예제 #1
0
def _create_update_from_cfg(mode='create', uuid=None, vmcfg=None):
    '''
    Create vm from configuration
    '''
    ret = {}
    vmadm = _check_vmadm()
    # vmadm validate create|update [-f <filename>]
    cmd = 'echo {vmcfg} | {vmadm} validate {mode} {brand}'.format(
        vmadm=vmadm,
        mode=mode,
        brand=get(uuid)['brand'] if uuid is not None else '',
        vmcfg=_quote_args(json.dumps(vmcfg))
    )
    res = __salt__['cmd.run_all'](cmd, python_shell=True)
    retcode = res['retcode']
    if retcode != 0:
        ret['Error'] = _exit_status(retcode)
        if 'stderr' in res:
            if res['stderr'][0] == '{':
                ret['Error'] = json.loads(res['stderr'])
            else:
                ret['Error'] = res['stderr']
        return ret
    # vmadm create|update [-f <filename>]
    cmd = 'echo {vmcfg} | {vmadm} {mode} {uuid}'.format(
        vmadm=vmadm,
        mode=mode,
        uuid=uuid if uuid is not None else '',
        vmcfg=_quote_args(json.dumps(vmcfg))
    )
    res = __salt__['cmd.run_all'](cmd, python_shell=True)
    retcode = res['retcode']
    if retcode != 0:
        ret['Error'] = _exit_status(retcode)
        if 'stderr' in res:
            if res['stderr'][0] == '{':
                ret['Error'] = json.loads(res['stderr'])
            else:
                ret['Error'] = res['stderr']
        return ret
    else:
        if res['stderr'].startswith('Successfully created VM'):
            return res['stderr'][24:]
    return True
예제 #2
0
def reprovision(vm, image, key='uuid'):
    '''
    Reprovision a vm

    vm : string
        vm to be reprovisioned
    image : string
        uuid of new image
    key : string [uuid|alias|hostname]
        value type of 'vm' parameter

    CLI Example:

    .. code-block:: bash

        salt '*' vmadm.reprovision 186da9ab-7392-4f55-91a5-b8f1fe770543 c02a2044-c1bd-11e4-bd8c-dfc1db8b0182
        salt '*' vmadm.reprovision nacl c02a2044-c1bd-11e4-bd8c-dfc1db8b0182 key=alias
    '''
    ret = {}
    vmadm = _check_vmadm()
    if key not in ['uuid', 'alias', 'hostname']:
        ret['Error'] = 'Key must be either uuid, alias or hostname'
        return ret
    vm = lookup('{0}={1}'.format(key, vm), one=True)
    if 'Error' in vm:
        return vm
    if image not in __salt__['imgadm.list']():
        ret['Error'] = 'Image ({0}) is not present on this host'.format(image)
        return ret
    # vmadm reprovision <uuid> [-f <filename>]
    cmd = 'echo {image} | {vmadm} reprovision {uuid}'.format(
        vmadm=vmadm,
        uuid=vm,
        image=_quote_args(json.dumps({'image_uuid': image}))
    )
    res = __salt__['cmd.run_all'](cmd, python_shell=True)
    retcode = res['retcode']
    if retcode != 0:
        ret['Error'] = res['stderr'] if 'stderr' in res else _exit_status(retcode)
        return ret
    return True
예제 #3
0
파일: pdbedit.py 프로젝트: bryson/salt
def delete(login):
    '''
    Delete user account

    login : string
        login name

    CLI Example:

    .. code-block:: bash

        salt '*' pdbedit.delete wash
    '''
    if login in list_users(False):
        res = __salt__['cmd.run_all'](
            'pdbedit --delete {login}'.format(login=_quote_args(login)),
        )

        if res['retcode'] > 0:
            return {login: res['stderr'] if 'stderr' in res else res['stdout']}

        return {login: '******'}

    return {login: '******'}
예제 #4
0
파일: pdbedit.py 프로젝트: bryson/salt
def modify(
    login, password=None, password_hashed=False,
    domain=None, profile=None, script=None,
    drive=None, homedir=None, fullname=None,
    account_desc=None, account_control=None,
    machine_sid=None, user_sid=None,
    reset_login_hours=False, reset_bad_password_count=False,
):
    '''
    Modify user account

    login : string
        login name
    password : string
        password
    password_hashed : boolean
        set if password is a nt hash instead of plain text
    domain : string
        users domain
    profile : string
        profile path
    script : string
        logon script
    drive : string
        home drive
    homedir : string
        home directory
    fullname : string
        full name
    account_desc : string
        account description
    machine_sid : string
        specify the machines new primary group SID or rid
    user_sid : string
        specify the users new primary group SID or rid
    account_control : string
        specify user account control properties

