2)
hosts = results.keys()
if len(hosts) == 0:
print "* no systems have signed certs"
else:
failed = 0
for x in hosts:
if results[x] != 3:
failed = failed + 1
if failed != 0:
print "* unable to connect to %s registered minions from overlord" % failed
print "* run func '*' ping to check status"
# see if any of our certs have expired
# warn about iptables if running
print "End of Report."
def main(argv):
"""
Start things up.
"""
sys.excepthook = excepthook
if len(sys.argv) > 1 and sys.argv[1] == "--list-modules":
config = read_config("/etc/func/minion.conf", FuncdConfig)
module_names = module_loader.load_modules(
module_list=config.module_list).keys()
module_names.sort()
print "loaded modules:"
for foo in module_names:
print "\t" + foo
sys.exit(0)
if "--version" in sys.argv or "-v" in sys.argv:
print >> sys.stderr, file("/etc/func/version").read().strip()
sys.exit(0)
if "--info" in sys.argv:
server = setup_server()
print 'config:'
for l in str(server.config).split('\n'):
print '\t' + l
print 'server name: %s' % server.server_name
print 'server listen addr: %s:%s' % server.server_address
print 'key file: %s' % server.key
print 'cert file: %s' % server.cert
print 'ca file: %s' % server.ca
cert = certs.retrieve_cert_from_file(server.cert)
print 'cert dn: %s' % cert.get_subject().CN
print 'certificate hash: %s' % cert.subject_name_hash()
print 'modules loaded:'
for mn in sorted(server.modules.keys()):
print '\t' + mn
print 'acls:'
for (host, methods) in server.acls.acls.items():
print '\t' + host + ' : ' + str(methods)
print 'facts:'
for (n, meth) in server.fact_methods.items():
print '\t' + n + ' : ' + meth()
sys.exit(0)
if "daemon" in sys.argv or "--daemon" in sys.argv:
utils.daemonize("/var/run/funcd.pid")
else:
print "serving...\n"
try:
config = read_config("/etc/func/minion.conf", FuncdConfig)
if config.use_certmaster:
hn = func_utils.get_hostname_by_route()
requester.request_cert(hn)
serve()
except codes.FuncException, e:
print >> sys.stderr, 'error: %s' % e
sys.exit(1)
def __init__(self, args):
self.allow_reuse_address = True
self.modules = module_loader.load_modules()
XmlRpcInterface.__init__(self)
hn = func_utils.get_hostname_by_route()
self.key = "%s/%s.pem" % (self.cm_config.cert_dir, hn)
self.cert = "%s/%s.cert" % (self.cm_config.cert_dir, hn)
self.ca = "%s/ca.cert" % self.cm_config.cert_dir
self._our_ca = certs.retrieve_cert_from_file(self.ca)
self.acls = acls_mod.Acls(config=self.config)
AuthedXMLRPCServer.AuthedSSLXMLRPCServer.__init__(self, args,
self.key, self.cert,
self.ca)
def __init__(self, args):
self.allow_reuse_address = True
self.modules = module_loader.load_modules()
#load facts methods
self.fact_methods = load_fact_methods()
self.minion_query = FactsMinion(method_fact_list=self.fact_methods)
XmlRpcInterface.__init__(self)
hn = func_utils.get_hostname_by_route()
self.key = "%s/%s.pem" % (self.cm_config.cert_dir, hn)
self.cert = "%s/%s.cert" % (self.cm_config.cert_dir, hn)
self.ca = "%s/ca.cert" % self.cm_config.cert_dir
self._our_ca = certs.retrieve_cert_from_file(self.ca)
self.acls = acls_mod.Acls(config=self.config)
AuthedXMLRPCServer.AuthedSSLXMLRPCServer.__init__(
self, args, self.key, self.cert, self.ca)