def _initialize_filesystem(self):
util.ensure_dirs(self._initial_subdirs())
log_file = util.get_cfg_option_str(self.cfg, "def_log_file")
perms = util.get_cfg_option_str(self.cfg, "syslog_fix_perms")
if log_file:
util.ensure_file(log_file)
if perms:
u, g = util.extract_usergroup(perms)
try:
util.chownbyname(log_file, u, g)
except OSError:
util.logexc(LOG, "Unable to change the ownership of %s to " "user %s, group %s", log_file, u, g)
def write_files(name, files, log):
if not files:
return
for (i, f_info) in enumerate(files):
path = f_info.get('path')
if not path:
log.warn("No path provided to write for entry %s in module %s",
i + 1, name)
continue
path = os.path.abspath(path)
extractions = canonicalize_extraction(f_info.get('encoding'), log)
contents = extract_contents(f_info.get('content', ''), extractions)
(u, g) = util.extract_usergroup(f_info.get('owner', DEFAULT_OWNER))
perms = decode_perms(f_info.get('permissions'), DEFAULT_PERMS, log)
util.write_file(path, contents, mode=perms)
util.chownbyname(path, u, g)
def write_files(name, files):
if not files:
return
for (i, f_info) in enumerate(files):
path = f_info.get('path')
if not path:
LOG.warning("No path provided to write for entry %s in module %s",
i + 1, name)
continue
path = os.path.abspath(path)
extractions = canonicalize_extraction(f_info.get('encoding'))
contents = extract_contents(f_info.get('content', ''), extractions)
(u, g) = util.extract_usergroup(f_info.get('owner', DEFAULT_OWNER))
perms = decode_perms(f_info.get('permissions'), DEFAULT_PERMS)
omode = 'ab' if util.get_cfg_option_bool(f_info, 'append') else 'wb'
util.write_file(path, contents, omode=omode, mode=perms)
util.chownbyname(path, u, g)
def initfs():
subds = ['scripts/per-instance', 'scripts/per-once', 'scripts/per-boot',
'seed', 'instances', 'handlers', 'sem', 'data']
dlist = []
for subd in subds:
dlist.append("%s/%s" % (varlibdir, subd))
util.ensure_dirs(dlist)
cfg = util.get_base_cfg(system_config, cfg_builtin, parsed_cfgs)
log_file = util.get_cfg_option_str(cfg, 'def_log_file', None)
perms = util.get_cfg_option_str(cfg, 'syslog_fix_perms', None)
if log_file:
fp = open(log_file, "ab")
fp.close()
if log_file and perms:
(u, g) = perms.split(':', 1)
if u == "-1" or u == "None":
u = None
if g == "-1" or g == "None":
g = None
util.chownbyname(log_file, u, g)
def _initialize_filesystem(self):
util.ensure_dirs(self._initial_subdirs())
log_file = util.get_cfg_option_str(self.cfg, 'def_log_file')
if log_file:
util.ensure_file(log_file)
perms = self.cfg.get('syslog_fix_perms')
if not perms:
perms = {}
if not isinstance(perms, list):
perms = [perms]
error = None
for perm in perms:
u, g = util.extract_usergroup(perm)
try:
util.chownbyname(log_file, u, g)
return
except OSError as e:
error = e
LOG.warn("Failed changing perms on '%s'. tried: %s. %s",
log_file, ','.join(perms), error)
def handle(name, cfg, cloud, log, _args):
try:
# Make sure Go Agent is not running
util.subp(['service', 'go-agent', 'stop'])
# Go Agent Config Prefix
go_agent_prefix = "goagent_"
go_agent_default = "/etc/default/go-agent"
go_server_prefix = "goserver_"
go_server_config_dir = "/var/lib/go-agent/config"
if not os.path.exists(go_server_config_dir):
os.makedirs(go_server_config_dir)
util.chownbyname(go_server_config_dir,"go","go")
go_server_config = go_server_config_dir + "/autoregister.properties"
md = cloud.datasource.metadata
for key in md['meta']:
if key.startswith(go_agent_prefix):
replace_config(go_agent_default,key[len(go_agent_prefix):],md['meta'][key])