        .. note::
            Only the follwing can be set:
            - N: No password required
            - D: Account disabled
            - H: Home directory required
            - L: Automatic Locking
            - X: Password does not expire
    reset_login_hours : boolean
        reset the users allowed logon hours
    reset_bad_password_count : boolean
        reset the stored bad login counter

    .. note::
        if user is absent and password is provided, the user will be created

    CLI Example:

    .. code-block:: bash

        salt '*' pdbedit.modify inara fullname='Inara Serra'
        salt '*' pdbedit.modify simon password=r1v3r
        salt '*' pdbedit.modify jane drive='V:' homedir='\\\\serenity\\jane\\profile'
        salt '*' pdbedit.modify mal account_control=NX
    '''
    ret = 'unchanged'

    ## flag mapping
    flags = {
        'domain': '--domain=',
        'full name': '--fullname=',
        'account desc': '--account-desc=',
        'home directory': '--homedir=',
        'homedir drive': '--drive=',
        'profile path': '--profile=',
        'logon script': '--script=',
        'account flags': '--account-control=',
        'user sid': '-U ',
        'machine sid': '-M ',
    }

    ## field mapping
    provided = {
        'domain': domain,
        'full name': fullname,
        'account desc': account_desc,
        'home directory': homedir,
        'homedir drive': drive,
        'profile path': profile,
        'logon script': script,
        'account flags': account_control,
        'user sid': user_sid,
        'machine sid': machine_sid,
    }

    ## update password
    if password:
        ret = create(login, password, password_hashed)[login]
        if ret not in ['updated', 'created', 'unchanged']:
            return {login: ret}
    elif login not in list_users(False):
        return {login: '******'}

    ## check for changes
    current = get_user(login, hashes=True)
    changes = {}
    for key, val in provided.items():
        if key in ['user sid', 'machine sid']:
            if val is not None and key in current and not current[key].endswith(str(val)):
                changes[key] = str(val)
        elif key in ['account flags']:
            if val is not None:
                if val.startswith('['):
                    val = val[1:-1]
                new = []
                for f in val.upper():
                    if f not in ['N', 'D', 'H', 'L', 'X']:
                        log.warning(
                            'pdbedit.modify - unknown {f} flag for account_control, ignored'.format(f=f)
                        )
                    else:
                        new.append(f)
                changes[key] = "[{flags}]".format(flags="".join(new))
        else:
            if val is not None and key in current and current[key] != val:
                changes[key] = val

    ## apply changes
    if len(changes) > 0 or reset_login_hours or reset_bad_password_count:
        cmds = []
        for change in changes:
            cmds.append('{flag}{value}'.format(
                flag=flags[change],
                value=_quote_args(changes[change]),
            ))
        if reset_login_hours:
            cmds.append('--logon-hours-reset')
        if reset_bad_password_count:
            cmds.append('--bad-password-count-reset')

        res = __salt__['cmd.run_all'](
            'pdbedit --modify --user {login} {changes}'.format(
                login=_quote_args(login),
                changes=" ".join(cmds),
            ),
        )

        if res['retcode'] > 0:
            return {login: res['stderr'] if 'stderr' in res else res['stdout']}

        if ret != 'created':
            ret = 'updated'

    return {login: ret}
예제 #5
0
파일: pdbedit.py 프로젝트: bryson/salt
def create(login, password, password_hashed=False, machine_account=False):
    '''
    Create user account

    login : string
        login name
    password : string
        password
    password_hashed : boolean
        set if password is a nt hash instead of plain text
    machine_account : boolean
        set to create a machine trust account instead

    CLI Example:

    .. code-block:: bash

        salt '*' pdbedit.create zoe 9764951149F84E770889011E1DC4A927 nthash
        salt '*' pdbedit.create river  1sw4ll0w3d4bug
    '''
    ret = 'unchanged'

    ## generate nt hash if needed
    if password_hashed:
        password_hash = password.upper()
        password = ""  # wipe password
    else:
        password_hash = generate_nt_hash(password)

    ## create user
    if login not in list_users(False):
        # NOTE: --create requires a password, even if blank
        res = __salt__['cmd.run_all'](
            cmd='pdbedit --create --user {login} -t {machine}'.format(
                login=_quote_args(login),
                machine="--machine" if machine_account else "",
            ),
            stdin="{password}\n{password}\n".format(password=password),
        )

        if res['retcode'] > 0:
            return {login: res['stderr'] if 'stderr' in res else res['stdout']}

        ret = 'created'

