def _misc(self): uninstall_files = [] self.environment[ osetupcons.CoreEnv.REGISTER_UNINSTALL_GROUPS].createGroup( group='ca_config', description='PKI configuration', optional=True, ).addFiles( 'ca_config', uninstall_files, ) self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( filetransaction.FileTransaction( name=( oenginecons.FileLocations.OVIRT_ENGINE_SERVICE_CONFIG_PKI), mode=0o640, owner=self.environment[oengcommcons.SystemEnv.USER_ROOT], group=self.environment[osetupcons.SystemEnv.GROUP_ENGINE], enforcePermissions=True, content=( 'ENGINE_PKI="{pki_dir}"\n' 'ENGINE_PKI_CA="{ca}"\n' 'ENGINE_PKI_ENGINE_CERT="{engine_cert}"\n' 'ENGINE_PKI_TRUST_STORE="{trust_store}"\n' 'ENGINE_PKI_TRUST_STORE_PASSWORD='******'"{trust_store_password}"\n') + 'ENGINE_PKI_ENGINE_STORE="{engine_store}"\n' 'ENGINE_PKI_ENGINE_STORE_PASSWORD='******'"{engine_store_password}"\n') + 'ENGINE_PKI_ENGINE_STORE_ALIAS="{engine_store_alias}"\n' 'ENGINE_HTTPS_PKI_TRUST_STORE=' + ('"${{ENGINE_PKI_TRUST_STORE}}"\n') + 'ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD='******'"${{ENGINE_PKI_TRUST_STORE_PASSWORD}}"\n')).format( pki_dir=( oenginecons.FileLocations.OVIRT_ENGINE_PKIDIR), ca=(oenginecons.FileLocations. OVIRT_ENGINE_PKI_ENGINE_CA_CERT), engine_cert=(oenginecons.FileLocations. OVIRT_ENGINE_PKI_ENGINE_CERT), trust_store=(oenginecons.FileLocations. OVIRT_ENGINE_PKI_ENGINE_TRUST_STORE), trust_store_password=outil.escape( oenginecons.Const.PKI_PASSWORD, '"\\$', ), engine_store=(oenginecons.FileLocations. OVIRT_ENGINE_PKI_ENGINE_STORE), engine_store_password=outil.escape( oenginecons.Const.PKI_PASSWORD, '"\\$', ), engine_store_alias='1', ), modifiedList=uninstall_files, ))
def getDBConfig(self, prefix): return ( '{prefix}_DB_HOST="{host}"\n' '{prefix}_DB_PORT="{port}"\n' '{prefix}_DB_USER="******"\n' '{prefix}_DB_PASSWORD="******"\n' '{prefix}_DB_DATABASE="{database}"\n' '{prefix}_DB_SECURED="{secured}"\n' '{prefix}_DB_SECURED_VALIDATION="{hostValidation}"\n' '{prefix}_DB_DRIVER="org.postgresql.Driver"\n' '{prefix}_DB_URL="{jdbcUrl}"\n' ).format( prefix=prefix, host=_ind_env(self, DEK.HOST), port=_ind_env(self, DEK.PORT), user=_ind_env(self, DEK.USER), password=outil.escape( _ind_env(self, DEK.PASSWORD), ':\\', ), database=_ind_env(self, DEK.DATABASE), secured=_ind_env(self, DEK.SECURED), hostValidation=_ind_env(self, DEK.HOST_VALIDATION), jdbcUrl=self.getJdbcUrl(), )
def createPgPass(self): # # we need client side psql library # version as at least in rhel for 8.4 # the password within pgpassfile is # not escaped. # the simplest way is to checkout psql # utility version. # if type(self)._plainPassword is None: rc, stdout, stderr = self._plugin.execute(args=( self.command.get('psql'), '-V', ), ) type(self)._plainPassword = '******' in stdout[0] fd, pgpass = tempfile.mkstemp() atexit.register(os.unlink, pgpass) with os.fdopen(fd, 'w') as f: f.write(('# DB USER credentials.\n' '{host}:{port}:{database}:{user}:{password}\n').format( host=_ind_env(self, DEK.HOST), port=_ind_env(self, DEK.PORT), database=_ind_env(self, DEK.DATABASE), user=_ind_env(self, DEK.USER), password=(_ind_env(self, DEK.PASSWORD) if type(self)._plainPassword else outil.escape( _ind_env(self, DEK.PASSWORD), ':\\', )), ), ) self.environment[self._dbenvkeys[DEK.PGPASSFILE]] = pgpass
