diff options
| author | Seth Vidal <skvidal@fedoraproject.org> | 2007-10-18 10:45:02 -0400 |
|---|---|---|
| committer | Seth Vidal <skvidal@fedoraproject.org> | 2007-10-18 10:45:02 -0400 |
| commit | 967f120791f8f813890b83b2d767f0b3e682edea (patch) | |
| tree | 1ec4f004935669cc9a2d2cd7903c992a36f30fe5 | |
| parent | b4b771c5aced0739eb7a875bf126d21dbdaff06b (diff) | |
| download | func-967f120791f8f813890b83b2d767f0b3e682edea.tar.gz func-967f120791f8f813890b83b2d767f0b3e682edea.tar.xz func-967f120791f8f813890b83b2d767f0b3e682edea.zip | |
swap out minion-acl config file for minion-acl.d dir of .acl files
| -rw-r--r-- | etc/minion.conf | 3 | ||||
| -rw-r--r-- | etc/sample.acl (renamed from etc/minion-acl.conf) | 0 | ||||
| -rw-r--r-- | func.spec | 6 | ||||
| -rw-r--r-- | func/commonconfig.py | 2 | ||||
| -rwxr-xr-x | func/minion/server.py | 3 | ||||
| -rwxr-xr-x | func/minion/utils.py | 50 | ||||
| -rw-r--r-- | setup.py | 4 |
7 files changed, 42 insertions, 26 deletions
diff --git a/etc/minion.conf b/etc/minion.conf index dc4c0a1..f2e2b34 100644 --- a/etc/minion.conf +++ b/etc/minion.conf @@ -4,4 +4,5 @@ log_level = DEBUG certmaster = certmaster cert_dir = /etc/pki/func -acl_config = /etc/func/minion-acl.conf +acl_dir = /etc/func/minion-acl.d + diff --git a/etc/minion-acl.conf b/etc/sample.acl index 1a093a8..1a093a8 100644 --- a/etc/minion-acl.conf +++ b/etc/sample.acl @@ -41,9 +41,9 @@ rm -fr $RPM_BUILD_ROOT /etc/init.d/funcd /etc/init.d/certmaster %dir %{_sysconfdir}/%{name} +%dir %{_sysconfdir}/minion-acl.d/ %dir %{_sysconfdir}/pki/%{name} %config(noreplace) /etc/func/minion.conf -%config(noreplace) /etc/func/minion-acl.conf %config(noreplace) /etc/func/certmaster.conf %config(noreplace) /etc/logrotate.d/func_rotate %dir %{python_sitelib}/func @@ -76,6 +76,10 @@ fi %changelog +* Thu Oct 18 2007 Seth Vidal <skvidal at fedoraproject.org> 0.0.12-1 +- change out minion-acl.conf for minion-acl.d + + * Mon Oct 8 2007 Adrian Likins <alikins@redhat.com> - 0.0.12-1 - add cmd_modules diff --git a/func/commonconfig.py b/func/commonconfig.py index e3b1760..5c3485f 100644 --- a/func/commonconfig.py +++ b/func/commonconfig.py @@ -13,5 +13,5 @@ class FuncdConfig(BaseConfig): log_level = Option('INFO') certmaster = Option('certmaster') cert_dir = Option('/etc/pki/func') - acl_config = Option('/etc/func/minion-acl.conf') + acl_dir = Option('/etc/func/minion-acl.d') diff --git a/func/minion/server.py b/func/minion/server.py index c900a09..3ef7786 100755 --- a/func/minion/server.py +++ b/func/minion/server.py @@ -218,7 +218,8 @@ class FuncSSLXMLRPCServer(AuthedXMLRPCServer.AuthedSSLXMLRPCServer, return peer_cert.get_subject().CN def _check_acl(self, cert, ip, method, params): - acls = utils.get_acls_from_config(fn=self.config.acl_config) + acls = utils.get_acls_from_config(acldir=self.config.acl_dir) + # certmaster always gets to run things ca_cn = self._our_ca.get_subject().CN ca_hash = self._our_ca.subject_name_hash() diff --git a/func/minion/utils.py b/func/minion/utils.py index 447acc8..7599657 100755 --- a/func/minion/utils.py +++ b/func/minion/utils.py @@ -19,6 +19,7 @@ import sys import time import traceback import xmlrpclib +import glob import codes from func import certs @@ -158,35 +159,42 @@ def daemonize(pidfile=None): open(pidfile, "w").write(str(pid)) sys.exit(0) -def get_acls_from_config(fn='/etc/func/minion-acl.conf'): +def get_acls_from_config(acldir='/etc/func/minion-acl.d'): """ - takes a fn = filename of config file + takes a dir of .acl files returns a dict of hostname+hash = [methods, to, run] """ acls = {} - if not os.path.exists(fn): - print 'acl config file does not exist: %s' % fn - return acls - try: - fo = open(fn, 'r') - except (IOError, OSError), e: - print 'cannot open acl config file: %s' % e + if not os.path.exists(acldir): + print 'acl dir does not exist: %s' % acldir return acls - for line in fo.readlines(): - if line.startswith('#'): continue - if line.strip() == '': continue - line = line.replace('\n', '') - (host, methods) = line.split('=') - host = host.strip().lower() - methods = methods.strip() - methods = methods.replace(',',' ') - methods = methods.split() - if not acls.has_key(host): - acls[host] = [] - acls[host].extend(methods) + # get the set of files + acl_glob = '%s/*.acl' % acldir + files = glob.glob(acl_glob) + + for acl_file in files: + + try: + fo = open(acl_file, 'r') + except (IOError, OSError), e: + print 'cannot open acl config file: %s - %s' % (acl_file, e) + continue + + for line in fo.readlines(): + if line.startswith('#'): continue + if line.strip() == '': continue + line = line.replace('\n', '') + (host, methods) = line.split('=') + host = host.strip().lower() + methods = methods.strip() + methods = methods.replace(',',' ') + methods = methods.split() + if not acls.has_key(host): + acls[host] = [] + acls[host].extend(methods) return acls @@ -19,6 +19,7 @@ if __name__ == "__main__": logpath = "/var/log/%s/" % NAME pkipath = "/etc/pki/%s" % NAME rotpath = "/etc/logrotate.d" + aclpath = "%s/minion-acl.d" % etcpath setup( name="%s" % NAME, version = VERSION, @@ -48,7 +49,8 @@ if __name__ == "__main__": (rotpath, ['etc/func_rotate']), (logpath, []), (etcpath, []), - (pkipath, []) + (pkipath, []), + (aclpath, []) ], description = SHORT_DESC, long_description = LONG_DESC |