def save(self, admin_user):
self.collection.insert(admin_user)
admin_user['plain_password'] = self.cstruct['password']
settings = get_current_registry().settings
user = self.request.user
api = get_chef_api(settings, user)
try:
create_chef_admin_user(api, settings, admin_user['username'])
self.created_msg(_('User created successfully'))
return True
except ChefServerError as e:
self.created_msg(e.message, 'danger')
self.collection.remove({'username': admin_user['username']})
raise e
def save(self, admin_user):
self.collection.insert(admin_user)
admin_user['plain_password'] = self.cstruct['password']
settings = get_current_registry().settings
user = self.request.user
api = get_chef_api(settings, user)
try:
create_chef_admin_user(api, settings, admin_user['username'])
self.created_msg(_('User created successfully'))
return True
except ChefServerError as e:
self.created_msg(e.message, 'danger')
self.collection.remove({'username': admin_user['username']})
raise e
def command(self):
api = _get_chef_api(self.settings.get('chef.url'),
toChefUsername(self.options.chef_username),
self.options.chef_pem)
try:
api['/users/%s' % toChefUsername(self.options.username)]
print "The username %s already exists in the chef sever" % toChefUsername(self.options.username)
sys.exit(1)
except ChefServerNotFoundError:
pass
chef_password = self.create_password("Insert the chef password, the spaces will be stripped",
"The generated password to chef server is: {0}")
try:
create_chef_admin_user(api, self.settings, toChefUsername(self.options.username), chef_password)
except ChefServerError, e:
print "User not created in chef, error was: %s" % e
sys.exit(1)
def command(self):
api = _get_chef_api(self.settings.get('chef.url'),
toChefUsername(self.options.chef_username),
self.options.chef_pem)
try:
api['/users/%s' % toChefUsername(self.options.username)]
print "The username %s already exists in the chef sever" % toChefUsername(
self.options.username)
sys.exit(1)
except ChefServerNotFoundError:
pass
chef_password = self.create_password(
"Insert the chef password, the spaces will be stripped",
"The generated password to chef server is: {0}")
try:
create_chef_admin_user(api, self.settings,
toChefUsername(self.options.username),
chef_password)
except ChefServerError, e:
print "User not created in chef, error was: %s" % e
sys.exit(1)
def command(self):
api = _get_chef_api(self.settings.get('chef.url'),
toChefUsername(self.options.chef_username),
self.options.chef_pem,
self.settings.get('chef.ssl.verify'),
self.settings.get('chef.version'))
try:
api['/users/%s' % toChefUsername(self.options.username)]
print("The username %s already exists in the chef sever" %
(toChefUsername(self.options.username)))
sys.exit(1)
except ChefServerNotFoundError:
pass
chef_password = self.create_password(
"Insert the chef password, the spaces will be stripped",
"The generated password to chef server is: {0}")
try:
create_chef_admin_user(api, self.settings,
toChefUsername(self.options.username),
chef_password, self.options.email)
except ChefServerError as e:
print("User not created in chef, error was: %s" % e)
sys.exit(1)
print("User %s created in chef server" %
toChefUsername(self.options.username))
if int(self.settings.get('chef.version').split('.')[0]) >= 12:
if os.path.isfile('/opt/opscode/bin/chef-server-ctl') is True:
# Include the user in the "server-admins" group
cmd = [
'/opt/opscode/bin/chef-server-ctl',
'grant-server-admin-permissions',
toChefUsername(self.options.username)
]
if subprocess.call(cmd) != 0:
print('ERROR: error adding the administrator to '
'"server-admins" chef group')
sys.exit(1)
else:
# Chef 12 /opt/opscode/bin/chef-server-ctl does not exists
# in the system
# This usually is because Chef and GECOS CC are installed in
# different machines
print("NOTICE: Please remember to grant server admin "
