* [Cluster-devel] conga/luci/utils luci_admin
@ 2011-03-25 20:14 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2011-03-25 20:14 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Branch: RHEL5
Changes by: rmccabe at sourceware.org 2011-03-25 20:14:42
Modified files:
luci/utils : luci_admin
Log message:
Fix bz643996 - luci_admin doesn't operate correctly if external zope3 packages are installed
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.50.2.8&r2=1.50.2.9
--- conga/luci/utils/luci_admin 2010/01/07 18:08:36 1.50.2.8
+++ conga/luci/utils/luci_admin 2011/03/25 20:14:39 1.50.2.9
@@ -15,7 +15,7 @@
import xml
import xml.dom
-sys.path.extend((
+for i in (
'/usr/lib/luci/zope/lib/python',
'/usr/lib/luci/zope/lib/python/Products',
'/usr/lib64/luci/zope/lib/python',
@@ -28,7 +28,8 @@
'/usr/lib64/zope/lib/python/Products',
'/usr/lib64/zope/lib64/python/Products',
'/usr/lib/zope/lib/python/Products'
-))
+):
+ sys.path.insert(0, i)
from Products import __path__
for pdir in [
@@ -40,7 +41,7 @@
'/usr/lib/zope/lib/python/Products']:
if os.path.isdir(pdir):
- __path__.append(pdir)
+ __path__.insert(0, pdir)
LUCI_ADMIN_DEBUG = False
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2007-09-19 5:17 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2007-09-19 5:17 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2007-09-19 05:17:33
Modified files:
luci/utils : luci_admin
Log message:
- Fix 277711 (RFE: luci_admin should check that luci is running before asking for the password)
- Improve error messages
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.56&r2=1.57
--- conga/luci/utils/luci_admin 2007/08/20 16:31:14 1.56
+++ conga/luci/utils/luci_admin 2007/09/19 05:17:32 1.57
@@ -7,7 +7,8 @@
# GNU General Public License as published by the
# Free Software Foundation.
-import sys, os, select, pwd
+import sys, os, pwd
+from select import select
from stat import S_ISREG
import types
import xml
@@ -16,33 +17,34 @@
sys.path.extend((
'/usr/lib/luci/zope/lib/python',
'/usr/lib/luci/zope/lib/python/Products',
- '/usr/lib/zope/lib/python',
- '/usr/lib/zope/lib/python/Products'
'/usr/lib64/luci/zope/lib/python',
'/usr/lib64/luci/zope/lib/python/Products',
'/usr/lib64/luci/zope/lib64/python',
'/usr/lib64/luci/zope/lib64/python/Products',
'/usr/lib64/zope/lib64/python',
'/usr/lib64/zope/lib/python',
+ '/usr/lib/zope/lib/python',
'/usr/lib64/zope/lib/python/Products',
'/usr/lib64/zope/lib64/python/Products',
+ '/usr/lib/zope/lib/python/Products'
))
from Products import __path__
-
-for tmppath in [
+for pdir in [
'/usr/lib/luci/zope/lib/python/Products',
'/usr/lib64/luci/zope/lib/python/Products',
'/usr/lib64/luci/zope/lib64/python/Products',
'/usr/lib64/zope/lib/python/Products',
'/usr/lib64/zope/lib64/python/Products',
