def get_secret_key(pathname): """ Get Django secret key value from a file _or_ generate it on first use """ try: return ConfigFile.load(pathname).SECRET_KEY except (AttributeError, IOError, ValueError) as ex: _write_secret_key(pathname, _make_secret_key()) return ConfigFile.load(pathname).SECRET_KEY
def lava(request): try: instance_name = os.environ["LAVA_INSTANCE"] except KeyError: try: instance_name = os.path.basename(os.environ["VIRTUAL_ENV"]) except KeyError: instance_name = None instance_path = "/etc/lava-server/instance.conf" if os.path.exists(instance_path): instance_config = ConfigFile.load(instance_path) instance_name = instance_config.LAVA_INSTANCE return { 'lava': { 'instance_name': instance_name, 'branding_url': settings.BRANDING_URL, 'branding_icon': settings.BRANDING_ICON, 'branding_alt': settings.BRANDING_ALT, 'branding_height': settings.BRANDING_HEIGHT, 'branding_width': settings.BRANDING_WIDTH, 'branding_bug_url': settings.BRANDING_BUG_URL, 'branding_source_url': settings.BRANDING_SOURCE_URL, 'branding_message': settings.BRANDING_MESSAGE, } }
def lava(request): try: instance_name = os.environ["LAVA_INSTANCE"] except KeyError: try: instance_name = os.path.basename(os.environ["VIRTUAL_ENV"]) except KeyError: instance_name = None from lava_server.settings.config_file import ConfigFile instance_path = "/etc/lava-server/instance.conf" if os.path.exists(instance_path): instance_config = ConfigFile.load(instance_path) instance_name = instance_config.LAVA_INSTANCE return { 'lava': { 'extension_list': loader.extensions, 'instance_name': instance_name, 'branding_url': settings.BRANDING_URL, 'branding_icon': settings.BRANDING_ICON, 'branding_alt': settings.BRANDING_ALT, 'branding_height': settings.BRANDING_HEIGHT, 'branding_width': settings.BRANDING_WIDTH } }
def default_database(self): """ See: http://docs.djangoproject.com/en/1.2/ref/settings/#databases The returned value is suitable for the "default" database. The actual values are obtained from the "default_database" configuration file that is generated by dbconfig-common as requested by lava_server in one of the maintainer scripts Expects: {'ENGINE': "django.db.backends.postgresql_psycopg2", 'NAME': $(LAVA_DB_NAME), 'USER': $(LAVA_DB_USER), 'PASSWORD': $(LAVA_DB_PASSWORD), 'HOST': '', 'PORT': $(LAVA_DB_PORT) """ pathname = self._get_pathname("instance") config = ConfigFile.load(pathname) pgengine = "django.db.backends.postgresql_psycopg2" # FIXME dbname = config.LAVA_DB_NAME if hasattr(config, 'LAVA_DB_NAME') else '' dbuser = config.LAVA_DB_USER if hasattr(config, 'LAVA_DB_USER') else '' dbpass = config.LAVA_DB_PASSWORD if hasattr(config, 'LAVA_DB_PASSWORD') else '' dbhost = config.LAVA_DB_SERVER if (hasattr(config, 'LAVA_DB_SERVER') and config.LAVA_DB_SERVER is not "") else '127.0.0.1' dbport = config.LAVA_DB_PORT if hasattr(config, 'LAVA_DB_PORT') else '' return { 'ENGINE': pgengine, 'NAME': dbname, 'USER': dbuser, 'PASSWORD': dbpass, 'HOST': dbhost, 'PORT': dbport }