elif key.startswith(go_server_prefix):
replace_config(go_server_config,key[len(go_server_prefix):],md['meta'][key])
replace_config(go_server_config,"agent.auto.register.elasticAgent.agentId",md['instance-id'])
if os.path.exists(go_server_config):
util.chownbyname(go_server_config,"go","go")
if os.path.exists(go_agent_default):
util.chmod(go_agent_default,0644)
# Start Go Agent
util.subp(['service', 'go-agent', 'start'])
except:
log.debug("Error configuring Go Agent")
return
def initfs():
subds = [
'scripts/per-instance', 'scripts/per-once', 'scripts/per-boot', 'seed',
'instances', 'handlers', 'sem', 'data'
]
dlist = []
for subd in subds:
dlist.append("%s/%s" % (varlibdir, subd))
util.ensure_dirs(dlist)
cfg = util.get_base_cfg(system_config, cfg_builtin, parsed_cfgs)
log_file = util.get_cfg_option_str(cfg, 'def_log_file', None)
perms = util.get_cfg_option_str(cfg, 'syslog_fix_perms', None)
if log_file:
fp = open(log_file, "ab")
fp.close()
if log_file and perms:
(u, g) = perms.split(':', 1)
if u == "-1" or u == "None":
u = None
if g == "-1" or g == "None":
g = None
util.chownbyname(log_file, u, g)
def handle(name, cfg, cloud, log, _args):
# If there isn't a puppet key in the configuration don't do anything
if 'puppet' not in cfg:
log.debug(("Skipping module named %s,"
" no 'puppet' configuration found"), name)
return
puppet_cfg = cfg['puppet']
# Start by installing the puppet package if necessary...
install = util.get_cfg_option_bool(puppet_cfg, 'install', True)
version = util.get_cfg_option_str(puppet_cfg, 'version', None)
collection = util.get_cfg_option_str(puppet_cfg, 'collection', None)
install_type = util.get_cfg_option_str(puppet_cfg, 'install_type',
'packages')
cleanup = util.get_cfg_option_bool(puppet_cfg, 'cleanup', True)
run = util.get_cfg_option_bool(puppet_cfg, 'exec', default=False)
aio_install_url = util.get_cfg_option_str(puppet_cfg,
'aio_install_url',
default=AIO_INSTALL_URL)
# AIO and distro packages use different paths
if install_type == 'aio':
puppet_user = '******'
puppet_bin = '/opt/puppetlabs/bin/puppet'
puppet_package = 'puppet-agent'
else: # default to 'packages'
puppet_user = '******'
puppet_bin = 'puppet'
puppet_package = 'puppet'
package_name = util.get_cfg_option_str(puppet_cfg, 'package_name',
puppet_package)
if not install and version:
log.warning(("Puppet install set to false but version supplied,"
" doing nothing."))
elif install:
log.debug(("Attempting to install puppet %s from %s"),
version if version else 'latest', install_type)
if install_type == "packages":
cloud.distro.install_packages((package_name, version))
elif install_type == "aio":
install_puppet_aio(aio_install_url, version, collection, cleanup)
else:
log.warning("Unknown puppet install type '%s'", install_type)
run = False
conf_file = util.get_cfg_option_str(puppet_cfg, 'conf_file',
get_config_value(puppet_bin, 'config'))
ssl_dir = util.get_cfg_option_str(puppet_cfg, 'ssl_dir',
get_config_value(puppet_bin, 'ssldir'))
csr_attributes_path = util.get_cfg_option_str(
puppet_cfg, 'csr_attributes_path',
get_config_value(puppet_bin, 'csr_attributes'))
p_constants = PuppetConstants(conf_file, ssl_dir, csr_attributes_path, log)
# ... and then update the puppet configuration
if 'conf' in puppet_cfg:
# Add all sections from the conf object to puppet.conf
contents = util.load_file(p_constants.conf_path)
# Create object for reading puppet.conf values
puppet_config = helpers.DefaultingConfigParser()
