def write_config(): allowed_subnets = Subnet.objects.filter(allow_proxy=True) cidrs = [subnet.cidr for subnet in allowed_subnets] config = Config.objects.get_configs([ 'http_proxy', 'maas_proxy_port', 'use_peer_proxy', 'prefer_v4_proxy', 'enable_http_proxy' ]) http_proxy = config["http_proxy"] upstream_proxy_enabled = (config["use_peer_proxy"] and http_proxy) context = { 'allowed': allowed_subnets, 'modified': str(datetime.date.today()), 'fqdn': socket.getfqdn(), 'cidrs': cidrs, 'running_in_snap': snappy.running_in_snap(), 'snap_path': snappy.get_snap_path(), 'snap_data_path': snappy.get_snap_data_path(), 'snap_common_path': snappy.get_snap_common_path(), 'upstream_peer_proxy': upstream_proxy_enabled, 'dns_v4_first': config['prefer_v4_proxy'], 'maas_proxy_port': config['maas_proxy_port'], } proxy_enabled = config["enable_http_proxy"] if proxy_enabled and upstream_proxy_enabled: http_proxy_hostname = urlparse(http_proxy).hostname http_proxy_port = urlparse(http_proxy).port context.update({ 'upstream_proxy_address': http_proxy_hostname, 'upstream_proxy_port': http_proxy_port, }) template_path = locate_template('proxy', MAAS_PROXY_CONF_TEMPLATE) template = tempita.Template.from_filename(template_path, encoding="UTF-8") try: content = template.substitute(context) except NameError as error: raise ProxyConfigFail(*error.args) # Squid prefers ascii. content = content.encode("ascii") target_path = get_proxy_config_path() atomic_write(content, target_path, overwrite=True, mode=0o644)
def write_config( allowed_cidrs, peer_proxies=None, prefer_v4_proxy=False, maas_proxy_port=8000, ): """Write the proxy configuration.""" if peer_proxies is None: peer_proxies = [] context = { "modified": str(datetime.date.today()), "fqdn": socket.getfqdn(), "cidrs": allowed_cidrs, "running_in_snap": snappy.running_in_snap(), "snap_path": snappy.get_snap_path(), "snap_data_path": snappy.get_snap_data_path(), "snap_common_path": snappy.get_snap_common_path(), "dns_v4_first": prefer_v4_proxy, "maas_proxy_port": maas_proxy_port, } formatted_peers = [] for peer in peer_proxies: formatted_peers.append({ "address": urlparse(peer).hostname, "port": urlparse(peer).port }) context["peers"] = formatted_peers template_path = locate_template("proxy", MAAS_PROXY_CONF_TEMPLATE) template = tempita.Template.from_filename(template_path, encoding="UTF-8") try: content = template.substitute(context) except NameError as error: raise ProxyConfigFail(*error.args) # Squid prefers ascii. content = content.encode("ascii") target_path = get_proxy_config_path() atomic_write(content, target_path, overwrite=True, mode=0o644)
def test_get_snap_common_path_returns_None(self): self.patch(os, "environ", {}) self.assertIsNone(snappy.get_snap_common_path())
def test_get_snap_common_path_returns_path(self): path = factory.make_name() self.patch(os, "environ", {"SNAP_COMMON": path}) self.assertEqual(path, snappy.get_snap_common_path())
import os from socket import gethostname from threading import Lock from time import sleep from OpenSSL import crypto from provisioningserver.path import get_tentative_data_path from provisioningserver.utils.fs import NamedLock from provisioningserver.utils.snappy import ( get_snap_common_path, running_in_snap, ) if running_in_snap(): MAAS_PRIVATE_KEY = os.path.join(get_snap_common_path(), "certificates", "maas.key") MAAS_PUBLIC_KEY = os.path.join(get_snap_common_path(), "certificates", "maas.pub") MAAS_CERTIFICATE = os.path.join(get_snap_common_path(), "certificates", "maas.crt") else: MAAS_PRIVATE_KEY = get_tentative_data_path( "/etc/maas/certificates/maas.key") MAAS_PUBLIC_KEY = get_tentative_data_path( "/etc/maas/certificates/maas.pub") MAAS_CERTIFICATE = get_tentative_data_path( "/etc/maas/certificates/maas.crt") def generate_rsa_keys_if_needed():
import os from socket import gethostname from time import sleep from OpenSSL import crypto from provisioningserver.path import get_tentative_data_path from provisioningserver.utils.fs import NamedLock from provisioningserver.utils.snappy import ( get_snap_common_path, running_in_snap, ) if running_in_snap(): MAAS_PRIVATE_KEY = os.path.join( get_snap_common_path(), "certificates", "maas.key" ) MAAS_PUBLIC_KEY = os.path.join( get_snap_common_path(), "certificates", "maas.pub" ) MAAS_CERTIFICATE = os.path.join( get_snap_common_path(), "certificates", "maas.crt" ) else: MAAS_PRIVATE_KEY = get_tentative_data_path( "/etc/maas/certificates/maas.key" ) MAAS_PUBLIC_KEY = get_tentative_data_path( "/etc/maas/certificates/maas.pub" ) MAAS_CERTIFICATE = get_tentative_data_path(