# Copyright (C) 2009-2011 Canonical Ltd.
# Copyright (C) 2012 Hewlett-Packard Development Company, L.P.
#
# Author: Marc Cluet <marc.cluet@canonical.com>
# Based on code by Scott Moser <scott.moser@canonical.com>
# Author: Juerg Haefliger <juerg.haefliger@hp.com>
#
# This file is part of cloud-init. See LICENSE file for license information.
""" Mcollective: Install, configure and start mcollective"""
import errno
import io
import logging
from textwrap import dedent
# Used since this can maintain comments
# and doesn't need a top level section
from configobj import ConfigObj
from cloudinit import subp, util
from cloudinit.cloud import Cloud
from cloudinit.config import Config
from cloudinit.config.schema import MetaSchema, get_meta_doc
from cloudinit.settings import PER_INSTANCE
PUBCERT_FILE = "/etc/mcollective/ssl/server-public.pem"
PRICERT_FILE = "/etc/mcollective/ssl/server-private.pem"
SERVER_CFG = "/etc/mcollective/server.cfg"
MODULE_DESCRIPTION = """\
This module installs, configures and starts mcollective. If the ``mcollective``
key is present in config, then mcollective will be installed and started.
Configuration for ``mcollective`` can be specified in the ``conf`` key under
``mcollective``. Each config value consists of a key value pair and will be
written to ``/etc/mcollective/server.cfg``. The ``public-cert`` and
``private-cert`` keys, if present in conf may be used to specify the public and
private certificates for mcollective. Their values will be written to
``/etc/mcollective/ssl/server-public.pem`` and
``/etc/mcollective/ssl/server-private.pem``.
.. note::
The ec2 metadata service is readable by non-root users.
If security is a concern, use include-once and ssl urls.
"""
distros = ["all"]
meta: MetaSchema = {
"id": "cc_mcollective",
"name": "Mcollective",
"title": "Install, configure and start mcollective",
"description": MODULE_DESCRIPTION,
"distros": distros,
"examples": [
dedent(
"""\
# Provide server private and public key and provide the following
# config settings in /etc/mcollective/server.cfg:
# loglevel: debug
# plugin.stomp.host: dbhost
# WARNING WARNING WARNING
# The ec2 metadata service is a network service, and thus is
# readable by non-root users on the system
# (ie: 'ec2metadata --user-data')
# If you want security for this, please use include-once + SSL urls
mcollective:
conf:
loglevel: debug
plugin.stomp.host: dbhost
public-cert: |
-------BEGIN CERTIFICATE--------
<cert data>
-------END CERTIFICATE--------
private-cert: |
-------BEGIN CERTIFICATE--------
<cert data>
-------END CERTIFICATE--------
"""
),
],
"frequency": PER_INSTANCE,
"activate_by_schema_keys": ["mcollective"],
}
__doc__ = get_meta_doc(meta)
LOG = logging.getLogger(__name__)
def configure(
config,
server_cfg=SERVER_CFG,
pubcert_file=PUBCERT_FILE,
pricert_file=PRICERT_FILE,
):
# Read server.cfg (if it exists) values from the
# original file in order to be able to mix the rest up.
try:
old_contents = util.load_file(server_cfg, quiet=False, decode=False)
mcollective_config = ConfigObj(io.BytesIO(old_contents))
except IOError as e:
if e.errno != errno.ENOENT:
raise
else:
LOG.debug(
"Did not find file %s (starting with an empty config)",
server_cfg,
)
mcollective_config = ConfigObj()
for cfg_name, cfg in config.items():
if cfg_name == "public-cert":
util.write_file(pubcert_file, cfg, mode=0o644)
mcollective_config["plugin.ssl_server_public"] = pubcert_file
mcollective_config["securityprovider"] = "ssl"
elif cfg_name == "private-cert":
util.write_file(pricert_file, cfg, mode=0o600)
mcollective_config["plugin.ssl_server_private"] = pricert_file
mcollective_config["securityprovider"] = "ssl"
else:
if isinstance(cfg, str):
# Just set it in the 'main' section
mcollective_config[cfg_name] = cfg
elif isinstance(cfg, (dict)):
# Iterate through the config items, create a section if
# it is needed and then add/or create items as needed
if cfg_name not in mcollective_config.sections:
mcollective_config[cfg_name] = {}
for o, v in cfg.items():
mcollective_config[cfg_name][o] = v
else:
# Otherwise just try to convert it to a string
mcollective_config[cfg_name] = str(cfg)
try:
# We got all our config as wanted we'll copy
# the previous server.cfg and overwrite the old with our new one
util.copy(server_cfg, "%s.old" % (server_cfg))
except IOError as e:
if e.errno == errno.ENOENT:
# Doesn't exist to copy...
pass
else:
raise
# Now we got the whole (new) file, write to disk...
contents = io.BytesIO()
mcollective_config.write(contents)
util.write_file(server_cfg, contents.getvalue(), mode=0o644)
def handle(name: str, cfg: Config, cloud: Cloud, args: list) -> None:
# If there isn't a mcollective key in the configuration don't do anything
if "mcollective" not in cfg:
LOG.debug(
"Skipping module named %s, no 'mcollective' key in configuration",
name,
)
return
mcollective_cfg = cfg["mcollective"]
