add cloud config support for apt_sources

This includes support for
- signing key import via 'keyid' and 'keyserver' or 'key'
- ppa:* support (provided by 'add-apt-repository')
  now there is a dependency on python-software-properties

2 files changed, 79 insertions, 26 deletions

diff --git a/ec2init/CloudConfig.py b/ec2init/CloudConfig.py
index bb19aa72..84b00fd8 100644
--- a/ec2init/CloudConfig.py
+++ b/ec2init/CloudConfig.py
@@ -85,30 +85,6 @@ class CloudConfig():
 			else:
 				return ec2Key
 
-	def add_ppa(self):
-		#value = self.cfg['apt_sources']
-		for ent in self.cfg['apt_sources']:
-			ppa = ent['source']
-			where = ppa.find('ppa:')
-			if where != -1:
-			  return ppa
-
-	def add_custom_repo(self):
-		sources = []
-		value = self.cfg['apt_sources']
-		for ent in self.cfg['apt_sources']:
-			if ent.has_key('keyserver'):
-				keyserver = ent['keyserver']
-			if ent.has_key('keyid'):
-				keyid = ent['keyid']
-			if ent.has_key('filename'):
-				filename = ent['filename']
-			source = ent['source']
-			if source.startswith("deb"):
-				sources.append(source)
-
-		return (keyserver,sources,keyid,filename)
-
     def handle(self, name, args):
         handler = None
         freq = None
@@ -123,12 +99,19 @@ class CloudConfig():
         update = util.get_cfg_option_bool(self.cfg, 'apt_update', False)
         upgrade = util.get_cfg_option_bool(self.cfg, 'apt_upgrade', False)
 
+
+        # process 'apt_sources'
+        if self.cfg.has_key('apt_sources'):
+            errors = add_sources(self.cfg['apt_sources'])
+            for e in errors:
+                warn("Source Error: %s\n" % ':'.join(e))
+
         pkglist = []
         if 'packages' in self.cfg:
             if isinstance(self.cfg['packages'],list):
                 pkglist = self.cfg['packages']
             else: pkglist.append(self.cfg['packages'])
-           
+
         if update or upgrade or pkglist:
             #retcode = subprocess.call(list)
 		    subprocess.Popen(['apt-get', 'update']).communicate()
@@ -148,7 +131,6 @@ class CloudConfig():
 
     def h_disable_ec2_metadata(self,name,args):
         if util.get_cfg_option_bool(self.cfg, "disable_ec2_metadata", False):
-            #fwall="iptables -A OUTPUT -p tcp --dport 80 --destination 169.254.169.254 -j REJECT"
             fwall="route add -host 169.254.169.254 reject"
             subprocess.call(fwall.split(' '))
 
@@ -245,3 +227,47 @@ def send_ssh_keys_to_console():
 def warn(str):
    sys.stderr.write("Warning:%s\n" % str)
 
+# srclist is a list of dictionaries, 
+# each entry must have: 'source'
+# may have: key, ( keyid and keyserver)
+def add_sources(srclist):
+    elst = []
+
+    for ent in srclist:
+        if not ent.has_key('source'):
+            elst.append([ "", "missing source" ])
+            continue
+
+        source=ent['source']
+        if source.startswith("ppa:"):
+            try: util.subp(["add-apt-repository",source])
+            except:
+                elst.append([source, "add-apt-repository failed"])
+                continue
+
+        if not ent.has_key('filename'):
+            ent['filename']='cloud_config_sources.list'
+
+        if not ent['filename'].startswith("/"):
+            ent['filename'] = "%s/%s" % \
+                ("/etc/apt/sources.list.d/", ent['filename'])
+
+        if ( ent.has_key('keyid') and not ent.has_key('key') ):
+            ks = "keyserver.ubuntu.com"
+            if ent.has_key('keyserver'): ks = ent['keyserver']
+            try:
+                ent['key'] = util.getkeybyid(ent['keyid'], ks)
+            except:
+                elst.append([source,"failed to get key from %s" % ks])
+                continue
+
+        if ent.has_key('key'):
+            try: util.subp(('apt-key', 'add', '-'), ent['key'])
+            except:
+                elst.append([source, "failed add key"])
+
+        try: util.write_file(ent['filename'], source + "\n")
+        except:
+            elst.append([source, "failed write to file %s" % ent['filename']])
+
+    return(elst)
diff --git a/ec2init/util.py b/ec2init/util.py
index 0737f117..ece5755a 100644
--- a/ec2init/util.py
+++ b/ec2init/util.py
@@ -1,6 +1,7 @@
 import yaml
 import os
 import errno
+import subprocess
 
 def read_conf(fname):
 	stream = file(fname)
@@ -42,3 +43,29 @@ def write_file(file,content,mode=0644):
         f.close()
         os.chmod(file,mode)
 
+# get keyid from keyserver
+def getkeybyid(keyid,keyserver):
+   shcmd="""
+   k=${1} ks=${2};
+   exec 2>/dev/null
+   [ -n "$k" ] || exit 1;
+   armour=$(gpg --list-keys --armour "${k}")
+   if [ -z "${armour}" ]; then
+      gpg --keyserver ${ks} --recv $k >/dev/null &&
+         armour=$(gpg --export --armour "${k}") &&
+         gpg --batch --yes --delete-keys "${k}"
+   fi
+   [ -n "${armour}" ] && echo "${armour}"
+   """
+   args=['sh', '-c', shcmd, "export-gpg-keyid", keyid, keyserver]
+   return(subp(args)[0])
+
+def subp(args, input=None):
+    s_in = None
+    if input is not None:
+        s_in = subprocess.PIPE
+    sp = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=s_in)
+    out,err = sp.communicate(input)
+    if sp.returncode is not 0:
+        raise subprocess.CalledProcessError(sp.returncode,args)
+    return(out,err)