From 45c7bbf24ae3c6530f33ebb33c062818ad44816d Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Tue, 30 Oct 2012 11:35:46 -0400 Subject: added a module-level FAM object to avoid passing it as an argument a billion times --- src/lib/Bcfg2/Server/Plugins/Metadata.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/lib/Bcfg2/Server/Plugins/Metadata.py') diff --git a/src/lib/Bcfg2/Server/Plugins/Metadata.py b/src/lib/Bcfg2/Server/Plugins/Metadata.py index 5519d42b5..b64f91ccf 100644 --- a/src/lib/Bcfg2/Server/Plugins/Metadata.py +++ b/src/lib/Bcfg2/Server/Plugins/Metadata.py @@ -103,7 +103,6 @@ class XMLMetadataConfig(Bcfg2.Server.Plugin.XMLFileBacked): # so that XInclude'd files get properly watched fpath = os.path.join(metadata.data, basefile) Bcfg2.Server.Plugin.XMLFileBacked.__init__(self, fpath, - fam=metadata.core.fam, should_monitor=False) self.should_monitor = watch_clients self.metadata = metadata @@ -112,7 +111,7 @@ class XMLMetadataConfig(Bcfg2.Server.Plugin.XMLFileBacked): self.basedata = None self.basedir = metadata.data self.logger = metadata.logger - self.pseudo_monitor = isinstance(metadata.core.fam, + self.pseudo_monitor = isinstance(Bcfg2.Server.FileMonitor.get_fam(), Bcfg2.Server.FileMonitor.Pseudo) def _get_xdata(self): @@ -250,7 +249,7 @@ class XMLMetadataConfig(Bcfg2.Server.Plugin.XMLFileBacked): def add_monitor(self, fpath): self.extras.append(fpath) - if self.fam and self.should_monitor: + if self.should_monitor: self.fam.AddMonitor(fpath, self.metadata) def HandleEvent(self, event=None): @@ -469,7 +468,8 @@ class Metadata(Bcfg2.Server.Plugin.Metadata, (clients.xml or groups.xml, e.g.) """ if self.watch_clients: try: - self.core.fam.AddMonitor(os.path.join(self.data, fname), self) + Bcfg2.Server.FileMonitor.get_fam().AddMonitor( + os.path.join(self.data, fname), self) except: err = sys.exc_info()[1] msg = "Unable to add file monitor for %s: %s" % (fname, err) -- cgit v1.2.3-1-g7c22 From fd67a2735ada342251cb6baaa4e678532566e975 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Thu, 7 Feb 2013 10:00:37 -0500 Subject: moved common file locking code into Bcfg2.Utils --- src/lib/Bcfg2/Server/Plugins/Metadata.py | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'src/lib/Bcfg2/Server/Plugins/Metadata.py') diff --git a/src/lib/Bcfg2/Server/Plugins/Metadata.py b/src/lib/Bcfg2/Server/Plugins/Metadata.py index b64f91ccf..d74db5eb4 100644 --- a/src/lib/Bcfg2/Server/Plugins/Metadata.py +++ b/src/lib/Bcfg2/Server/Plugins/Metadata.py @@ -15,6 +15,7 @@ import Bcfg2.Server import Bcfg2.Server.Lint import Bcfg2.Server.Plugin import Bcfg2.Server.FileMonitor +from Bcfg2.Utils import locked from Bcfg2.Compat import MutableMapping, all, wraps # pylint: disable=W0622 from Bcfg2.version import Bcfg2VersionInfo @@ -27,15 +28,6 @@ except ImportError: LOGGER = logging.getLogger(__name__) -def locked(fd): - """ Acquire a lock on a file """ - try: - fcntl.lockf(fd, fcntl.LOCK_EX | fcntl.LOCK_NB) - except IOError: - return True - return False - - if HAS_DJANGO: class MetadataClientModel(models.Model, Bcfg2.Server.Plugin.PluginDatabaseModel): @@ -194,7 +186,7 @@ class XMLMetadataConfig(Bcfg2.Server.Plugin.XMLFileBacked): newcontents = lxml.etree.tostring(dataroot, xml_declaration=False, pretty_print=True).decode('UTF-8') - while locked(fd) == True: + while locked(fd): pass try: datafile.write(newcontents) -- cgit v1.2.3-1-g7c22 From 893acc1735794e6df9d290c30d9911621bb2a927 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Thu, 7 Feb 2013 10:01:16 -0500 Subject: Metadata: allowed setting global default authentication type --- src/lib/Bcfg2/Server/Plugins/Metadata.py | 32 ++++++++++++-------------------- 1 file changed, 12 insertions(+), 20 deletions(-) (limited to 'src/lib/Bcfg2/Server/Plugins/Metadata.py') diff --git a/src/lib/Bcfg2/Server/Plugins/Metadata.py b/src/lib/Bcfg2/Server/Plugins/Metadata.py index d74db5eb4..9fdee96ab 100644 --- a/src/lib/Bcfg2/Server/Plugins/Metadata.py +++ b/src/lib/Bcfg2/Server/Plugins/Metadata.py @@ -677,8 +677,7 @@ class Metadata(Bcfg2.Server.Plugin.Metadata, self.raddresses[clname] = set() self.raddresses[clname].add(caddr) if 'auth' in client.attrib: - self.auth[client.get('name')] = client.get('auth', - 'cert+password') + self.auth[client.get('name')] = client.get('auth') if 'uuid' in client.attrib: self.uuid[client.get('uuid')] = clname if client.get('secure', 'false').lower() == 'true': @@ -1192,7 +1191,8 @@ class Metadata(Bcfg2.Server.Plugin.Metadata, # look at cert.cN client = certinfo['commonName'] self.debug_log("Got cN %s; using as client name" % client) - auth_type = self.auth.get(client, 'cert+password') + auth_type = self.auth.get(client, + self.core.setup['authentication']) elif user == 'root': id_method = 'address' try: @@ -1215,12 +1215,8 @@ class Metadata(Bcfg2.Server.Plugin.Metadata, self.debug_log("Authenticating client %s" % client) # next we validate the address - if id_method == 'uuid': - addr_is_valid = True - else: - addr_is_valid = self.validate_client_address(client, address) - - if not addr_is_valid: + if (id_method != 'uuid' and + not self.validate_client_address(client, address)): return False if id_method == 'cert' and auth_type != 'cert+password': @@ -1230,23 +1226,19 @@ class Metadata(Bcfg2.Server.Plugin.Metadata, # we are done if cert+password not required return True - if client not in self.passwords: - if client in self.secure: - self.logger.error("Client %s in secure mode but has no " - "password" % address[0]) - return False - if password != self.password: - self.logger.error("Client %s used incorrect global password" % - address[0]) - return False + if client not in self.passwords and client in self.secure: + self.logger.error("Client %s in secure mode but has no password" % + address[0]) + return False + if client not in self.secure: if client in self.passwords: plist = [self.password, self.passwords[client]] else: plist = [self.password] if password not in plist: - self.logger.error("Client %s failed to use either allowed " - "password" % address[0]) + self.logger.error("Client %s failed to use an allowed password" + % address[0]) return False else: # client in secure mode and has a client password -- cgit v1.2.3-1-g7c22 From dc22e36574d4d4cdbde282906ef3e1d3c7fe7c94 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Thu, 7 Feb 2013 10:14:31 -0500 Subject: Metadata: process default client bootstrap mode properly --- src/lib/Bcfg2/Server/Plugins/Metadata.py | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'src/lib/Bcfg2/Server/Plugins/Metadata.py') diff --git a/src/lib/Bcfg2/Server/Plugins/Metadata.py b/src/lib/Bcfg2/Server/Plugins/Metadata.py index 9fdee96ab..e568c5c65 100644 --- a/src/lib/Bcfg2/Server/Plugins/Metadata.py +++ b/src/lib/Bcfg2/Server/Plugins/Metadata.py @@ -383,7 +383,7 @@ class MetadataGroup(tuple): class Metadata(Bcfg2.Server.Plugin.Metadata, - Bcfg2.Server.Plugin.Statistics, + Bcfg2.Server.Plugin.ClientRunHooks, Bcfg2.Server.Plugin.DatabaseBacked): """This class contains data for bcfg2 server metadata.""" __author__ = 'bcfg-dev@mcs.anl.gov' @@ -391,7 +391,7 @@ class Metadata(Bcfg2.Server.Plugin.Metadata, def __init__(self, core, datastore, watch_clients=True): Bcfg2.Server.Plugin.Metadata.__init__(self) - Bcfg2.Server.Plugin.Statistics.__init__(self, core, datastore) + Bcfg2.Server.Plugin.ClientRunHooks.__init__(self) Bcfg2.Server.Plugin.DatabaseBacked.__init__(self, core, datastore) self.watch_clients = watch_clients self.states = dict() @@ -1252,12 +1252,11 @@ class Metadata(Bcfg2.Server.Plugin.Metadata, return True # pylint: enable=R0911,R0912 - def process_statistics(self, meta, _): - """ Hook into statistics interface to toggle clients in - bootstrap mode """ - client = meta.hostname - if client in self.auth and self.auth[client] == 'bootstrap': - self.update_client(client, dict(auth='cert')) + def end_statistics(self, metadata): + """ Hook to toggle clients in bootstrap mode """ + if self.auth.get(metadata.hostname, + self.core.setup('authentication')) == 'bootstrap': + self.update_client(metadata.hostname, dict(auth='cert')) def viz(self, hosts, bundles, key, only_client, colors): """Admin mode viz support.""" -- cgit v1.2.3-1-g7c22