    ## update password if needed
    user = get_user(login, True)
    if user['nt hash'] != password_hash:
        res = __salt__['cmd.run_all'](
            'pdbedit --modify --user {login} --set-nt-hash={nthash}'.format(
                login=_quote_args(login),
                nthash=_quote_args(password_hash)
            ),
        )

        if res['retcode'] > 0:
            return {login: res['stderr'] if 'stderr' in res else res['stdout']}

        if ret != 'created':
            ret = 'updated'

    return {login: ret}
예제 #6
0
파일: pdbedit.py 프로젝트: akrus/salt
def modify(
    login,
    password=None,
    password_hashed=False,
    domain=None,
    profile=None,
    script=None,
    drive=None,
    homedir=None,
    fullname=None,
    account_desc=None,
    account_control=None,
    machine_sid=None,
    user_sid=None,
    reset_login_hours=False,
    reset_bad_password_count=False,
):
    """
    Modify user account

    login : string
        login name
    password : string
        password
    password_hashed : boolean
        set if password is a nt hash instead of plain text
    domain : string
        users domain
    profile : string
        profile path
    script : string
        logon script
    drive : string
        home drive
    homedir : string
        home directory
    fullname : string
        full name
    account_desc : string
        account description
    machine_sid : string
        specify the machines new primary group SID or rid
    user_sid : string
        specify the users new primary group SID or rid
    account_control : string
        specify user account control properties

        .. note::
            Only the following can be set:
            - N: No password required
            - D: Account disabled
            - H: Home directory required
            - L: Automatic Locking
            - X: Password does not expire
    reset_login_hours : boolean
        reset the users allowed logon hours
    reset_bad_password_count : boolean
        reset the stored bad login counter

    .. note::
        if user is absent and password is provided, the user will be created

    CLI Example:

    .. code-block:: bash

        salt '*' pdbedit.modify inara fullname='Inara Serra'
        salt '*' pdbedit.modify simon password=r1v3r
        salt '*' pdbedit.modify jane drive='V:' homedir='\\\\serenity\\jane\\profile'
        salt '*' pdbedit.modify mal account_control=NX
    """
    ret = "unchanged"

    # flag mapping
    flags = {
        "domain": "--domain=",
        "full name": "--fullname=",
        "account desc": "--account-desc=",
        "home directory": "--homedir=",
        "homedir drive": "--drive=",
        "profile path": "--profile=",
        "logon script": "--script=",
        "account flags": "--account-control=",
        "user sid": "-U ",
        "machine sid": "-M ",
    }

    # field mapping
    provided = {
        "domain": domain,
        "full name": fullname,
        "account desc": account_desc,
        "home directory": homedir,
        "homedir drive": drive,
        "profile path": profile,
        "logon script": script,
        "account flags": account_control,
        "user sid": user_sid,
        "machine sid": machine_sid,
    }

    # update password
    if password:
        ret = create(login, password, password_hashed)[login]
        if ret not in ["updated", "created", "unchanged"]:
            return {login: ret}
    elif login not in list_users(False):
        return {login: "******"}

    # check for changes
    current = get_user(login, hashes=True)
    changes = {}
    for key, val in provided.items():
        if key in ["user sid", "machine sid"]:
            if (
                val is not None
                and key in current
                and not current[key].endswith(str(val))
            ):
                changes[key] = str(val)
        elif key in ["account flags"]:
            if val is not None:
                if val.startswith("["):
                    val = val[1:-1]
                new = []
                for f in val.upper():
                    if f not in ["N", "D", "H", "L", "X"]:
                        log.warning(
                            "pdbedit.modify - unknown {f} flag for account_control, ignored".format(
                                f=f
                            )
                        )
                    else:
                        new.append(f)
                changes[key] = "[{flags}]".format(flags="".join(new))
        else:
            if val is not None and key in current and current[key] != val:
                changes[key] = val

    # apply changes
    if len(changes) > 0 or reset_login_hours or reset_bad_password_count:
        cmds = []
        for change in changes:
            cmds.append(
                "{flag}{value}".format(
                    flag=flags[change], value=_quote_args(changes[change]),
                )
            )
        if reset_login_hours:
            cmds.append("--logon-hours-reset")
        if reset_bad_password_count:
            cmds.append("--bad-password-count-reset")

        res = __salt__["cmd.run_all"](
            "pdbedit --modify --user {login} {changes}".format(
                login=_quote_args(login), changes=" ".join(cmds),
            ),
        )

        if res["retcode"] > 0:
            return {login: res["stderr"] if "stderr" in res else res["stdout"]}

        if ret != "created":
            ret = "updated"

    return {login: ret}
예제 #7
0
파일: pdbedit.py 프로젝트: akrus/salt
def create(login, password, password_hashed=False, machine_account=False):
    """
    Create user account

    login : string
        login name
    password : string
        password
    password_hashed : boolean
        set if password is a nt hash instead of plain text
    machine_account : boolean
        set to create a machine trust account instead

