Change config and paths
With the API running as weldr the permissions on the yum directories needs to be accessable to it, as well as the results and queue/new directories.
This commit is contained in:
parent
8b725a1cf5
commit
bb3d6b1003
@ -41,9 +41,11 @@ def configure(conf_file="/etc/lorax/composer.conf", root_dir="/", test_config=Fa
|
|||||||
|
|
||||||
# set defaults
|
# set defaults
|
||||||
conf.add_section("composer")
|
conf.add_section("composer")
|
||||||
conf.set("composer", "yum_conf", joinpaths(root_dir, "/var/lib/lorax/composer/yum.conf"))
|
conf.set("composer", "share_dir", os.path.realpath(joinpaths(root_dir, "/usr/share/lorax/composer/")))
|
||||||
conf.set("composer", "repo_dir", joinpaths(root_dir, "/var/lib/lorax/composer/repos.d/"))
|
conf.set("composer", "lib_dir", os.path.realpath(joinpaths(root_dir, "/var/lib/lorax/composer/")))
|
||||||
conf.set("composer", "cache_dir", joinpaths(root_dir, "/var/cache/lorax/composer/yum/"))
|
conf.set("composer", "yum_conf", os.path.realpath(joinpaths(root_dir, "/var/tmp/composer/yum.conf")))
|
||||||
|
conf.set("composer", "repo_dir", os.path.realpath(joinpaths(root_dir, "/var/tmp/composer/repos.d/")))
|
||||||
|
conf.set("composer", "cache_dir", os.path.realpath(joinpaths(root_dir, "/var/tmp/composer/cache/")))
|
||||||
|
|
||||||
conf.add_section("users")
|
conf.add_section("users")
|
||||||
conf.set("users", "root", "1")
|
conf.set("users", "root", "1")
|
||||||
@ -58,10 +60,4 @@ def configure(conf_file="/etc/lorax/composer.conf", root_dir="/", test_config=Fa
|
|||||||
if os.path.isfile(conf_file):
|
if os.path.isfile(conf_file):
|
||||||
conf.read(conf_file)
|
conf.read(conf_file)
|
||||||
|
|
||||||
# Create any missing directories
|
|
||||||
for section, key in [("composer", "yum_conf"), ("composer", "repo_dir"), ("composer", "cache_dir")]:
|
|
||||||
path = conf.get(section, key)
|
|
||||||
if not os.path.isdir(os.path.dirname(path)):
|
|
||||||
os.makedirs(os.path.dirname(path))
|
|
||||||
|
|
||||||
return conf
|
return conf
|
||||||
|
@ -63,8 +63,8 @@ def get_parser():
|
|||||||
help="Path to logfile (/var/log/lorax-composer/composer.log)")
|
help="Path to logfile (/var/log/lorax-composer/composer.log)")
|
||||||
parser.add_argument("--mockfiles", default="/var/tmp/bdcs-mockfiles/", metavar="MOCKFILES",
|
parser.add_argument("--mockfiles", default="/var/tmp/bdcs-mockfiles/", metavar="MOCKFILES",
|
||||||
help="Path to JSON files used for /api/mock/ paths (/var/tmp/bdcs-mockfiles/)")
|
help="Path to JSON files used for /api/mock/ paths (/var/tmp/bdcs-mockfiles/)")
|
||||||
parser.add_argument("--libdir", default="/var/lib/weldr", metavar="LIBDIR",
|
parser.add_argument("--sharedir", type=os.path.abspath, metavar="SHAREDIR",
|
||||||
help="Path to queue and results directory (/var/lib/weldr/)")
|
help="Directory containing all the templates. Overrides config file sharedir")
|
||||||
parser.add_argument("-V", action="store_true", dest="showver",
|
parser.add_argument("-V", action="store_true", dest="showver",
|
||||||
help="show program's version number and exit")
|
help="show program's version number and exit")
|
||||||
parser.add_argument("-c", "--config", default="/etc/lorax/composer.conf", metavar="CONFIG",
|
parser.add_argument("-c", "--config", default="/etc/lorax/composer.conf", metavar="CONFIG",
|
||||||
@ -155,27 +155,6 @@ if __name__ == '__main__':
|
|||||||
except KeyError:
|
except KeyError:
|
||||||
errors.append("Missing group '%s'" % opts.group)
|
errors.append("Missing group '%s'" % opts.group)
|
||||||
|
|
||||||
# Make sure the libdir path is setup correctly
|
|
||||||
if not os.path.exists(opts.libdir):
|
|
||||||
log.info("%s does not exist, creating it and the required subdirectories.", opts.libdir)
|
|
||||||
orig_umask = os.umask(0)
|
|
||||||
# Create the directories and set permissions and ownership
|
|
||||||
for p in ["queue/run", "queue/new", "results"]:
|
|
||||||
p_dir = joinpaths(opts.libdir, p)
|
|
||||||
os.makedirs(p_dir, 0o770)
|
|
||||||
os.chown(p_dir, 0, gid)
|
|
||||||
os.umask(orig_umask)
|
|
||||||
|
|
||||||
# Check ownership and permissions on the libdir tree
|
|
||||||
for p in ["queue/run", "queue/new", "results"]:
|
|
||||||
p_dir = joinpaths(opts.libdir, p)
|
|
||||||
p_stat = os.stat(p_dir)
|
|
||||||
if p_stat.st_mode & 0o007 != 0:
|
|
||||||
errors.append("Incorrect permissions on %s, no 'other' permissions are allowed." % p_dir)
|
|
||||||
|
|
||||||
if p_stat.st_gid != gid or p_stat.st_uid != 0:
|
|
||||||
errors.append("%s should be owned by root:%s" % (p_dir, opts.group))
