def write_config():
allowed_subnets = Subnet.objects.filter(allow_proxy=True)
cidrs = [subnet.cidr for subnet in allowed_subnets]
config = Config.objects.get_configs([
'http_proxy', 'maas_proxy_port', 'use_peer_proxy',
'prefer_v4_proxy', 'enable_http_proxy'
])
http_proxy = config["http_proxy"]
upstream_proxy_enabled = (config["use_peer_proxy"] and http_proxy)
context = {
'allowed': allowed_subnets,
'modified': str(datetime.date.today()),
'fqdn': socket.getfqdn(),
'cidrs': cidrs,
'running_in_snap': snappy.running_in_snap(),
'snap_path': snappy.get_snap_path(),
'snap_data_path': snappy.get_snap_data_path(),
'snap_common_path': snappy.get_snap_common_path(),
'upstream_peer_proxy': upstream_proxy_enabled,
'dns_v4_first': config['prefer_v4_proxy'],
'maas_proxy_port': config['maas_proxy_port'],
}
proxy_enabled = config["enable_http_proxy"]
if proxy_enabled and upstream_proxy_enabled:
http_proxy_hostname = urlparse(http_proxy).hostname
http_proxy_port = urlparse(http_proxy).port
context.update({
'upstream_proxy_address': http_proxy_hostname,
'upstream_proxy_port': http_proxy_port,
})
template_path = locate_template('proxy', MAAS_PROXY_CONF_TEMPLATE)
template = tempita.Template.from_filename(template_path,
encoding="UTF-8")
try:
content = template.substitute(context)
except NameError as error:
raise ProxyConfigFail(*error.args)
# Squid prefers ascii.
content = content.encode("ascii")
target_path = get_proxy_config_path()
atomic_write(content, target_path, overwrite=True, mode=0o644)
def write_config(
allowed_cidrs,
peer_proxies=None,
prefer_v4_proxy=False,
maas_proxy_port=8000,
):
"""Write the proxy configuration."""
if peer_proxies is None:
peer_proxies = []
context = {
"modified": str(datetime.date.today()),
"fqdn": socket.getfqdn(),
"cidrs": allowed_cidrs,
"running_in_snap": snappy.running_in_snap(),
"snap_path": snappy.get_snap_path(),
"snap_data_path": snappy.get_snap_data_path(),
"snap_common_path": snappy.get_snap_common_path(),
"dns_v4_first": prefer_v4_proxy,
"maas_proxy_port": maas_proxy_port,
}
formatted_peers = []
for peer in peer_proxies:
formatted_peers.append({
"address": urlparse(peer).hostname,
"port": urlparse(peer).port
})
context["peers"] = formatted_peers
template_path = locate_template("proxy", MAAS_PROXY_CONF_TEMPLATE)
template = tempita.Template.from_filename(template_path, encoding="UTF-8")
try:
content = template.substitute(context)
except NameError as error:
raise ProxyConfigFail(*error.args)
# Squid prefers ascii.
content = content.encode("ascii")
target_path = get_proxy_config_path()
atomic_write(content, target_path, overwrite=True, mode=0o644)
def test_get_snap_common_path_returns_None(self):
self.patch(os, "environ", {})
self.assertIsNone(snappy.get_snap_common_path())
def test_get_snap_common_path_returns_path(self):
path = factory.make_name()
self.patch(os, "environ", {"SNAP_COMMON": path})
self.assertEqual(path, snappy.get_snap_common_path())
import os
from socket import gethostname
from threading import Lock
from time import sleep
from OpenSSL import crypto
from provisioningserver.path import get_tentative_data_path
from provisioningserver.utils.fs import NamedLock
from provisioningserver.utils.snappy import (
get_snap_common_path,
running_in_snap,
)
if running_in_snap():
MAAS_PRIVATE_KEY = os.path.join(get_snap_common_path(), "certificates",
"maas.key")
MAAS_PUBLIC_KEY = os.path.join(get_snap_common_path(), "certificates",
"maas.pub")
MAAS_CERTIFICATE = os.path.join(get_snap_common_path(), "certificates",
"maas.crt")
else:
MAAS_PRIVATE_KEY = get_tentative_data_path(
"/etc/maas/certificates/maas.key")
MAAS_PUBLIC_KEY = get_tentative_data_path(
"/etc/maas/certificates/maas.pub")
MAAS_CERTIFICATE = get_tentative_data_path(
"/etc/maas/certificates/maas.crt")
def generate_rsa_keys_if_needed():
import os
from socket import gethostname
from time import sleep
from OpenSSL import crypto
from provisioningserver.path import get_tentative_data_path
from provisioningserver.utils.fs import NamedLock
from provisioningserver.utils.snappy import (
get_snap_common_path,
running_in_snap,
)
if running_in_snap():
MAAS_PRIVATE_KEY = os.path.join(
get_snap_common_path(), "certificates", "maas.key"
)
MAAS_PUBLIC_KEY = os.path.join(
get_snap_common_path(), "certificates", "maas.pub"
)
MAAS_CERTIFICATE = os.path.join(
get_snap_common_path(), "certificates", "maas.crt"
)
else:
MAAS_PRIVATE_KEY = get_tentative_data_path(
"/etc/maas/certificates/maas.key"
)
MAAS_PUBLIC_KEY = get_tentative_data_path(
"/etc/maas/certificates/maas.pub"
)
MAAS_CERTIFICATE = get_tentative_data_path(
