def main(conninfo, credentials, args):
response = nfs.nfs_get_export(conninfo, credentials, args.id,
args.export_path)
export_info = {}
export_info, export_info['if_match'] = response
export_info['id_'] = export_info['id']
export_info['allow_fs_path_create'] = args.create_fs_path
if args.present_64_bit_fields_as_32_bit is not None:
export_info['present_64_bit_fields_as_32_bit'] = \
args.present_64_bit_fields_as_32_bit
del export_info['id']
if args.new_export_path is not None:
export_info['export_path'] = args.new_export_path
if args.fs_path is not None:
export_info['fs_path'] = args.fs_path
if args.description is not None:
export_info['description'] = args.description
if args.restrictions:
export_info['restrictions'] = parse_nfs_export_restrictions_file(
args.restrictions)
elif args.no_restrictions:
export_info['restrictions'] = \
[NFSExportRestriction.create_default()]
else:
export_info['restrictions'] = \
[NFSExportRestriction(r) for r in export_info['restrictions']]
print nfs.nfs_modify_export(conninfo, credentials, **export_info)
def parse_nfs_export_restrictions(restrictions):
nfs_export_restrictions = list()
for r in restrictions:
read_only = r.get('read_only', False)
require_privileged_port = r.get('require_privileged_port', False)
host_restrictions = r.get('host_restrictions', [])
try:
user_mapping = convert_nfs_user_mapping(
r.get('user_mapping', 'none'))
restriction = NFSExportRestriction({
'read_only':
read_only,
'host_restrictions':
host_restrictions,
'user_mapping':
user_mapping,
'require_privileged_port':
require_privileged_port
})
if (user_mapping == 'NFS_MAP_NONE'):
nfs_export_restrictions.append(restriction)
continue
user = r.get('map_to_user')
if (user.get('id_type') == 'NFS_UID') ^ ('map_to_group' in r):
raise ValueError(
'Restriction should either specify map_to_user'
' with an NFS uid and map_to_group with an NFS gid, or specify '
'map_to_user with a local user id.')
restriction['map_to_user'] = \
{
'id_type': user.get('id_type'),
'id_value': user.get('id_value')
}
if 'map_to_group' in r:
group = r.get('map_to_group')
restriction['map_to_group'] = \
{
'id_type': group.get('id_type'),
'id_value': group.get('id_value')
}
except (ValueError, AttributeError) as e:
raise ValueError('When trying to process the following ' +
'restriction: ' + str(r) +
', this error was thrown: ' + str(e))
nfs_export_restrictions.append(restriction)
return nfs_export_restrictions
def do_remove_entry(conninfo, creds, args):
old_export, etag = nfs.nfs_get_export(conninfo, creds, args.id,
args.export_path)
validate_position(old_export['restrictions'], args.position)
restrictions = [
NFSExportRestriction(r)
for i, r in enumerate(old_export['restrictions'])
if i != (args.position - 1)
]
return modify_restrictions(conninfo, creds, old_export, etag, restrictions)
def do_add_entry(conninfo, creds, args):
entry = NFSExportRestriction({
'host_restrictions':
args.hosts if args.hosts != ['*'] else [],
'require_privileged_port':
bool(args.secure),
'read_only':
bool(args.ro),
})
if args.root_squash:
entry.user_mapping = 'NFS_MAP_ROOT'
add_user_mapping_from_args(entry, args)
elif args.all_squash:
entry.user_mapping = 'NFS_MAP_ALL'
add_user_mapping_from_args(entry, args)
elif any([args.anon_local, args.anon_uid, args.anon_gid]):
raise ValueError(
"Anonymous identity cannot be given if squashing is disabled.")
else:
entry.user_mapping = 'NFS_MAP_NONE'
old_export, etag = nfs.nfs_get_export(conninfo, creds, args.id,
args.export_path)
restrictions = [
NFSExportRestriction(r) for r in old_export['restrictions']
]
# NB: list.insert inserts before, but the host entry list is 1-indexed, so
# passing position to list.insert unchanged will insert after that position.
restrictions.insert(
len(restrictions) if args.insert_after is None else args.insert_after,
entry)
return modify_restrictions(conninfo, creds, old_export, etag, restrictions)
def main(conninfo, credentials, args):
if args.restrictions:
restrictions = parse_nfs_export_restrictions_file(
args.restrictions)
else:
restrictions = [NFSExportRestriction.create_default()]
print nfs.nfs_add_export(conninfo,
credentials,
args.export_path,
args.fs_path,
args.description,
restrictions,
allow_fs_path_create=args.create_fs_path,
present_64_bit_fields_as_32_bit=args.
