def test_02_gen_local_certs_keys(self): pfx = '%s.%s: ' % (self.name, f_name()) print 'Starting %s...' % f_name() # If temporary admin user home does not exist, create it: if not exists(prop.ADMIN_HOME): os.makedirs(prop.ADMIN_HOME, 0777) # Put TGZ file in proper place: shutil.copy2(join(PRESERVE_DIR, SRNA_UPDATE_TGZ), prop.SRNA_UPDATE_TGZ) try: from tools.srna.update_srna_local import update_srna update_srna() # Check created items: msg = '%s: Failed to create %s' for tgt in LOCAL_TGT_FILES: if not os.path.exists(tgt): self.fail(msg % (f_name(), tgt)) return # Save created items for use in mpx.lib._test_case_rna and # mpx.service.network._test_case_rna: shutil.copytree(prop.SRNA_DATA, join(PRESERVE_DIR, 'srna')) print '%s: OK' % pfx except Exception, e: print str(e)
def MAIN(argv): interactive_debug = 0 config_file = None # Parse the command line to modify the default behavior. # THIS IS DONE BEFORE MOST IMPORTS TO HELP PSYCO (I think). # @fixme cleanup, maybe move to part of mpx.system.run(argv) state = 'seek' for i in range(1,len(argv)): arg = argv[i] if state == 'seek': if arg == '-i': interactive_debug = 1 elif arg == '-p': import psyco psyco.full() elif arg == '-x': state = 'config' else: print_help() raise SystemExit elif state == 'config': config_file = arg state = 'seek' else: print_help() raise SystemExit import os from mpx import properties from mpx.system import run from mpx.lib import msglog try: init_config = load_config(properties.MPXINIT_CONF_FILE) if 'proxyserver' in dict(init_config.items('host')).keys(): proxy = str(dict(init_config.items('host'))['proxyserver']).strip() if len(proxy) and proxy != '0.0.0.0': if not proxy.startswith('http://'): proxy = 'http://' + proxy import urllib2 os.environ['http_proxy'] = proxy urllib2.ProxyHandler() except: pass # Technically, these should be properties, but it's not imperative. # Why? For one, these files are very specialized and not referenced outside # of here and Mpxconfig. Secondly, this script only checks for the exitance # of the files, and does nothing if they don't exist, so there should be # no impact if run outside of a genuine mediator environment. It's another # matter, however, if the framework is ported to another operating system. HOST_NAME_CHANGED_FILE = '/etc/mpx_hostnamechanged.tmp' TIME_CHANGED_FILE = '/etc/mpx_timechanged.tmp' CERTIFICATE_FILE = '/usr/lib/broadway/http/certificate.pem' # Delete the web certificate if the host name has changed, as indicated by # tmp file left behind by Mpxconfig. if os.path.exists(HOST_NAME_CHANGED_FILE): os.remove(HOST_NAME_CHANGED_FILE) if os.path.exists(CERTIFICATE_FILE): os.remove(CERTIFICATE_FILE) # Delete the web certificate if the time has changed, as indicated by # tmp file left behind by Mpxconfig. if os.path.exists(TIME_CHANGED_FILE): os.remove(TIME_CHANGED_FILE) if os.path.exists(CERTIFICATE_FILE): os.remove(CERTIFICATE_FILE) if config_file is None: config_file = properties.CONFIGURATION_FILE # Perform any indicated SRNA CA/certs/keys updates: from tools.srna.update_srna_local import update_srna update_srna() #check if root user exists, and if so, delete that user flag=0 x=open("/etc/passwd") for line in x.readlines(): if line[:5]=="root:": flag=1 x.close() # Removing root entry from /etc/passwd and /etc/shadow breaks system utilities # like cron that expect the entry to exist. # So this code is disabled by forcing flag to be zero for now. # Making the Framework run as a non root user might help clean this up too. # @fixme mpxadmin user is effectively root user anyway so there is not much point in removing root flag = 0 if(flag==1): msglog.log('rc.mfw', msglog.types.WARN, 'Root account detected. Deleting root account') from tempfile import mkstemp fd,temp_path_pass=mkstemp(dir='/etc/') o=open('/etc/passwd','r') for line in o.readlines(): if line[:5] != 'root:': os.write(fd,line) o.close() os.close(fd) fd,temp_path_sh=mkstemp(dir='/etc/') o=open('/etc/shadow','r') for line in o.readlines(): if line[:5] != 'root:': os.write(fd,line) o.close() os.close(fd) #the following two commands should ideally be one atomic operation #os.rename is guaranteed atomic on linux. If context switch happens #after one rename, all is not lost. shadow file must contain a line #for every user in passwd, but extra lines will not affect operation os.rename(temp_path_pass,'/etc/passwd') os.rename(temp_path_sh,'/etc/shadow') # 'Bootstrap' the Mediator framework. # @fixme move a bunch of this into the Framework. msglog.log('rc.mfw', msglog.types.INFO, 'Loading Broadway, the Mediator Framework from %s.' % config_file) if interactive_debug: msglog.log('rc.mfw', msglog.types.WARN, 'Framework is starting in interactive debug mode.') run(config_file, interactive_debug) else: try: run(config_file, interactive_debug) except SystemExit, e: if e.args: args = (e.code,) + e.args else: args = "(%s)" % e.code log_message('rc.mfw', msglog.types.WARN, 'Framework is exiting due to a SystemExit%s.' % args) raise e except Exception, e: msglog.exception() raise e