def lava(request): try: instance_name = os.environ["LAVA_INSTANCE"] except KeyError: try: instance_name = os.path.basename(os.environ["VIRTUAL_ENV"]) except KeyError: instance_name = None from lava_server.settings.config_file import ConfigFile instance_path = "/etc/lava-server/instance.conf" if os.path.exists(instance_path): instance_config = ConfigFile.load(instance_path) instance_name = instance_config.LAVA_INSTANCE return { 'lava': { 'extension_list': loader.extensions, 'instance_name': instance_name, 'version': versiontools.format_version(lava_server.__version__, hint=lava_server) } }
def get_heartbeat_timeout(): """Returns the HEARTBEAT_TIMEOUT value specified in worker.conf If there is no value found, we return a default timeout value 300. """ settings = Settings("lava-server") worker_config_path = settings._get_pathname("worker") try: worker_config = ConfigFile.load(worker_config_path) if worker_config and worker_config.HEARTBEAT_TIMEOUT != '': return int(worker_config.HEARTBEAT_TIMEOUT) else: return 300 except (IOError, AttributeError): return 300
def get_software_info(): """Returns git status and version information for LAVA related software. """ sw_info = {} # Populate the git status of server code from exports directory. settings = Settings("lava-server") instance_config_path = settings._get_pathname("instance") instance_config = ConfigFile.load(instance_config_path) prefix = os.path.join(instance_config.LAVA_PREFIX, instance_config.LAVA_INSTANCE) # Populate installed packages. sw_info.update(installed_packages(package_name='lava')) sw_info.update(installed_packages(package_name='linaro')) sw_info.update(installed_packages(prefix=prefix)) # Summary of local build outs, if any. if instance_config.LAVA_DEV_MODE == 'yes': sw_info.update(local_diffstat(prefix)) return simplejson.dumps(format_sw_info_to_html(sw_info))
MOUNT_POINT = (MOUNT_POINT.rstrip("/") + "/").lstrip("/") # Fix ADMINS and MANAGERS variables # In Django < 1.9, this is a tuple of tuples # In Django >= 1.9 this is a list of tuples # See https://docs.djangoproject.com/en/1.8/ref/settings/#admins # and https://docs.djangoproject.com/en/1.9/ref/settings/#admins if django.VERSION < (1, 9): ADMINS = tuple(tuple(v) for v in ADMINS) MANAGERS = tuple(tuple(v) for v in MANAGERS) else: ADMINS = [tuple(v) for v in ADMINS] MANAGERS = [tuple(v) for v in MANAGERS] # Load default database from distro integration config = ConfigFile.load("/etc/lava-server/instance.conf") DATABASES = {"default": {"ENGINE": "django.db.backends.postgresql_psycopg2", "NAME": getattr(config, "LAVA_DB_NAME", ""), "USER": getattr(config, "LAVA_DB_USER", ""), "PASSWORD": getattr(config, "LAVA_DB_PASSWORD", ""), "HOST": getattr(config, "LAVA_DB_SERVER", "127.0.0.1"), "PORT": getattr(config, "LAVA_DB_PORT", ""), }} # Load secret key from distro integration SECRET_KEY = get_secret_key("/etc/lava-server/secret_key.conf") # LDAP authentication config if AUTH_LDAP_SERVER_URI: INSTALLED_APPS.append('ldap') INSTALLED_APPS.append('django_auth_ldap') import ldap