def getDBConfig(self, prefix, localhost_replacement=None): return ( '{prefix}_DB_HOST="{host}"\n' '{prefix}_DB_PORT="{port}"\n' '{prefix}_DB_USER="******"\n' '{prefix}_DB_PASSWORD="******"\n' '{prefix}_DB_DATABASE="{database}"\n' '{prefix}_DB_SECURED="{secured}"\n' '{prefix}_DB_SECURED_VALIDATION="{hostValidation}"\n' '{prefix}_DB_DRIVER="org.postgresql.Driver"\n' '{prefix}_DB_URL="{jdbcUrl}"\n' ).format( prefix=prefix, host=self.replaced_localhost(localhost_replacement), port=_ind_env(self, DEK.PORT), user=_ind_env(self, DEK.USER), password=outil.escape( _ind_env(self, DEK.PASSWORD), ':\\', ), database=_ind_env(self, DEK.DATABASE), secured=_ind_env(self, DEK.SECURED), hostValidation=_ind_env(self, DEK.HOST_VALIDATION), jdbcUrl=self.getJdbcUrl(localhost_replacement), )
def _handle_rename(self, entity): rc, stdout, stderr = self.execute(args=( oenginecons.FileLocations.OVIRT_ENGINE_PKI_PKCS12_EXTRACT, '--name=%s' % entity['name'], '--passin=%s' % (self.environment[oenginecons.PKIEnv.STORE_PASS], ), '--cert=-', ), ) cert = x509.load_pem_x509_certificate( '\n'.join(stdout).encode('ascii'), backend=default_backend(), ) new_subject = '' for rdn in cert.subject.rdns: for name_attribute in rdn: type_text = _NAMEOID_TO_NAME[name_attribute.oid] value_text = name_attribute.value if name_attribute.oid == x509.oid.NameOID.COMMON_NAME: value_text = self.environment[osetupcons.RenameEnv.FQDN] new_subject += '/{typ}={val}'.format( typ=type_text, val=outil.escape(value_text, '/\\'), ) self.execute(( oenginecons.FileLocations.OVIRT_ENGINE_PKI_CA_ENROLL, '--name=%s' % entity['name'], '--password=%s' % (self.environment[oenginecons.PKIEnv.STORE_PASS], ), '--subject=%s' % new_subject, '--san=DNS:%s' % (self._subjectComponentEscape( self.environment[osetupcons.RenameEnv.FQDN], ), ), ), ) self.uninstall_files.extend( (os.path.join(oenginecons.FileLocations.OVIRT_ENGINE_PKIKEYSDIR, '{name}.p12'.format(name=entity['name'])), os.path.join(oenginecons.FileLocations.OVIRT_ENGINE_PKICERTSDIR, '{name}.cer'.format(name=entity['name'])))) if entity['extract_key']: self.execute(args=( oenginecons.FileLocations.OVIRT_ENGINE_PKI_PKCS12_EXTRACT, '--name=%s' % entity['name'], '--passin=%s' % (self.environment[oenginecons.PKIEnv.STORE_PASS], ), '--key=%s' % (os.path.join( oenginecons.FileLocations.OVIRT_ENGINE_PKIKEYSDIR, '{name}.key.nopass'.format(name=entity['name']))), ), ) self.uninstall_files.append( os.path.join(oenginecons.FileLocations.OVIRT_ENGINE_PKIKEYSDIR, '{name}.key.nopass'.format(name=entity['name']))) if entity['extra_action']: entity['extra_action'](self)
def _misc(self): uninstall_files = [] self.environment[osetupcons.CoreEnv.REGISTER_UNINSTALL_GROUPS].createGroup( group="ca_config", description="PKI configuration", optional=True ).addFiles("ca_config", uninstall_files) self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( filetransaction.FileTransaction( name=(oenginecons.FileLocations.OVIRT_ENGINE_SERVICE_CONFIG_PKI), mode=0o600, owner=self.environment[osetupcons.SystemEnv.USER_ENGINE], enforcePermissions=True, content=( 'ENGINE_PKI="{pki_dir}"\n' 'ENGINE_PKI_CA="{ca}"\n' 'ENGINE_PKI_ENGINE_CERT="{engine_cert}"\n' 'ENGINE_PKI_TRUST_STORE="{trust_store}"\n' "ENGINE_PKI_TRUST_STORE_PASSWORD="******"{trust_store_password}"\n') + 'ENGINE_PKI_ENGINE_STORE="{engine_store}"\n' "ENGINE_PKI_ENGINE_STORE_PASSWORD="******"{engine_store_password}"\n') + 'ENGINE_PKI_ENGINE_STORE_ALIAS="{engine_store_alias}"\n' "ENGINE_HTTPS_PKI_TRUST_STORE=" + ('"${{ENGINE_PKI_TRUST_STORE}}"\n') + "ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="******"${{ENGINE_PKI_TRUST_STORE_PASSWORD}}"\n') ).format( pki_dir=(oenginecons.FileLocations.OVIRT_ENGINE_PKIDIR), ca=(oenginecons.FileLocations.OVIRT_ENGINE_PKI_ENGINE_CA_CERT), engine_cert=(oenginecons.FileLocations.OVIRT_ENGINE_PKI_ENGINE_CERT), trust_store=(oenginecons.FileLocations.OVIRT_ENGINE_PKI_ENGINE_TRUST_STORE), trust_store_password=outil.escape(oenginecons.Const.PKI_PASSWORD, '"\\$'), engine_store=(oenginecons.FileLocations.OVIRT_ENGINE_PKI_ENGINE_STORE), engine_store_password=outil.escape(oenginecons.Const.PKI_PASSWORD, '"\\$'), engine_store_alias="1", ), modifiedList=uninstall_files, ) )
