def __init__(self, config):
"""
:param config: The XML configuration for this client
:type config: lxml.etree._Element
:raises: :exc:`Bcfg2.Client.Tools.ToolInstantiationError`
"""
#: A :class:`logging.Logger` object that will be used by this
#: tool for logging
self.logger = logging.getLogger(self.name)
#: The XML configuration for this client
self.config = config
#: An :class:`Bcfg2.Utils.Executor` object for
#: running external commands.
self.cmd = Executor(timeout=Bcfg2.Options.setup.command_timeout)
#: A list of entries that have been modified by this tool
self.modified = []
#: A list of extra entries that are not listed in the
#: configuration
self.extra = []
#: A list of all entries handled by this tool
self.handled = []
self._analyze_config()
self._check_execs()
def __init__(self, core):
Bcfg2.Server.Plugin.Plugin.__init__(self, core)
Bcfg2.Server.Plugin.Connector.__init__(self)
Bcfg2.Server.Plugin.ClientRunHooks.__init__(self)
Bcfg2.Server.Plugin.DirectoryBacked.__init__(self, self.data)
self.cache = dict()
self.cmd = Executor()
def __init__(self, _, path, entry_type, encoding, parent=None):
Bcfg2.Server.Plugin.EntrySet.__init__(self, os.path.basename(path),
path, entry_type, encoding)
self.parent = parent
self.key = None
self.cert = None
self.cmd = Executor(timeout=120)
def create_key(self):
"""Creates a bcfg2.key at the directory specifed by keypath."""
cmd = Executor(timeout=120)
subject = "/C=%s/ST=%s/L=%s/CN=%s'" % (
self.data['country'], self.data['state'], self.data['location'],
self.data['shostname'])
key = cmd.run(["openssl", "req", "-batch", "-x509", "-nodes",
"-subj", subject, "-days", "1000",
"-newkey", "rsa:2048",
"-keyout", self.data['keypath'], "-noout"])
if not key.success:
print("Error generating key: %s" % key.error)
return
os.chmod(self.data['keypath'], stat.S_IRUSR | stat.S_IWUSR) # 0600
csr = cmd.run(["openssl", "req", "-batch", "-new", "-subj", subject,
"-key", self.data['keypath']])
if not csr.success:
print("Error generating certificate signing request: %s" %
csr.error)
return
cert = cmd.run(["openssl", "x509", "-req", "-days", "1000",
"-signkey", self.data['keypath'],
"-out", self.data['certpath']],
inputdata=csr.stdout)
if not cert.success:
print("Error signing certificate: %s" % cert.error)
return
def __init__(self):
self.config = None
self._proxy = None
self.logger = logging.getLogger('bcfg2')
self.cmd = Executor(Bcfg2.Options.setup.probe_timeout)
self.tools = []
self.times = dict()
self.times['initialization'] = time.time()
if Bcfg2.Options.setup.bundle_quick:
if (not Bcfg2.Options.setup.only_bundles and
not Bcfg2.Options.setup.except_bundles):
self.logger.error("-Q option requires -b or -B")
raise SystemExit(1)
if Bcfg2.Options.setup.remove == 'services':
self.logger.error("Service removal is nonsensical; "
"removed services will only be disabled")
if not Bcfg2.Options.setup.server.startswith('https://'):
Bcfg2.Options.setup.server = \
'https://' + Bcfg2.Options.setup.server
#: A dict of the state of each entry. Keys are the entries.
#: Values are boolean: True means that the entry is good,
#: False means that the entry is bad.