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' # default branding details BRANDING_ALT = "Linaro logo" BRANDING_ICON = 'lava_server/images/logo.png' BRANDING_URL = 'http://www.linaro.org' BRANDING_HEIGHT = "BRANDING_HEIGHT", 22 BRANDING_WIDTH = "BRANDING_WIDTH", 22 BRANDING_BUG_URL = "https://lists.linaro.org/mailman/listinfo/lava-users" BRANDING_SOURCE_URL = "https://git.linaro.org/lava" BRANDING_MESSAGE = '' instance_name = 'default' instance_path = "/etc/lava-server/instance.conf" if os.path.exists(instance_path): instance_config = ConfigFile.load(instance_path) instance_name = instance_config.LAVA_INSTANCE INSTANCE_NAME = instance_name # Logging LOGGING = { 'version': 1, 'disable_existing_loggers': False, 'filters': { 'require_debug_false': { '()': 'django.utils.log.RequireDebugFalse' } }, 'formatters': {
with open("/etc/lava-server/settings.conf", "r") as f_conf: for (k, v) in simplejson.load(f_conf).items(): globals()[k] = v # Fix mount point # Remove the leading slash and keep only one trailing slash MOUNT_POINT = (MOUNT_POINT.rstrip("/") + "/").lstrip("/") # Fix ADMINS and MANAGERS variables # In Django >= 1.9 this is a list of tuples # and https://docs.djangoproject.com/en/1.9/ref/settings/#admins ADMINS = [tuple(v) for v in ADMINS] MANAGERS = [tuple(v) for v in MANAGERS] # Load default database from distro integration config = ConfigFile.load("/etc/lava-server/instance.conf") DATABASES = { "default": { "ENGINE": "django.db.backends.postgresql", "NAME": getattr(config, "LAVA_DB_NAME", ""), "USER": getattr(config, "LAVA_DB_USER", ""), "PASSWORD": getattr(config, "LAVA_DB_PASSWORD", ""), "HOST": getattr(config, "LAVA_DB_SERVER", "127.0.0.1"), "PORT": getattr(config, "LAVA_DB_PORT", ""), } } # Load secret key from distro integration SECRET_KEY = get_secret_key("/etc/lava-server/secret_key.conf") # LDAP authentication config
def configure(): if os.path.exists(INSTANCE_CONF) and os.path.isfile(INSTANCE_CONF): config_path = INSTANCE_CONF else: config_path = INSTANCE_TEMPLATE_CONF config = ConfigFile.load(config_path) config.LAVA_DB_SERVER = LAVA_DB_SERVER if not hasattr(config, 'LAVA_SYS_USER'): config.LAVA_SYS_USER = "******" if not hasattr(config, 'LAVA_INSTANCE') or \ config.LAVA_INSTANCE == '$LAVA_INSTANCE': config.LAVA_INSTANCE = "default" if not hasattr(config, 'LAVA_DB_NAME') or \ config.LAVA_DB_NAME == '$LAVA_DB_NAME': config.LAVA_DB_NAME = "lavaserver" if not hasattr(config, 'LAVA_DB_USER') or \ config.LAVA_DB_USER == '$LAVA_DB_USER': config.LAVA_DB_USER = "******" if not hasattr(config, 'LAVA_DB_PORT') or \ config.LAVA_DB_PORT == '$LAVA_DB_PORT': config.LAVA_DB_PORT = 5432 if not hasattr(config, 'LAVA_DB_PASSWORD') or \ config.LAVA_DB_PASSWORD == '$LAVA_DB_PASSWORD': config.LAVA_DB_PASSWORD = "******" % random.getrandbits(48) ConfigFile.serialize(INSTANCE_CONF, config.__dict__) os.makedirs("%s/media/job-output/" % LAVA_SYS_MOUNTDIR, exist_ok=True) run([ "adduser", "--quiet", "--system", "--group", "--home=%s" % LAVA_SYS_HOME, config.LAVA_SYS_USER, "--shell=/bin/sh" ], 'adduser') shutil.chown(LAVA_SYS_MOUNTDIR, config.LAVA_SYS_USER, config.LAVA_SYS_USER) shutil.chown("%s/media/" % LAVA_SYS_MOUNTDIR, config.LAVA_SYS_USER, config.LAVA_SYS_USER) shutil.chown("%s/media/job-output/" % LAVA_SYS_MOUNTDIR, config.LAVA_SYS_USER, config.LAVA_SYS_USER) # fixup bug from date based subdirectories - allowed to be missing. try: shutil.chown("%s/media/job-output/2017" % LAVA_SYS_MOUNTDIR, config.LAVA_SYS_USER, config.LAVA_SYS_USER) except