"permissions to this user by executing the following "
"command in Chef 12 server:")
print("%s %s %s" % ('/opt/opscode/bin/chef-server-ctl',
'grant-server-admin-permissions',
toChefUsername(self.options.username)))
# Add the user to the default organization
try:
data = {"user": toChefUsername(self.options.username)}
response = api.api_request(
'POST',
'/organizations/default/association_requests',
data=data)
association_id = response["uri"].split("/")[-1]
api.api_request(
'PUT',
'/users/%s/association_requests/%s' %
(toChefUsername(self.options.username), association_id),
data={"response": 'accept'})
except ChefServerError as e:
print("User not added to default organization in chef,",
"error was: %s" % e)
sys.exit(1)
# Add the user to the default organization's admins group
try:
admins_group = api['/organizations/default/groups/admins']
admins_group['users'].append(
toChefUsername(self.options.username))
api.api_request('PUT',
'/organizations/default/groups/admins',
data={
"groupname": admins_group["groupname"],
"actors": {
"users": admins_group['users'],
"groups": admins_group["groups"]
}
})
except ChefServerError as e:
print("User not added to default organization's admins group"\
" in chef, error was: %s" % e)
sys.exit(1)
print("User %s set as administrator in the default organization"\
" chef server" % toChefUsername(self.options.username))
gcc_password = self.create_password(
"Insert the GCC password, the spaces will be stripped",
"The generated password to GCC is: {0}")
try:
self.pyramid.userdb.create_user(
self.options.username, gcc_password, self.options.email,
{'is_superuser': self.options.is_superuser})
except UserAlreadyExists:
print("The user already exists in mongo")
else:
print("User %s created in mongo" % self.options.username)
def command(self):
api = _get_chef_api(self.settings.get('chef.url'),
toChefUsername(self.options.chef_username),
self.options.chef_pem, False, self.settings.get('chef.version'))
print '============ CHECKING ADMINISTRATOR USERS ============='
# Check if all the GECOS CC administrators
# are properly created in Chef 12
admin_users = self.pyramid.userdb.list_users()
for admin_user in admin_users:
print 'Checking admin user: %s'%(admin_user['username'])
# The email must be unique
users_with_email = self.pyramid.userdb.list_users({'email': admin_user['email']})
if users_with_email.count() > 1:
print "ERROR: more than one user with this email: %s"%(admin_user['email'])
# Get the Chef user
chef_user = None
try:
chef_user = api['/users/%s' % toChefUsername(admin_user['username'])]
except ChefServerNotFoundError:
pass
if chef_user is None:
# No chef user found
print "WARNING: No Chef user found. We will try to create it!"
chef_password = password_generator()
try:
create_chef_admin_user(api, self.settings, toChefUsername(admin_user['username']), chef_password, admin_user['email'])
except ChefServerError, e:
print "ERROR: User not created in chef, error was: %s" % e
print "(Check /opt/opscode/embedded/service/opscode-erchef/log/requests.log* for more info)"
sys.exit(1)
chef_user = api['/users/%s' % toChefUsername(admin_user['username'])]
# Check the email of the chef user
if chef_user['email'] != admin_user['email']:
print "WARNING: The chef user email and the GECOS CC user email doesn't match!"
print "Try to change the chef user email!"
chef_user['email'] = admin_user['email']
api.api_request('PUT', '/users/%s'%(toChefUsername(admin_user['username'])), data=chef_user)
# Check if the administrator belongs to the "admins" group in the "default" organization
admins_group = None
try:
admins_group = api['/organizations/default/groups/admins']
except ChefServerNotFoundError:
pass
if not toChefUsername(admin_user['username']) in admins_group['users']:
print "WARNING: GECOS administrator is not a chef administrator for the default organization. We will try to change this!"
