Seth Vidal
2011-03-10 17:24:24 UTC
this facilitates non-root people with proper keys/certs using func
and being able to track async jobs sanely.
---
func/forkbomb.py | 3 ++-
func/index_db.py | 9 +++------
func/jobthing.py | 2 +-
func/overlord/client.py | 8 ++++++++
func/utils.py | 31 +++++++++++++++++++++++++++++++
5 files changed, 45 insertions(+), 8 deletions(-)
diff --git a/func/forkbomb.py b/func/forkbomb.py
index d682300..13e6a4e 100644
--- a/func/forkbomb.py
+++ b/func/forkbomb.py
@@ -20,9 +20,10 @@ import dbm
import sys
import tempfile
import fcntl
+from func import utils
DEFAULT_FORKS = 4
-DEFAULT_CACHE_DIR = "/var/lib/func"
+DEFAULT_CACHE_DIR = utils.getCacheDir()
def __get_storage(dir):
"""
diff --git a/func/index_db.py b/func/index_db.py
index 51d7c0d..86e96f8 100644
--- a/func/index_db.py
+++ b/func/index_db.py
@@ -1,8 +1,8 @@
import shelve
import dbm
import fcntl
+from func import utils
-MY_STORE = "/var/lib/func"
INTERNAL_DB_FILE = "log_matcher"
class IndexDb(object):
@@ -19,17 +19,14 @@ class IndexDb(object):
"""
self.__storage = None
self.__handle = None
- self.__dir = dir
+ self.__dir = utils.getCacheDir()
def __load_index(self):
"""
Gets the store object for that instance
"""
import os
- if not self.__dir or not os.path.exists(self.__dir):
- filename=os.path.join(MY_STORE,INTERNAL_DB_FILE)
- else:
- filename=os.path.join(self.__dir,INTERNAL_DB_FILE)
+ filename=os.path.join(self.__dir,INTERNAL_DB_FILE)
try:
self.__handle = open(filename,self.__mode)
except IOError, e:
diff --git a/func/jobthing.py b/func/jobthing.py
index 11de4c6..c75ee00 100644
--- a/func/jobthing.py
+++ b/func/jobthing.py
@@ -37,7 +37,7 @@ JOB_ID_REMOTE_ERROR = 4
RETAIN_INTERVAL = 60 * 60
# where to store the internal job id database
-CACHE_DIR = "/var/lib/func"
+CACHE_DIR = utils.getCacheDir()
def __update_status(jobid, status, results, clear=False):
return __access_status(jobid=jobid, status=status, results=results, write=True)
diff --git a/func/overlord/client.py b/func/overlord/client.py
index 2d0aba0..80df7fd 100644
--- a/func/overlord/client.py
+++ b/func/overlord/client.py
@@ -157,6 +157,14 @@ class Minions(object):
return tmp_hosts,tmp_certs
else:
each_gloob = shortest_path[0]
+
+ if not os.access(self.cm_config.certroot, os.R_OK):
+ if self.overlord_config.allow_unknown_minions:
+ tmp_hosts.add(each_gloob)
+ else:
+ sys.stderr.write("Cannot read certs dir: %s and cannot use unknown minion\n" % (self.cm_config.certroot))
+
+ return tmp_hosts,tmp_certs
#actual_gloob = "%s/%s.%s" % (self.cm_config.certroot, each_gloob, self.cm_config.cert_extension)
certs = func_utils.find_files_by_hostname(each_gloob, self.cm_config.certroot, self.cm_config.cert_extension)
diff --git a/func/utils.py b/func/utils.py
index fd456c1..64a7a83 100644
--- a/func/utils.py
+++ b/func/utils.py
@@ -12,11 +12,16 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
import inspect
import os
+import pwd
import socket
import string
import sys
import re
import fnmatch
+import tempfile
+import glob
+from stat import *
+
from certmaster.config import read_config
from certmaster.commonconfig import MinionConfig
@@ -215,6 +220,32 @@ def re_glob(s):
if _re_compiled_glob_match is None:
_re_compiled_glob_match = re.compile('[*?]|\[.+\]').search
return _re_compiled_glob_match(s)
+
+def getCacheDir(tmpdir='/var/tmp', reuse=True, prefix='func-'):
+ """return a path to a valid and safe cachedir - only used when not running
+ as root or when --tempcache is set"""
+
+ uid = os.geteuid()
+ try:
+ usertup = pwd.getpwuid(uid)
+ username = usertup[0]
+ except KeyError:
+ return None # if it returns None then, well, it's bollocksed
+
+ if reuse:
+ # check for /var/tmp/func-username-* -
+ prefix = '%s%s-' % (prefix, username)
+ dirpath = '%s/%s*' % (tmpdir, prefix)
+ cachedirs = sorted(glob.glob(dirpath))
+ for thisdir in cachedirs:
+ stats = os.lstat(thisdir)
+ if S_ISDIR(stats[0]) and S_IMODE(stats[0]) == 448 and stats[4] == uid:
+ return thisdir
+
+ # make the dir (tempfile.mkdtemp())
+ cachedir = tempfile.mkdtemp(prefix=prefix, dir=tmpdir)
+ return cachedir
+
#################### PROGRESS BAR ##################################
# The code below can be used for progress bar purposes as we will do
and being able to track async jobs sanely.
