Change config and paths

With the API running as weldr the permissions on the yum directories
needs to be accessable to it, as well as the results and queue/new
directories.
This commit is contained in:
Brian C. Lane 2018-01-26 16:53:12 -08:00
parent 8b725a1cf5
commit bb3d6b1003
2 changed files with 43 additions and 38 deletions

View File

@ -41,9 +41,11 @@ def configure(conf_file="/etc/lorax/composer.conf", root_dir="/", test_config=Fa
# set defaults # set defaults
conf.add_section("composer") conf.add_section("composer")
conf.set("composer", "yum_conf", joinpaths(root_dir, "/var/lib/lorax/composer/yum.conf")) conf.set("composer", "share_dir", os.path.realpath(joinpaths(root_dir, "/usr/share/lorax/composer/")))
conf.set("composer", "repo_dir", joinpaths(root_dir, "/var/lib/lorax/composer/repos.d/")) conf.set("composer", "lib_dir", os.path.realpath(joinpaths(root_dir, "/var/lib/lorax/composer/")))
conf.set("composer", "cache_dir", joinpaths(root_dir, "/var/cache/lorax/composer/yum/")) conf.set("composer", "yum_conf", os.path.realpath(joinpaths(root_dir, "/var/tmp/composer/yum.conf")))
conf.set("composer", "repo_dir", os.path.realpath(joinpaths(root_dir, "/var/tmp/composer/repos.d/")))
conf.set("composer", "cache_dir", os.path.realpath(joinpaths(root_dir, "/var/tmp/composer/cache/")))
conf.add_section("users") conf.add_section("users")
conf.set("users", "root", "1") conf.set("users", "root", "1")
@ -58,10 +60,4 @@ def configure(conf_file="/etc/lorax/composer.conf", root_dir="/", test_config=Fa
if os.path.isfile(conf_file): if os.path.isfile(conf_file):
conf.read(conf_file) conf.read(conf_file)
# Create any missing directories
for section, key in [("composer", "yum_conf"), ("composer", "repo_dir"), ("composer", "cache_dir")]:
path = conf.get(section, key)
if not os.path.isdir(os.path.dirname(path)):
os.makedirs(os.path.dirname(path))
return conf return conf