FileNotFoundError: print("legacy directory is missing, skip..") # support changes in xml-rpc API for 2017.6 shutil.chown("/etc/lava-server/dispatcher.d/", config.LAVA_SYS_USER, config.LAVA_SYS_USER) shutil.chown(DISPATCHER_CONFIG, config.LAVA_SYS_USER, config.LAVA_SYS_USER) shutil.chown("%s/devices/" % DISPATCHER_CONFIG, config.LAVA_SYS_USER, config.LAVA_SYS_USER) shutil.chown("%s/device-types/" % DISPATCHER_CONFIG, config.LAVA_SYS_USER, config.LAVA_SYS_USER) # user may not have been removed but the directory has, after purge. if not os.path.isdir(LAVA_SYS_HOME): os.mkdir(LAVA_SYS_HOME) shutil.chown(LAVA_SYS_HOME, config.LAVA_SYS_USER, config.LAVA_SYS_USER) # Fix permissions of /etc/lava-server/instance.conf shutil.chown(INSTANCE_CONF, config.LAVA_SYS_USER, config.LAVA_SYS_USER) os.chmod(INSTANCE_CONF, 0o640) os.makedirs(os.path.dirname(LAVA_LOGS), exist_ok=True) # Allow lavaserver to write to all the log files # setgid on LAVA_LOGS directory os.chmod(LAVA_LOGS, 0o2775) # nosec - group permissive. # Allow users in the adm group to read all logs with open("%s/django.log" % LAVA_LOGS, 'w+') as logfile: logfile.write('') shutil.chown(LAVA_LOGS, user=config.LAVA_SYS_USER, group='adm') for file in glob.glob("%s/*" % LAVA_LOGS): if 'lava-scheduler.log' in file: # skip changes to old logs. continue shutil.chown(file, user=config.LAVA_SYS_USER, group='adm') # allow users in the adm group to run lava-server commands os.chmod(file, 0o0664) # tidy up old logrotate config to allow logrotate cron to complete. if os.path.exists('/etc/logrotate.d/lava-scheduler-log'): os.unlink('/etc/logrotate.d/lava-scheduler-log') # Allow lava user to write the secret key with open(SECRET_KEY, 'w+') as key: key.write('') shutil.chown(SECRET_KEY, config.LAVA_SYS_USER, config.LAVA_SYS_USER) os.chmod(SECRET_KEY, 0o640) # Allow lavaserver to write device dictionary files os.makedirs("%s/devices/" % DISPATCHER_CONFIG, exist_ok=True) shutil.chown("%s/devices/" % DISPATCHER_CONFIG, config.LAVA_SYS_USER, config.LAVA_SYS_USER) # Create temporary database role for db operations. pg_admin_username = "******" % random.getrandbits(48) pg_admin_password = "******" % random.getrandbits(48) result = psql_run([ "psql", "-c", "CREATE ROLE %s PASSWORD '%s' SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN;" % (pg_admin_username, pg_admin_password) ], "Failed to create temporary superuser role") if result != 0: print("Failed to create postgres superuser.") return try: db_setup(config, pg_admin_username, pg_admin_password) finally: # Removing temprorary user from postgres. result = psql_run( ["psql", "-c", "DROP ROLE %s ;" % pg_admin_username], "Failed to drop temporary superuser role.") if result != 0: print( "Temporary user %s was not properly removed from postgres. Please do so manually." % pg_admin_username)
