def conf_sudoer(self, username, nopasswd=False, remove=False):
doas_conf = "/etc/doas.conf"
doas = None
if not remove:
if not os.path.isfile(doas_conf):
# always allow root to become root
doas = "permit keepenv nopass root\n"
fileutil.append_file(doas_conf, doas)
if nopasswd:
doas = "permit keepenv nopass {0}\n".format(username)
else:
doas = "permit keepenv persist {0}\n".format(username)
fileutil.append_file(doas_conf, doas)
fileutil.chmod(doas_conf, 0o644)
else:
# Remove user from doas.conf
if os.path.isfile(doas_conf):
try:
content = fileutil.read_file(doas_conf)
doas = content.split("\n")
doas = [x for x in doas if username not in x]
fileutil.write_file(doas_conf, "\n".join(doas))
except IOError as err:
raise OSUtilError("Failed to remove sudoer: "
"{0}".format(err))
def conf_sudoer(self, username, nopasswd=False, remove=False):
sudoers_dir = conf.get_sudoers_dir()
sudoers_wagent = os.path.join(sudoers_dir, 'waagent')
if not remove:
# for older distros create sudoers.d
if not os.path.isdir(sudoers_dir):
sudoers_file = os.path.join(sudoers_dir, '../sudoers')
# create the sudoers.d directory
os.mkdir(sudoers_dir)
# add the include of sudoers.d to the /etc/sudoers
sudoers = '\n#includedir ' + sudoers_dir + '\n'
fileutil.append_file(sudoers_file, sudoers)
sudoer = None
if nopasswd:
sudoer = "{0} ALL=(ALL) NOPASSWD: ALL\n".format(username)
else:
sudoer = "{0} ALL=(ALL) ALL\n".format(username)
fileutil.append_file(sudoers_wagent, sudoer)
fileutil.chmod(sudoers_wagent, 0o440)
else:
#Remove user from sudoers
if os.path.isfile(sudoers_wagent):
try:
content = fileutil.read_file(sudoers_wagent)
sudoers = content.split("\n")
sudoers = [x for x in sudoers if username not in x]
fileutil.write_file(sudoers_wagent, "\n".join(sudoers))
except IOError as e:
raise OSUtilError("Failed to remove sudoer: {0}".format(e))
def conf_sudoer(self, username, nopasswd=False, remove=False):
doas_conf = "/etc/doas.conf"
doas = None
if not remove:
if not os.path.isfile(doas_conf):
# always allow root to become root
doas = "permit keepenv nopass root\n"
fileutil.append_file(doas_conf, doas)
if nopasswd:
doas = "permit keepenv nopass {0}\n".format(username)
else:
doas = "permit keepenv persist {0}\n".format(username)
fileutil.append_file(doas_conf, doas)
fileutil.chmod(doas_conf, 0o644)
else:
# Remove user from doas.conf
if os.path.isfile(doas_conf):
try:
content = fileutil.read_file(doas_conf)
doas = content.split("\n")
doas = [x for x in doas if username not in x]
fileutil.write_file(doas_conf, "\n".join(doas))
except IOError as err:
raise OSUtilError("Failed to remove sudoer: "
"{0}".format(err))
def conf_sudoer(self, username, nopasswd=False, remove=False):
sudoers_dir = conf.get_sudoers_dir()
sudoers_wagent = os.path.join(sudoers_dir, 'waagent')
if not remove:
# for older distros create sudoers.d
if not os.path.isdir(sudoers_dir):
sudoers_file = os.path.join(sudoers_dir, '../sudoers')
# create the sudoers.d directory
os.mkdir(sudoers_dir)
# add the include of sudoers.d to the /etc/sudoers
sudoers = '\n#includedir ' + sudoers_dir + '\n'
fileutil.append_file(sudoers_file, sudoers)
sudoer = None
if nopasswd:
sudoer = "{0} ALL=(ALL) NOPASSWD: ALL\n".format(username)
else:
sudoer = "{0} ALL=(ALL) ALL\n".format(username)
fileutil.append_file(sudoers_wagent, sudoer)
fileutil.chmod(sudoers_wagent, 0o440)
else:
#Remove user from sudoers
if os.path.isfile(sudoers_wagent):
try:
content = fileutil.read_file(sudoers_wagent)
sudoers = content.split("\n")
sudoers = [x for x in sudoers if username not in x]
fileutil.write_file(sudoers_wagent, "\n".join(sudoers))
except IOError as e:
raise OSUtilError("Failed to remove sudoer: {0}".format(e))
def set_dhcp_hostname(self, hostname):
dhcp_config_file_path = '/etc/sysconfig/network/dhcp'
hostname_send_setting = fileutil.get_line_startingwith(
'DHCLIENT_HOSTNAME_OPTION', dhcp_config_file_path)
if hostname_send_setting:
value = hostname_send_setting.split('=')[-1]
if value == '"AUTO"' or value == '"{0}"'.format(hostname):
# Return if auto send host-name is configured or the current
# hostname is already set up to be sent
return
else:
# Do not use update_conf_file as it moves the setting to the
# end of the file separating it from the contextual comment
new_conf = []
dhcp_conf = fileutil.read_file(dhcp_config_file_path).split(
'\n')
for entry in dhcp_conf:
if entry.startswith('DHCLIENT_HOSTNAME_OPTION'):
new_conf.append(
'DHCLIENT_HOSTNAME_OPTION="{0}"'.format(hostname))
continue