# Read puppet.conf values from original file in order to be able to
# mix the rest up. First clean them up
# (TODO(harlowja) is this really needed??)
cleaned_lines = [i.lstrip() for i in contents.splitlines()]
cleaned_contents = '\n'.join(cleaned_lines)
# Move to puppet_config.read_file when dropping py2.7
puppet_config.read_file(StringIO(cleaned_contents),
source=p_constants.conf_path)
for (cfg_name, cfg) in puppet_cfg['conf'].items():
# Cert configuration is a special case
# Dump the puppetserver ca certificate in the correct place
if cfg_name == 'ca_cert':
# Puppet ssl sub-directory isn't created yet
# Create it with the proper permissions and ownership
util.ensure_dir(p_constants.ssl_dir, 0o771)
util.chownbyname(p_constants.ssl_dir, puppet_user, 'root')
util.ensure_dir(p_constants.ssl_cert_dir)
util.chownbyname(p_constants.ssl_cert_dir, puppet_user, 'root')
util.write_file(p_constants.ssl_cert_path, cfg)
util.chownbyname(p_constants.ssl_cert_path, puppet_user,
'root')
else:
# Iterate through the config items, we'll use ConfigParser.set
# to overwrite or create new items as needed
for (o, v) in cfg.items():
if o == 'certname':
# Expand %f as the fqdn
# TODO(harlowja) should this use the cloud fqdn??
v = v.replace("%f", socket.getfqdn())
# Expand %i as the instance id
v = v.replace("%i", cloud.get_instance_id())
# certname needs to be downcased
v = v.lower()
puppet_config.set(cfg_name, o, v)
# We got all our config as wanted we'll rename
# the previous puppet.conf and create our new one
util.rename(p_constants.conf_path,
"%s.old" % (p_constants.conf_path))
util.write_file(p_constants.conf_path, puppet_config.stringify())
if 'csr_attributes' in puppet_cfg:
util.write_file(
p_constants.csr_attributes_path,
yaml.dump(puppet_cfg['csr_attributes'], default_flow_style=False))
# Set it up so it autostarts
_autostart_puppet(log)
# Run the agent if needed
if run:
log.debug('Running puppet-agent')
cmd = [puppet_bin, 'agent']
if 'exec_args' in puppet_cfg:
cmd_args = puppet_cfg['exec_args']
if isinstance(cmd_args, (list, tuple)):
cmd.extend(cmd_args)
elif isinstance(cmd_args, str):
cmd.extend(cmd_args.split())
else:
log.warning(
"Unknown type %s provided for puppet"
" 'exec_args' expected list, tuple,"
" or string", type(cmd_args))
cmd.extend(PUPPET_AGENT_DEFAULT_ARGS)
else:
cmd.extend(PUPPET_AGENT_DEFAULT_ARGS)
subp.subp(cmd, capture=False)
# Start puppetd
subp.subp(['service', 'puppet', 'start'], capture=False)
def handle(name, cfg, cloud, log, _args):
# If there isn't a puppet key in the configuration don't do anything
if 'puppet' not in cfg:
log.debug(("Skipping module named %s,"
" no 'puppet' configuration found"), name)
return
puppet_cfg = cfg['puppet']
# Start by installing the puppet package if necessary...
install = util.get_cfg_option_bool(puppet_cfg, 'install', True)
version = util.get_cfg_option_str(puppet_cfg, 'version', None)
if not install and version:
log.warn(("Puppet install set false but version supplied,"
" doing nothing."))
elif install:
log.debug(("Attempting to install puppet %s,"),
version if version else 'latest')
cloud.distro.install_packages(('puppet', version))
# ... and then update the puppet configuration
if 'conf' in puppet_cfg:
# Add all sections from the conf object to puppet.conf
contents = util.load_file(PUPPET_CONF_PATH)
# Create object for reading puppet.conf values
puppet_config = helpers.DefaultingConfigParser()
