def set(self, timestamp=None):
# ensure directory for timestamp exists
fs.create_dir(remote.path.dirname(self.rpath), 0o755)
# update timestamp
fs.touch(self.rpath, timestamp)
# update cached values
if timestamp is not None:
self._current = timestamp
self.synced = True
log.debug('Timestamp {} set to {}'.format(self.rpath, self._current))
def set(self, timestamp=None):
# ensure directory for timestamp exists
fs.create_dir(remote.path.dirname(self.rpath), 0o755)
# update timestamp
fs.touch(self.rpath, timestamp)
# update cached values
if timestamp is not None:
self._current = timestamp
self.synced = True
log.debug('Timestamp {} set to {}'.format(self.rpath, self._current))
def init_authorized_keys(user='******', fix_permissions=True):
ak_file = get_authorized_keys_file(user)
ak_dir = remote.path.dirname(ak_file)
changed = False
# ensure the directory exists
changed |= fs.create_dir(ak_dir, mode=AK_DIR_PERMS).changed
if fix_permissions:
changed |= fs.chmod(ak_dir, AK_DIR_PERMS).changed
# check if the authorized keys file exists
if not remote.lstat(ak_file):
changed |= fs.touch(ak_file).changed
if fix_permissions:
changed |= fs.chmod(ak_file, AK_FILE_PERMS).changed
# at this point, we have fixed permissions for file and dir, as well as
# ensured they exist. however, they might still be owned by root
if changed:
return Changed(ak_file,
msg='Changed permissions or owner on authorized keys')
return Unchanged(
ak_file,
msg='authorized keys file has correct owner and permissions')
def install_private_key(key_file,
user='******',
key_type='rsa',
target_path=None):
if target_path is None:
# FIXME: auto-determine key type if None
if key_type not in ('rsa', ):
raise NotImplementedError('Key type {} not supported')
fn = 'id_' + key_type
target_path = remote.path.join(info['posix.users'][user].home, '.ssh',
fn)
changed = False
# blocked: SSH transport does not suppoort
# with remote.umasked(0o777 - KEY_FILE_PERMS):
changed |= fs.create_dir(
remote.path.dirname(target_path),
mode=AK_DIR_PERMS).changed
changed |= fs.upload_file(key_file, target_path).changed
changed |= fs.chmod(target_path, mode=KEY_FILE_PERMS).changed
if changed:
return Changed(msg='Installed private key {}'.format(target_path))
return Unchanged(
msg='Private key {} already installed'.format(target_path))
def init_authorized_keys(user='******', fix_permissions=True):
ak_file = get_authorized_keys_file(user)
ak_dir = remote.path.dirname(ak_file)
changed = False
# ensure the directory exists
changed |= fs.create_dir(ak_dir, mode=AK_DIR_PERMS).changed
if fix_permissions:
changed |= fs.chmod(ak_dir, AK_DIR_PERMS).changed
changed |= fs.chown(ak_dir, uid=user).changed
# check if the authorized keys file exists
if not remote.lstat(ak_file):
changed |= fs.touch(ak_file).changed
if fix_permissions:
changed |= fs.chmod(ak_file, AK_FILE_PERMS).changed
changed |= fs.chown(ak_dir, uid=user).changed
# at this point, we have fixed permissions for file and dir, as well as
# ensured they exist. however, they might still be owned by root
if changed:
return Changed(ak_file,
msg='Changed permissions or owner on authorized keys')
return Unchanged(
ak_file, msg='authorized keys file has correct owner and permissions')
def install_private_key(key_file,
user='******',
key_type='rsa',
target_path=None):
if target_path is None:
# FIXME: auto-determine key type if None
if key_type not in ('rsa', ):
raise NotImplementedError('Key type {} not supported')
fn = 'id_' + key_type
target_path = remote.path.join(info['posix.users'][user].home, '.ssh',
fn)
changed = False
# blocked: SSH transport does not suppoort
# with remote.umasked(0o777 - KEY_FILE_PERMS):
changed |= fs.create_dir(remote.path.dirname(target_path),
mode=AK_DIR_PERMS).changed
changed |= fs.upload_file(key_file, target_path).changed
changed |= fs.chmod(target_path, mode=KEY_FILE_PERMS).changed
if changed:
return Changed(msg='Installed private key {}'.format(target_path))
return Unchanged(
msg='Private key {} already installed'.format(target_path))
def run():
# create source.list.d
fs.create_dir('/etc/apt/sources.list.d')
if info['lsb.dist_id'] == 'Ubuntu':
fs.upload_string(tpl.render(),
'/etc/apt/sources.list.d/ubuntu-mirrors.list')
elif info['lsb.dist_id'] == 'Debian':
raise NotImplementedError
else:
raise NotImplementedError
# FIXME: do not do this for raspbian, needs os-release check
fs.remove_file('/etc/apt/sources.list')
apt.update(max_age=60)
apt.update(max_age=60)
apt.update(max_age=60)
def enable_letsencrypt(auto_reload=True, remove_default=True):
changed = any_changed(
fs.upload_file(nginx.files['acme-challenge'],
'/etc/nginx/sites-available/acme-challenge'),
fs.symlink('/etc/nginx/sites-available/acme-challenge',
'/etc/nginx/sites-enabled/00_acme-challenge'),
)
fs.create_dir('/var/www/html/.well-known')
fs.create_dir('/var/www/html/.well-known/acme-challenge')
fs.chmod('/var/www/html/.well-known', mode=0o755)
fs.chmod('/var/www/html/.well-known/acme-challenge', mode=0o755)
if remove_default:
changed |= fs.remove_file('/etc/nginx/sites-enabled/default').changed
if changed:
if auto_reload:
systemd.reload_unit('nginx.service', only_if_running=True)
return Changed(msg='Enabled nginx Let\'s encrypt support')
return Unchanged(msg='nginx Let\'s encrypt support already enabled')
def sync(self):
log.debug('Syncing timestamp {}'.format(self.rpath))
if self.synced:
log.debug('Timestamp already synced')
return
# ensure directory for timestamp exists
if fs.create_dir(remote.path.dirname(self.rpath), 0o755).changed:
# had to create directory, new timestamp
self.synced = True
self._current = 0
log.debug('Timestamp did not exist')
return
# directory already exists
st = remote.stat(self.rpath)
if not st:
# file does not exist
self._current = 0
log.debug('Timestamp did not exist')
else:
self._current = st.st_mtime
log.debug('Timestamp synced to {}'.format(self._current))
self.synced = True
def sync(self):
log.debug('Syncing timestamp {}'.format(self.rpath))
if self.synced:
log.debug('Timestamp already synced')
return
# ensure directory for timestamp exists
if fs.create_dir(remote.path.dirname(self.rpath), 0o755).changed:
# had to create directory, new timestamp
self.synced = True
self._current = 0
log.debug('Timestamp did not exist')
return
# directory already exists
st = remote.stat(self.rpath)
if not st:
# file does not exist
self._current = 0
log.debug('Timestamp did not exist')
else:
self._current = st.st_mtime
log.debug('Timestamp synced to {}'.format(self._current))
self.synced = True