Ignore:
Timestamp:
Aug 16, 2012, 10:28:08 AM (12 years ago)
Author:
ezyang
Message:
Refactor to support pushes to Wizard. This invalidates the old 'common' cache.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/host/credit-card/host.py

    r2269 r2297  
    1111HOST = socket.gethostname()
    1212
    13 # XXX test server and wizard server
    14 
    15 # UIDs (sketchy):
    16 #   signup 102
    17 #   fedora-ds 103 (sketchy, not true for b-b)
    18 #   logview 501 (really sketchy, since it's in the dynamic range)
     13PROD_GUESTS = frozenset([
     14    'bees-knees',
     15    'cats-whiskers',
     16    'busy-beaver',
     17    'pancake-bunny',
     18    'whole-enchilada',
     19    'real-mccoy',
     20    'old-faithful',
     21    'better-mousetrap',
     22    'shining-armor',
     23    'golden-egg',
     24    'miracle-cure',
     25    'lucky-star',
     26    ])
     27WIZARD_GUESTS = frozenset([
     28    'not-backward',
     29    ])
     30
     31COMMON_CREDS = {}
     32
     33# Format here assumes that we always chmod $USER:$USER,
     34# but note the latter refers to group...
     35#
     36# Important: no leading slashes!
     37COMMON_CREDS['all'] = [
     38    ('root', 0o600, 'root/.bashrc'),
     39    ('root', 0o600, 'root/.screenrc'),
     40    ('root', 0o600, 'root/.ssh/authorized_keys'),
     41    ('root', 0o600, 'root/.ssh/authorized_keys2'),
     42    ('root', 0o600, 'root/.vimrc'),
     43    ('root', 0o600, 'root/.k5login'),
     44    ]
     45
     46COMMON_CREDS['prod'] = [
     47    ('root', 0o600, 'root/.ldapvirc'),
     48    ('root', 0o600, 'etc/ssh/ssh_host_dsa_key'),
     49    ('root', 0o600, 'etc/ssh/ssh_host_key'),
     50    ('root', 0o600, 'etc/ssh/ssh_host_rsa_key'),
     51    ('root', 0o600, 'etc/pki/tls/private/scripts-1024.key'),
     52    ('root', 0o600, 'etc/pki/tls/private/scripts.key'),
     53    ('root', 0o600, 'etc/whoisd-password'),
     54    ('afsagent', 0o600, 'etc/daemon.keytab'),
     55
     56    ('root', 0o644, 'etc/ssh/ssh_host_dsa_key.pub'),
     57    ('root', 0o644, 'etc/ssh/ssh_host_key.pub'),
     58    ('root', 0o644, 'etc/ssh/ssh_host_rsa_key.pub'),
     59
     60    ('sql', 0o600, 'etc/sql-mit-edu.cfg.php'), # technically doesn't have to be secret anymore
     61    ('sql', 0o600, 'etc/sql-password'),
     62    ('signup', 0o600, 'etc/signup-ldap-pw'),
     63    ('logview', 0o600, 'home/logview/.k5login'), # XXX user must be created in Kickstart
     64    ]
     65
     66# note that these are duplicates with 'prod', but the difference
     67# is that the files DIFFER between wizard and prod
     68COMMON_CREDS['wizard'] = [
     69    ('root', 0o600, 'etc/ssh/ssh_host_dsa_key'),
     70    ('root', 0o600, 'etc/ssh/ssh_host_key'),
     71    ('root', 0o600, 'etc/ssh/ssh_host_rsa_key'),
     72    ('afsagent', 0o600, 'etc/daemon.keytab'),
     73
     74    ('root', 0o644, 'etc/ssh/ssh_host_dsa_key.pub'),
     75    ('root', 0o644, 'etc/ssh/ssh_host_key.pub'),
     76    ('root', 0o644, 'etc/ssh/ssh_host_rsa_key.pub'),
     77    ]
     78
     79MACHINE_CREDS = {}
     80
     81MACHINE_CREDS['all'] = [
     82    # XXX NEED TO CHECK THAT THE CONTENTS ARE SENSIBLE
     83    ('root', 0o600, 'etc/krb5.keytab'),
     84    ]
     85
     86MACHINE_CREDS['prod'] = [
     87    ('fedora-ds', 0o600, 'etc/dirsrv/keytab'),
     88    ]
     89
     90MACHINE_CREDS['wizard'] = []
    1991
    2092# Works for passwd and group, but be careful! They're different things!
     
