Add support for RPM builds

add supportfor pam authentication
2025-10-31 19:32:33 +00:00 · 2014-07-14 14:54:12 -04:00
parent 426eeb209f
commit c70f365cd2
17 changed files with 202 additions and 9 deletions
--- a/confluent_client/VERSION
+++ b/confluent_client/VERSION
@@ -0,0 +1 @@
+0.1.5
--- a/confluent_client/bin/confetty
+++ b/confluent_client/bin/confetty
@@ -56,8 +56,9 @@ consoleonly = False
 consolename = ""
 target = "/"
 path = os.path.dirname(os.path.realpath(__file__))
-path = os.path.realpath(os.path.join(path, '..'))
-sys.path.append(path)
+path = os.path.realpath(os.path.join(path, '..', 'lib', 'python'))
+if path.startswith('/opt'):
+    sys.path.append(path)

 import confluent.tlvdata as tlvdata
 import confluent.client as client
--- a/confluent_client/buildrpm
+++ b/confluent_client/buildrpm
@@ -0,0 +1 @@
+../confluent_server/buildrpm
--- a/confluent_client/confluent_client.spec.tmpl
+++ b/confluent_client/confluent_client.spec.tmpl
@@ -0,0 +1,36 @@
+%define name confluent_client
+%define version #VERSION#
+%define release 1
+
+Summary: Client libraries and utilities for confluent
+Name: %{name}
+Version: %{version}
+Release: %{release}
+Source0: %{name}-%{version}.tar.gz
+License: UNKNOWN
+Group: Development/Libraries
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
+Prefix: %{_prefix}
+BuildArch: noarch
+Vendor: Jarrod Johnson <jbjohnso@us.ibm.com>
+Url: http://xcat.sf.net/
+Requires: confluent_common
+
+%description
+This package enables python development and command line access to
+a confluent server.
+
+%prep
+%setup -n %{name}-%{version} -n %{name}-%{version}
+
+%build
+python setup.py build
+
+%install
+python setup.py install --single-version-externally-managed -O1 --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES --install-scripts=/opt/confluent/bin --install-purelib=/opt/confluent/lib/python
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files -f INSTALLED_FILES
+%defattr(-,root,root)
--- a/confluent_client/makesetup
+++ b/confluent_client/makesetup
@@ -0,0 +1 @@
+../confluent_server/makesetup
--- a/confluent_client/setup.py.tmpl
+++ b/confluent_client/setup.py.tmpl
@@ -2,7 +2,7 @@ from setuptools import setup

 setup(
    name='confluent_client',
-    version='0.1.4',
+    version='#VERSION#',
    author='Jarrod Johnson',
    author_email='jbjohnso@us.ibm.com',
    url='http://xcat.sf.net/',
--- a/confluent_common/VERSION
+++ b/confluent_common/VERSION
@@ -0,0 +1 @@
+0.1.3
--- a/confluent_common/confluent_common.spec.tmpl
+++ b/confluent_common/confluent_common.spec.tmpl
@@ -0,0 +1,34 @@
+%define name confluent_common
+%define version #VERSION#
+%define release 1
+
+Summary: common content for confluent client and server
+Name: %{name}
+Version: %{version}
+Release: %{release}
+Source0: %{name}-%{version}.tar.gz
+License: UNKNOWN
+Group: Development/Libraries
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
+Prefix: %{_prefix}
+BuildArch: noarch
+Vendor: Jarrod Johnson <jbjohnso@us.ibm.com>
+Url: http://xcat.sf.net/
+
+%description
+This provides the modules common for both client and server
+
+%prep
+%setup -n %{name}-%{version} -n %{name}-%{version}
+
+%build
+python setup.py build
+
+%install
+python setup.py install --single-version-externally-managed -O1 --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES --install-purelib=/opt/confluent/lib/python --install-scripts=/opt/confluent/bin
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files -f INSTALLED_FILES
+%defattr(-,root,root)
--- a/confluent_common/setup.py.tmpl
+++ b/confluent_common/setup.py.tmpl
@@ -2,7 +2,7 @@ from setuptools import setup

 setup(
    name='confluent_common',
-    version='0.1.2',
+    version='#VERSION#',
    author='Jarrod Johnson',
    author_email='jbjohnso@us.ibm.com',
    description='common content for confluent client and server',
--- a/confluent_server/MANIFEST.in
+++ b/confluent_server/MANIFEST.in
@@ -0,0 +1 @@
+include sysvinit/*
--- a/confluent_server/bin/confluent
+++ b/confluent_server/bin/confluent
@@ -18,8 +18,8 @@
 import sys
 import os
 path = os.path.dirname(os.path.realpath(__file__))
-path = os.path.realpath(os.path.join(path, '..'))
-if not path.startswith('/usr'):
+path = os.path.realpath(os.path.join(path, '..', 'lib', 'python'))
+if path.startswith('/opt'):
    # if installed into system path, do not muck with things
    sys.path.append(path)
 from confluent import main
--- a/confluent_server/buildrpm
+++ b/confluent_server/buildrpm
@@ -0,0 +1,9 @@
+#!/bin/sh
+cd `dirname $0`
+./makesetup
+VERSION=`cat VERSION`
+PKGNAME=$(basename $(pwd))
+python setup.py sdist > /dev/null 2>&1
+cp dist/*.tar.gz ~/rpmbuild/SOURCES
+sed -e 's/#VERSION#/'$VERSION/ $PKGNAME.spec.tmpl > ~/rpmbuild/SPECS/$PKGNAME.spec
+rpmbuild -ba ~/rpmbuild/SPECS/$PKGNAME.spec 2> /dev/null |grep ^Wrote:
--- a/confluent_server/confluent/auth.py
+++ b/confluent_server/confluent/auth.py
@@ -26,14 +26,35 @@ import Crypto.Protocol.KDF as KDF
 import hashlib
 import hmac
 import multiprocessing
+import PAM
 import time