def _getDBConfig( self, prefix, host, port, user, password, database, secured, hostValidation, ): return ( '{prefix}_DB_HOST="{host}"\n' '{prefix}_DB_PORT="{port}"\n' '{prefix}_DB_USER="******"\n' '{prefix}_DB_PASSWORD="******"\n' '{prefix}_DB_DATABASE="{database}"\n' '{prefix}_DB_SECURED="{secured}"\n' '{prefix}_DB_SECURED_VALIDATION="{hostValidation}"\n' '{prefix}_DB_DRIVER="org.postgresql.Driver"\n' '{prefix}_DB_URL=' + ( '"' 'jdbc:postgresql://' '${{{prefix}_DB_HOST}}:${{{prefix}_DB_PORT}}' '/${{{prefix}_DB_DATABASE}}' '?{jdbcTlsOptions}' '"\n' ) + '' ).format( prefix=prefix, host=host, port=port, user=user, password=outil.escape( password, '"\\$', ), database=database, secured=secured, hostValidation=hostValidation, jdbcTlsOptions='&'.join( s for s in ( 'ssl=true' if secured else '', ( 'sslfactory=' 'org.postgresql.ssl.NonValidatingFactory' ) if not hostValidation else '' ) if s ), )
def _misc(self): # TODO # this implementation is not transactional # too many issues with legacy ca implementation # need to work this out to allow transactional rc, stdout, stderr = self.execute(args=( oenginecons.FileLocations.OVIRT_ENGINE_PKI_PKCS12_EXTRACT, '--name=%s' % 'apache', '--passin=%s' % (self.environment[oenginecons.PKIEnv.STORE_PASS], ), '--cert=-', ), ) x509 = X509.load_cert_string( string='\n'.join(stdout).encode('ascii'), format=X509.FORMAT_PEM, ) subject = x509.get_subject() subject.get_entries_by_nid(X509.X509_Name.nid['CN'])[0].set_data( self.environment[osetupcons.RenameEnv.FQDN]) self.execute(( oenginecons.FileLocations.OVIRT_ENGINE_PKI_CA_ENROLL, '--name=%s' % 'apache', '--password=%s' % (self.environment[oenginecons.PKIEnv.STORE_PASS], ), '--subject=%s' % '/' + '/'.join( outil.escape(s, '/\\') for s in subject.as_text( flags=XN_FLAG_SEP_MULTILINE, ).splitlines()), '--san=DNS:%s' % (self._subjectComponentEscape( self.environment[osetupcons.RenameEnv.FQDN], ), ), ), ) self.uninstall_files.extend(( oenginecons.FileLocations.OVIRT_ENGINE_PKI_APACHE_STORE, oengcommcons.FileLocations.OVIRT_ENGINE_PKI_APACHE_CERT, )) self.execute(args=( oenginecons.FileLocations.OVIRT_ENGINE_PKI_PKCS12_EXTRACT, '--name=%s' % 'apache', '--passin=%s' % (self.environment[oenginecons.PKIEnv.STORE_PASS], ), '--key=%s' % (oengcommcons.FileLocations.OVIRT_ENGINE_PKI_APACHE_KEY, ), ), ) self.uninstall_files.append( oengcommcons.FileLocations.OVIRT_ENGINE_PKI_APACHE_KEY, ) self.environment[oengcommcons.ApacheEnv.NEED_RESTART] = True
def _handle_rename(self, entity): rc, stdout, stderr = self.execute(args=( oenginecons.FileLocations.OVIRT_ENGINE_PKI_PKCS12_EXTRACT, '--name=%s' % entity['name'], '--passin=%s' % (self.environment[oenginecons.PKIEnv.STORE_PASS], ), '--cert=-', ), ) x509 = X509.load_cert_string( string='\n'.join(stdout).encode('ascii'), format=X509.FORMAT_PEM, ) subject = x509.get_subject() subject.get_entries_by_nid(X509.X509_Name.nid['CN'])[0].set_data( self.environment[osetupcons.RenameEnv.FQDN].encode('utf8')) self.execute(( oenginecons.FileLocations.OVIRT_ENGINE_PKI_CA_ENROLL, '--name=%s' % entity['name'], '--password=%s' % (self.environment[oenginecons.PKIEnv.STORE_PASS], ), '--subject=%s' % '/' + '/'.join( outil.escape(s, '/\\') for