    CLI Example:

    .. code-block:: bash

        salt '*' pdbedit.create zoe 9764951149F84E770889011E1DC4A927 nthash
        salt '*' pdbedit.create river  1sw4ll0w3d4bug
    """
    ret = "unchanged"

    # generate nt hash if needed
    if password_hashed:
        password_hash = password.upper()
        password = ""  # wipe password
    else:
        password_hash = generate_nt_hash(password)

    # create user
    if login not in list_users(False):
        # NOTE: --create requires a password, even if blank
        res = __salt__["cmd.run_all"](
            cmd="pdbedit --create --user {login} -t {machine}".format(
                login=_quote_args(login),
                machine="--machine" if machine_account else "",
            ),
            stdin="{password}\n{password}\n".format(password=password),
        )

        if res["retcode"] > 0:
            return {login: res["stderr"] if "stderr" in res else res["stdout"]}

        ret = "created"

    # update password if needed
    user = get_user(login, True)
    if user["nt hash"] != password_hash:
        res = __salt__["cmd.run_all"](
            "pdbedit --modify --user {login} --set-nt-hash={nthash}".format(
                login=_quote_args(login), nthash=_quote_args(password_hash)
            ),
        )

        if res["retcode"] > 0:
            return {login: res["stderr"] if "stderr" in res else res["stdout"]}

        if ret != "created":
            ret = "updated"

    return {login: ret}
예제 #8
0
파일: logadm.py 프로젝트: goten4/salt
def rotate(name, pattern=None, conf_file=default_conf, **kwargs):
    '''
    Set up pattern for logging.

    .. versionchanged:: Nitrogen

    name : string
        alias for entryname
    pattern : string
        alias for log_file
    conf_file : string
        optional path to alternative configuration file
    **kwargs : boolean|string|int
        optional additional flags and parameters

    .. note::
        ``name`` and ``pattern`` were kept for backwards compatibility reasons.

        ``name`` is an alias for the ``entryname`` argument, ``pattern`` is an alias
        for ``log_file``. These aliasses wil only be used if the ``entryname`` and
        ``log_file`` arguments are not passed.

        For a full list of arguments see ```logadm.show_args```.

    CLI Example:

    .. code-block:: bash

        salt '*' logadm.rotate myapplog pattern='/var/log/myapp/*.log' count=7
        salt '*' logadm.rotate myapplog log_file='/var/log/myapp/*.log' count=4 owner=myappd mode='0700'

    '''
    ## cleanup kwargs
    kwargs = salt.utils.clean_kwargs(**kwargs)

    ## inject name into kwargs
    if 'entryname' not in kwargs and name and not name.startswith('/'):
        kwargs['entryname'] = name

    ## inject pattern into kwargs
    if 'log_file' not in kwargs:
        if pattern and pattern.startswith('/'):
            kwargs['log_file'] = pattern
        # NOTE: for backwards compatibility check if name is a path
        elif name and name.startswith('/'):
            kwargs['log_file'] = name

    ## build command
    log.debug("logadm.rotate - kwargs: {}".format(kwargs))
    command = "logadm -f {}".format(conf_file)
    for arg, val in kwargs.items():
        if arg in option_toggles.values() and val:
            command = "{} {}".format(
                command,
                _arg2opt(arg),
            )
        elif arg in option_flags.values():
            command = "{} {} {}".format(command, _arg2opt(arg),
                                        _quote_args(str(val)))
        elif arg != 'log_file':
            log.warning(
                "Unknown argument {}, don't know how to map this!".format(arg))
    if 'log_file' in kwargs:
        # NOTE: except from ```man logadm```
        #   If no log file name is provided on a logadm command line, the entry
        #   name is assumed to be the same as the log file name. For example,
        #   the following two lines achieve the same thing, keeping two copies
        #   of rotated log files:
        #
        #     % logadm -C2 -w mylog /my/really/long/log/file/name
        #     % logadm -C2 -w /my/really/long/log/file/name
        if 'entryname' not in kwargs:
            command = "{} -w {}".format(command,
                                        _quote_args(kwargs['log_file']))
        else:
            command = "{} {}".format(command, _quote_args(kwargs['log_file']))

