From mboxrd@z Thu Jan 1 00:00:00 1970 From: rmccabe@sourceware.org Date: 13 Aug 2007 19:06:47 -0000 Subject: [Cluster-devel] conga ./clustermon.spec.in.in ./conga.spec.in. ... Message-ID: <20070813190647.923.qmail@sourceware.org> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit CVSROOT: /cvs/cluster Module name: conga Branch: RHEL5 Changes by: rmccabe at sourceware.org 2007-08-13 19:06:44 Modified files: . : clustermon.spec.in.in conga.spec.in.in luci/site/luci/var: Data.fs luci/utils : luci_admin Log message: - Update the luci zope database file - Update the changelog - Fix some nits in the luci_admin script that were hit by users in the field Patches: http://sourceware.org/cgi-bin/cvsweb.cgi/conga/clustermon.spec.in.in.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.18.2.22&r2=1.18.2.23 http://sourceware.org/cgi-bin/cvsweb.cgi/conga/conga.spec.in.in.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.45.2.52&r2=1.45.2.53 http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/var/Data.fs.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.15.2.21&r2=1.15.2.22 http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.50.2.4&r2=1.50.2.5 --- conga/clustermon.spec.in.in 2007/08/08 21:24:12 1.18.2.22 +++ conga/clustermon.spec.in.in 2007/08/13 19:06:01 1.18.2.23 @@ -195,7 +195,7 @@ %changelog * Wed Aug 08 2007 Ryan McCabe 0.10.0-4 - Fixed bz230451 (fence_xvm.key file is not automatically created. Should have a least a default) -- Related bz230451 +- Resolves: bz230451 * Mon Jul 30 2007 Ryan McCabe 0.10.0-3 - Fixed bz249351 (conga reports that ricci agent is unresponsive even though it's running) --- conga/conga.spec.in.in 2007/08/11 04:16:19 1.45.2.52 +++ conga/conga.spec.in.in 2007/08/13 19:06:01 1.45.2.53 @@ -310,9 +310,12 @@ ### changelog ### %changelog -* Wed Aug 08 2007 Ryan McCabe 0.10.0-4 +* Mon Aug 13 2007 Ryan McCabe 0.10.0-4 - Fixed bz230451 (fence_xvm.key file is not automatically created. Should have a least a default) -- Resolves bz230451 +- Fixed bz249097 (allow a space as a valid password char) +- Fixed bz250834 (ZeroDivisionError when attempting to click an empty lvm volume group) +- Resolves: bz249097 +- Related: bz230451 * Mon Jul 30 2007 Ryan McCabe 0.10.0-3 - Fixed bz245947 (luci/Conga cluster configuration tool not initializing cluster node members) Binary files /cvs/cluster/conga/luci/site/luci/var/Data.fs 2007/08/08 22:42:56 1.15.2.21 and /cvs/cluster/conga/luci/site/luci/var/Data.fs 2007/08/13 19:06:02 1.15.2.22 differ rcsdiff: /cvs/cluster/conga/luci/site/luci/var/Data.fs: diff failed --- conga/luci/utils/luci_admin 2007/08/10 18:32:54 1.50.2.4 +++ conga/luci/utils/luci_admin 2007/08/13 19:06:44 1.50.2.5 @@ -2,13 +2,13 @@ # Copyright (C) 2006-2007 Red Hat, Inc. -import sys, os, stat, select, string, pwd -from sys import stderr, argv +import sys, os, pwd +from select import select +from stat import S_ISREG import types import xml import xml.dom -from xml.dom import minidom - + sys.path.extend(( '/usr/lib/luci/zope/lib/python', '/usr/lib/luci/zope/lib/python/Products', @@ -25,14 +25,14 @@ )) from Products import __path__ -for i in ['/usr/lib/luci/zope/lib/python/Products', +for pdir in ['/usr/lib/luci/zope/lib/python/Products', '/usr/lib64/luci/zope/lib/python/Products', '/usr/lib64/luci/zope/lib64/python/Products', '/usr/lib64/zope/lib/python/Products', '/usr/lib64/zope/lib64/python/Products', '/usr/lib/zope/lib/python/Products']: - if os.path.isdir(i): - __path__.append(i) + if os.path.isdir(pdir): + __path__.append(pdir) LUCI_INIT_DEBUG = 0 @@ -59,6 +59,12 @@ SSL_HTTPS_PUBKEY_PATH = LUCI_CERT_DIR + SSL_HTTPS_PUBKEY_NAME SSL_KEYCONFIG_PATH = LUCI_CERT_DIR + SSL_KEYCONFIG_NAME +# only root should run this +if os.getuid() != 0: + sys.stderr.write('Only the \'root\' user can run %s\n' % sys.argv[0]) + sys.stderr.write('Try again with root privileges.