# along with LAVA. If not, see <http://www.gnu.org/licenses/>. import contextlib from pathlib import Path import yaml from lava_server.settings.common import * from lava_server.settings.config_file import ConfigFile ############################ # Load configuration files # ############################ # instance.conf with contextlib.suppress(FileNotFoundError): config = ConfigFile.load("/etc/lava-server/instance.conf") DATABASES = { "default": { "ENGINE": "django.db.backends.postgresql", "NAME": getattr(config, "LAVA_DB_NAME", ""), "USER": getattr(config, "LAVA_DB_USER", ""), "PASSWORD": getattr(config, "LAVA_DB_PASSWORD", ""), "HOST": getattr(config, "LAVA_DB_SERVER", "127.0.0.1"), "PORT": getattr(config, "LAVA_DB_PORT", "5432"), } } INSTANCE_NAME = config.LAVA_INSTANCE # secret_key.conf with contextlib.suppress(FileNotFoundError): SECRET_KEY = ConfigFile.load("/etc/lava-server/secret_key.conf").SECRET_KEY
if distro_settings.get_setting("SERVER_EMAIL"): SERVER_EMAIL = distro_settings.get_setting("SERVER_EMAIL") # Atlassian Crowd authentication config AUTH_CROWD_SERVER_REST_URI = distro_settings.get_setting("AUTH_CROWD_SERVER_REST_URI") if AUTH_CROWD_SERVER_REST_URI: # If Crowd server URL is configured, disable OpenID and # enable Crowd auth backend INSTALLED_APPS.append('crowdrest') AUTHENTICATION_BACKENDS = ['crowdrest.backend.CrowdRestBackend'] + \ [x for x in AUTHENTICATION_BACKENDS if "OpenID" not in x] # Load credentials from a separate file from lava_server.settings.config_file import ConfigFile pathname = distro_settings._get_pathname("crowd") crowd_config = ConfigFile.load(pathname) AUTH_CROWD_APPLICATION_USER = crowd_config.AUTH_CROWD_APPLICATION_USER AUTH_CROWD_APPLICATION_PASSWORD = crowd_config.AUTH_CROWD_APPLICATION_PASSWORD if distro_settings.get_setting("AUTH_CROWD_GROUP_MAP"): AUTH_CROWD_GROUP_MAP = distro_settings.get_setting("AUTH_CROWD_GROUP_MAP") AUTH_DEBIAN_SSO = distro_settings.get_setting("AUTH_DEBIAN_SSO") # LDAP authentication config AUTH_LDAP_SERVER_URI = distro_settings.get_setting("AUTH_LDAP_SERVER_URI") if AUTH_LDAP_SERVER_URI: INSTALLED_APPS.append('ldap') INSTALLED_APPS.append('django_auth_ldap') import ldap from django_auth_ldap.config import (LDAPSearch, LDAPSearchUnion)
SERVER_EMAIL = distro_settings.get_setting("SERVER_EMAIL") # Atlassian Crowd authentication config AUTH_CROWD_SERVER_REST_URI = distro_settings.get_setting( "AUTH_CROWD_SERVER_REST_URI") if AUTH_CROWD_SERVER_REST_URI: # If Crowd server URL is configured, disable OpenID and # enable Crowd auth backend INSTALLED_APPS.append('crowdrest') AUTHENTICATION_BACKENDS = ['crowdrest.backend.CrowdRestBackend'] + \ [x for x in AUTHENTICATION_BACKENDS if "OpenID" not in x] # Load credentials from a separate file from lava_server.settings.config_file import ConfigFile pathname = distro_settings._get_pathname("crowd") crowd_config = ConfigFile.load(pathname) AUTH_CROWD_APPLICATION_USER = crowd_config.AUTH_CROWD_APPLICATION_USER AUTH_CROWD_APPLICATION_PASSWORD = crowd_config.AUTH_CROWD_APPLICATION_PASSWORD if distro_settings.get_setting("AUTH_CROWD_GROUP_MAP"): AUTH_CROWD_GROUP_MAP = distro_settings.get_setting( "AUTH_CROWD_GROUP_MAP") AUTH_DEBIAN_SSO = distro_settings.get_setting("AUTH_DEBIAN_SSO") # LDAP authentication config AUTH_LDAP_SERVER_URI = distro_settings.get_setting("AUTH_LDAP_SERVER_URI") if AUTH_LDAP_SERVER_URI: INSTALLED_APPS.append('ldap') INSTALLED_APPS.append('django_auth_ldap') import ldap from django_auth_ldap.config import (LDAPSearch, LDAPSearchUnion)