self.states = {}
self.whitelist = []
self.blacklist = []
self.removal = []
self.unhandled = []
self.logger = logging.getLogger(__name__)
def __init__(self, core, datastore):
Bcfg2.Server.Plugin.Plugin.__init__(self, core, datastore)
Bcfg2.Server.Plugin.Generator.__init__(self)
Bcfg2.Server.Plugin.PullTarget.__init__(self)
self.ipcache = {}
self.namecache = {}
self.__skn = False
# keep track of which bogus keys we've warned about, and only
# do so once
self.badnames = dict()
self.fam = Bcfg2.Server.FileMonitor.get_fam()
self.fam.AddMonitor(self.data, self)
self.static = dict()
self.entries = dict()
self.Entries['Path'] = dict()
self.entries['/etc/ssh/ssh_known_hosts'] = \
KnownHostsEntrySet(self.data)
self.Entries['Path']['/etc/ssh/ssh_known_hosts'] = self.build_skn
for keypattern in self.keypatterns:
self.entries["/etc/ssh/" + keypattern] = \
HostKeyEntrySet(keypattern, self.data)
self.Entries['Path']["/etc/ssh/" + keypattern] = self.build_hk
self.cmd = Executor()
def __init__(self, core):
Bcfg2.Server.Plugin.Version.__init__(self, core)
self.revision = None
self.svn_root = None
self.client = None
self.cmd = None
if not HAS_SVN:
self.logger.debug("Svn: PySvn not found, using CLI interface to "
"SVN")
self.cmd = Executor()
else:
self.client = pysvn.Client()
self.debug_log("Svn: Conflicts will be resolved with %s" %
Bcfg2.Options.setup.svn_conflict_resolution)
self.client.callback_conflict_resolver = self.conflict_resolver
if Bcfg2.Options.setup.svn_trust_ssl:
self.client.callback_ssl_server_trust_prompt = \
self.ssl_server_trust_prompt
if (Bcfg2.Options.setup.svn_user
and Bcfg2.Options.setup.svn_password):
self.client.callback_get_login = self.get_login
self.logger.debug("Svn: Initialized svn plugin with SVN directory %s" %
self.vcs_path)
def __init__(self, core, datastore):
Bcfg2.Server.Plugin.Version.__init__(self, core, datastore)
self.revision = None
self.svn_root = None
self.client = None
self.cmd = None
if not HAS_SVN:
self.logger.debug("Svn: PySvn not found, using CLI interface to "
"SVN")
self.cmd = Executor()
else:
self.client = pysvn.Client()
# pylint: disable=E1101
choice = pysvn.wc_conflict_choice.postpone
try:
resolution = self.core.setup.cfp.get(
"svn",
"conflict_resolution").replace('-', '_')
if resolution in ["edit", "launch", "working"]:
self.logger.warning("Svn: Conflict resolver %s requires "
"manual intervention, using %s" %
choice)
else:
choice = getattr(pysvn.wc_conflict_choice, resolution)
except AttributeError:
self.logger.warning("Svn: Conflict resolver %s does not "
"exist, using %s" % choice)
except (ConfigParser.NoSectionError, ConfigParser.NoOptionError):
self.logger.info("Svn: No conflict resolution method "
"selected, using %s" % choice)
# pylint: enable=E1101
self.debug_log("Svn: Conflicts will be resolved with %s" %
choice)
self.client.callback_conflict_resolver = \
self.get_conflict_resolver(choice)
try:
if self.core.setup.cfp.get(
"svn",
"always_trust").lower() == "true":
self.client.callback_ssl_server_trust_prompt = \
self.ssl_server_trust_prompt
except (ConfigParser.NoSectionError, ConfigParser.NoOptionError):
self.logger.debug("Svn: Using subversion cache for SSL "
"certificate trust")
try:
if (self.core.setup.cfp.get("svn", "user") and
self.core.setup.cfp.get("svn", "password")):
self.client.callback_get_login = \
self.get_login
except (ConfigParser.NoSectionError, ConfigParser.NoOptionError):
self.logger.info("Svn: Using subversion cache for "
"password-based authetication")
self.logger.debug("Svn: Initialized svn plugin with SVN directory %s" %
self.vcs_path)
def __init__(self, fname):
CfgCreator.__init__(self, fname)
StructFile.__init__(self, fname)
pubkey_path = os.path.dirname(self.name) + ".pub"
pubkey_name = os.path.join(pubkey_path, os.path.basename(pubkey_path))
self.pubkey_creator = CfgPublicKeyCreator(pubkey_name)
self.setup = get_option_parser()
self.cmd = Executor()
def __init__(self, core):
Version.__init__(self, core)
if HAS_GITPYTHON:
self.repo = git.Repo(Bcfg2.Options.setup.vcs_root)
self.cmd = None