s in subject.as_text( flags=XN_FLAG_SEP_MULTILINE, ).splitlines()), '--san=DNS:%s' % (self._subjectComponentEscape( self.environment[osetupcons.RenameEnv.FQDN], ), ), ), ) self.uninstall_files.extend( (os.path.join(oenginecons.FileLocations.OVIRT_ENGINE_PKIKEYSDIR, '{name}.p12'.format(name=entity['name'])), os.path.join(oenginecons.FileLocations.OVIRT_ENGINE_PKICERTSDIR, '{name}.cer'.format(name=entity['name'])))) if entity['extract_key']: self.execute(args=( oenginecons.FileLocations.OVIRT_ENGINE_PKI_PKCS12_EXTRACT, '--name=%s' % entity['name'], '--passin=%s' % (self.environment[oenginecons.PKIEnv.STORE_PASS], ), '--key=%s' % (os.path.join( oenginecons.FileLocations.OVIRT_ENGINE_PKIKEYSDIR, '{name}.key.nopass'.format(name=entity['name']))), ), ) self.uninstall_files.append( os.path.join(oenginecons.FileLocations.OVIRT_ENGINE_PKIKEYSDIR, '{name}.key.nopass'.format(name=entity['name']))) if entity['extra_action']: entity['extra_action'](self)
def _misc(self): self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( filetransaction.FileTransaction( name=(oenginecons.FileLocations. OVIRT_ENGINE_SERVICE_CONFIG_DATABASE), mode=0o600, owner=self.environment[osetupcons.SystemEnv.USER_ENGINE], enforcePermissions=True, content=('ENGINE_DB_HOST="{host}"\n' 'ENGINE_DB_PORT="{port}"\n' 'ENGINE_DB_USER="******"\n' 'ENGINE_DB_PASSWORD="******"\n' 'ENGINE_DB_DATABASE="{db}"\n' 'ENGINE_DB_SECURED="{secured}"\n' 'ENGINE_DB_SECURED_VALIDATION="{securedValidation}"\n' 'ENGINE_DB_DRIVER="org.postgresql.Driver"\n' 'ENGINE_DB_URL=' + ('"' 'jdbc:postgresql://' '${{ENGINE_DB_HOST}}:${{ENGINE_DB_PORT}}' '/${{ENGINE_DB_DATABASE}}' '?{jdbcTlsOptions}' '"\n') + ''). format( host=self.environment[oenginecons.EngineDBEnv.HOST], port=self.environment[oenginecons.EngineDBEnv.PORT], user=self.environment[oenginecons.EngineDBEnv.USER], password=outil.escape( self.environment[oenginecons.EngineDBEnv.PASSWORD], '"\\$', ), db=self.environment[oenginecons.EngineDBEnv.DATABASE], secured=self.environment[oenginecons.EngineDBEnv.SECURED], securedValidation=self.environment[ oenginecons.EngineDBEnv.SECURED_HOST_VALIDATION], jdbcTlsOptions='&'.join(s for s in ( 'ssl=true' if self.environment[oenginecons.EngineDBEnv. SECURED] else '', ('sslfactory=' 'org.postgresql.ssl.NonValidatingFactory') if not self.environment[oenginecons.EngineDBEnv. SECURED_HOST_VALIDATION] else '') if s), ), modifiedList=self.environment[ otopicons.CoreEnv.MODIFIED_FILES], ))
def _misc(self): # TODO # this implementation is not transactional # too many issues with legacy ca implementation # need to work this out to allow transactional rc, stdout, stderr = self.execute( args=( oenginecons.FileLocations.OVIRT_ENGINE_PKI_PKCS12_EXTRACT, "--name=%s" % "apache", "--passin=%s" % (self.environment[oenginecons.PKIEnv.STORE_PASS],), "--cert=-", ) ) x509 = X509.load_cert_string(string="\n".join(stdout).encode("ascii"), format=X509.FORMAT_PEM) subject = x509.get_subject() subject.get_entries_by_nid(X509.X509_Name.nid["CN"])[0].set_data(self.environment[osetupcons.RenameEnv.FQDN]) self.execute( ( oenginecons.FileLocations.OVIRT_ENGINE_PKI_CA_ENROLL, "--name=%s" % "apache", "--password=%s" % (self.environment[oenginecons.PKIEnv.STORE_PASS],), "--subject=%s" % "/" + "/".join(outil.escape(s, "/\\") for s in