\n') + sys.exit(2) + ssl_key_data = [ { 'id' : SSL_PRIVKEY_PATH, 'name': SSL_PRIVKEY_NAME, @@ -81,12 +87,14 @@ 'type': 'config', 'mode': 0644 } ] + for name in os.listdir(LUCI_PEERS_DIR): - path = LUCI_PEERS_DIR + name - if stat.S_ISREG(os.stat(path).st_mode): - ssl_key_data.append({'id' : path, - 'name' : path.lstrip(LUCI_CERT_DIR), - 'type' : 'public', + cert_path = LUCI_PEERS_DIR + name + if S_ISREG(os.stat(cert_path).st_mode): + ssl_key_data.append({ + 'id' : cert_path, + 'name' : cert_path.lstrip(LUCI_CERT_DIR), + 'type' : 'public', 'mode' : 0644}) #null = file(os.devnull, 'rwb+', 0) - available on python 2.4 and above!!! @@ -109,21 +117,42 @@ raise return luci except: - msg = 'Cannot find the \"' + LUCI_USER + '\" user.\n' + msg = 'Cannot find the "%s" user.\n' % LUCI_USER sys.stderr.write(msg) - raise msg - + raise Exception, msg + def set_default_passwd_reset_flag(): # set flag marking admin password has been set - uid, gid = get_luci_uid_gid() - open(LUCI_ADMIN_SET_PATH, 'w').write('True') + + try: + uid, gid = get_luci_uid_gid() + except: + sys.stderr.write('Unable to find the luci user\'s UID\n') + return False + + try: + open(LUCI_ADMIN_SET_PATH, 'w').write('True') + except IOError, e: + if e[0] != 2: + sys.stderr.write('Unable to open "%s" for writing: %s\n' \ + % (LUCI_ADMIN_SET_PATH, e[1])) + return False + except Exception, e: + sys.stderr.write('Unable to open "%s" for writing: %s\n' \ + % (LUCI_ADMIN_SET_PATH, str(e))) + return False + os.chown(LUCI_ADMIN_SET_PATH, uid, gid) os.chmod(LUCI_ADMIN_SET_PATH, 0640) return True def get_default_passwd_reset_flag(): - return open(LUCI_ADMIN_SET_PATH, 'r').read(16).strip() == 'True' + try: + return open(LUCI_ADMIN_SET_PATH, 'r').read(16).strip() == 'True' + except: + return False + return False def read_passwd(prompt, confirm_prompt): @@ -138,7 +167,7 @@ continue s2 = getpass(confirm_prompt) if s1 != s2: - print 'Passwords mismatch, try again' + print 'Password mismatch, try again' continue return s1 @@ -146,41 +175,37 @@ def restore_luci_db_fsattr(): uid, gid = -1, -1 + try: uid, gid = get_luci_uid_gid() except: return -1 - + try: os.chown(LUCI_DB_PATH, uid, gid) os.chmod(LUCI_DB_PATH, 0600) - for i in [ '.tmp', '.old', '.index', '.lock' ]: + + for fext in [ '.tmp', '.old', '.index', '.lock' ]: try: - os.chown(LUCI_DB_PATH + i, uid, gid) - os.chmod(LUCI_DB_PATH + i, 0600) - except: pass - except: - sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n') + os.chown('%s%s' % (LUCI_DB_PATH, fext), uid, gid) + os.chmod('%s%s' % (LUCI_DB_PATH, fext), 0600) + except: + pass + except Exception, e: + sys.stderr.write('Unable to change ownership of the Luci database back to user "%s": %s\n' % (LUCI_USER, str(e))) return -1 def set_zope_passwd(user, passwd): sys.stderr = null - import ZODB from ZODB.FileStorage import FileStorage from ZODB.DB import DB - import OFS from OFS.Application import AppInitializer - import OFS.Folder import AccessControl import AccessControl.User from AccessControl.AuthEncoding import SSHADigestScheme from AccessControl.SecurityManagement import newSecurityManager import transaction - import Products.CMFCore - import Products.CMFCore.MemberDataTool import App.ImageFile - import Products.PluggableAuthService.plugins.ZODBUserManager - import BTrees.OOBTree # Zope wants to open a www/ok.gif and images/error.gif # when you initialize the application object. This keeps # the AppInitializer(app).initialize() call below from failing. @@ -196,10 +221,10 @@ sys.stderr.write('It appears that Luci is running. Please stop Luci before attempting to reset passwords.