2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-12-24 12:11:52 +00:00

Add support for RPM builds

add supportfor pam authentication
This commit is contained in:
Jarrod Johnson 2014-07-14 14:54:12 -04:00
parent 426eeb209f
commit c70f365cd2
17 changed files with 202 additions and 9 deletions

1
confluent_client/VERSION Normal file
View File

@ -0,0 +1 @@
0.1.5

View File

@ -56,8 +56,9 @@ consoleonly = False
consolename = ""
target = "/"
path = os.path.dirname(os.path.realpath(__file__))
path = os.path.realpath(os.path.join(path, '..'))
sys.path.append(path)
path = os.path.realpath(os.path.join(path, '..', 'lib', 'python'))
if path.startswith('/opt'):
sys.path.append(path)
import confluent.tlvdata as tlvdata
import confluent.client as client

1
confluent_client/buildrpm Symbolic link
View File

@ -0,0 +1 @@
../confluent_server/buildrpm

View File

@ -0,0 +1,36 @@
%define name confluent_client
%define version #VERSION#
%define release 1
Summary: Client libraries and utilities for confluent
Name: %{name}
Version: %{version}
Release: %{release}
Source0: %{name}-%{version}.tar.gz
License: UNKNOWN
Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
Prefix: %{_prefix}
BuildArch: noarch
Vendor: Jarrod Johnson <jbjohnso@us.ibm.com>
Url: http://xcat.sf.net/
Requires: confluent_common
%description
This package enables python development and command line access to
a confluent server.
%prep
%setup -n %{name}-%{version} -n %{name}-%{version}
%build
python setup.py build
%install
python setup.py install --single-version-externally-managed -O1 --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES --install-scripts=/opt/confluent/bin --install-purelib=/opt/confluent/lib/python
%clean
rm -rf $RPM_BUILD_ROOT
%files -f INSTALLED_FILES
%defattr(-,root,root)

1
confluent_client/makesetup Symbolic link
View File

@ -0,0 +1 @@
../confluent_server/makesetup

View File

@ -2,7 +2,7 @@ from setuptools import setup
setup(
name='confluent_client',
version='0.1.4',
version='#VERSION#',
author='Jarrod Johnson',
author_email='jbjohnso@us.ibm.com',
url='http://xcat.sf.net/',

1
confluent_common/VERSION Normal file
View File

@ -0,0 +1 @@
0.1.3

View File

@ -0,0 +1,34 @@
%define name confluent_common
%define version #VERSION#
%define release 1
Summary: common content for confluent client and server
Name: %{name}
Version: %{version}
Release: %{release}
Source0: %{name}-%{version}.tar.gz
License: UNKNOWN
Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
Prefix: %{_prefix}
BuildArch: noarch
Vendor: Jarrod Johnson <jbjohnso@us.ibm.com>
Url: http://xcat.sf.net/
%description
This provides the modules common for both client and server
%prep
%setup -n %{name}-%{version} -n %{name}-%{version}
%build
python setup.py build
%install
python setup.py install --single-version-externally-managed -O1 --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES --install-purelib=/opt/confluent/lib/python --install-scripts=/opt/confluent/bin
%clean
rm -rf $RPM_BUILD_ROOT
%files -f INSTALLED_FILES
%defattr(-,root,root)

View File

@ -2,7 +2,7 @@ from setuptools import setup
setup(
name='confluent_common',
version='0.1.2',
version='#VERSION#',
author='Jarrod Johnson',
author_email='jbjohnso@us.ibm.com',
description='common content for confluent client and server',

View File

@ -0,0 +1 @@
include sysvinit/*

View File

@ -18,8 +18,8 @@
import sys
import os
path = os.path.dirname(os.path.realpath(__file__))
path = os.path.realpath(os.path.join(path, '..'))
if not path.startswith('/usr'):
path = os.path.realpath(os.path.join(path, '..', 'lib', 'python'))
if path.startswith('/opt'):
# if installed into system path, do not muck with things
sys.path.append(path)
from confluent import main

9
confluent_server/buildrpm Executable file
View File

@ -0,0 +1,9 @@
#!/bin/sh
cd `dirname $0`
./makesetup
VERSION=`cat VERSION`
PKGNAME=$(basename $(pwd))
python setup.py sdist > /dev/null 2>&1
cp dist/*.tar.gz ~/rpmbuild/SOURCES
sed -e 's/#VERSION#/'$VERSION/ $PKGNAME.spec.tmpl > ~/rpmbuild/SPECS/$PKGNAME.spec
rpmbuild -ba ~/rpmbuild/SPECS/$PKGNAME.spec 2> /dev/null |grep ^Wrote:

View File

@ -26,14 +26,35 @@ import Crypto.Protocol.KDF as KDF
import hashlib
import hmac
import multiprocessing
import PAM
import time
_pamservice = 'confluent'
_passcache = {}
_passchecking = {}
authworkers = None
class Credentials(object):
def __init__(self, username, passphrase):
self.username = username
self.passphrase = passphrase
self.haspam = False
def pam_conv(self, auth, query_list):
# use stored credentials in a pam conversation
self.haspam = True
resp = []
for query_entry in query_list:
query, pamtype = query_entry
if query.startswith('Password'):
resp.append((self.passphrase, 0))
else:
return None
return resp
def _prune_passcache():
# This function makes sure we don't remember a passphrase in memory more
# than 10 seconds
@ -72,7 +93,8 @@ def _get_usertenant(name, tenant=False):
yield tenant
def authorize(name, element, tenant=False, operation='create'):
def authorize(name, element, tenant=False, operation='create',
skipuserobj=False):
#TODO: actually use the element to ascertain if this user is good enough
"""Determine whether the given authenticated name is authorized.
@ -90,6 +112,8 @@ def authorize(name, element, tenant=False, operation='create'):
if tenant is not None and not configmanager.is_tenant(tenant):
return None
manager = configmanager.ConfigManager(tenant)
if skipuserobj:
return None, manager, user, tenant
userobj = manager.get_user(user)
if userobj: # returning
return userobj, manager, user, tenant
@ -127,6 +151,17 @@ def check_user_passphrase(name, passphrase, element=None, tenant=False):
# would normally make an event and wait
# but here there's no need for that
eventlet.sleep(0.5)
credobj = Credentials(user, passphrase)
try:
pammy = PAM.pam()
pammy.start(_pamservice, user, credobj.pam_conv)
pammy.authenticate()
pammy.acct_mgmt()
del pammy
return authorize(user, element, tenant, skipuserobj=True)
except PAM.error:
if credobj.haspam:
return None
if (user, tenant) in _passcache:
if passphrase == _passcache[(user, tenant)]:
return authorize(user, element, tenant)
@ -184,4 +219,4 @@ def init_auth():
global authworkers
# for now we'll just have one auth worker and see if there is any
# demand for more. I personally doubt it.
authworkers = multiprocessing.Pool(processes=1)
authworkers = multiprocessing.Pool(processes=1)

View File

@ -0,0 +1,35 @@
%define name confluent_server
%define version #VERSION#
%define release 1
Summary: confluent systems management server
Name: %{name}
Version: %{version}
Release: %{release}
Source0: %{name}-%{version}.tar.gz
License: Apache2
Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
Prefix: %{_prefix}
BuildArch: noarch
Requires: pyghmi, eventlet, greenlet, confluent_common, pycrypto >= 2.6.1
Vendor: Jarrod Johnson <jbjohnso@us.ibm.com>
Url: http://xcat.sf.net/
%description
Server for console management and systems management aggregation
%prep
%setup -n %{name}-%{version} -n %{name}-%{version}
%build
python setup.py build
%install
python setup.py install --single-version-externally-managed -O1 --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES --install-purelib=/opt/confluent/lib/python --install-scripts=/opt/confluent/bin
%clean
rm -rf $RPM_BUILD_ROOT
%files -f INSTALLED_FILES
%defattr(-,root,root)

3
confluent_server/makesetup Executable file
View File

@ -0,0 +1,3 @@
cd `dirname $0`
VERSION=`cat VERSION`
sed -e "s/#VERSION#/$VERSION/" setup.py.tmpl > setup.py

View File

@ -1,8 +1,9 @@
from setuptools import setup
import os
setup(
name='confluent_server',
version='0.1.10',
version='#VERSION#',
author='Jarrod Johnson',
author_email='jbjohnso@us.ibm.com',
url='http://xcat.sf.net/',
@ -13,4 +14,5 @@ setup(
install_requires=['pycrypto>=2.6', 'confluent_client>=0.1.0', 'eventlet',
'pyghmi>=0.6.5'],
scripts=['bin/confluent'],
data_files=[('/etc/init.d', ['sysvinit/confluent'])],
)

View File

@ -0,0 +1,33 @@
#!/bin/sh
# IBM(c) 2014 Apache 2.0
# chkconfig: 345 85 60
# description: Confluent hardware manager
### BEGIN INIT INFO
# Provides: confluent
# Default-Start: 3 4 5
# Default-Stop: 0 1 2 6
### END INIT INFO
. /etc/init.d/functions
case $1 in
restart)
echo -n 'Stopping Confluent '
kill `cat /var/run/confluent/pid`
sleep 5
echo -n 'Starting Confluent '
/opt/confluent/bin/confluent
success
;;
start)
echo -n 'Starting Confluent '
/opt/confluent/bin/confluent
success
;;
stop)
echo -n 'Stopping Confluent '
kill `cat /var/run/confluent/pid`
success
;;
esac