subject.as_text(flags=XN_FLAG_SEP_MULTILINE).splitlines()), ) ) self.uninstall_files.extend( ( oenginecons.FileLocations.OVIRT_ENGINE_PKI_APACHE_STORE, oengcommcons.FileLocations.OVIRT_ENGINE_PKI_APACHE_CERT, ) ) self.execute( args=( oenginecons.FileLocations.OVIRT_ENGINE_PKI_PKCS12_EXTRACT, "--name=%s" % "apache", "--passin=%s" % (self.environment[oenginecons.PKIEnv.STORE_PASS],), "--key=%s" % (oengcommcons.FileLocations.OVIRT_ENGINE_PKI_APACHE_KEY,), ) ) self.uninstall_files.append(oengcommcons.FileLocations.OVIRT_ENGINE_PKI_APACHE_KEY) self.environment[oengcommcons.ApacheEnv.NEED_RESTART] = True
def _misc(self): self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( filetransaction.FileTransaction( name=( oenginecons.FileLocations. OVIRT_ENGINE_SERVICE_CONFIG_DATABASE ), mode=0o600, owner=self.environment[osetupcons.SystemEnv.USER_ENGINE], enforcePermissions=True, content=( 'ENGINE_DB_HOST="{host}"\n' 'ENGINE_DB_PORT="{port}"\n' 'ENGINE_DB_USER="******"\n' 'ENGINE_DB_PASSWORD="******"\n' 'ENGINE_DB_DATABASE="{db}"\n' 'ENGINE_DB_SECURED="{secured}"\n' 'ENGINE_DB_SECURED_VALIDATION="{securedValidation}"\n' 'ENGINE_DB_DRIVER="org.postgresql.Driver"\n' 'ENGINE_DB_URL="{jdbcUrl}"\n' ).format( host=self.environment[oenginecons.EngineDBEnv.HOST], port=self.environment[oenginecons.EngineDBEnv.PORT], user=self.environment[oenginecons.EngineDBEnv.USER], password=outil.escape( self.environment[oenginecons.EngineDBEnv.PASSWORD], '"\\$', ), db=self.environment[oenginecons.EngineDBEnv.DATABASE], secured=self.environment[oenginecons.EngineDBEnv.SECURED], securedValidation=self.environment[ oenginecons.EngineDBEnv.SECURED_HOST_VALIDATION ], jdbcUrl=database.OvirtUtils( plugin=self, dbenvkeys=oenginecons.Const.ENGINE_DB_ENV_KEYS, ).getJdbcUrl(), ), modifiedList=self.environment[ otopicons.CoreEnv.MODIFIED_FILES ], ) )
def _misc(self): uninstall_files = [] self.environment[ osetupcons.CoreEnv.REGISTER_UNINSTALL_GROUPS ].addFiles( group='ovirt_reports_files', fileList=uninstall_files, ) self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( filetransaction.FileTransaction( name=( oreportscons.FileLocations. REPORTS_SERVICE_CONFIG_DATABASE ), mode=0o600, owner=self.environment[osetupcons.SystemEnv.USER_ENGINE], enforcePermissions=True, content=( 'DWH_DB_HOST="{host}"\n' 'DWH_DB_PORT="{port}"\n' 'DWH_DB_USER="******"\n' 'DWH_DB_PASSWORD="******"\n' 'DWH_DB_DATABASE="{db}"\n' 'DWH_DB_SECURED="{secured}"\n' 'DWH_DB_SECURED_VALIDATION="{securedValidation}"\n' ).format( host=self.environment[oreportscons.DWHDBEnv.HOST], port=self.environment[oreportscons.DWHDBEnv.PORT], user=self.environment[oreportscons.DWHDBEnv.USER], password=outil.escape( self.environment[oreportscons.DWHDBEnv.PASSWORD], '"\\$', ), db=self.environment[oreportscons.DWHDBEnv.DATABASE], secured=self.environment[oreportscons.DWHDBEnv.SECURED], securedValidation=self.environment[ oreportscons.DWHDBEnv.SECURED_HOST_VALIDATION ], ), modifiedList=uninstall_files, ) )
def createPgPass(self): # # we need client side psql library # version as at least in rhel for 8.4 # the password within pgpassfile is # not escaped. # the simplest way is to checkout psql # utility version. # if type(self)._plainPassword is None: rc, stdout, stderr = self._plugin.execute( args=( self.command.get('psql'), '-V', ), ) type(self)._plainPassword = '******' in stdout[0] fd, pgpass = tempfile.mkstemp() atexit.register(os.unlink, pgpass) with os.fdopen(fd, 'w') as f: f.write( ( '# DB USER credentials.\n' '{host}:{port}:{database}:{user}:{password}\n' ).format( host=self.environment[self._dbenvkeys['host']], port=self.environment[self._dbenvkeys['port']], database=self.environment[self._dbenvkeys['database']], user=self.environment[self._dbenvkeys['user']], password=( self.environment[self._dbenvkeys['password']] if type(self)._plainPassword else outil.escape( self.environment[self._dbenvkeys['password']], ':\\', ) ), ), ) self.environment[self._dbenvkeys['pgpassfile']] = pgpass