# Check if exists an association request for this user
assoc_requests = None
try:
assoc_requests = api['/organizations/default/association_requests']
except ChefServerNotFoundError:
pass
association_id = None
for req in assoc_requests:
if req["username"] == toChefUsername(admin_user['username']):
association_id = req["id"]
if association_id is None:
# Set an association request for the user in that organization
try:
data = {"user": toChefUsername(admin_user['username'])}
response = api.api_request('POST', '/organizations/default/association_requests', data=data)
association_id = response["uri"].split("/")[-1]
except ChefServerError:
# Association already exists?
pass
if association_id is not None:
# Accept the association request
api.api_request('PUT', '/users/%s/association_requests/%s'%(toChefUsername(admin_user['username']), association_id), data={ "response": 'accept' })
# Add the user to the group
admins_group['users'].append(toChefUsername(admin_user['username']))
api.api_request('PUT', '/organizations/default/groups/admins', data={ "groupname": admins_group["groupname"],
"actors": {
"users": admins_group['users'],
"groups": admins_group["groups"]
}
})
def command(self):
api = _get_chef_api(self.settings.get('chef.url'),
toChefUsername(self.options.chef_username),
self.options.chef_pem, False,
self.settings.get('chef.version'))
print '============ CHECKING ADMINISTRATOR USERS ============='
# Check if all the GECOS CC administrators
# are properly created in Chef 12
admin_users = self.pyramid.userdb.list_users()
for admin_user in admin_users:
print 'Checking admin user: %s' % (admin_user['username'])
# The email must be unique
users_with_email = self.pyramid.userdb.list_users(
{'email': admin_user['email']})
if users_with_email.count() > 1:
print "ERROR: more than one user with this email: %s" % (
admin_user['email'])
# Get the Chef user
chef_user = None
try:
chef_user = api['/users/%s' %
toChefUsername(admin_user['username'])]
except ChefServerNotFoundError:
pass
if chef_user is None:
# No chef user found
print "WARNING: No Chef user found. We will try to create it!"
chef_password = password_generator()
try:
create_chef_admin_user(
api, self.settings,
toChefUsername(admin_user['username']), chef_password,
admin_user['email'])
except ChefServerError, e:
print "ERROR: User not created in chef, error was: %s" % e
print "(Check /opt/opscode/embedded/service/opscode-erchef/log/requests.log* for more info)"
sys.exit(1)
chef_user = api['/users/%s' %
toChefUsername(admin_user['username'])]
# Check the email of the chef user
if chef_user['email'] != admin_user['email']:
print "WARNING: The chef user email and the GECOS CC user email doesn't match!"
print "Try to change the chef user email!"
chef_user['email'] = admin_user['email']
api.api_request('PUT',
'/users/%s' %
(toChefUsername(admin_user['username'])),
data=chef_user)
# Check if the administrator belongs to the "admins" group in the "default" organization
admins_group = None
try:
admins_group = api['/organizations/default/groups/admins']
except ChefServerNotFoundError:
pass
if not toChefUsername(
admin_user['username']) in admins_group['users']:
print "WARNING: GECOS administrator is not a chef administrator for the default organization. We will try to change this!"
# Check if exists an association request for this user
assoc_requests = None
try:
assoc_requests = api[
'/organizations/default/association_requests']
except ChefServerNotFoundError:
pass
association_id = None
for req in assoc_requests:
if req["username"] == toChefUsername(
admin_user['username']):
association_id = req["id"]
if association_id is None:
# Set an association request for the user in that organization
try:
data = {"user": toChefUsername(admin_user['username'])}
response = api.api_request(
'POST',
'/organizations/default/association_requests',
data=data)
association_id = response["uri"].split("/")[-1]
except ChefServerError:
# Association already exists?
pass
if association_id is not None:
# Accept the association request
api.api_request(
'PUT',
'/users/%s/association_requests/%s' % (toChefUsername(
admin_user['username']), association_id),
data={"response": 'accept'})
# Add the user to the group
admins_group['users'].append(
toChefUsername(admin_user['username']))
api.api_request('PUT',
'/organizations/default/groups/admins',
data={
"groupname": admins_group["groupname"],
"actors": {
"users": admins_group['users'],
"groups": admins_group["groups"]
}
})