|
|
||||||
|
|
||||||
# Check the socket path to make sure it exists, and that ownership and permissions are correct.
|
# Check the socket path to make sure it exists, and that ownership and permissions are correct.
|
||||||
socket_dir = os.path.dirname(opts.socket)
|
socket_dir = os.path.dirname(opts.socket)
|
||||||
if not os.path.exists(socket_dir):
|
if not os.path.exists(socket_dir):
|
||||||
@ -208,12 +187,27 @@ if __name__ == '__main__':
|
|||||||
if opts.releasever:
|
if opts.releasever:
|
||||||
server.config["COMPOSER_CFG"].set("composer", "releasever", opts.releasever)
|
server.config["COMPOSER_CFG"].set("composer", "releasever", opts.releasever)
|
||||||
|
|
||||||
# Get a YumBase to share with the requests
|
# Override the default sharedir
|
||||||
yb = get_base_object(server.config["COMPOSER_CFG"])
|
if opts.sharedir:
|
||||||
server.config["YUMLOCK"] = YumLock(yb=yb, lock=Lock())
|
server.config["COMPOSER_CFG"].set("composer", "share_dir", opts.sharedir)
|
||||||
|
|
||||||
# Import example recipes
|
# Make sure the queue paths are setup correctly
|
||||||
commit_recipe_directory(server.config["GITLOCK"].repo, "master", opts.RECIPES)
|
lib_dir = server.config["COMPOSER_CFG"].get("composer", "lib_dir")
|
||||||
|
for p in ["queue/run", "queue/new", "results"]:
|
||||||
|
p_dir = joinpaths(lib_dir, p)
|
||||||
|
if not os.path.exists(p_dir):
|
||||||
|
log.info("%s does not exist, creating it.", p_dir)
|
||||||
|
orig_umask = os.umask(0)
|
||||||
|
os.makedirs(p_dir, 0o770)
|
||||||
|
os.chown(p_dir, 0, gid)
|
||||||
|
os.umask(orig_umask)
|
||||||
|
else:
|
||||||
|
p_stat = os.stat(p_dir)
|
||||||
|
if p_stat.st_mode & 0o007 != 0:
|
||||||
|
errors.append("Incorrect permissions on %s, no 'other' permissions are allowed." % p_dir)
|
||||||
|
|
||||||
|
if p_stat.st_gid != gid or p_stat.st_uid != 0:
|
||||||
|
errors.append("%s should be owned by root:%s" % (p_dir, opts.group))
|
||||||
|
|
||||||
# Setup the Unix Domain Socket, remove old one, set ownership and permissions
|
# Setup the Unix Domain Socket, remove old one, set ownership and permissions
|
||||||
if os.path.exists(opts.socket):
|
if os.path.exists(opts.socket):
|
||||||
@ -227,13 +221,28 @@ if __name__ == '__main__':
|
|||||||
# Start queue monitor thread as root
|
# Start queue monitor thread as root
|
||||||
cancel_q = QueueFactory("cancel")
|
cancel_q = QueueFactory("cancel")
|
||||||
cancel_q.addMessage("cancel", 0)
|
cancel_q.addMessage("cancel", 0)
|
||||||
cfg = DataHolder(composer_dir=opts.libdir, uid=uid, gid=gid)
|
cfg = DataHolder(composer_dir=lib_dir, uid=uid, gid=gid)
|
||||||
p = mp.Process(target=monitor, args=(cfg, cancel_q))
|
p = mp.Process(target=monitor, args=(cfg, cancel_q))
|
||||||
p.daemon = True
|
p.daemon = True
|
||||||
p.start()
|
p.start()
|
||||||
|
|
||||||
# Drop root privileges on the main process
|
# Drop root privileges on the main process
|
||||||
|
os.setgid(gid)
|
||||||
os.setuid(uid)
|
os.setuid(uid)
|
||||||
|
log.debug("user is now %s:%s", os.getresuid(), os.getresgid())
|
||||||
|
|
||||||
|
# Make sure yumbase directories are created
|
||||||
|
for p in ["yum_conf", "repo_dir", "cache_dir"]:
|
||||||
|
p_dir = os.path.dirname(server.config["COMPOSER_CFG"].get("composer", p))
|
||||||
|
if not os.path.exists(p_dir):
|
||||||
|
os.makedirs(p_dir)
|
||||||
|
|
||||||
|
# Get a YumBase to share with the requests
|
||||||
|
yb = get_base_object(server.config["COMPOSER_CFG"])
|
||||||
|
server.config["YUMLOCK"] = YumLock(yb=yb, lock=Lock())
|
||||||
|
|
||||||
|
# Import example recipes
|
||||||
|
commit_recipe_directory(server.config["GITLOCK"].repo, "master", opts.RECIPES)
|
||||||
|
|
||||||
log.info("Starting %s on %s with recipes from %s", VERSION, opts.socket, opts.RECIPES)
|
log.info("Starting %s on %s with recipes from %s", VERSION, opts.socket, opts.RECIPES)
|
||||||
http_server = WSGIServer(listener, server, log=LogWrapper(server_log))
|
http_server = WSGIServer(listener, server, log=LogWrapper(server_log))
|
||||||
|
Loading…
Reference in New Issue
Block a user