# Read puppet.conf values from original file in order to be able to
# mix the rest up. First clean them up
# (TODO(harlowja) is this really needed??)
cleaned_lines = [i.lstrip() for i in contents.splitlines()]
cleaned_contents = '\n'.join(cleaned_lines)
puppet_config.readfp(StringIO(cleaned_contents),
filename=PUPPET_CONF_PATH)
for (cfg_name, cfg) in puppet_cfg['conf'].iteritems():
# Cert configuration is a special case
# Dump the puppet master ca certificate in the correct place
if cfg_name == 'ca_cert':
# Puppet ssl sub-directory isn't created yet
# Create it with the proper permissions and ownership
util.ensure_dir(PUPPET_SSL_DIR, 0771)
util.chownbyname(PUPPET_SSL_DIR, 'puppet', 'root')
util.ensure_dir(PUPPET_SSL_CERT_DIR)
util.chownbyname(PUPPET_SSL_CERT_DIR, 'puppet', 'root')
util.write_file(PUPPET_SSL_CERT_PATH, str(cfg))
util.chownbyname(PUPPET_SSL_CERT_PATH, 'puppet', 'root')
else:
# Iterate throug the config items, we'll use ConfigParser.set
# to overwrite or create new items as needed
for (o, v) in cfg.iteritems():
if o == 'certname':
# Expand %f as the fqdn
# TODO(harlowja) should this use the cloud fqdn??
v = v.replace("%f", socket.getfqdn())
# Expand %i as the instance id
v = v.replace("%i", cloud.get_instance_id())
# certname needs to be downcased
v = v.lower()
puppet_config.set(cfg_name, o, v)
# We got all our config as wanted we'll rename
# the previous puppet.conf and create our new one
util.rename(PUPPET_CONF_PATH, "%s.old" % (PUPPET_CONF_PATH))
util.write_file(PUPPET_CONF_PATH, puppet_config.stringify())
# Set it up so it autostarts
_autostart_puppet(log)
# Start puppetd
util.subp(['service', 'puppet', 'start'], capture=False)
def handle(name, cfg, cloud, log, _args):
# If there isn't a puppet key in the configuration don't do anything
if 'puppet' not in cfg:
log.debug(("Skipping module named %s,"
" no 'puppet' configuration found"), name)
return
puppet_cfg = cfg['puppet']
# Start by installing the puppet package if necessary...
install = util.get_cfg_option_bool(puppet_cfg, 'install', True)
version = util.get_cfg_option_str(puppet_cfg, 'version', None)
package_name = util.get_cfg_option_str(
puppet_cfg, 'package_name', PUPPET_PACKAGE_NAME)
conf_file = util.get_cfg_option_str(
puppet_cfg, 'conf_file', PUPPET_CONF_PATH)
ssl_dir = util.get_cfg_option_str(puppet_cfg, 'ssl_dir', PUPPET_SSL_DIR)
p_constants = PuppetConstants(conf_file, ssl_dir, log)
if not install and version:
log.warn(("Puppet install set false but version supplied,"
" doing nothing."))
elif install:
log.debug(("Attempting to install puppet %s,"),
version if version else 'latest')
cloud.distro.install_packages((package_name, version))
# ... and then update the puppet configuration
if 'conf' in puppet_cfg:
# Add all sections from the conf object to puppet.conf
contents = util.load_file(p_constants.conf_path)
# Create object for reading puppet.conf values
puppet_config = helpers.DefaultingConfigParser()
# Read puppet.conf values from original file in order to be able to
# mix the rest up. First clean them up
# (TODO(harlowja) is this really needed??)
cleaned_lines = [i.lstrip() for i in contents.splitlines()]
cleaned_contents = '\n'.join(cleaned_lines)
# Move to puppet_config.read_file when dropping py2.7
puppet_config.readfp( # pylint: disable=W1505
StringIO(cleaned_contents),
filename=p_constants.conf_path)
for (cfg_name, cfg) in puppet_cfg['conf'].items():
# Cert configuration is a special case
# Dump the puppet master ca certificate in the correct place
if cfg_name == 'ca_cert':
# Puppet ssl sub-directory isn't created yet
# Create it with the proper permissions and ownership
util.ensure_dir(p_constants.ssl_dir, 0o771)
util.chownbyname(p_constants.ssl_dir, 'puppet', 'root')
util.ensure_dir(p_constants.ssl_cert_dir)
util.chownbyname(p_constants.ssl_cert_dir, 'puppet', 'root')
util.write_file(p_constants.ssl_cert_path, cfg)
util.chownbyname(p_constants.ssl_cert_path, 'puppet', 'root')
else:
# Iterate through the config items, we'll use ConfigParser.set
# to overwrite or create new items as needed
for (o, v) in cfg.items():
if o == 'certname':
