Complete initial cleanup for refactoring/rework.

Some of the cleanups were the following

1. Using standard (logged) utility functions for sub process work, writing, reading files, and other file system/operating system options
2. Having distrobutions impelement there own subclasses to handle system specifics (if applicable)
3. Having a cloud wrapper that provides just the functionality we want to expose (cloud.py)
4. Using a path class instead of globals for all cloud init paths (it is configured via config)
5. Removal of as much shared global state as possible (there should be none, minus a set of constants)
6. Other various cleanups that remove transforms/handlers/modules from reading/writing/chmoding there own files. 
 a. They should be using util functions to take advantage of the logging that is now enabled in those util functions (very useful for debugging)
7. Urls being read and checked from a single module that serves this and only this purpose (+1 for code organization)
8. Updates to log whenever a transform decides not to run
9. Ensure whenever a exception is thrown (and possibly captured) that the util.logexc function is called 
 a. For debugging, tracing this is important to not just drop them on the floor.
10. Code shuffling into utils.py where it makes sense (and where it could serve a benefit for other code now or in the future)

1 files changed, 55 insertions, 38 deletions

diff --git a/cloudinit/transforms/cc_ssh.py b/cloudinit/transforms/cc_ssh.py
index 48eb58bc..db6848d9 100644
--- a/cloudinit/transforms/cc_ssh.py
+++ b/cloudinit/transforms/cc_ssh.py
@@ -18,15 +18,34 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import cloudinit.util as util
-import cloudinit.SshUtil as sshutil
 import os
 import glob
-import subprocess
 
-DISABLE_ROOT_OPTS = "no-port-forwarding,no-agent-forwarding," \
-"no-X11-forwarding,command=\"echo \'Please login as the user \\\"$USER\\\" " \
-"rather than the user \\\"root\\\".\';echo;sleep 10\""
+from cloudinit import util
+from cloudinit import ssh_util
+
+DISABLE_ROOT_OPTS = ( "no-port-forwarding,no-agent-forwarding," 
+"no-X11-forwarding,command=\"echo \'Please login as the user \\\"$USER\\\" " 
+"rather than the user \\\"root\\\".\';echo;sleep 10\"")
+
+key2file = {
+    "rsa_private": ("/etc/ssh/ssh_host_rsa_key", 0600),
+    "rsa_public": ("/etc/ssh/ssh_host_rsa_key.pub", 0644),
+    "dsa_private": ("/etc/ssh/ssh_host_dsa_key", 0600),
+    "dsa_public": ("/etc/ssh/ssh_host_dsa_key.pub", 0644),
+    "ecdsa_private": ("/etc/ssh/ssh_host_ecdsa_key", 0600),
+    "ecdsa_public": ("/etc/ssh/ssh_host_ecdsa_key.pub", 0644),
+}
+
+priv2pub = {
+    'rsa_private': 'rsa_public', 
+    'dsa_private': 'dsa_public',
+    'ecdsa_private': 'ecdsa_public',
+}
+
+key_gen_tpl = 'o=$(ssh-keygen -yf "%s") && echo "$o" root@localhost > "%s"'
+
+generate_keys = ['rsa', 'dsa', 'ecdsa']
 