- '/usr/lib/zope/lib/python/Products'
-]:
- if os.path.isdir(tmppath):
- __path__.append(tmppath)
+ '/usr/lib/zope/lib/python/Products']:
+
+ if os.path.isdir(pdir):
+ __path__.append(pdir)
-LUCI_USER = 'luci'
-LUCI_GROUP = 'luci'
+LUCI_ADMIN_DEBUG = False
+
+LUCI_USER = 'luci'
+LUCI_GROUP = 'luci'
LUCI_HOME_DIR = '/var/lib/luci'
LUCI_DB_PATH = '%s/var/Data.fs' % LUCI_HOME_DIR
@@ -64,43 +66,50 @@
SSL_HTTPS_PUBKEY_PATH = '%s%s' % (LUCI_CERT_DIR, SSL_HTTPS_PUBKEY_NAME)
SSL_KEYCONFIG_PATH = '%s%s' % (LUCI_CERT_DIR, SSL_KEYCONFIG_NAME)
+err = sys.stderr
+
+# only root should run this
+if os.getuid() != 0:
+ err.write('Only the \'root\' user can run %s\n' % sys.argv[0])
+ err.write('Try again with root privileges.\n')
+ sys.exit(2)
+
ssl_key_data = [
{ 'id': SSL_PRIVKEY_PATH,
'name': SSL_PRIVKEY_NAME,
'type': 'private',
- 'mode': 0600 },
- { 'id': SSL_HTTPS_PRIVKEY_PATH,
+ 'mode': 0600
+ },{ 'id' : SSL_HTTPS_PRIVKEY_PATH,
'name': SSL_HTTPS_PRIVKEY_NAME,
'type': 'private',
- 'mode': 0600 },
- { 'id': SSL_PUBKEY_PATH,
+ 'mode': 0600
+ },{ 'id' : SSL_PUBKEY_PATH,
'name': SSL_PUBKEY_NAME,
'type': 'public',
- 'mode': 0644 },
- { 'id': SSL_HTTPS_PUBKEY_PATH,
+ 'mode': 0644
+ },{ 'id' : SSL_HTTPS_PUBKEY_PATH,
'name': SSL_HTTPS_PUBKEY_NAME,
'type': 'public',
- 'mode': 0644 },
- { 'id': SSL_KEYCONFIG_PATH,
+ 'mode': 0644
+ },{ 'id' : SSL_KEYCONFIG_PATH,
'name': SSL_KEYCONFIG_NAME,
'type': 'config',
- 'mode': 0644 }
+ 'mode': 0644
+ }
]
for name in os.listdir(LUCI_PEERS_DIR):
- ssl_path = '%s%s' % (LUCI_PEERS_DIR, name)
-
- if S_ISREG(os.stat(ssl_path).st_mode):
+ cert_path = '%s%s' % (LUCI_PEERS_DIR, name)
+ if S_ISREG(os.stat(cert_path).st_mode):
ssl_key_data.append({
- 'id': ssl_path,
- 'name': ssl_path.lstrip(LUCI_CERT_DIR),
+ 'id': cert_path,
+ 'name': cert_path.lstrip(LUCI_CERT_DIR),
'type': 'public',
'mode': 0644
})
-orig_stderr = sys.stderr
-
if '--debug' in sys.argv or '--verbose' in sys.argv:
+ LUCI_ADMIN_DEBUG = True
try:
del sys.argv[sys.argv.index('--debug')]
except:
@@ -110,6 +119,8 @@
del sys.argv[sys.argv.index('--verbose')]
except:
pass
+
+if LUCI_ADMIN_DEBUG is True:
verbose = sys.stderr
else:
verbose = file('/dev/null', 'rwb+', 0)
@@ -117,15 +128,33 @@
def get_luci_uid_gid():
luci = pwd.getpwnam(LUCI_USER)[2:4]
if not luci:
- raise Exception, 'user lookup failed'
+ raise Exception, 'The user "%s" does not exist' % LUCI_USER
+
if len(luci) != 2:
- raise Exception, 'user lookup failed'
+ raise Exception, 'Unable to determine the UID and GID of %s' % LUCI_USER
return luci
def set_default_passwd_reset_flag():
# set flag marking admin password has been set
- uid, gid = get_luci_uid_gid()
- open(LUCI_ADMIN_SET_PATH, 'w').write('True')
+
+ try:
+ uid, gid = get_luci_uid_gid()
+ except Exception, e:
+ err.write('Unable to find the luci user\'s UID and GID: %s\n' % str(e))
+ return False
+
+ try:
+ open(LUCI_ADMIN_SET_PATH, 'w').write('True')
+ except IOError, e:
+ if e[0] != 2:
+ err.write('Unable to open "%s" for writing: %s\n' \
+ % (LUCI_ADMIN_SET_PATH, e[1]))
+ return False
+ except Exception, e:
+ err.write('Unable to open "%s" for writing: %s\n' \
+ % (LUCI_ADMIN_SET_PATH, str(e)))
+ return False
+
os.chown(LUCI_ADMIN_SET_PATH, uid, gid)
os.chmod(LUCI_ADMIN_SET_PATH, 0640)
return True
@@ -134,8 +163,8 @@
try:
return open(LUCI_ADMIN_SET_PATH, 'r').read(16).strip() == 'True'
except Exception, e:
- verbose.write('Failed to write to "%s": %s\n' \
- % (LUCI_ADMIN_SET_PATH, str(e)))
+ verbose.write('Error reading %s: %s\n' % (LUCI_ADMIN_SET_PATH, str(e)))
+ return False
return False
def read_passwd(prompt, confirm_prompt):
@@ -144,51 +173,46 @@
while True:
s1 = getpass(prompt)
if len(s1) < 6:
- sys.stderr.write('Passwords must be at least 6 characters long.\n')
+ err.write('Password has to be@least 6 characters long\n')
continue
if ' ' in s1 or '\t' in s1:
- sys.stderr.write('Spaces are not allowed in passwords.\n')
+ err.write('Spaces are not allowed in passwords\n')
continue
s2 = getpass(confirm_prompt)
if s1 != s2:
- sys.stderr.write('Passwords don\'t match. Try again.\n')
+ err.write('Password mismatch, try again\n')
continue
return s1
def restore_luci_db_fsattr():
uid, gid = -1, -1
+
try:
uid, gid = get_luci_uid_gid()
- except:
- sys.stderr.write('Unable to determine the user and group of the luci user "%s"\n' \
- % LUCI_USER)
+ except Exception, e:
+ err.write('Unable to find the luci user\'s UID and GID: %s\n' % str(e))
return -1
try:
os.chown(LUCI_DB_PATH, uid, gid)
os.chmod(LUCI_DB_PATH, 0600)
- for ext in [ '.tmp', '.old', '.index', '.lock' ]:
- cur_path = '%s%s' % (LUCI_DB_PATH, ext)
+ for fext in [ '.tmp', '.old', '.index', '.lock' ]:
+ cur_file = '%s%s' % (LUCI_DB_PATH, fext)
try:
- os.chown(cur_path, uid, gid)
- os.chmod(cur_path, 0600)
- except OSError, eieio:
- if eieio[0] != 2:
- sys.stderr.write('Unable to change ownership of "%s" back to user "%s": %s\n' \
- % (cur_path, LUCI_USER, str(eieio)))
- except Exception, ei:
- sys.stderr.write('Unable to change ownership of "%s" to user "%s": %s %r\n' \
- % (cur_path, LUCI_USER, str(ei), ei))
+ os.chown(cur_file, uid, gid)
+ os.chmod(cur_file, 0600)
+ except Exception, e:
+ verbose.write('Error: %s: %s\n' % (cur_file, str(e)))
except Exception, e:
- sys.stderr.write('Unable to change ownership of the Luci database "%s" back to user "%s": %s\n' \
- % (LUCI_DB_PATH, LUCI_USER, str(e)))
+ err.write('Unable to change the ownership of the luci database back to user "%s": %s\n' % (LUCI_USER, str(e)))
return -1
def set_zope_passwd(user, passwd):
