summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorScott Moser <smoser@ubuntu.com>2011-07-26 09:50:49 -0400
committerScott Moser <smoser@ubuntu.com>2011-07-26 09:50:49 -0400
commit690086473dccc7489dcb21ccade9c057762e35a3 (patch)
treedf5271baa1c693e16de601d36005df14593ab658
parent149bfa0e4a2705bbe980a2335c5e7951e9b70925 (diff)
downloadvyos-cloud-init-690086473dccc7489dcb21ccade9c057762e35a3.tar.gz
vyos-cloud-init-690086473dccc7489dcb21ccade9c057762e35a3.zip
cc_mcollective: use util.write_file, change perms of private key file to 0600
-rw-r--r--cloudinit/CloudConfig/cc_mcollective.py18
1 files changed, 10 insertions, 8 deletions
diff --git a/cloudinit/CloudConfig/cc_mcollective.py b/cloudinit/CloudConfig/cc_mcollective.py
index 3b358302..b894a7bb 100644
--- a/cloudinit/CloudConfig/cc_mcollective.py
+++ b/cloudinit/CloudConfig/cc_mcollective.py
@@ -24,6 +24,10 @@ import fileinput
import StringIO
import ConfigParser
import cloudinit.CloudConfig as cc
+import cloudinit.util as util
+
+pubcert_file = "/etc/mcollective/ssl/server-public.pem"
+pricert_file = "/etc/mcollective/ssl/server-private.pem"
# Our fake header section
class FakeSecHead(object):
@@ -51,16 +55,14 @@ def handle(name,cfg,cloud,log,args):
mcollective_config.readfp(FakeSecHead(open('/etc/mcollective/server.cfg')))
for cfg_name, cfg in mcollective_cfg['conf'].iteritems():
if cfg_name == 'public-cert':
- publicrt_fh = open('/etc/mcollective/ssl/server-public.pem', 'w')
- publicrt_fh.write(cfg)
- publicrt_fh.close()
- mcollective_config.set(cfg_name,'plugin.ssl_server_public','/etc/mcollective/ssl/server-public.pem')
+ util.write_file(pubcert_file, cfg, mode=0644)
+ mcollective_config.set(cfg_name,
+ 'plugin.ssl_server_public', pubcert_file)
mcollective_config.set(cfg_name,'securityprovider','ssl')
elif cfg_name == 'private-cert':
- privcrt_fh = open('/etc/mcollective/ssl/server-private.pem', 'w')
- privcrt_fh.write(cfg)
- privcrt_fh.close()
- mcollective_config.set(cfg_name,'plugin.ssl_server_private','/etc/mcollective/ssl/server-private.pem')
+ util.write_file(pricert_file, cfg, mode=0600)
+ mcollective_config.set(cfg_name,
+ 'plugin.ssl_server_private', pricert_file)
mcollective_config.set(cfg_name,'securityprovider','ssl')
else:
# Iterate throug the config items, we'll use ConfigParser.set