def _misc(self): self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( filetransaction.FileTransaction( name=(oenginecons.FileLocations. OVIRT_ENGINE_SERVICE_CONFIG_DATABASE), mode=0o600, owner=self.environment[osetupcons.SystemEnv.USER_ENGINE], enforcePermissions=True, content=('ENGINE_DB_HOST="{host}"\n' 'ENGINE_DB_PORT="{port}"\n' 'ENGINE_DB_USER="******"\n' 'ENGINE_DB_PASSWORD="******"\n' 'ENGINE_DB_DATABASE="{db}"\n' 'ENGINE_DB_SECURED="{secured}"\n' 'ENGINE_DB_SECURED_VALIDATION="{securedValidation}"\n' 'ENGINE_DB_DRIVER="org.postgresql.Driver"\n' 'ENGINE_DB_URL="{jdbcUrl}"\n'). format( host=self.environment[oenginecons.EngineDBEnv.HOST], port=self.environment[oenginecons.EngineDBEnv.PORT], user=self.environment[oenginecons.EngineDBEnv.USER], password=outil.escape( self.environment[oenginecons.EngineDBEnv.PASSWORD], '"\\$', ), db=self.environment[oenginecons.EngineDBEnv.DATABASE], secured=self.environment[oenginecons.EngineDBEnv.SECURED], securedValidation=self.environment[ oenginecons.EngineDBEnv.SECURED_HOST_VALIDATION], jdbcUrl=database.OvirtUtils( plugin=self, dbenvkeys=oenginecons.Const.ENGINE_DB_ENV_KEYS, ).getJdbcUrl(), ), modifiedList=self.environment[ otopicons.CoreEnv.MODIFIED_FILES], ))
def _subjectComponentEscape(self, s): return outil.escape(s, '/\\')
def daemonSetup(self): if os.geteuid() == 0: raise RuntimeError( _('This service cannot be executed as root') ) if not os.path.exists(self._defaults): raise RuntimeError( _( "The configuration defaults file '{file}' " "required but missing" ).format( file=self._defaults, ) ) self._config = configfile.ConfigFile( ( self._defaults, config.DWH_VARS, ), ) # # the earliest so we can abort early. # self._executable = os.path.join( java.Java().getJavaHome(), 'bin', 'java', ) self._checkInstallation( pidfile=self.pidfile, ) self._tempDir = service.TempDir() self._tempDir.create() settings = os.path.join(self._tempDir.directory, 'settings.properties') with open(settings, 'w') as f: f.write( util.processTemplate( os.path.join( self._config.get('PKG_DATA_DIR'), 'conf', 'settings.properties.in' ), dict( ('@%s@' % k, util.escape(v, ':=\\ ')) for (k, v) in self._config.values.items() ), ) ) self._serviceArgs = [ 'ovirt-engine-dwhd', '-Dorg.ovirt.engine.dwh.settings=%s' % settings, ] # Add arguments for the java heap size: self._serviceArgs.extend([ '-Xms%s' % self._config.get('DWH_HEAP_MIN'), '-Xmx%s' % self._config.get('DWH_HEAP_MAX'), ]) for engineProperty in shlex.split( self._config.get('DWH_PROPERTIES') ): if not engineProperty.startswith('-D'): engineProperty = '-D' + engineProperty self._serviceArgs.append(engineProperty) for arg in shlex.split(self._config.get('DWH_JVM_ARGS')): self._serviceArgs.append(arg) engineDebugAddress = self._config.get('DWH_DEBUG_ADDRESS') if engineDebugAddress: self._serviceArgs.append( ( '-Xrunjdwp:transport=dt_socket,address=%s,' 'server=y,suspend=n' ) % ( engineDebugAddress ) ) if self._config.getboolean('DWH_VERBOSE_GC'): self._serviceArgs.extend([ '-verbose:gc', '-XX:+PrintGCTimeStamps', '-XX:+PrintGCDetails', ]) self._serviceArgs.extend([ '-classpath', '%s:%s' % ( os.path.join( self._config.get('PKG_JAVA_LIB'), '*', ), self._getClasspath(), ), 'ovirt_engine_dwh.historyetl_4_3.HistoryETL', '--context=Default', ]) self._serviceEnv = os.environ.copy() self._serviceEnv.update({ 'PATH': ( '/usr/local/sbin:/usr/local/bin:' '/usr/sbin:/usr/bin:/sbin:/bin' ), 'LANG': 'en_US.UTF-8', 'LC_ALL': 'en_US.UTF-8', })
