mirror of
https://github.com/xcat2/confluent.git
synced 2025-02-16 10:39:23 +00:00
Various permission fixes for osdeploy initialize
Fix a few scenarios where certain ordering of initialize creates unworkable permissions.
This commit is contained in:
parent
ec023831a5
commit
f475d58955
@ -373,9 +373,14 @@ def initialize(cmdset):
|
||||
for rsp in c.read('/uuid'):
|
||||
uuid = rsp.get('uuid', {}).get('value', None)
|
||||
if uuid:
|
||||
with open('confluent_uuid', 'w') as uuidout:
|
||||
uuidout.write(uuid)
|
||||
uuidout.write('\n')
|
||||
oum = os.umask(0o11)
|
||||
try:
|
||||
with open('confluent_uuid', 'w') as uuidout:
|
||||
uuidout.write(uuid)
|
||||
uuidout.write('\n')
|
||||
os.chmod('confluent_uuid', 0o644)
|
||||
finally:
|
||||
os.umask(oum)
|
||||
totar.append('confluent_uuid')
|
||||
topack.append('confluent_uuid')
|
||||
if os.path.exists('ssh'):
|
||||
@ -403,7 +408,17 @@ def initialize(cmdset):
|
||||
if res:
|
||||
sys.stderr.write('Error occurred while packing site initramfs')
|
||||
sys.exit(1)
|
||||
os.rename(tmpname, '/var/lib/confluent/public/site/initramfs.cpio')
|
||||
oum = os.umask(0o22)
|
||||
try:
|
||||
os.rename(tmpname, '/var/lib/confluent/public/site/initramfs.cpio')
|
||||
os.chown('/var/lib/confluent/public/site/initramfs.cpio', 0o644)
|
||||
finally:
|
||||
os.umask(oum)
|
||||
oum = os.umask(0o22)
|
||||
try:
|
||||
os.chown('/var/lib/confluent/public/site/initramfs.cpio', 0o644)
|
||||
finally:
|
||||
os.umask(oum)
|
||||
if cmdset.g:
|
||||
updateboot('genesis-x86_64')
|
||||
if totar:
|
||||
@ -411,6 +426,11 @@ def initialize(cmdset):
|
||||
tarcmd = ['tar', '-czf', tmptarname] + totar
|
||||
subprocess.check_call(tarcmd)
|
||||
os.rename(tmptarname, '/var/lib/confluent/public/site/initramfs.tgz')
|
||||
oum = os.umask(0o22)
|
||||
try:
|
||||
os.chown('/var/lib/confluent/public/site/initramfs.tgz', 0o644)
|
||||
finally:
|
||||
os.umask(0o22)
|
||||
os.chdir(opath)
|
||||
print('Site initramfs content packed successfully')
|
||||
|
||||
|
@ -95,27 +95,29 @@ def assure_tls_ca():
|
||||
os.makedirs(os.path.dirname(fname))
|
||||
except OSError as e:
|
||||
if e.errno != 17:
|
||||
os.seteuid(ouid)
|
||||
raise
|
||||
try:
|
||||
shutil.copy2('/etc/confluent/tls/cacert.pem', fname)
|
||||
hv, _ = util.run(
|
||||
['openssl', 'x509', '-in', '/etc/confluent/tls/cacert.pem', '-hash', '-noout'])
|
||||
if not isinstance(hv, str):
|
||||
hv = hv.decode('utf8')
|
||||
hv = hv.strip()
|
||||
hashname = '/var/lib/confluent/public/site/tls/{0}.0'.format(hv)
|
||||
certname = '{0}.pem'.format(collective.get_myname())
|
||||
for currname in os.listdir('/var/lib/confluent/public/site/tls/'):
|
||||
currname = os.path.join('/var/lib/confluent/public/site/tls/', currname)
|
||||
if currname.endswith('.0'):
|
||||
try:
|
||||
realname = os.readlink(currname)
|
||||
if realname == certname:
|
||||
os.unlink(currname)
|
||||
except OSError:
|
||||
pass
|
||||
os.symlink(certname, hashname)
|
||||
finally:
|
||||
os.seteuid(ouid)
|
||||
shutil.copy2('/etc/confluent/tls/cacert.pem', fname)
|
||||
hv, _ = util.run(
|
||||
['openssl', 'x509', '-in', '/etc/confluent/tls/cacert.pem', '-hash', '-noout'])
|
||||
if not isinstance(hv, str):
|
||||
hv = hv.decode('utf8')
|
||||
hv = hv.strip()
|
||||
hashname = '/var/lib/confluent/public/site/tls/{0}.0'.format(hv)
|
||||
certname = '{0}.pem'.format(collective.get_myname())
|
||||
for currname in os.listdir('/var/lib/confluent/public/site/tls/'):
|
||||
currname = os.path.join('/var/lib/confluent/public/site/tls/', currname)
|
||||
if currname.endswith('.0'):
|
||||
try:
|
||||
realname = os.readlink(currname)
|
||||
if realname == certname:
|
||||
os.unlink(currname)
|
||||
except OSError:
|
||||
pass
|
||||
os.symlink(certname, hashname)
|
||||
|
||||
def substitute_cfg(setting, key, val, newval, cfgfile, line):
|
||||
if key.strip() == setting:
|
||||
|
@ -98,14 +98,15 @@ def initialize_ca():
|
||||
preexec_fn=normalize_uid)
|
||||
ouid = normalize_uid()
|
||||
try:
|
||||
os.makedirs('/var/lib/confluent/public/site/ssh/', mode=0o755)
|
||||
except OSError as e:
|
||||
if e.errno != 17:
|
||||
raise
|
||||
try:
|
||||
os.makedirs('/var/lib/confluent/public/site/ssh/', mode=0o755)
|
||||
except OSError as e:
|
||||
if e.errno != 17:
|
||||
raise
|
||||
cafilename = '/var/lib/confluent/public/site/ssh/{0}.ca'.format(myname)
|
||||
shutil.copy('/etc/confluent/ssh/ca.pub', cafilename)
|
||||
finally:
|
||||
os.seteuid(ouid)
|
||||
cafilename = '/var/lib/confluent/public/site/ssh/{0}.ca'.format(myname)
|
||||
shutil.copy('/etc/confluent/ssh/ca.pub', cafilename)
|
||||
# newent = '@cert-authority * ' + capub.read()
|
||||
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user