View File

@ -63,8 +63,8 @@ def get_parser():
help="Path to logfile (/var/log/lorax-composer/composer.log)") help="Path to logfile (/var/log/lorax-composer/composer.log)")
parser.add_argument("--mockfiles", default="/var/tmp/bdcs-mockfiles/", metavar="MOCKFILES", parser.add_argument("--mockfiles", default="/var/tmp/bdcs-mockfiles/", metavar="MOCKFILES",
help="Path to JSON files used for /api/mock/ paths (/var/tmp/bdcs-mockfiles/)") help="Path to JSON files used for /api/mock/ paths (/var/tmp/bdcs-mockfiles/)")
parser.add_argument("--libdir", default="/var/lib/weldr", metavar="LIBDIR", parser.add_argument("--sharedir", type=os.path.abspath, metavar="SHAREDIR",
help="Path to queue and results directory (/var/lib/weldr/)") help="Directory containing all the templates. Overrides config file sharedir")
parser.add_argument("-V", action="store_true", dest="showver", parser.add_argument("-V", action="store_true", dest="showver",
help="show program's version number and exit") help="show program's version number and exit")
parser.add_argument("-c", "--config", default="/etc/lorax/composer.conf", metavar="CONFIG", parser.add_argument("-c", "--config", default="/etc/lorax/composer.conf", metavar="CONFIG",
@ -155,27 +155,6 @@ if __name__ == '__main__':
except KeyError: except KeyError:
errors.append("Missing group '%s'" % opts.group) errors.append("Missing group '%s'" % opts.group)
# Make sure the libdir path is setup correctly
if not os.path.exists(opts.libdir):
log.info("%s does not exist, creating it and the required subdirectories.", opts.libdir)
orig_umask = os.umask(0)
# Create the directories and set permissions and ownership
for p in ["queue/run", "queue/new", "results"]:
p_dir = joinpaths(opts.libdir, p)
os.makedirs(p_dir, 0o770)
os.chown(p_dir, 0, gid)
os.umask(orig_umask)
# Check ownership and permissions on the libdir tree
for p in ["queue/run", "queue/new", "results"]:
p_dir = joinpaths(opts.libdir, p)
p_stat = os.stat(p_dir)
if p_stat.st_mode & 0o007 != 0:
errors.append("Incorrect permissions on %s, no 'other' permissions are allowed." % p_dir)
if p_stat.st_gid != gid or p_stat.st_uid != 0:
errors.append("%s should be owned by root:%s" % (p_dir, opts.group))
# Check the socket path to make sure it exists, and that ownership and permissions are correct. # Check the socket path to make sure it exists, and that ownership and permissions are correct.
socket_dir = os.path.dirname(opts.socket) socket_dir = os.path.dirname(opts.socket)
if not os.path.exists(socket_dir): if not os.path.exists(socket_dir):
@ -208,12 +187,27 @@ if __name__ == '__main__':
if opts.releasever: if opts.releasever:
server.config["COMPOSER_CFG"].set("composer", "releasever", opts.releasever) server.config["COMPOSER_CFG"].set("composer", "releasever", opts.releasever)
# Get a YumBase to share with the requests # Override the default sharedir
yb = get_base_object(server.config["COMPOSER_CFG"]) if opts.sharedir:
server.config["YUMLOCK"] = YumLock(yb=yb, lock=Lock()) server.config["COMPOSER_CFG"].set("composer", "share_dir", opts.sharedir)
# Import example recipes # Make sure the queue paths are setup correctly
commit_recipe_directory(server.config["GITLOCK"].repo, "master", opts.RECIPES) lib_dir = server.config["COMPOSER_CFG"].get("composer", "lib_dir")
for p in ["queue/run", "queue/new", "results"]:
p_dir = joinpaths(lib_dir, p)
if not os.path.exists(p_dir):
log.info("%s does not exist, creating it.", p_dir)
orig_umask = os.umask(0)
os.makedirs(p_dir, 0o770)
os.chown(p_dir, 0, gid)
os.umask(orig_umask)
else:
p_stat = os.stat(p_dir)
if p_stat.st_mode & 0o007 != 0:
errors.append("Incorrect permissions on %s, no 'other' permissions are allowed." % p_dir)
if p_stat.st_gid != gid or p_stat.st_uid != 0:
errors.append("%s should be owned by root:%s" % (p_dir, opts.group))
# Setup the Unix Domain Socket, remove old one, set ownership and permissions # Setup the Unix Domain Socket, remove old one, set ownership and permissions
if os.path.exists(opts.socket): if os.path.exists(opts.socket):
@ -227,13 +221,28 @@ if __name__ == '__main__':
# Start queue monitor thread as root # Start queue monitor thread as root
cancel_q = QueueFactory("cancel") cancel_q = QueueFactory("cancel")
cancel_q.addMessage("cancel", 0) cancel_q.addMessage("cancel", 0)
cfg = DataHolder(composer_dir=opts.libdir, uid=uid, gid=gid) cfg = DataHolder(composer_dir=lib_dir, uid=uid, gid=gid)
p = mp.Process(target=monitor, args=(cfg, cancel_q)) p = mp.Process(target=monitor, args=(cfg, cancel_q))
p.daemon = True p.daemon = True
p.start() p.start()
# Drop root privileges on the main process # Drop root privileges on the main process
os.setgid(gid)
os.setuid(uid) os.setuid(uid)
log.debug("user is now %s:%s", os.getresuid(), os.getresgid())
# Make sure yumbase directories are created
for p in ["yum_conf", "repo_dir", "cache_dir"]:
p_dir = os.path.dirname(server.config["COMPOSER_CFG"].get("composer", p))
if not os.path.exists(p_dir):
os.makedirs(p_dir)
# Get a YumBase to share with the requests
yb = get_base_object(server.config["COMPOSER_CFG"])
server.config["YUMLOCK"] = YumLock(yb=yb, lock=Lock())
# Import example recipes
commit_recipe_directory(server.config["GITLOCK"].repo, "master", opts.RECIPES)
log.info("Starting %s on %s with recipes from %s", VERSION, opts.socket, opts.RECIPES) log.info("Starting %s on %s with recipes from %s", VERSION, opts.socket, opts.RECIPES)
http_server = WSGIServer(listener, server, log=LogWrapper(server_log)) http_server = WSGIServer(listener, server, log=LogWrapper(server_log))