 
 def handle(_name, cfg, cloud, log, _args):
@@ -35,72 +54,70 @@ def handle(_name, cfg, cloud, log, _args):
     if cfg.get("ssh_deletekeys", True):
         for f in glob.glob("/etc/ssh/ssh_host_*key*"):
             try:
-                os.unlink(f)
+                util.del_file(f)
             except:
-                pass
-
+                util.logexc(log, "Failed deleting key file %s", f)
+    
     if "ssh_keys" in cfg:
         # if there are keys in cloud-config, use them
-        key2file = {
-            "rsa_private": ("/etc/ssh/ssh_host_rsa_key", 0600),
-            "rsa_public": ("/etc/ssh/ssh_host_rsa_key.pub", 0644),
-            "dsa_private": ("/etc/ssh/ssh_host_dsa_key", 0600),
-            "dsa_public": ("/etc/ssh/ssh_host_dsa_key.pub", 0644),
-            "ecdsa_private": ("/etc/ssh/ssh_host_ecdsa_key", 0600),
-            "ecdsa_public": ("/etc/ssh/ssh_host_ecdsa_key.pub", 0644),
-        }
-
-        for key, val in cfg["ssh_keys"].items():
+        for (key, val) in cfg["ssh_keys"].iteritems():
             if key in key2file:
-                util.write_file(key2file[key][0], val, key2file[key][1])
-
-        priv2pub = {'rsa_private': 'rsa_public', 'dsa_private': 'dsa_public',
-                    'ecdsa_private': 'ecdsa_public', }
-
+                tgt_fn = key2file[key][0]
+                tgt_perms = key2file[key][1]
+                util.write_file(tgt_fn, val, tgt_perms)
+    
         cmd = 'o=$(ssh-keygen -yf "%s") && echo "$o" root@localhost > "%s"'
         for priv, pub in priv2pub.iteritems():
             if pub in cfg['ssh_keys'] or not priv in cfg['ssh_keys']:
                 continue
             pair = (key2file[priv][0], key2file[pub][0])
-            subprocess.call(('sh', '-xc', cmd % pair))
-            log.debug("generated %s from %s" % pair)
+            cmd = ['sh', '-xc', key_gen_tpl % pair]
+            try:
+                # TODO: Is this guard needed?
+                with util.SeLinuxGuard("/etc/ssh", recursive=True):
+                    util.subp(cmd, capture=False)
+                log.debug("Generated a key for %s from %s", pair[0], pair[1])
+            except:
+                util.logexc(log, "Failed generated a key for %s from %s", pair[0], pair[1])
     else:
         # if not, generate them
-        for keytype in util.get_cfg_option_list_or_str(cfg, 'ssh_genkeytypes',
-                                                      ['rsa', 'dsa', 'ecdsa']):
+        for keytype in util.get_cfg_option_list_or_str(cfg, 'ssh_genkeytypes', generate_keys):
             keyfile = '/etc/ssh/ssh_host_%s_key' % keytype
             if not os.path.exists(keyfile):
-                subprocess.call(['ssh-keygen', '-t', keytype, '-N', '',
-                                 '-f', keyfile])
-
-    util.restorecon_if_possible('/etc/ssh', recursive=True)
+                cmd = ['ssh-keygen', '-t', keytype, '-N', '', '-f', keyfile]
+                try:
+                    # TODO: Is this guard needed?
+                    with util.SeLinuxGuard("/etc/ssh", recursive=True):
+                        util.subp(cmd, capture=False)
+                except:
+                    util.logexc(log, "Failed generating key type %s to file %s", keytype, keyfile)
 
     try:
         user = util.get_cfg_option_str(cfg, 'user')
         disable_root = util.get_cfg_option_bool(cfg, "disable_root", True)
         disable_root_opts = util.get_cfg_option_str(cfg, "disable_root_opts",
             DISABLE_ROOT_OPTS)
-        keys = cloud.get_public_ssh_keys()
 
+        keys = cloud.get_public_ssh_keys() or []
         if "ssh_authorized_keys" in cfg:
             cfgkeys = cfg["ssh_authorized_keys"]
             keys.extend(cfgkeys)
 
         apply_credentials(keys, user, disable_root, disable_root_opts, log)
     except:
-        util.logexc(log)
-        log.warn("applying credentials failed!\n")
+        util.logexc(log, "Applying ssh credentials failed!")
 
 
 def apply_credentials(keys, user, disable_root,
                       disable_root_opts=DISABLE_ROOT_OPTS, log=None):
+
     keys = set(keys)
     if user:
-        sshutil.setup_user_keys(keys, user, '', log)
+        ssh_util.setup_user_keys(keys, user, '')
 
-    if disable_root:
+    if disable_root and user:
         key_prefix = disable_root_opts.replace('$USER', user)
     else:
         key_prefix = ''
 
-    sshutil.setup_user_keys(keys, 'root', key_prefix, log)
+    ssh_util.setup_user_keys(keys, 'root', key_prefix)