---
func/forkbomb.py | 3 ++-
func/index_db.py | 9 +++------
func/jobthing.py | 2 +-
func/overlord/client.py | 8 ++++++++
func/utils.py | 31 +++++++++++++++++++++++++++++++
5 files changed, 45 insertions(+), 8 deletions(-)
diff --git a/func/forkbomb.py b/func/forkbomb.py
index d682300..13e6a4e 100644
--- a/func/forkbomb.py
+++ b/func/forkbomb.py
@@ -20,9 +20,10 @@ import dbm
import sys
import tempfile
import fcntl
+from func import utils
DEFAULT_FORKS = 4
-DEFAULT_CACHE_DIR = "/var/lib/func"
+DEFAULT_CACHE_DIR = utils.getCacheDir()
def __get_storage(dir):
"""
diff --git a/func/index_db.py b/func/index_db.py
index 51d7c0d..86e96f8 100644
--- a/func/index_db.py
+++ b/func/index_db.py
@@ -1,8 +1,8 @@
import shelve
import dbm
import fcntl
+from func import utils
-MY_STORE = "/var/lib/func"
INTERNAL_DB_FILE = "log_matcher"
class IndexDb(object):
@@ -19,17 +19,14 @@ class IndexDb(object):
"""
self.__storage = None
self.__handle = None
- self.__dir = dir
+ self.__dir = utils.getCacheDir()
def __load_index(self):
"""
Gets the store object for that instance
"""
import os
- if not self.__dir or not os.path.exists(self.__dir):
- filename=os.path.join(MY_STORE,INTERNAL_DB_FILE)
- else:
- filename=os.path.join(self.__dir,INTERNAL_DB_FILE)
+ filename=os.path.join(self.__dir,INTERNAL_DB_FILE)
try:
self.__handle = open(filename,self.__mode)
except IOError, e:
diff --git a/func/jobthing.py b/func/jobthing.py
index 11de4c6..c75ee00 100644
--- a/func/jobthing.py
+++ b/func/jobthing.py
@@ -37,7 +37,7 @@ JOB_ID_REMOTE_ERROR = 4
RETAIN_INTERVAL = 60 * 60
# where to store the internal job id database
-CACHE_DIR = "/var/lib/func"
+CACHE_DIR = utils.getCacheDir()
def __update_status(jobid, status, results, clear=False):
return __access_status(jobid=jobid, status=status, results=results, write=True)
diff --git a/func/overlord/client.py b/func/overlord/client.py
index 2d0aba0..80df7fd 100644
--- a/func/overlord/client.py
+++ b/func/overlord/client.py
@@ -157,6 +157,14 @@ class Minions(object):
return tmp_hosts,tmp_certs
else:
each_gloob = shortest_path[0]
+
+ if not os.access(self.cm_config.certroot, os.R_OK):
+ if self.overlord_config.allow_unknown_minions:
+ tmp_hosts.add(each_gloob)
+ else:
+ sys.stderr.write("Cannot read certs dir: %s and cannot use unknown minion\n" % (self.cm_config.certroot))
+
+ return tmp_hosts,tmp_certs
#actual_gloob = "%s/%s.%s" % (self.cm_config.certroot, each_gloob, self.cm_config.cert_extension)
certs = func_utils.find_files_by_hostname(each_gloob, self.cm_config.certroot, self.cm_config.cert_extension)
diff --git a/func/utils.py b/func/utils.py
index fd456c1..64a7a83 100644
--- a/func/utils.py
+++ b/func/utils.py
@@ -12,11 +12,16 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
import inspect
import os
+import pwd
import socket
import string
import sys
import re
import fnmatch
+import tempfile
+import glob
+from stat import *
+
from certmaster.config import read_config
from certmaster.commonconfig import MinionConfig
@@ -215,6 +220,32 @@ def re_glob(s):
if _re_compiled_glob_match is None:
_re_compiled_glob_match = re.compile('[*?]|\[.+\]').search
return _re_compiled_glob_match(s)
+
+def getCacheDir(tmpdir='/var/tmp', reuse=True, prefix='func-'):
+ """return a path to a valid and safe cachedir - only used when not running
+ as root or when --tempcache is set"""
+
+ uid = os.geteuid()
+ try:
+ usertup = pwd.getpwuid(uid)
+ username = usertup[0]
+ except KeyError:
+ return None # if it returns None then, well, it's bollocksed
+
+ if reuse:
+ # check for /var/tmp/func-username-* -
+ prefix = '%s%s-' % (prefix, username)
+ dirpath = '%s/%s*' % (tmpdir, prefix)
+ cachedirs = sorted(glob.glob(dirpath))
+ for thisdir in cachedirs:
+ stats = os.lstat(thisdir)
+ if S_ISDIR(stats[0]) and S_IMODE(stats[0]) == 448 and stats[4] == uid:
+ return thisdir
+
+ # make the dir (tempfile.mkdtemp())
+ cachedir = tempfile.mkdtemp(prefix=prefix, dir=tmpdir)
+ return cachedir
+
#################### PROGRESS BAR ##################################
# The code below can be used for progress bar purposes as we will do
--
1.7.4
1.7.4