    log.debug("logadm.rotate - command: {}".format(command))
    result = __salt__['cmd.run_all'](command, python_shell=False)
    if result['retcode'] != 0:
        return dict(Error='Failed in adding log', Output=result['stderr'])

    return dict(Result='Success')
예제 #9
0
파일: pdbedit.py 프로젝트: xofyarg/salt
def modify(
    login,
    password=None,
    password_hashed=False,
    domain=None,
    profile=None,
    script=None,
    drive=None,
    homedir=None,
    fullname=None,
    account_desc=None,
    account_control=None,
    machine_sid=None,
    user_sid=None,
    reset_login_hours=False,
    reset_bad_password_count=False,
):
    '''
    Modify user account

    login : string
        login name
    password : string
        password
    password_hashed : boolean
        set if password is a nt hash instead of plain text
    domain : string
        users domain
    profile : string
        profile path
    script : string
        logon script
    drive : string
        home drive
    homedir : string
        home directory
    fullname : string
        full name
    account_desc : string
        account description
    machine_sid : string
        specify the machines new primary group SID or rid
    user_sid : string
        specify the users new primary group SID or rid
    account_control : string
        specify user account control properties

        .. note::
            Only the follwing can be set:
            - N: No password required
            - D: Account disabled
            - H: Home directory required
            - L: Automatic Locking
            - X: Password does not expire
    reset_login_hours : boolean
        reset the users allowed logon hours
    reset_bad_password_count : boolean
        reset the stored bad login counter

    .. note::
        if user is absent and password is provided, the user will be created

    CLI Example:

    .. code-block:: bash

        salt '*' pdbedit.modify inara fullname='Inara Serra'
        salt '*' pdbedit.modify simon password=r1v3r
        salt '*' pdbedit.modify jane drive='V:' homedir='\\\\serenity\\jane\\profile'
        salt '*' pdbedit.modify mal account_control=NX
    '''
    ret = 'unchanged'

    ## flag mapping
    flags = {
        'domain': '--domain=',
        'full name': '--fullname=',
        'account desc': '--account-desc=',
        'home directory': '--homedir=',
        'homedir drive': '--drive=',
        'profile path': '--profile=',
        'logon script': '--script=',
        'account flags': '--account-control=',
        'user sid': '-U ',
        'machine sid': '-M ',
    }

    ## field mapping
    provided = {
        'domain': domain,
        'full name': fullname,
        'account desc': account_desc,
        'home directory': homedir,
        'homedir drive': drive,
        'profile path': profile,
        'logon script': script,
        'account flags': account_control,
        'user sid': user_sid,
        'machine sid': machine_sid,
    }

    ## update password
    if password:
        ret = create(login, password, password_hashed)[login]
        if ret not in ['updated', 'created', 'unchanged']:
            return {login: ret}
    elif login not in list_users(False):
        return {login: '******'}

    ## check for changes
    current = get_user(login, hashes=True)
    changes = {}
    for key, val in provided.items():
        if key in ['user sid', 'machine sid']:
            if val is not None and key in current and not current[
                    key].endswith(str(val)):
                changes[key] = str(val)
        elif key in ['account flags']:
            if val is not None:
                if val.startswith('['):
                    val = val[1:-1]
                new = []
                for f in val.upper():
                    if f not in ['N', 'D', 'H', 'L', 'X']:
                        log.warning(
                            'pdbedit.modify - unknown {f} flag for account_control, ignored'
                            .format(f=f))
                    else:
                        new.append(f)
                changes[key] = "[{flags}]".format(flags="".join(new))
        else:
            if val is not None and key in current and current[key] != val:
                changes[key] = val

    ## apply changes
    if len(changes) > 0 or reset_login_hours or reset_bad_password_count:
        cmds = []
        for change in changes:
            cmds.append('{flag}{value}'.format(
                flag=flags[change],
                value=_quote_args(changes[change]),
            ))
        if reset_login_hours:
            cmds.append('--logon-hours-reset')
        if reset_bad_password_count:
            cmds.append('--bad-password-count-reset')

        res = __salt__['cmd.run_all'](
            'pdbedit --modify --user {login} {changes}'.format(
                login=_quote_args(login),
                changes=" ".join(cmds),
            ), )

        if res['retcode'] > 0:
            return {login: res['stderr'] if 'stderr' in res else res['stdout']}

        if ret != 'created':
            ret = 'updated'

    return {login: ret}