sys.stderr = verbose
+
from ZODB.FileStorage import FileStorage
from ZODB.DB import DB
from OFS.Application import AppInitializer
@@ -198,43 +222,43 @@
from AccessControl.SecurityManagement import newSecurityManager
import transaction
import App.ImageFile
+
# Zope wants to open a www/ok.gif and images/error.gif
# when you initialize the application object. This keeps
# the AppInitializer(app).initialize() call below from failing.
App.ImageFile.__init__ = lambda x, y: None
- sys.stderr = orig_stderr
+ sys.stderr = err
try:
fs = FileStorage(LUCI_DB_PATH)
db = DB(fs)
conn = db.open()
except IOError, e:
if e[0] == 11:
- sys.stderr.write('It appears that the luci service is running. You must stop the luci service before using this tool to reset passwords.\n')
+ err.write('It appears that luci is running. Please stop luci before attempting to reset passwords.\n')
return -1
else:
- sys.stderr.write('Unable to open the Luci database "%s": %s\n' \
+ err.write('Unable to open the luci database "%s": %s\n' \
% (LUCI_DB_PATH, str(e)))
return -1
except Exception, e:
- sys.stderr.write('Unable to open the Luci database "%s": %s\n' \
+ err.write('Unable to open the luci database "%s": %s\n' \
% (LUCI_DB_PATH, str(e)))
return -1
try:
sys.stderr = verbose
tempuser = AccessControl.User.UnrestrictedUser('admin', '',
- ('manage', 'Manager', 'Owner', 'View', 'Authenticated'), [])
+ ('manage','Manager', 'Owner', 'View', 'Authenticated'), [])
newSecurityManager(None, tempuser)
app = conn.root()['Application']
AppInitializer(app).initialize()
- sys.stderr = orig_stderr
+ sys.stderr = err
except Exception, e:
- sys.stderr = orig_stderr
- sys.stderr.write('An error occurred while setting the password for user "%s": %s\n' \
- % (user, str(e)))
+ sys.stderr = err
+ err.write('An error occurred while setting the password for user "%s": %s\n' % (user, str(e)))
return -1
ret = -1
@@ -242,15 +266,16 @@
pwd_scheme = SSHADigestScheme
pwd_hash = '{SSHA}%s' % pwd_scheme.encrypt(SSHADigestScheme(), passwd)
acl_users = app.acl_users.users
+
if len(acl_users):
acl_users._user_passwords[user] = pwd_hash
transaction.commit()
ret = 0
else:
- raise Exception, 'failed to set password'
+ raise Exception, 'no admin user account exists'
except Exception, e:
- sys.stderr = orig_stderr
- sys.stderr.write('Unable to set the password for user "%s": %s\n' \
+ sys.stderr = err
+ err.write('Unable to set the password for user "%s": %s\n' \
% (user, str(e)))
conn.close()
@@ -266,33 +291,30 @@
return ret
-def luci_restore_certs(path, certList):
+def luci_restore_certs(certList):
if not certList or len(certList) < 1:
- sys.stderr.write('Backup file "%s" contains no certificate data\n' \
- % path)
- sys.stderr.write('Please check that your backup file is not corrupt.\n')
+ err.write('Your backup file contains no certificate data. Please check that your backup file is not corrupt.\n')
return -1
certList = certList[0].getElementsByTagName('certificate')
if not certList or len(certList) < 1:
- sys.stderr.write('Backup file "%s" contains no certificate data\n' \
- % path)
- sys.stderr.write('Please check that your backup file is not corrupt.\n')
+ err.write('Your backup file contains no certificate data. Please check that your backup file is not corrupt.\n')
return -1
+ uid, gid = -1, -1
try:
uid, gid = get_luci_uid_gid()
except Exception, e:
- verbose.write('Error getting uid: %s' % str(e))
+ err.write('Unable to find the luci user\'s UID and GID: %s\n' \
+ % str(e))
return -1
for c in certList:
- cert_path = c.getAttribute('name')
- if not cert_path :
- sys.stderr.write('Backup file "%s" is missing the "name" attribute for a certificate.\n' \
- % path)
+ path = c.getAttribute('name')
+ if not path:
+ err.write('Missing "name" field for certificate.\n')
return -1
- cert_path = '%s%s' % (LUCI_CERT_DIR, str(cert_path))
+ path = '%s%s' % (LUCI_CERT_DIR, str(path))
mode = c.getAttribute('mode')
if not mode:
@@ -302,40 +324,33 @@
data = c.firstChild
if not data or not data.wholeText:
- sys.stderr.write('Backup file "%s" contains no certificate data.\n' \
- % path)
+ err.write('"%s" contains no certificate data.' % path)