# Start by installing the mcollective package ...
cloud.distro.install_packages(["mcollective"])
# ... and then update the mcollective configuration
if "conf" in mcollective_cfg:
configure(config=mcollective_cfg["conf"])
# restart mcollective to handle updated config
subp.subp(["service", "mcollective", "restart"], capture=False)
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| __pycache__ | Folder | 0755 |
|
|
| schemas | Folder | 0755 |
|
|
| __init__.py | File | 14 B | 0644 |
|
| cc_ansible.py | File | 8.69 KB | 0644 |
|
| cc_apk_configure.py | File | 5.66 KB | 0644 |
|
| cc_apt_configure.py | File | 41.99 KB | 0644 |
|
| cc_apt_pipelining.py | File | 2.71 KB | 0644 |
|
| cc_bootcmd.py | File | 2.85 KB | 0644 |
|
| cc_byobu.py | File | 3.65 KB | 0644 |
|
| cc_ca_certs.py | File | 9.13 KB | 0644 |
|
| cc_chef.py | File | 13.77 KB | 0644 |
|
| cc_disable_ec2_metadata.py | File | 2.03 KB | 0644 |
|
| cc_disk_setup.py | File | 32.36 KB | 0644 |
|
| cc_fan.py | File | 3.02 KB | 0644 |
|
| cc_final_message.py | File | 3.39 KB | 0644 |
|
| cc_growpart.py | File | 21.03 KB | 0644 |
|
| cc_grub_dpkg.py | File | 6.65 KB | 0644 |
|
| cc_install_hotplug.py | File | 3.81 KB | 0644 |
|
| cc_keyboard.py | File | 2.38 KB | 0644 |
|
| cc_keys_to_console.py | File | 3.61 KB | 0644 |
|
| cc_landscape.py | File | 5.31 KB | 0644 |
|
| cc_locale.py | File | 1.86 KB | 0644 |
|
| cc_lxd.py | File | 18.14 KB | 0644 |
|
| cc_mcollective.py | File | 6.1 KB | 0644 |
|
| cc_migrator.py | File | 3.49 KB | 0644 |
|
| cc_mounts.py | File | 19.71 KB | 0644 |
|
| cc_ntp.py | File | 20.69 KB | 0644 |
|
| cc_package_update_upgrade_install.py | File | 4.54 KB | 0644 |
|
| cc_phone_home.py | File | 5.48 KB | 0644 |
|
| cc_power_state_change.py | File | 7.41 KB | 0644 |
|
| cc_puppet.py | File | 14.1 KB | 0644 |
|
| cc_reset_rmc.py | File | 4.47 KB | 0644 |
|
| cc_resizefs.py | File | 10.73 KB | 0644 |
|
| cc_resolv_conf.py | File | 4.98 KB | 0644 |
|
| cc_rh_subscription.py | File | 16.97 KB | 0644 |
|
| cc_rightscale_userdata.py | File | 4.28 KB | 0644 |
|
| cc_rsyslog.py | File | 13.48 KB | 0644 |
|
| cc_runcmd.py | File | 2.9 KB | 0644 |
|
| cc_salt_minion.py | File | 5.88 KB | 0644 |
|
| cc_scripts_per_boot.py | File | 1.66 KB | 0644 |
|
| cc_scripts_per_instance.py | File | 1.81 KB | 0644 |
|
| cc_scripts_per_once.py | File | 1.76 KB | 0644 |
|
| cc_scripts_user.py | File | 1.85 KB | 0644 |
|
| cc_scripts_vendor.py | File | 2.29 KB | 0644 |
|
| cc_seed_random.py | File | 4.72 KB | 0644 |
|
| cc_set_hostname.py | File | 5.13 KB | 0644 |
|
| cc_set_passwords.py | File | 10.97 KB | 0644 |
|
| cc_snap.py | File | 6.3 KB | 0644 |
|
| cc_spacewalk.py | File | 3.43 KB | 0644 |
|
| cc_ssh.py | File | 14.86 KB | 0644 |
|
| cc_ssh_authkey_fingerprints.py | File | 4.22 KB | 0644 |
|
| cc_ssh_import_id.py | File | 6.12 KB | 0644 |
|
| cc_timezone.py | File | 1.46 KB | 0644 |
|
| cc_ubuntu_advantage.py | File | 17 KB | 0644 |
|
| cc_ubuntu_autoinstall.py | File | 4.5 KB | 0644 |
|
| cc_ubuntu_drivers.py | File | 4.56 KB | 0644 |
|
| cc_update_etc_hosts.py | File | 5.16 KB | 0644 |
|
| cc_update_hostname.py | File | 3.87 KB | 0644 |
|
| cc_users_groups.py | File | 8.57 KB | 0644 |
|
| cc_wireguard.py | File | 9.22 KB | 0644 |
|
| cc_write_files.py | File | 6.66 KB | 0644 |
|
| cc_write_files_deferred.py | File | 1.68 KB | 0644 |
|
| cc_yum_add_repo.py | File | 7.45 KB | 0644 |
|
| cc_zypper_add_repo.py | File | 6.59 KB | 0644 |
|
| modules.py | File | 11.74 KB | 0644 |
|
| schema.py | File | 54.85 KB | 0644 |
|