def _setupAuth(self): self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( filetransaction.FileTransaction( name=oenginecons.FileLocations.AAA_JDBC_CONFIG_DB, mode=0o600, owner=self.environment[osetupcons.SystemEnv.USER_ENGINE], enforcePermissions=True, content=( 'config.datasource.jdbcurl={jdbcUrl}\n' 'config.datasource.dbuser={user}\n' 'config.datasource.dbpassword={password}\n' 'config.datasource.jdbcdriver=org.postgresql.Driver\n' 'config.datasource.schemaname={schemaName}\n' ).format( jdbcUrl=database.OvirtUtils( plugin=self, dbenvkeys=oenginecons.Const.ENGINE_DB_ENV_KEYS, ).getJdbcUrl(), user=self.environment[oenginecons.EngineDBEnv.USER], password=outil.escape( self.environment[oenginecons.EngineDBEnv.PASSWORD], '"\\$', ), schemaName=self._AAA_JDBC_SCHEMA ), visibleButUnsafe=True, modifiedList=self.environment[ otopicons.CoreEnv.MODIFIED_FILES ], ) ) profile = self.environment[ oenginecons.ConfigEnv.ADMIN_USER ].rsplit('@', 1)[1] self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( filetransaction.FileTransaction( name=( os.path.join( oenginecons.FileLocations.OVIRT_ENGINE_EXTENSIONS_DIR, '%s-authn.properties' % profile ) ), mode=0o600, owner=self.environment[osetupcons.SystemEnv.USER_ENGINE], enforcePermissions=True, content=( 'ovirt.engine.extension.name = internal-authn\n' 'ovirt.engine.extension.bindings.method = jbossmodule\n' 'ovirt.engine.extension.binding.jbossmodule.module = ' 'org.ovirt.engine.extension.aaa.jdbc\n' 'ovirt.engine.extension.binding.jbossmodule.class = ' 'org.ovirt.engine.extension.aaa.jdbc.binding.api.' 'AuthnExtension\n' 'ovirt.engine.extension.provides = ' 'org.ovirt.engine.api.extensions.aaa.Authn\n' 'ovirt.engine.aaa.authn.profile.name = {profile}\n' 'ovirt.engine.aaa.authn.authz.plugin = {authzName}\n' 'config.datasource.file = {dbConfigFile}\n' ).format( profile=profile, authzName=self.environment[ oenginecons.ConfigEnv.ADMIN_USER_AUTHZ_NAME ], dbConfigFile=oenginecons.FileLocations.AAA_JDBC_CONFIG_DB, ), modifiedList=self.environment[ otopicons.CoreEnv.MODIFIED_FILES ], ) ) self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( filetransaction.FileTransaction( name=( os.path.join( oenginecons.FileLocations.OVIRT_ENGINE_EXTENSIONS_DIR, '%s-authz.properties' % profile ) ), mode=0o600, owner=self.environment[osetupcons.SystemEnv.USER_ENGINE], enforcePermissions=True, content=( 'ovirt.engine.extension.name = {authzName}\n' 'ovirt.engine.extension.bindings.method = jbossmodule\n' 'ovirt.engine.extension.binding.jbossmodule.module = ' 'org.ovirt.engine.extension.aaa.jdbc\n' 'ovirt.engine.extension.binding.jbossmodule.class = ' 'org.ovirt.engine.extension.aaa.jdbc.binding.api.' 'AuthzExtension\n' 'ovirt.engine.extension.provides = ' 'org.ovirt.engine.api.extensions.aaa.Authz\n' 'config.datasource.file = {dbConfigFile}\n' ).format( profile=profile, authzName=self.environment[ oenginecons.ConfigEnv.ADMIN_USER_AUTHZ_NAME ], dbConfigFile=oenginecons.FileLocations.AAA_JDBC_CONFIG_DB, ), modifiedList=self.environment[ otopicons.CoreEnv.MODIFIED_FILES ], ) )
