summaryrefslogtreecommitdiff
path: root/cloudinit/config/cc_mcollective.py
blob: 1b0158ec95935655a12614c66a39d991b2bc9d43 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
# Copyright (C) 2009-2011 Canonical Ltd.
# Copyright (C) 2012 Hewlett-Packard Development Company, L.P.
#
# Author: Marc Cluet <marc.cluet@canonical.com>
# Based on code by Scott Moser <scott.moser@canonical.com>
# Author: Juerg Haefliger <juerg.haefliger@hp.com>
#
# This file is part of cloud-init. See LICENSE file for license information.

"""
Mcollective
-----------
**Summary:** install, configure and start mcollective

This module installs, configures and starts mcollective. If the ``mcollective``
key is present in config, then mcollective will be installed and started.

Configuration for ``mcollective`` can be specified in the ``conf`` key under
``mcollective``. Each config value consists of a key value pair and will be
written to ``/etc/mcollective/server.cfg``. The ``public-cert`` and
``private-cert`` keys, if present in conf may be used to specify the public and
private certificates for mcollective. Their values will be written to
``/etc/mcollective/ssl/server-public.pem`` and
``/etc/mcollective/ssl/server-private.pem``.

.. note::
    The ec2 metadata service is readable by non-root users.
    If security is a concern, use include-once and ssl urls.

**Internal name:** ``cc_mcollective``

**Module frequency:** per instance

**Supported distros:** all

**Config keys**::

    mcollective:
        conf:
            <key>: <value>
            public-cert: |
                -------BEGIN CERTIFICATE--------
                <cert data>
                -------END CERTIFICATE--------
            private-cert: |
                -------BEGIN CERTIFICATE--------
                <cert data>
                -------END CERTIFICATE--------
"""

import errno
import io

# Used since this can maintain comments
# and doesn't need a top level section
from configobj import ConfigObj

from cloudinit import log as logging
from cloudinit import subp, util

PUBCERT_FILE = "/etc/mcollective/ssl/server-public.pem"
PRICERT_FILE = "/etc/mcollective/ssl/server-private.pem"
SERVER_CFG = "/etc/mcollective/server.cfg"

LOG = logging.getLogger(__name__)


def configure(
    config,
    server_cfg=SERVER_CFG,
    pubcert_file=PUBCERT_FILE,
    pricert_file=PRICERT_FILE,
):
    # Read server.cfg (if it exists) values from the
    # original file in order to be able to mix the rest up.
    try:
        old_contents = util.load_file(server_cfg, quiet=False, decode=False)
        mcollective_config = ConfigObj(io.BytesIO(old_contents))
    except IOError as e:
        if e.errno != errno.ENOENT:
            raise
        else:
            LOG.debug(
                "Did not find file %s (starting with an empty config)",
                server_cfg,
            )
            mcollective_config = ConfigObj()
    for (cfg_name, cfg) in config.items():
        if cfg_name == "public-cert":
            util.write_file(pubcert_file, cfg, mode=0o644)
            mcollective_config["plugin.ssl_server_public"] = pubcert_file
            mcollective_config["securityprovider"] = "ssl"
        elif cfg_name == "private-cert":
            util.write_file(pricert_file, cfg, mode=0o600)
            mcollective_config["plugin.ssl_server_private"] = pricert_file
            mcollective_config["securityprovider"] = "ssl"
        else:
            if isinstance(cfg, str):
                # Just set it in the 'main' section
                mcollective_config[cfg_name] = cfg
            elif isinstance(cfg, (dict)):
                # Iterate through the config items, create a section if
                # it is needed and then add/or create items as needed
                if cfg_name not in mcollective_config.sections:
                    mcollective_config[cfg_name] = {}
                for (o, v) in cfg.items():
                    mcollective_config[cfg_name][o] = v
            else:
                # Otherwise just try to convert it to a string
                mcollective_config[cfg_name] = str(cfg)

    try:
        # We got all our config as wanted we'll copy
        # the previous server.cfg and overwrite the old with our new one
        util.copy(server_cfg, "%s.old" % (server_cfg))
    except IOError as e:
        if e.errno == errno.ENOENT:
            # Doesn't exist to copy...
            pass
        else:
            raise

    # Now we got the whole (new) file, write to disk...
    contents = io.BytesIO()
    mcollective_config.write(contents)
    util.write_file(server_cfg, contents.getvalue(), mode=0o644)


def handle(name, cfg, cloud, log, _args):

    # If there isn't a mcollective key in the configuration don't do anything
    if "mcollective" not in cfg:
        log.debug(
            "Skipping module named %s, no 'mcollective' key in configuration",
            name,
        )
        return

    mcollective_cfg = cfg["mcollective"]

    # Start by installing the mcollective package ...
    cloud.distro.install_packages(("mcollective",))

    # ... and then update the mcollective configuration
    if "conf" in mcollective_cfg:
        configure(config=mcollective_cfg["conf"])

    # restart mcollective to handle updated config
    subp.subp(["service", "mcollective", "restart"], capture=False)


# vi: ts=4 expandtab