new_conf.append(entry)
fileutil.write_file(dhcp_config_file_path, '\n'.join(new_conf))
else:
fileutil.append_file(
dhcp_config_file_path,
'DHCLIENT_HOSTNAME_OPTION="{0}"'.format(hostname))
def openssl_to_openssh(self, input_file, output_file):
pubkey = fileutil.read_file(input_file)
try:
cryptutil = CryptUtil(conf.get_openssl_cmd())
ssh_rsa_pubkey = cryptutil.asn1_to_ssh(pubkey)
except CryptError as e:
raise OSUtilError(ustr(e))
fileutil.append_file(output_file, ssh_rsa_pubkey)
def openssl_to_openssh(self, input_file, output_file):
pubkey = fileutil.read_file(input_file)
try:
cryptutil = CryptUtil(conf.get_openssl_cmd())
ssh_rsa_pubkey = cryptutil.asn1_to_ssh(pubkey)
except CryptError as e:
raise OSUtilError(ustr(e))
fileutil.append_file(output_file, ssh_rsa_pubkey)
def test_append_file(self):
test_file = os.path.join(self.tmp_dir, self.test_file)
content = ustr(uuid.uuid4())
fileutil.append_file(test_file, content)
content_read = fileutil.read_file(test_file)
self.assertEquals(content, content_read)
os.remove(test_file)
def test_append_file(self):
test_file=os.path.join(self.tmp_dir, self.test_file)
content = ustr(uuid.uuid4())
fileutil.append_file(test_file, content)
content_read = fileutil.read_file(test_file)
self.assertEquals(content, content_read)
os.remove(test_file)
def move_daemon_pid(controller, daemon_pid):
new_path = FileSystemCgroupsApi._get_agent_cgroup_path(controller)
logger.info("Writing daemon's PID ({0}) to {1}", daemon_pid,
new_path)
fileutil.append_file(os.path.join(new_path, "cgroup.procs"),
daemon_pid)
msg = "Moved daemon's PID from legacy cgroup to {0}".format(
new_path)
add_event(op=WALAEventOperation.CGroupsCleanUp,
is_success=True,
message=msg)
def create_agent_cgroup(cgroups_file_system_root, controller,
extension_handler_pid):
"""
Previous versions of the daemon (2.2.31-2.2.40) wrote their PID to /sys/fs/cgroup/{cpu,memory}/WALinuxAgent/WALinuxAgent;
starting from version 2.2.41 we track the agent service in walinuxagent.service instead of WALinuxAgent/WALinuxAgent.
This method creates a mock cgroup using the newer path and adds the given PID to it.
"""
new_cgroup = os.path.join(cgroups_file_system_root, controller,
VM_AGENT_CGROUP_NAME)
if not os.path.exists(new_cgroup):
os.makedirs(new_cgroup)
fileutil.append_file(os.path.join(new_cgroup, "cgroup.procs"),
extension_handler_pid + "\n")
return new_cgroup
def create_legacy_agent_cgroup(cgroups_file_system_root, controller,
daemon_pid):
"""
Previous versions of the daemon (2.2.31-2.2.40) wrote their PID to /sys/fs/cgroup/{cpu,memory}/WALinuxAgent/WALinuxAgent;
starting from version 2.2.41 we track the agent service in walinuxagent.service instead of WALinuxAgent/WALinuxAgent.
This method creates a mock cgroup using the legacy path and adds the given PID to it.
"""
legacy_cgroup = os.path.join(cgroups_file_system_root, controller,
"WALinuxAgent", "WALinuxAgent")
if not os.path.exists(legacy_cgroup):
os.makedirs(legacy_cgroup)
fileutil.append_file(os.path.join(legacy_cgroup, "cgroup.procs"),
daemon_pid + "\n")
return legacy_cgroup
def add(self, pid):
"""
Add a process to the cgroups for this agent/extension.
"""
if not self.enabled():
return
if self.is_wrapper_cgroup:
raise CGroupsException("Cannot add a process to the Agents+Extensions wrapper cgroup")
if not self._osutil.check_pid_alive(pid):
raise CGroupsException('PID {0} does not exist'.format(pid))
for hierarchy, cgroup in self.cgroups.items():
tasks_file = self._get_cgroup_file(hierarchy, 'cgroup.procs')
fileutil.append_file(tasks_file, "{0}\n".format(pid))
def add(self, pid):
"""
Add a process to the cgroups for this agent/extension.
"""
if not self.enabled():
return
if self.is_wrapper_cgroup:
raise CGroupsException("Cannot add a process to the Agents+Extensions wrapper cgroup")
if not self._osutil.check_pid_alive(pid):
raise CGroupsException('PID {0} does not exist'.format(pid))
for hierarchy, cgroup in self.cgroups.items():
tasks_file = self._get_cgroup_file(hierarchy, 'cgroup.procs')
fileutil.append_file(tasks_file, "{0}\n".format(pid))
def _add_process_to_cgroup(pid, cgroup_path):
tasks_file = os.path.join(cgroup_path, 'cgroup.procs')
fileutil.append_file(tasks_file, "{0}\n".format(pid))
logger.info("Added PID {0} to cgroup {1}".format(pid, cgroup_path))
def mock_append_file(filepath, contents, **kwargs):
if re.match(r'/.*/cpu/.*/cgroup.procs', filepath):
raise OSError(errno.ENOSPC, os.strerror(errno.ENOSPC))
fileutil.append_file(filepath, contents, **kwargs)