else:
self.logger.debug("Git: GitPython not found, using CLI interface "
"to Git")
self.repo = None
self.cmd = Executor()
self.logger.debug("Initialized git plugin with git directory %s" %
self.vcs_path)
def __init__(self):
self.toolset = None
self.tools = None
self.config = None
self._proxy = None
self.setup = Bcfg2.Options.get_option_parser()
if self.setup['debug']:
level = logging.DEBUG
elif self.setup['verbose']:
level = logging.INFO
else:
level = logging.WARNING
Bcfg2.Logger.setup_logging('bcfg2',
to_syslog=self.setup['syslog'],
level=level,
to_file=self.setup['logging'])
self.logger = logging.getLogger('bcfg2')
self.logger.debug(self.setup)
self.cmd = Executor(self.setup['command_timeout'])
if self.setup['bundle_quick']:
if not self.setup['bundle'] and not self.setup['skipbundle']:
self.logger.error("-Q option requires -b or -B")
raise SystemExit(1)
elif self.setup['remove']:
self.logger.error("-Q option incompatible with -r")
raise SystemExit(1)
if 'drivers' in self.setup and self.setup['drivers'] == 'help':
self.logger.info("The following drivers are available:")
self.logger.info(Bcfg2.Client.Tools.__all__)
raise SystemExit(0)
if self.setup['remove'] and 'services' in self.setup['remove'].lower():
self.logger.error("Service removal is nonsensical; "
"removed services will only be disabled")
if (self.setup['remove'] and
self.setup['remove'].lower() not in ['all', 'services', 'packages',
'users']):
self.logger.error("Got unknown argument %s for -r" %
self.setup['remove'])
if self.setup["file"] and self.setup["cache"]:
print("cannot use -f and -c together")
raise SystemExit(1)
if not self.setup['server'].startswith('https://'):
self.setup['server'] = 'https://' + self.setup['server']
def run(self, setup):
if setup.outfile:
fmt = setup.outfile.split('.')[-1]
else:
fmt = 'png'
exc = Executor()
cmd = ["dot", "-T", fmt]
if setup.outfile:
cmd.extend(["-o", setup.outfile])
inputlist = ["digraph groups {",
'\trankdir="LR";',
self.metadata.viz(setup.includehosts,
setup.includebundles,
setup.includekey,
setup.only_client,
self.colors)]
if setup.includekey:
inputlist.extend(
["\tsubgraph cluster_key {",
'\tstyle="filled";',
'\tcolor="lightblue";',
'\tBundle [ shape="septagon" ];',
'\tGroup [shape="ellipse"];',
'\tGroup Category [shape="trapezium"];\n',
'\tProfile [style="bold", shape="ellipse"];',
'\tHblock [label="Host1|Host2|Host3",shape="record"];',
'\tlabel="Key";',
"\t}"])
inputlist.append("}")
idata = "\n".join(inputlist)
try:
result = exc.run(cmd, inputdata=idata)
except OSError:
# on some systems (RHEL 6), you cannot run dot with
# shell=True. on others (Gentoo with Python 2.7), you
# must. In yet others (RHEL 5), either way works. I have
# no idea what the difference is, but it's kind of a PITA.
result = exc.run(cmd, shell=True, inputdata=idata)
if not result.success:
self.errExit("Error running %s: %s" % (cmd, result.error))
if not setup.outfile:
print(result.stdout)
def create_data(self, entry, metadata):
self.logger.info("Cfg: Generating new SSL key for %s" % self.name)
spec = self.XMLMatch(metadata)
key = spec.find("Key")
if not key:
key = dict()
ktype = key.get('type', 'rsa')
bits = key.get('bits', '2048')
if ktype == 'rsa':
cmd = ["openssl", "genrsa", bits]
elif ktype == 'dsa':
cmd = ["openssl", "dsaparam", "-noout", "-genkey", bits]
result = Executor().run(cmd)
if not result.success:
raise CfgCreationError("Failed to generate key %s for %s: %s" %
(self.name, metadata.hostname,
result.error))
self.write_data(result.stdout, **self.get_specificity(metadata))
return result.stdout
def __init__(self, *args, **kwargs):
Bcfg2.Server.Lint.ServerlessPlugin.__init__(self, *args, **kwargs)
#: A dict of <file glob>: <schema file> that maps files in the
#: Bcfg2 specification to their schemas. The globs are
#: extended :mod:`fnmatch` globs that also support ``**``,
#: which matches any number of any characters, including
#: forward slashes. The schema files are relative to the
#: schema directory, which can be controlled by the
#: ``bcfg2-lint --schema`` option.