present_64_bit_fields_as_32_bit)
def do_modify_entry(conninfo, creds, args):
old_export, etag = nfs.nfs_get_export(conninfo, creds, args.id,
args.export_path)
validate_position(old_export['restrictions'], args.position)
restrictions = [
NFSExportRestriction(r) for r in old_export['restrictions']
]
entry = restrictions[args.position - 1]
if args.hosts is not None:
entry.host_restrictions = args.hosts if args.hosts != ["*"] else []
if args.secure is not None:
entry.require_privileged_port = args.secure
if args.ro is not None:
entry.read_only = args.ro
if args.no_root_squash:
entry.user_mapping = 'NFS_MAP_NONE'
entry.map_to_user = None
entry.map_to_group = None
if args.root_squash:
entry.user_mapping = 'NFS_MAP_ROOT'
add_user_mapping_from_args(
entry,
args,
must_set=not entry.dictionary().get('map_to_user', False))
if args.all_squash:
entry.user_mapping = 'NFS_MAP_ALL'
add_user_mapping_from_args(
entry,
args,
must_set=not entry.dictionary().get('map_to_user', False))
if any([
args.anon_local, args.anon_uid is not None, args.anon_gid
is not None
]):
# Note that this must be ordered after setting the map mode above in
# order for this check to be correct:
if entry.user_mapping == 'NFS_MAP_NONE':
raise ValueError(
"Cannot set anonymous identity on a --no-root-squash export.")
add_user_mapping_from_args(entry, args)
return modify_restrictions(conninfo, creds, old_export, etag, restrictions)
def main(args):
parser = argparse.ArgumentParser(
description='Add NFS export restrictions from netgroups to a cluster')
parser.add_argument('--config',
default='netgroup_nfs.json',
help='Config json filename.')
parser.add_argument('--commit',
action='store_true',
help='Apply restrictions to cluster.')
parser.add_argument('--verbose',
'-v',
action='count',
help='Increase verbosity of messages.')
args = parser.parse_args(args)
if not args.verbose:
loglevel = log.INFO
elif args.verbose == 1:
loglevel = log.DEBUG
else:
loglevel = log.WARN
log.basicConfig(format="%(levelname)s: %(message)s", level=loglevel)
options = parse_config(args.config)
if 'hostname' and 'username' and 'password' in options.keys():
cluster_host = options['hostname']
cluster_user = options['username']
cluster_password = options['password']
else:
cluster_host = os.environ["CLUSTER_HOST"]
cluster_user = os.environ["CLUSTER_ADMIN"]
cluster_password = os.environ["CLUSTER_PASSWORD"]
# Connect to Cluster Rest API
restclient = qumulo.rest_client.RestClient(cluster_host, 8000)
try:
log.info("Logging into {} as user {}".format(cluster_host,
cluster_user))
restclient.login(cluster_user, cluster_password)
except:
log.error("FAILED to login to cluster at {}".format(cluster_host))
raise
export_map = options['export_map']
for export_path in export_map.keys():
# Retrieve the current export configuration
try:
export = restclient.nfs.nfs_get_export(export_path)
except qumulo.lib.request.RequestError as error:
log.warning("Failure to retrieve export for {}: {}".format(
export_path, error))
continue
# We don't appear to use more than one set of export restrictions, but
# just in case...
if len(export['restrictions']) > 1:
log.error("This script cannot currently handle exports that "
"have more than one restriction list.")
raise Exception
allowed_hosts = export_map[export_path]
# Define IP restrictions for the enumerated netgroups
export['restrictions'][0]['host_restrictions'] = enumerate_hosts(
allowed_hosts)
# Manipulate our configuration so that we can modify the export
export['restrictions'][0] = NFSExportRestriction(
export['restrictions'][0])
export[u'id_'] = export.pop('id')
# Apply our changes to this export
if args.commit:
log.info("Updating export ({})".format(export_path))
update_result = restclient.nfs.nfs_modify_export(**export)
log.debug("{}\n".format(pformat(update_result)))
else:
log.debug(
"Unapplied export configuration ({})".format(export_path))
log.debug("{}\n".format(pformat(export)))
if not args.commit:
log.info("No configuration applied. Use --commit to apply changes.")