\n') return -1 else: - sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n') + sys.stderr.write('Unable to open the Luci database \"' + LUCI_DB_PATH + '\":' + str(e) + '\n') return -1 except Exception, e: - sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n') + sys.stderr.write('Unable to open the Luci database \"' + LUCI_DB_PATH + '\":' + str(e) + '\n') return -1 try: @@ -238,10 +263,10 @@ if restore_luci_db_fsattr(): return -1 - + if user == 'admin' and ret == 0: set_default_passwd_reset_flag() - + return ret @@ -254,6 +279,7 @@ if not certList or len(certList) < 1: sys.stderr.write('Your backup file contains no certificate data. Please check that your backup file is not corrupt.\n') return -1 + uid, gid = -1, -1 try: uid, gid = get_luci_uid_gid() @@ -300,22 +326,14 @@ def luci_restore(argv): sys.stderr = null - import ZODB from ZODB.FileStorage import FileStorage from ZODB.DB import DB - import OFS from OFS.Application import AppInitializer - import OFS.Folder import AccessControl import AccessControl.User - from AccessControl.AuthEncoding import SSHADigestScheme from AccessControl.SecurityManagement import newSecurityManager import transaction - import Products.CMFCore - import Products.CMFCore.MemberDataTool import App.ImageFile - import Products.PluggableAuthService.plugins.ZODBUserManager - import BTrees.OOBTree from DateTime import DateTime App.ImageFile.__init__ = lambda x, y: None sys.stderr = orig_stderr @@ -497,7 +515,7 @@ try: title = str(s.getAttribute('title')) except: - title = '__luci__:system' + title = '' x.manage_addFolder(id, title) try: @@ -505,7 +523,8 @@ if not new_system: raise new_system.manage_acquiredPermissions([]) - new_system.manage_role('View', ['Access contents information','View']) + new_system.manage_role('View', + ['Access contents information', 'View']) except: transaction.abort() sys.stderr.write('An error occurred while restoring storage system \"' + id + '\"\n') @@ -556,7 +575,7 @@ title = c.getAttribute('title') if not title: - title = '__luci__:cluster' + title = '' else: title = str(title) @@ -567,7 +586,8 @@ if not new_cluster: raise new_cluster.manage_acquiredPermissions([]) - new_cluster.manage_role('View', ['Access contents information','View']) + new_cluster.manage_role('View', + ['Access contents information', 'View']) except: transaction.abort() sys.stderr.write('An error occurred while restoring the cluster \"' + id + '\"\n') @@ -606,7 +626,7 @@ newsys = str(newsys) stitle = i.getAttribute('title') if not stitle: - stitle = '__luci__:csystem:' + id + stitle = '' else: stitle = str(stitle) @@ -616,7 +636,8 @@ if not newcs: raise newcs.manage_acquiredPermissions([]) - newcs.manage_role('View', ['Access contents information','View']) + newcs.manage_role('View', + ['Access contents information', 'View']) except: transaction.abort() sys.stderr.write('An error occurred while restoring the storage system \"' + newsys + '\" for cluster \"' + id + '\"\n') @@ -655,24 +676,24 @@ return 0 # This function's ability to work is dependent -# upon the structure of @dict -def dataToXML(doc, dict, tltag): +# upon the structure of @obj_dict +def dataToXML(doc, obj_dict, tltag): node = doc.createElement(tltag) - for i in dict: - if isinstance(dict[i], types.DictType): + for i in obj_dict: + if isinstance(obj_dict[i], types.DictType): if i[-4:] == 'List': tagname = i else: tagname = tltag[:-4] - temp = dataToXML(doc, dict[i], tagname) + temp = dataToXML(doc, obj_dict[i], tagname) node.appendChild(temp) - elif isinstance(dict[i], types.StringType) or isinstance(dict[i], types.IntType): - node.setAttribute(i, str(dict[i])) - elif isinstance(dict[i], types.ListType): - if len(dict[i]) < 1: + elif isinstance(obj_dict[i], types.StringType) or isinstance(obj_dict[i], types.IntType): + node.setAttribute(i, str(obj_dict[i])) + elif isinstance(obj_dict[i], types.ListType): + if len(obj_dict[i]) < 1: continue temp = doc.createElement(i) - for x in dict[i]: + for x in obj_dict[i]: t = doc.createElement('ref') t.setAttribute('name', x) temp.appendChild(t.cloneNode(True)) @@ -681,23 +702,15 @@ def luci_backup(argv): sys.stderr = null - import ZODB from ZODB.FileStorage import FileStorage from ZODB.DB import DB - import OFS from OFS.Application import AppInitializer - import OFS.Folder import AccessControl import AccessControl.User - from AccessControl.AuthEncoding import SSHADigestScheme from AccessControl.SecurityManagement import newSecurityManager import transaction - import Products.CMFCore - import Products.CMFCore.MemberDataTool from CMFPlone.utils import getToolByName import App.ImageFile - import Products.PluggableAuthService.plugins.ZODBUserManager - import BTrees.OOBTree App.ImageFile.__init__ = lambda x, y: None sys.stderr = orig_stderr @@ -706,11 +719,6 @@ else: dbfn = LUCI_DB_PATH - if len(argv) > 1: - backupfn = argv[1] - else: - backupfn = LUCI_BACKUP_PATH - try: fs = FileStorage(dbfn) db = DB(fs) @@ -800,7 +808,7 @@ continue except: pass - + try: storagedir = app.luci.systems.storage clusterdir = app.luci.systems.cluster @@ -822,7 +830,7 @@ systems[i[0]]['permList'] = map(lambda x: x[0], filter(lambda x: len(x) > 1 and 'View' in x[1], roles.items())) else: systems[i[0]]['permList'] = {} - + if clusterdir and len(clusterdir): for i in clusterdir.objectItems(): cluster_name = i[0] @@ -854,7 +862,7 @@ db.close() fs.close() - backup = { + backup_data = { 'userList': users, 'systemList': systems, 'clusterList': clusters @@ -863,7 +871,7 @@ doc = xml.dom.minidom.Document() luciData = doc.createElement('luci') doc.appendChild(luciData) - dataNode = dataToXML(doc, backup, 'backupData') + dataNode = dataToXML(doc, backup_data, 'backupData') certList = doc.createElement('certificateList') for i in ssl_key_data: @@ -898,15 +906,16 @@ def _execWithCaptureErrorStatus(command, argv, searchPath = 0, root = '/', stdin = 0, catchfd = 1, catcherrfd = 2, closefd = -1): if not os.access (root + command, os.X_OK): - raise RuntimeError, command + " can not be run" + raise RuntimeError, '%s is not executable' % command (read, write) = os.pipe() - (read_err,write_err) = os.pipe() + (read_err, write_err) = os.pipe() childpid = os.fork() if (not childpid): # child - if (root and root != '/'): os.chroot (root) + if (root and root != '/'): + os.chroot (root) if isinstance(catchfd, tuple): for fd in catchfd: os.dup2(write, fd) @@ -943,7 +952,7 @@ rc_err = "" in_list = [read, read_err] while len(in_list) != 0: - i,o,e = select.select(in_list, [], [], 0.1) + i, o, e = select(in_list, [], [], 0.1) for fd in i: if fd == read: s = os.read(read, 1000) @@ -992,17 +1001,17 @@ command = '/bin/rm' args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH] _execWithCaptureErrorStatus(command, args) - + # /usr/bin/openssl genrsa -out /var/lib/luci/var/certs/privkey.pem 2048 > /dev/null 2>&1 command = '/usr/bin/openssl' args = [command, 'genrsa', '-out', SSL_PRIVKEY_PATH, '2048'] _execWithCaptureErrorStatus(command, args) - + # /usr/bin/openssl req -new -x509 -key /var/lib/luci/var/certs/privkey.pem -out /var/lib/luci/var/certs/cacert.pem -days 1825 -config /var/lib/luci/var/certs/cacert.config command = '/usr/bin/openssl' args = [command, 'req', '-new', '-x509', '-key', SSL_PRIVKEY_PATH, '-out', SSL_PUBKEY_PATH, '-days', '1825', '-config', SSL_KEYCONFIG_PATH] _execWithCaptureErrorStatus(command, args) - + # take ownership and restrict access try: uid, gid = get_luci_uid_gid() @@ -1015,7 +1024,7 @@ args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH] _execWithCaptureErrorStatus(command, args) return False - + return True @@ -1037,37 +1046,37 @@ sys.stderr.write('If you want to reset admin password, execute\n') sys.stderr.write('\t' + argv[0] + ' password\n') sys.exit(1) - + print 'Initializing the Luci server\n' - + print '\nCreating the \'admin\' user\n' - password = read_passwd('Enter password: ', 'Confirm password: ') + new_password = read_passwd('Enter password: ', 'Confirm password: ') print '\nPlease wait...' - if not set_zope_passwd('admin', password): + if not set_zope_passwd('admin', new_password): restore_luci_db_fsattr() print 'The admin password has been successfully set.' else: sys.stderr.write('Unable to set the admin user\'s password.\n') sys.exit(1) - + print 'Generating SSL certificates...' if generate_ssl_certs() == False: sys.stderr.write('failed. exiting ...\n') sys.exit(1) - + print 'Luci server has been successfully initialized' restart_message() - + return def password(argv): - password = None + passwd = None if '--random' in argv: print 'Resetting the admin user\'s password to some random value\n' try: rand = open('/dev/urandom', 'r') - password = rand.read(16) + passwd = rand.read(16) rand.close() except: sys.stderr.write('Unable to read from /dev/urandom\n') @@ -1078,12 +1087,12 @@ sys.stderr.write('To initialize it, execute\n') sys.stderr.write('\t' + argv[0] + ' init\n') sys.exit(1) - + print 'Resetting the admin user\'s password\n' - password = read_passwd('Enter new password: ', 'Confirm password: ') - + passwd = read_passwd('Enter new password: ', 'Confirm password: ') + print '\nPlease wait...' - if not set_zope_passwd('admin', password): + if not set_zope_passwd('admin', passwd): print 'The admin password has been successfully reset.' else: sys.stderr.write('Unable to set the admin user\'s password.\n') @@ -1118,7 +1127,7 @@ # The LUCI_BACKUP_DIR must not be world-writable # as the code below is obviously not safe against # races. - stat = os.stat(LUCI_BACKUP_PATH) + os.stat(LUCI_BACKUP_PATH) trynum = 1 basename = '/luci_backup-' @@ -1128,7 +1137,7 @@ try: os.rename(LUCI_BACKUP_PATH, oldbackup) except: - sys.stderr.stderr('Unable to rename the existing backup file.\n') + sys.stderr.write('Unable to rename the existing backup file.\n') sys.stderr.write('The Luci backup failed.\n') break trynum += 1 @@ -1162,8 +1171,10 @@ def restore(argv): print 'Restoring the Luci server...' - try: os.umask(077) - except: pass + try: + os.umask(077) + except: + pass if luci_restore(argv[2:]): ret = False @@ -1197,7 +1208,7 @@ def test_luci_installation(): # perform basic checks # TODO: do more tests - + # check if luci user and group are present on the system try: get_luci_uid_gid() @@ -1206,7 +1217,7 @@ sys.stderr.write('Mising luci\'s system account and group') sys.stderr.write('Recommended action: reinstall luci\n\n') sys.exit(3) - + return True @@ -1214,16 +1225,9 @@ if len(argv) < 2: luci_help(argv) sys.exit(1) - - # only root should run this - if os.getuid() != 0: - sys.stderr.write('Only \'root\' can run ' + argv[0] + '\n') - sys.stderr.write('Try again with root privileges.\n') - sys.exit(2) - # test if luci installation is OK test_luci_installation() - + if 'init' in argv: init(argv) elif 'backup' in argv: