From bb3d6b1003538417bf7da40a9367245216072647 Mon Sep 17 00:00:00 2001 From: "Brian C. Lane" Date: Fri, 26 Jan 2018 16:53:12 -0800 Subject: [PATCH] Change config and paths With the API running as weldr the permissions on the yum directories needs to be accessable to it, as well as the results and queue/new directories. --- src/pylorax/api/config.py | 14 +++----- src/sbin/lorax-composer | 67 ++++++++++++++++++++++----------------- 2 files changed, 43 insertions(+), 38 deletions(-) diff --git a/src/pylorax/api/config.py b/src/pylorax/api/config.py index c3a56adb..b4663541 100644 --- a/src/pylorax/api/config.py +++ b/src/pylorax/api/config.py @@ -41,9 +41,11 @@ def configure(conf_file="/etc/lorax/composer.conf", root_dir="/", test_config=Fa # set defaults conf.add_section("composer") - conf.set("composer", "yum_conf", joinpaths(root_dir, "/var/lib/lorax/composer/yum.conf")) - conf.set("composer", "repo_dir", joinpaths(root_dir, "/var/lib/lorax/composer/repos.d/")) - conf.set("composer", "cache_dir", joinpaths(root_dir, "/var/cache/lorax/composer/yum/")) + conf.set("composer", "share_dir", os.path.realpath(joinpaths(root_dir, "/usr/share/lorax/composer/"))) + conf.set("composer", "lib_dir", os.path.realpath(joinpaths(root_dir, "/var/lib/lorax/composer/"))) + conf.set("composer", "yum_conf", os.path.realpath(joinpaths(root_dir, "/var/tmp/composer/yum.conf"))) + conf.set("composer", "repo_dir", os.path.realpath(joinpaths(root_dir, "/var/tmp/composer/repos.d/"))) + conf.set("composer", "cache_dir", os.path.realpath(joinpaths(root_dir, "/var/tmp/composer/cache/"))) conf.add_section("users") conf.set("users", "root", "1") @@ -58,10 +60,4 @@ def configure(conf_file="/etc/lorax/composer.conf", root_dir="/", test_config=Fa if os.path.isfile(conf_file): conf.read(conf_file) - # Create any missing directories - for section, key in [("composer", "yum_conf"), ("composer", "repo_dir"), ("composer", "cache_dir")]: - path = conf.get(section, key) - if not os.path.isdir(os.path.dirname(path)): - os.makedirs(os.path.dirname(path)) - return conf diff --git a/src/sbin/lorax-composer b/src/sbin/lorax-composer index 44e1c73a..43a1cb8a 100755 --- a/src/sbin/lorax-composer +++ b/src/sbin/lorax-composer @@ -63,8 +63,8 @@ def get_parser(): help="Path to logfile (/var/log/lorax-composer/composer.log)") parser.add_argument("--mockfiles", default="/var/tmp/bdcs-mockfiles/", metavar="MOCKFILES", help="Path to JSON files used for /api/mock/ paths (/var/tmp/bdcs-mockfiles/)") - parser.add_argument("--libdir", default="/var/lib/weldr", metavar="LIBDIR", - help="Path to queue and results directory (/var/lib/weldr/)") + parser.add_argument("--sharedir", type=os.path.abspath, metavar="SHAREDIR", + help="Directory containing all the templates. Overrides config file sharedir") parser.add_argument("-V", action="store_true", dest="showver", help="show program's version number and exit") parser.add_argument("-c", "--config", default="/etc/lorax/composer.conf", metavar="CONFIG", @@ -155,27 +155,6 @@ if __name__ == '__main__': except KeyError: errors.append("Missing group '%s'" % opts.group) - # Make sure the libdir path is setup correctly - if not os.path.exists(opts.libdir): - log.info("%s does not exist, creating it and the required subdirectories.", opts.libdir) - orig_umask = os.umask(0) - # Create the directories and set permissions and ownership - for p in ["queue/run", "queue/new", "results"]: - p_dir = joinpaths(opts.libdir, p) - os.makedirs(p_dir, 0o770) - os.chown(p_dir, 0, gid) - os.umask(orig_umask) - - # Check ownership and permissions on the libdir tree - for p in ["queue/run", "queue/new", "results"]: - p_dir = joinpaths(opts.libdir, p) - p_stat = os.stat(p_dir) - if p_stat.st_mode & 0o007 != 0: - errors.append("Incorrect permissions on %s, no 'other' permissions are allowed." % p_dir) - - if p_stat.st_gid != gid or p_stat.st_uid != 0: - errors.append("%s should be owned by root:%s" % (p_dir, opts.group)) - # Check the socket path to make sure it exists, and that ownership and permissions are correct. socket_dir = os.path.dirname(opts.socket) if not os.path.exists(socket_dir): @@ -208,12 +187,27 @@ if __name__ == '__main__': if opts.releasever: server.config["COMPOSER_CFG"].set("composer", "releasever", opts.releasever) - # Get a YumBase to share with the requests - yb = get_base_object(server.config["COMPOSER_CFG"]) - server.config["YUMLOCK"] = YumLock(yb=yb, lock=Lock()) + # Override the default sharedir + if opts.sharedir: + server.config["COMPOSER_CFG"].set("composer", "share_dir", opts.sharedir) - # Import example recipes - commit_recipe_directory(server.config["GITLOCK"].repo, "master", opts.RECIPES) + # Make sure the queue paths are setup correctly + lib_dir = server.config["COMPOSER_CFG"].get("composer", "lib_dir") + for p in ["queue/run", "queue/new", "results"]: + p_dir = joinpaths(lib_dir, p) + if not os.path.exists(p_dir): + log.info("%s does not exist, creating it.", p_dir) + orig_umask = os.umask(0) + os.makedirs(p_dir, 0o770) + os.chown(p_dir, 0, gid) + os.umask(orig_umask) + else: + p_stat = os.stat(p_dir) + if p_stat.st_mode & 0o007 != 0: + errors.append("Incorrect permissions on %s, no 'other' permissions are allowed." % p_dir) + + if p_stat.st_gid != gid or p_stat.st_uid != 0: + errors.append("%s should be owned by root:%s" % (p_dir, opts.group)) # Setup the Unix Domain Socket, remove old one, set ownership and permissions if os.path.exists(opts.socket): @@ -227,13 +221,28 @@ if __name__ == '__main__': # Start queue monitor thread as root cancel_q = QueueFactory("cancel") cancel_q.addMessage("cancel", 0) - cfg = DataHolder(composer_dir=opts.libdir, uid=uid, gid=gid) + cfg = DataHolder(composer_dir=lib_dir, uid=uid, gid=gid) p = mp.Process(target=monitor, args=(cfg, cancel_q)) p.daemon = True p.start() # Drop root privileges on the main process + os.setgid(gid) os.setuid(uid) + log.debug("user is now %s:%s", os.getresuid(), os.getresgid()) + + # Make sure yumbase directories are created + for p in ["yum_conf", "repo_dir", "cache_dir"]: + p_dir = os.path.dirname(server.config["COMPOSER_CFG"].get("composer", p)) + if not os.path.exists(p_dir): + os.makedirs(p_dir) + + # Get a YumBase to share with the requests + yb = get_base_object(server.config["COMPOSER_CFG"]) + server.config["YUMLOCK"] = YumLock(yb=yb, lock=Lock()) + + # Import example recipes + commit_recipe_directory(server.config["GITLOCK"].repo, "master", opts.RECIPES) log.info("Starting %s on %s with recipes from %s", VERSION, opts.socket, opts.RECIPES) http_server = WSGIServer(listener, server, log=LogWrapper(server_log))