def daemonSetup(self): if os.geteuid() == 0: raise RuntimeError( _('This service cannot be executed as root') ) if not os.path.exists(self._defaults): raise RuntimeError( _( "The configuration defaults file '{file}' " "required but missing" ).format( file=self._defaults, ) ) self._config = configfile.ConfigFile( ( self._defaults, config.DWH_VARS, ), ) # # the earliest so we can abort early. # self._executable = os.path.join( java.Java().getJavaHome(), 'bin', 'java', ) self._checkInstallation( pidfile=self.pidfile, ) self._tempDir = service.TempDir() self._tempDir.create() settings = os.path.join(self._tempDir.directory, 'settings.properties') with open(settings, 'w') as f: f.write( util.processTemplate( os.path.join( self._config.get('PKG_DATA_DIR'), 'conf', 'settings.properties.in' ), dict( ('@%s@' % k, util.escape(v, ':=\\ ')) for (k, v) in self._config.values.items() ), ) ) self._serviceArgs = [ 'ovirt-engine-dwhd', '-Dorg.ovirt.engine.dwh.settings=%s' % settings, ] # Add arguments for the java heap size: self._serviceArgs.extend([ '-Xms%s' % self._config.get('DWH_HEAP_MIN'), '-Xmx%s' % self._config.get('DWH_HEAP_MAX'), ]) for engineProperty in shlex.split( self._config.get('DWH_PROPERTIES') ): if not engineProperty.startswith('-D'): engineProperty = '-D' + engineProperty self._serviceArgs.append(engineProperty) for arg in shlex.split(self._config.get('DWH_JVM_ARGS')): self._serviceArgs.append(arg) engineDebugAddress = self._config.get('DWH_DEBUG_ADDRESS') if engineDebugAddress: self._serviceArgs.append( ( '-Xrunjdwp:transport=dt_socket,address=%s,' 'server=y,suspend=n' ) % ( engineDebugAddress ) ) if self._config.getboolean('DWH_VERBOSE_GC'): self._serviceArgs.extend([ '-verbose:gc', '-XX:+PrintGCTimeStamps', '-XX:+PrintGCDetails', ]) self._serviceArgs.extend([ '-classpath', '%s:%s' % ( os.path.join( self._config.get('PKG_JAVA_LIB'), '*', ), self._getClasspath(), ), 'ovirt_engine_dwh.historyetl_4_4.HistoryETL', '--context=Default', ]) self._serviceEnv = os.environ.copy() self._serviceEnv.update({ 'PATH': ( '/usr/local/sbin:/usr/local/bin:' '/usr/sbin:/usr/bin:/sbin:/bin' ), 'LANG': 'en_US.UTF-8', 'LC_ALL': 'en_US.UTF-8', })
def _misc(self): self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( filetransaction.FileTransaction( name=( osetupcons.FileLocations. OVIRT_ENGINE_SERVICE_CONFIG_DATABASE ), mode=0o600, owner=self.environment[osetupcons.SystemEnv.USER_ENGINE], enforcePermissions=True, content=( 'ENGINE_DB_HOST="{host}"\n' 'ENGINE_DB_PORT="{port}"\n' 'ENGINE_DB_USER="******"\n' 'ENGINE_DB_PASSWORD="******"\n' 'ENGINE_DB_DATABASE="{db}"\n' 'ENGINE_DB_SECURED="{secured}"\n' 'ENGINE_DB_SECURED_VALIDATION="{securedValidation}"\n' 'ENGINE_DB_DRIVER="org.postgresql.Driver"\n' 'ENGINE_DB_URL=' + ( '"' 'jdbc:postgresql://' '${{ENGINE_DB_HOST}}:${{ENGINE_DB_PORT}}' '/${{ENGINE_DB_DATABASE}}' '?{jdbcTlsOptions}' '"\n' ) + '' ).format( host=self.environment[osetupcons.DBEnv.HOST], port=self.environment[osetupcons.DBEnv.PORT], user=self.environment[osetupcons.DBEnv.USER], password=outil.escape( self.environment[osetupcons.DBEnv.PASSWORD], '"\\$', ), db=self.environment[osetupcons.DBEnv.DATABASE], secured=self.environment[osetupcons.DBEnv.SECURED], securedValidation=self.environment[ osetupcons.DBEnv.SECURED_HOST_VALIDATION ], jdbcTlsOptions='&'.join( s for s in ( 'ssl=true' if self.environment[ osetupcons.DBEnv.SECURED ] else '', ( 'sslfactory=' 'org.postgresql.ssl.NonValidatingFactory' ) if not self.environment[ osetupcons.DBEnv.SECURED_HOST_VALIDATION ] else '' ) if s ), ), modifiedList=self.environment[ otopicons.CoreEnv.MODIFIED_FILES ], ) )