self.filesets = \
{"Metadata/groups.xml": "metadata.xsd",
"Metadata/clients.xml": "clients.xsd",
"Cfg/**/info.xml": "info.xsd",
"Cfg/**/privkey.xml": "privkey.xsd",
"Cfg/**/pubkey.xml": "pubkey.xsd",
"Cfg/**/authorizedkeys.xml": "authorizedkeys.xsd",
"Cfg/**/authorized_keys.xml": "authorizedkeys.xsd",
"Cfg/**/sslcert.xml": "sslca-cert.xsd",
"Cfg/**/sslkey.xml": "sslca-key.xsd",
"SSHbase/**/info.xml": "info.xsd",
"TGenshi/**/info.xml": "info.xsd",
"TCheetah/**/info.xml": "info.xsd",
"Bundler/*.xml": "bundle.xsd",
"Bundler/*.genshi": "bundle.xsd",
"Pkgmgr/*.xml": "pkglist.xsd",
"Rules/*.xml": "rules.xsd",
"Defaults/*.xml": "defaults.xsd",
"etc/report-configuration.xml": "report-configuration.xsd",
"Deps/*.xml": "deps.xsd",
"Decisions/*.xml": "decisions.xsd",
"Packages/sources.xml": "packages.xsd",
"GroupPatterns/config.xml": "grouppatterns.xsd",
"AWSTags/config.xml": "awstags.xsd",
"NagiosGen/config.xml": "nagiosgen.xsd",
"FileProbes/config.xml": "fileprobes.xsd",
"GroupLogic/groups.xml": "grouplogic.xsd"
}
self.filelists = {}
self.get_filelists()
self.cmd = Executor()
def Visualize(self,
hosts=False,
bundles=False,
key=False,
only_client=None,
output=None):
"""Build visualization of groups file."""
if output:
fmt = output.split('.')[-1]
else:
fmt = 'png'
exc = Executor()
cmd = ["dot", "-T", fmt]
if output:
cmd.extend(["-o", output])
idata = [
"digraph groups {", '\trankdir="LR";',
self.metadata.viz(hosts, bundles, key, only_client, self.colors)
]
if key:
idata.extend([
"\tsubgraph cluster_key {", '\tstyle="filled";',
'\tcolor="lightblue";', '\tBundle [ shape="septagon" ];',
'\tGroup [shape="ellipse"];',
'\tProfile [style="bold", shape="ellipse"];',
'\tHblock [label="Host1|Host2|Host3",shape="record"];',
'\tlabel="Key";', "\t}"
])
idata.append("}")
try:
result = exc.run(cmd, inputdata=idata)
except OSError:
# on some systems (RHEL 6), you cannot run dot with
# shell=True. on others (Gentoo with Python 2.7), you
# must. In yet others (RHEL 5), either way works. I have
# no idea what the difference is, but it's kind of a PITA.
result = exc.run(cmd, shell=True, inputdata=idata)
if not result.success:
print("Error running %s: %s" % (cmd, result.error))
raise SystemExit(result.retval)
def __init__(self, fname):
XMLCfgCreator.__init__(self, fname)
pubkey_path = os.path.dirname(self.name) + ".pub"
pubkey_name = os.path.join(pubkey_path, os.path.basename(pubkey_path))
self.pubkey_creator = CfgPublicKeyCreator(pubkey_name)
self.cmd = Executor()
def __init__(self, core, datastore):
Bcfg2.Server.Plugin.Version.__init__(self, core, datastore)
self.cmd = Executor()
self.logger.debug(
"Initialized Fossil plugin with fossil directory %s" %
self.vcs_path)
def __init__(self, name, specific, encoding):
CfgVerifier.__init__(self, name, specific, encoding)
self.cmd = []
self.exc = Executor(timeout=30)
def __init__(self, fname):
CfgCreator.__init__(self, fname)
StructFile.__init__(self, fname)
self.cfg = get_cfg()
self.core = self.cfg.core
self.cmd = Executor()
def __init__(self, core):
Bcfg2.Server.Plugin.Version.__init__(self, core)
self.cmd = Executor()
self.logger.debug("Initialized Darcs plugin with darcs directory %s" %
self.vcs_path)
def __init__(self, fname):
XMLCfgCreator.__init__(self, fname)
CfgVerifier.__init__(self, fname, None)
self.cmd = Executor()
self.cfg = get_cfg()