# Expand %f as the fqdn
# TODO(harlowja) should this use the cloud fqdn??
v = v.replace("%f", socket.getfqdn())
# Expand %i as the instance id
v = v.replace("%i", cloud.get_instance_id())
# certname needs to be downcased
v = v.lower()
puppet_config.set(cfg_name, o, v)
# We got all our config as wanted we'll rename
# the previous puppet.conf and create our new one
util.rename(p_constants.conf_path, "%s.old"
% (p_constants.conf_path))
util.write_file(p_constants.conf_path, puppet_config.stringify())
# Set it up so it autostarts
_autostart_puppet(log)
# Start puppetd
util.subp(['service', 'puppet', 'start'], capture=False)
def handle(name, _cfg, _cloud, log, _args):
svc_drop_in_path = "/etc/systemd/system/consul.service.d/10-cloud-init.conf"
join_drop_in_path = "/etc/systemd/system/consul-join.service.d/10-cloud-init.conf"
consul_wan_svc = "/etc/consul.d/service-consul-wan.json"
## consul config separated into two files because we may not have the acl
## token and encryption key at this time; it may be retrieved later from
## vault. the separate config files should make it easier to manage with
## more granularity.
## primary consul config file
main_consul_conf_path = "/etc/consul.conf"
## add'l config file that contains only acl_token and encrypt values
consul_creds_path = "/etc/consul.d/creds.json"
cfg = _cfg.get("consul")
if not cfg:
log.info("no consul config; not writing")
else:
main_consul_conf = {}
consul_creds = {}
for k, v in cfg["config"].items():
if k in ("acl_token", "encrypt"):
consul_creds[k] = v
else:
main_consul_conf[k] = v
## @todo add GCE support here
template_params = {
"private_ipv4": _cloud.datasource.metadata.get("local-ipv4"),
"public_ipv4": _cloud.datasource.metadata.get("public-ipv4"),
}
## render main config file
util.write_file(
main_consul_conf_path,
templater.render_string(json.dumps(main_consul_conf, indent=4),
template_params),
mode=0400,
)
util.chownbyname(main_consul_conf_path, "consul", "consul")
## render credentials file, if there are any credentials in there.
## consul.service will not start until the file exists, but even in the
## "legacy" environments we have the gossip encryption key.
if consul_creds:
util.write_file(
consul_creds_path,
templater.render_string(json.dumps(consul_creds, indent=4),
template_params),
mode=0400,
)
util.chownbyname(consul_creds_path, "consul", "consul")
## if this agent's a consul server, create a consul-wan service that
## advertises the wan address (which may be different than the lan
## address) and wan port
if main_consul_conf.get("server", False) is True:
wan_cfg = {
"name": "consul-wan",
"port": 8302,
}
## wow, they've certainly made the addresses … configurable.
serf_wan = main_consul_conf.get("advertise_addrs",
{}).get("serf_wan")
if serf_wan:
## advertise_addrs.serf_wan is "ip:port"
serf_wan_addr, serf_wan_port = serf_wan.split(":", 1)
wan_cfg["address"] = serf_wan_addr
wan_cfg["port"] = int(serf_wan_port)
else:
serf_wan_port = main_consul_conf.get("ports",
{}).get("serf_wan")
advertise_addr_wan = main_consul_conf.get("advertise_addr_wan")
if serf_wan_port:
wan_cfg["port"] = serf_wan_port
if advertise_addr_wan:
wan_cfg["address"] = advertise_addr_wan
if wan_cfg.get("address") is None:
log.warning("no wan address found in config")
## run through render_string as main_consul_conf is not rendered
util.write_file(
consul_wan_svc,
templater.render_string(
json.dumps({"service": wan_cfg}, indent=4),
template_params),
mode=0400,
)
util.chownbyname(consul_wan_svc, "consul", "consul")
## consul.service config
drop_in_buf = StringIO.StringIO()
print >> drop_in_buf, "[Service]"
## set GOMAXPROC
print >> drop_in_buf, 'Environment="GOMAXPROCS=%s"' % subprocess.check_output(
["nproc"]).strip()
util.write_file(svc_drop_in_path, drop_in_buf.getvalue(), 0400)
## consul-join.service config
drop_in_buf = StringIO.StringIO()
print >> drop_in_buf, "[Service]"
## set join method
print >> drop_in_buf, 'Environment="JOIN_METHOD=%s"' % cfg[
"join_method"]
util.write_file(join_drop_in_path, drop_in_buf.getvalue(), 0400)