return -1
# Because .prettyprint() was called to write the backup..
data = data.wholeText.strip()
if len(data) < 1:
- sys.stderr.write('Backup file "%s" contains no certificate data.\n' \
- % path)
+ err.write('"%s" contains no certificate data.' % path)
return -1
data = str(data)
try:
- f = file(cert_path, 'wb+')
- except Exception, e:
- sys.stderr.write('Unable to open certificate file "%s" for writing: %s\n' \
- % (cert_path, str(e)))
- return -1
-
- try:
- os.chown(path, uid, gid)
- os.chmod(path, mode)
- f.write(data)
- f.write('\n')
- f.close()
+ f = file(path, 'wb+')
except Exception, e:
- sys.stderr.write('Unable to restore certificate file "%s": %s\n' \
- % (cert_path, str(e)))
+ err.write('Unable to create "%s" for writing: %s\n' \
+ % (path, str(e)))
return -1
+ os.chmod(path, mode)
+ f.write('%s\n' % data)
+ os.chown(path, uid, gid)
+ f.close()
return None
+
def luci_restore(argv):
sys.stderr = verbose
+
from ZODB.FileStorage import FileStorage
from ZODB.DB import DB
from OFS.Application import AppInitializer
@@ -347,7 +362,7 @@
from DateTime import DateTime
App.ImageFile.__init__ = lambda x, y: None
- sys.stderr = orig_stderr
+ sys.stderr = err
if len(argv) > 0:
dbfn = argv[0]
@@ -366,38 +381,35 @@
conn = db.open()
except IOError, e:
if e[0] == 11:
- sys.stderr.write('It appears that the luci service is running.\n')
- sys.stderr.write('You must stop the luci service before using this tool restore from a backup.\n')
+ err.write('It appears that luci is running. Please stop luci before attempting to restore your installation.\n')
return -1
else:
- sys.stderr.write('Unable to open the Luci database "%s": %s\n' \
+ err.write('Unable to open the luci database "%s": %s\n' \
% (dbfn, str(e)))
return -1
except Exception, e:
- sys.stderr.write('Unable to open the Luci database "%s": %s\n' \
+ err.write('Unable to open the luci database "%s": %s\n' \
% (dbfn, str(e)))
return -1
try:
node = xml.dom.minidom.parse(backupfn)
except Exception, e:
- sys.stderr.write('Unable to parse backup data contained in file "%s": %s\n' \
+ err.write('Unable to open the luci backup file "%s": %s\n' \
% (backupfn, str(e)))
return -1
node = node.getElementsByTagName('luci')
if not node or len(node) < 1:
- sys.stderr.write('Backup file "%s" is missing the "luci" XML tag.\n' \
- % backupfn)
+ err.write('Backup file is missing the "luci" XML tag\n')
return -1
node = node[0].getElementsByTagName('backupData')
if not node or len(node) < 1:
- sys.stderr.write('Backup file "%s" is missing the "backupData" XML tag\n' \
- % backupfn)
+ err.write('Backup file is missing the "backupData" XML tag\n')
return -1
-
node = node[0]
+
try:
sys.stderr = verbose
tempuser = AccessControl.User.UnrestrictedUser('admin', '',
@@ -407,11 +419,10 @@
app = conn.root()['Application']
AppInitializer(app).initialize()
- sys.stderr = orig_stderr
+ sys.stderr = err
except Exception, e:
- sys.stderr = orig_stderr
- sys.stderr.write('An error occurred while restoring from backup file "%s": %s\n' \
- % (backupfn, str(e)))
+ sys.stderr = err
+ err.write('An error occurred while initializing the luci installation for restoration from backup: %s\n' % str(e))
return -1
try:
@@ -419,59 +430,53 @@
portal_mem = app.luci.portal_membership
portal_reg = app.luci.portal_registration
if not (acl_users and len(acl_users) and portal_mem and portal_reg):
- raise Exception, 'no users are present'
+ raise Exception, 'no admin user account exists'
except Exception, e:
- sys.stderr.write('Your Luci installation appears to be corrupt: %s' % str(e))
+ err.write('Your luci installation appears to be corrupt: %s\n' % str(e))
return -1
userList = node.getElementsByTagName('userList')
if not userList or len(userList) < 1:
- sys.stderr.write('Backup file "%s" contains no users.\n' % backupfn)
- sys.stderr.write('The admin user must exist.\n')
- sys.stderr.write('Please check that your backup file is not corrupt.\n')
+ err.write('Your backup file contains no users. At the very least, the admin user must exist. Please check that your backup file is not corrupt.\n')
return -1
userList = userList[0].getElementsByTagName('user')
if not userList or len(userList) < 1:
- sys.stderr.write('Backup file "%s" contains no users.\n' % backupfn)
- sys.stderr.write('The admin user must exist.\n')
- sys.stderr.write('Please check that your backup file is not corrupt.\n')
+ err.write('Your backup file contains no users. At the very least, the admin user must exist. Please check that your backup file is not corrupt.\n')
return -1
for u in userList:
- uid = u.getAttribute('id')
- if not uid:
+ id = u.getAttribute('id')
+ if not id:
transaction.abort()
- sys.stderr.write('Missing the id attribute for a user in backup file "%s"\n' \
- % backupfn)
+ err.write('Missing ID for user\n')
return -1
- uid = str(uid)
+ id = str(id)
passwd = u.getAttribute('passwd')
if not passwd:
transaction.abort()
- sys.stderr.write('Missing password for user "%s" in backup file "%s"\n' \
- % (uid, backupfn))
+ err.write('Missing password for user "%s"\n' % id)
return -1
passwd = str(passwd)
- if uid == 'admin':
+ if id == 'admin':
try:
acl_users._user_passwords['admin'] = passwd
except Exception, e:
transaction.abort()
- sys.stderr.write('Unable to restore admin password from backup file "%s": %s\n' \
- % (backupfn, str(e)))
+ err.write('Unable to restore admin password: %s\n' \
+ % str(e))
return -1
else:
email = u.getAttribute('email')
if not email:
- email = '%s at luci.example.org' % uid
+ email = '%s@luci.example.org' % id
else:
email = str(email)
props = {
- 'username': uid,
+ 'username': id,
'roles': [ 'Member' ],
'domains': [],
'email': email,
@@ -492,38 +497,35 @@
if must_change_passwd == 'True' or '1':
props['must_change_password'] = True
- portal_reg.addMember(uid, passwd, props)
+ portal_reg.addMember(id, passwd, props)
- member = portal_mem.getMemberById(uid)
+ member = portal_mem.getMemberById(id)
if not member:
transaction.abort()
- sys.stderr.write('An error occurred while restoring the user "%s" from backup file "%s"\n' \
- % (uid, backupfn))
+ err.write('An error occurred while restoring the user "%s"\n' \
+ % id)
return -1
try:
aclu = app.luci.acl_users.source_users
if aclu and len(aclu):
- aclu._user_passwords[uid] = passwd
+ aclu._user_passwords[id] = passwd
else:
- raise Exception, 'unable to set password for %s' % uid
+ raise Exception, 'unable to set password for %s' % id
except Exception, e:
transaction.abort()
- sys.stderr.write('An error occurred while restoring the password for user "%s" from backup file "%s": %s\n'
- % (uid, backupfn, str(e)))
+ err.write('An error occurred while restoring the password for user "%s": %s\n' % (id, str(e)))
return -1
- verbose.write('Added user "%s"' % uid)
+ verbose.write('Added user "%s"\n' % id)
transaction.commit()
try:
x = app.luci.systems.storage
if not x:
- raise
+ raise Exception, 'no storage directory'
except Exception, e:
transaction.abort()