+_pamservice = 'confluent'
 _passcache = {}
 _passchecking = {}

 authworkers = None


+class Credentials(object):
+    def __init__(self, username, passphrase):
+        self.username = username
+        self.passphrase = passphrase
+        self.haspam = False
+
+    def pam_conv(self, auth, query_list):
+        # use stored credentials in a pam conversation
+        self.haspam = True
+        resp = []
+        for query_entry in query_list:
+            query, pamtype = query_entry
+            if query.startswith('Password'):
+                resp.append((self.passphrase, 0))
+            else:
+                return None
+        return resp
+
+
 def _prune_passcache():
    # This function makes sure we don't remember a passphrase in memory more
    # than 10 seconds
@@ -72,7 +93,8 @@ def _get_usertenant(name, tenant=False):
    yield tenant


-def authorize(name, element, tenant=False, operation='create'):
+def authorize(name, element, tenant=False, operation='create',
+              skipuserobj=False):
    #TODO: actually use the element to ascertain if this user is good enough
    """Determine whether the given authenticated name is authorized.

@@ -90,6 +112,8 @@ def authorize(name, element, tenant=False, operation='create'):
    if tenant is not None and not configmanager.is_tenant(tenant):
        return None
    manager = configmanager.ConfigManager(tenant)
+    if skipuserobj:
+        return None, manager, user, tenant
    userobj = manager.get_user(user)
    if userobj:  # returning
        return userobj, manager, user, tenant
@@ -127,6 +151,17 @@ def check_user_passphrase(name, passphrase, element=None, tenant=False):
        # would normally make an event and wait
        # but here there's no need for that
        eventlet.sleep(0.5)
+    credobj = Credentials(user, passphrase)
+    try:
+        pammy = PAM.pam()
+        pammy.start(_pamservice, user, credobj.pam_conv)
+        pammy.authenticate()
+        pammy.acct_mgmt()
+        del pammy
+        return authorize(user, element, tenant, skipuserobj=True)
+    except PAM.error:
+        if credobj.haspam:
+            return None
    if (user, tenant) in _passcache:
        if passphrase == _passcache[(user, tenant)]:
            return authorize(user, element, tenant)
@@ -184,4 +219,4 @@ def init_auth():
    global authworkers
    # for now we'll just have one auth worker and see if there is any
    # demand for more.  I personally doubt it.
-    authworkers = multiprocessing.Pool(processes=1)
+    authworkers = multiprocessing.Pool(processes=1)
--- a/confluent_server/confluent_server.spec.tmpl
+++ b/confluent_server/confluent_server.spec.tmpl
@@ -0,0 +1,35 @@
+%define name confluent_server
+%define version #VERSION#
+%define release 1
+
+Summary: confluent systems management server
+Name: %{name}
+Version: %{version}
+Release: %{release}
+Source0: %{name}-%{version}.tar.gz
+License: Apache2
+Group: Development/Libraries
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
+Prefix: %{_prefix}
+BuildArch: noarch
+Requires: pyghmi, eventlet, greenlet, confluent_common, pycrypto >= 2.6.1
+Vendor: Jarrod Johnson <jbjohnso@us.ibm.com>
+Url: http://xcat.sf.net/
+
+%description
+Server for console management and systems management aggregation
+
+%prep
+%setup -n %{name}-%{version} -n %{name}-%{version}
+
+%build
+python setup.py build
+
+%install
+python setup.py install --single-version-externally-managed -O1 --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES --install-purelib=/opt/confluent/lib/python --install-scripts=/opt/confluent/bin
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files -f INSTALLED_FILES
+%defattr(-,root,root)
--- a/confluent_server/makesetup
+++ b/confluent_server/makesetup
@@ -0,0 +1,3 @@
+cd `dirname $0`
+VERSION=`cat VERSION`
+sed -e "s/#VERSION#/$VERSION/" setup.py.tmpl > setup.py
--- a/confluent_server/setup.py.tmpl
+++ b/confluent_server/setup.py.tmpl
@@ -1,8 +1,9 @@
 from setuptools import setup
+import os

 setup(
    name='confluent_server',
-    version='0.1.10',
+    version='#VERSION#',
    author='Jarrod Johnson',
    author_email='jbjohnso@us.ibm.com',
    url='http://xcat.sf.net/',
@@ -13,4 +14,5 @@ setup(
    install_requires=['pycrypto>=2.6', 'confluent_client>=0.1.0', 'eventlet',
                      'pyghmi>=0.6.5'],
    scripts=['bin/confluent'],
+    data_files=[('/etc/init.d', ['sysvinit/confluent'])],
 )
--- a/confluent_server/sysvinit/confluent
+++ b/confluent_server/sysvinit/confluent
@@ -0,0 +1,33 @@
+#!/bin/sh
+# IBM(c) 2014 Apache 2.0
+# chkconfig: 345 85 60
+# description: Confluent hardware manager
+
+### BEGIN INIT INFO
+# Provides: confluent
+# Default-Start: 3 4 5
+# Default-Stop: 0 1 2 6
+### END INIT INFO
+
+. /etc/init.d/functions
+case $1 in
+	restart)
+		echo -n 'Stopping Confluent '
+		kill `cat /var/run/confluent/pid`
+		sleep 5
+		echo -n 'Starting Confluent '
+		/opt/confluent/bin/confluent
+		success
+		;;
+	start)
+		echo -n 'Starting Confluent '
+		/opt/confluent/bin/confluent
+		success
+		;;
+	stop)
+		echo -n 'Stopping Confluent '
+		kill `cat /var/run/confluent/pid`
+		success
+		;;
+esac
+