From f70bc5ddf301517863b48943cd3d8d6df5548c68 Mon Sep 17 00:00:00 2001 From: Marc Cluet Date: Mon, 25 Jul 2011 13:27:48 +0100 Subject: Added ssl cert support to mcollective --- cloudinit/CloudConfig/cc_mcollective.py | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) (limited to 'cloudinit/CloudConfig/cc_mcollective.py') diff --git a/cloudinit/CloudConfig/cc_mcollective.py b/cloudinit/CloudConfig/cc_mcollective.py index 9aae2d64..3b358302 100644 --- a/cloudinit/CloudConfig/cc_mcollective.py +++ b/cloudinit/CloudConfig/cc_mcollective.py @@ -50,10 +50,23 @@ def handle(name,cfg,cloud,log,args): # Read server.cfg values from original file in order to be able to mix the rest up mcollective_config.readfp(FakeSecHead(open('/etc/mcollective/server.cfg'))) for cfg_name, cfg in mcollective_cfg['conf'].iteritems(): - # Iterate throug the config items, we'll use ConfigParser.set - # to overwrite or create new items as needed - for o, v in cfg.iteritems(): - mcollective_config.set(cfg_name,o,v) + if cfg_name == 'public-cert': + publicrt_fh = open('/etc/mcollective/ssl/server-public.pem', 'w') + publicrt_fh.write(cfg) + publicrt_fh.close() + mcollective_config.set(cfg_name,'plugin.ssl_server_public','/etc/mcollective/ssl/server-public.pem') + mcollective_config.set(cfg_name,'securityprovider','ssl') + elif cfg_name == 'private-cert': + privcrt_fh = open('/etc/mcollective/ssl/server-private.pem', 'w') + privcrt_fh.write(cfg) + privcrt_fh.close() + mcollective_config.set(cfg_name,'plugin.ssl_server_private','/etc/mcollective/ssl/server-private.pem') + mcollective_config.set(cfg_name,'securityprovider','ssl') + else: + # Iterate throug the config items, we'll use ConfigParser.set + # to overwrite or create new items as needed + for o, v in cfg.iteritems(): + mcollective_config.set(cfg_name,o,v) # We got all our config as wanted we'll rename # the previous server.cfg and create our new one os.rename('/etc/mcollective/server.cfg','/etc/mcollective/server.cfg.old') -- cgit v1.2.3 From 690086473dccc7489dcb21ccade9c057762e35a3 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Tue, 26 Jul 2011 09:50:49 -0400 Subject: cc_mcollective: use util.write_file, change perms of private key file to 0600 --- cloudinit/CloudConfig/cc_mcollective.py | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'cloudinit/CloudConfig/cc_mcollective.py') diff --git a/cloudinit/CloudConfig/cc_mcollective.py b/cloudinit/CloudConfig/cc_mcollective.py index 3b358302..b894a7bb 100644 --- a/cloudinit/CloudConfig/cc_mcollective.py +++ b/cloudinit/CloudConfig/cc_mcollective.py @@ -24,6 +24,10 @@ import fileinput import StringIO import ConfigParser import cloudinit.CloudConfig as cc +import cloudinit.util as util + +pubcert_file = "/etc/mcollective/ssl/server-public.pem" +pricert_file = "/etc/mcollective/ssl/server-private.pem" # Our fake header section class FakeSecHead(object): @@ -51,16 +55,14 @@ def handle(name,cfg,cloud,log,args): mcollective_config.readfp(FakeSecHead(open('/etc/mcollective/server.cfg'))) for cfg_name, cfg in mcollective_cfg['conf'].iteritems(): if cfg_name == 'public-cert': - publicrt_fh = open('/etc/mcollective/ssl/server-public.pem', 'w') - publicrt_fh.write(cfg) - publicrt_fh.close() - mcollective_config.set(cfg_name,'plugin.ssl_server_public','/etc/mcollective/ssl/server-public.pem') + util.write_file(pubcert_file, cfg, mode=0644) + mcollective_config.set(cfg_name, + 'plugin.ssl_server_public', pubcert_file) mcollective_config.set(cfg_name,'securityprovider','ssl') elif cfg_name == 'private-cert': - privcrt_fh = open('/etc/mcollective/ssl/server-private.pem', 'w') - privcrt_fh.write(cfg) - privcrt_fh.close() - mcollective_config.set(cfg_name,'plugin.ssl_server_private','/etc/mcollective/ssl/server-private.pem') + util.write_file(pricert_file, cfg, mode=0600) + mcollective_config.set(cfg_name, + 'plugin.ssl_server_private', pricert_file) mcollective_config.set(cfg_name,'securityprovider','ssl') else: # Iterate throug the config items, we'll use ConfigParser.set -- cgit v1.2.3 From 155e519a63703183823ef9368e2fdb3a6b7b0c0a Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Tue, 26 Jul 2011 11:18:10 -0400 Subject: use util.write_file in cc_mcollective.py --- cloudinit/CloudConfig/cc_mcollective.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'cloudinit/CloudConfig/cc_mcollective.py') diff --git a/cloudinit/CloudConfig/cc_mcollective.py b/cloudinit/CloudConfig/cc_mcollective.py index b894a7bb..c7912aa4 100644 --- a/cloudinit/CloudConfig/cc_mcollective.py +++ b/cloudinit/CloudConfig/cc_mcollective.py @@ -75,14 +75,14 @@ def handle(name,cfg,cloud,log,args): outputfile = StringIO.StringIO() mcollective_config.write(outputfile) # Now we got the whole file, write to disk except first line - final_configfile = open('/etc/mcollective/server.cfg', 'wb') # Note below, that we've just used ConfigParser because it generally # works. Below, we remove the initial 'nullsection' header # and then change 'key = value' to 'key: value'. The global # search and replace of '=' with ':' could be problematic though. # this most likely needs fixing. - final_configfile.write(outputfile.getvalue().replace('[nullsection]\n','').replace(' =',':')) - final_configfile.close() + util.write_file('/etc/mcollective/server.cfg', + outputfile.getvalue().replace('[nullsection]\n','').replace(' =',':'), + mode=0644) # Start mcollective subprocess.check_call(['service', 'mcollective', 'start']) -- cgit v1.2.3