    30102            r[row[0]] = int(row[2])
    31103    return r
    32 
    33 # Format here assumes that we always chmod $USER:$USER ...
    34 # but note the latter refers to group...
    35 COMMON_CREDS = [
    36     ('root', 0o600, 'root/.bashrc'),
    37     ('root', 0o600, 'root/.screenrc'),
    38     ('root', 0o600, 'root/.ssh/authorized_keys'),
    39     ('root', 0o600, 'root/.ssh/authorized_keys2'),
    40     ('root', 0o600, 'root/.vimrc'),
    41     ('root', 0o600, 'root/.k5login'),
    42     # punted /root/.ssh/known_hosts
    43 
    44     # XXX user must be created in Kickstart
    45     ('logview', 0o600, 'home/logview/.k5login'),
    46     ]
    47 
    48 COMMON_PROD_CREDS = [ # important: no leading slashes!
    49     ('root', 0o600, 'root/.ldapvirc'),
    50     ('root', 0o600, 'etc/ssh/ssh_host_dsa_key'),
    51     ('root', 0o600, 'etc/ssh/ssh_host_key'),
    52     ('root', 0o600, 'etc/ssh/ssh_host_rsa_key'),
    53     ('root', 0o600, 'etc/pki/tls/private/scripts-1024.key'),
    54     ('root', 0o600, 'etc/pki/tls/private/scripts.key'),
    55     ('root', 0o600, 'etc/whoisd-password'),
    56     ('afsagent', 0o600, 'etc/daemon.keytab'),
    57 
    58     ('root', 0o644, 'etc/ssh/ssh_host_dsa_key.pub'),
    59     ('root', 0o644, 'etc/ssh/ssh_host_key.pub'),
    60     ('root', 0o644, 'etc/ssh/ssh_host_rsa_key.pub'),
    61 
    62     ('sql', 0o600, 'etc/sql-mit-edu.cfg.php'), # technically doesn't have to be secret anymore
    63     ('sql', 0o600, 'etc/sql-password'),
    64     ('signup', 0o600, 'etc/signup-ldap-pw'),
    65     ]
    66 
    67 MACHINE_PROD_CREDS = [
    68     # XXX NEED TO CHECK THAT THESE ARE SENSIBLE
    69     ('root', 0o600, 'etc/krb5.keytab'),
    70     ('fedora-ds', 0o600, 'etc/dirsrv/keytab')
    71     ]
    72104
    73105def drop_caches():
     
    130162
    131163def main():
    132     usage = """usage: %prog [push|pull|pull-common] GUEST"""
     164    usage = """usage: %prog [push|pull] [common|machine] GUEST"""
    133165
    134166    parser = optparse.OptionParser(usage)
     
    136168    # reasonable thing to always try
    137169    parser.add_option('-t', '--types', dest="types", default="ext4,ext3",
    138             help="filesystem type(s)")
     170            help="filesystem type(s)") # same arg as 'mount'
    139171    parser.add_option('--creds-dir', dest="creds_dir", default="/root/creds",
    140172            help="directory to store/fetch credentials in")
     
    142174
    143175    if not os.path.isdir(options.creds_dir):
    144         raise Exception("/root/creds does not exist") # XXX STRING
     176        raise Exception("%s does not exist" % options.creds_dir)
    145177    # XXX check owned by root and appropriately chmodded
    146178
    147179    os.umask(0o077) # overly restrictive
    148180
    149     if len(args) != 2:
     181    if len(args) != 3:
    150182        parser.print_help()
    151183        raise Exception("Wrong number of arguments")
    152184
    153185    command = args[0]
    154     guest   = args[1]
     186    files   = args[1]
     187    guest   = args[2]
     188
     189    if guest in PROD_GUESTS:
     190        mode = 'prod'
     191    elif guest in WIZARD_GUESTS:
     192        mode = 'wizard'
     193    else:
     194        raise Exception("Unrecognized guest %s" % guest)
    155195
    156196    with WithMount(guest, options.types) as tmp_mount:
     
    178218                shutil.copyfile("%s/%s" % (tmp_mount, f), dest)
    179219
     220        # XXX ideally we should check these *before* we mount, but Python
     221        # makes that pretty annoying to do
    180222        if command == "push":
    181             push_files(COMMON_CREDS, 'common')
    182             push_files(COMMON_PROD_CREDS,  'common')
    183             push_files(MACHINE_PROD_CREDS, 'machine/%s' % guest)
     223            run = push_files
    184224        elif command == "pull":
    185             pull_files(MACHINE_PROD_CREDS, 'machine/%s' % guest)
    186         elif command == "pull-common":
    187             pull_files(COMMON_CREDS, 'common')
    188             pull_files(COMMON_PROD_CREDS,  'common')
     225            run = pull_files
     226        else:
     227            raise Exception("Unknown command %s, valid values are 'push' and 'pull'" % command)
     228
     229        if files == 'common':
     230            run(COMMON_CREDS['all'], 'all')
     231            run(COMMON_CREDS[mode], mode)
     232        elif files == 'machine':
     233            run(MACHINE_CREDS['all'], 'machine/%s' % guest)
     234            run(MACHINE_CREDS[mode], 'machine/%s' % guest)
     235        else:
     236            raise Exception("Unknown file set %s, valid values are 'common' and 'machine'" % files)
    189237
    190238if __name__ == "__main__":
Note: See TracChangeset for help on using the changeset viewer.