def MAIN(argv): interactive_debug = 0 config_file = None # Parse the command line to modify the default behavior. # THIS IS DONE BEFORE MOST IMPORTS TO HELP PSYCO (I think). # @fixme cleanup, maybe move to part of mpx.system.run(argv) state = 'seek' for i in range(1, len(argv)): arg = argv[i] if state == 'seek': if arg == '-i': interactive_debug = 1 elif arg == '-p': import psyco psyco.full() elif arg == '-x': state = 'config' else: print_help() raise SystemExit elif state == 'config': config_file = arg state = 'seek' else: print_help() raise SystemExit import os from mpx import properties from mpx.system import run from mpx.lib import msglog try: init_config = load_config(properties.MPXINIT_CONF_FILE) if 'proxyserver' in dict(init_config.items('host')).keys(): proxy = str(dict(init_config.items('host'))['proxyserver']).strip() if len(proxy) and proxy != '0.0.0.0': if not proxy.startswith('http://'): proxy = 'http://' + proxy import urllib2 os.environ['http_proxy'] = proxy urllib2.ProxyHandler() except: pass # Technically, these should be properties, but it's not imperative. # Why? For one, these files are very specialized and not referenced outside # of here and Mpxconfig. Secondly, this script only checks for the exitance # of the files, and does nothing if they don't exist, so there should be # no impact if run outside of a genuine mediator environment. It's another # matter, however, if the framework is ported to another operating system. HOST_NAME_CHANGED_FILE = '/etc/mpx_hostnamechanged.tmp' TIME_CHANGED_FILE = '/etc/mpx_timechanged.tmp' CERTIFICATE_FILE = '/usr/lib/broadway/http/certificate.pem' # Delete the web certificate if the host name has changed, as indicated by # tmp file left behind by Mpxconfig. if os.path.exists(HOST_NAME_CHANGED_FILE): os.remove(HOST_NAME_CHANGED_FILE) if os.path.exists(CERTIFICATE_FILE): os.remove(CERTIFICATE_FILE) # Delete the web certificate if the time has changed, as indicated by # tmp file left behind by Mpxconfig. if os.path.exists(TIME_CHANGED_FILE): os.remove(TIME_CHANGED_FILE) if os.path.exists(CERTIFICATE_FILE): os.remove(CERTIFICATE_FILE) if config_file is None: config_file = properties.CONFIGURATION_FILE # Perform any indicated SRNA CA/certs/keys updates: from tools.srna.update_srna_local import update_srna update_srna() #check if root user exists, and if so, delete that user flag = 0 x = open("/etc/passwd") for line in x.readlines(): if line[:5] == "root:": flag = 1 x.close() # Removing root entry from /etc/passwd and /etc/shadow breaks system utilities # like cron that expect the entry to exist. # So this code is disabled by forcing flag to be zero for now. # Making the Framework run as a non root user might help clean this up too. # @fixme mpxadmin user is effectively root user anyway so there is not much point in removing root flag = 0 if (flag == 1): msglog.log('rc.mfw', msglog.types.WARN, 'Root account detected. Deleting root account') from tempfile import mkstemp fd, temp_path_pass = mkstemp(dir='/etc/') o = open('/etc/passwd', 'r') for line in o.readlines(): if line[:5] != 'root:': os.write(fd, line) o.close() os.close(fd) fd, temp_path_sh = mkstemp(dir='/etc/') o = open('/etc/shadow', 'r') for line in o.readlines(): if line[:5] != 'root:': os.write(fd, line) o.close() os.close(fd) #the following two commands should ideally be one atomic operation #os.rename is guaranteed atomic on linux. If context switch happens #after one rename, all is not lost. shadow file must contain a line #for every user in passwd, but extra lines will not affect operation os.rename(temp_path_pass, '/etc/passwd') os.rename(temp_path_sh, '/etc/shadow') # 'Bootstrap' the Mediator framework. # @fixme move a bunch of this into the Framework. msglog.log( 'rc.mfw', msglog.types.INFO, 'Loading Broadway, the Mediator Framework from %s.' % config_file) if interactive_debug: msglog.log('rc.mfw', msglog.types.WARN, 'Framework is starting in interactive debug mode.') run(config_file, interactive_debug) else: try: run(config_file, interactive_debug) except SystemExit, e: if e.args: args = (e.code, ) + e.args else: args = "(%s)" % e.code log_message('rc.mfw', msglog.types.WARN, 'Framework is exiting due to a SystemExit%s.' % args) raise e except Exception, e: msglog.exception() raise e