- sys.stderr.write('Cannot find the Luci storage systems directory.\n')
- sys.stderr.write('Your Luci installation may be corrupt.\n')
- sys.stderr.write('Server error: %s\n' % str(e))
+ err.write('Cannot find the luci storage systems directory. Your luci installation may be corrupt.\n')
return -1
systemList = node.getElementsByTagName('systemList')
@@ -535,58 +537,59 @@
verbose.write('No storage systems to add\n')
for s in systemList:
- uid = s.getAttribute('id')
- if not uid:
+ id = s.getAttribute('id')
+ if not id:
transaction.abort()
- sys.stderr.write('Missing ID for storage system. Your backup may be corrupt.\n')
+ err.write('Missing ID for storage system. Your backup may be corrupt.\n')
return -1
- uid = str(uid)
+ id = str(id)
try:
title = str(s.getAttribute('title'))
except:
- title = '__luci__:system'
+ title = ''
- x.manage_addFolder(uid, title)
+ x.manage_addFolder(id, title)
try:
- new_system = app.luci.systems.storage.get(uid)
+ new_system = app.luci.systems.storage.get(id)
+
if not new_system:
- raise
+ raise Exception, 'unable to add system %s' % id
+
new_system.manage_acquiredPermissions([])
- new_system.manage_role('View', [ 'Access contents information', 'View' ])
+ new_system.manage_role('View',
+ [ 'Access contents information', 'View' ])
except Exception, e:
transaction.abort()
- sys.stderr.write('An error occurred while restoring storage system "%s": %s\n' \
- % (uid, str(e)))
+ err.write('An error occurred while restoring storage system "%s": %s\n' % (id, str(e)))
return -1
userPerms = s.getElementsByTagName('permList')
if not userPerms or len(userPerms) < 1:
- verbose.write('Added storage system "%s"\n' % uid)
+ verbose.write('Added storage system "%s"\n' % id)
continue
+
userPerms = userPerms[0].getElementsByTagName('ref')
for i in userPerms:
newuser = i.getAttribute('name')
if not newuser:
continue
+
try:
- new_system.manage_setLocalRoles(newuser, ['View'])
- verbose.write('Added view permission to storage system "%s" for "%s"\n' \
- % (uid, newuser))
+ new_system.manage_setLocalRoles(newuser, [ 'View' ])
+ verbose.write('Added view permission to storage system "%s" for "%s"\n' % (id, newuser))
except Exception, e:
- sys.stderr.write('An error occurred while restoring permission for storage system "%s" for "%s": %s\n' \
- % (uid, newuser, str(e)))
+ err.write('An error occurred while restoring permission for system "%s" for user "%s": %s\n' % (id, newuser, str(e)))
- verbose.write('Added storage system "%s"\n' % uid)
+ verbose.write('Added storage system "%s"\n' % id)
transaction.commit()
try:
x = app.luci.systems.cluster
if not x:
raise
- except Exception, e:
+ except:
transaction.abort()
- sys.stderr.write('Cannot find the Luci cluster directory. Your Luci installation may be corrupt.\n')
- sys.stderr.write('Error reported: %s\n' % str(e))
+ err.write('Cannot find the luci cluster directory. Your luci installation may be corrupt.\n')
return -1
clusterList = node.getElementsByTagName('clusterList')
@@ -598,31 +601,32 @@
verbose.write('No clusters to add\n')
for c in clusterList:
- uid = c.getAttribute('id')
- if not uid:
+ id = c.getAttribute('id')
+ if not id:
transaction.abort()
- sys.stderr.write('Cluster element is missing id attribute\n')
+ err.write('Cluster element is missing id\n')
return -1
- uid = str(id)
+ id = str(id)
title = c.getAttribute('title')
if not title:
- title = '__luci__:cluster'
+ title = ''
else:
title = str(title)
try:
- x.manage_addFolder(uid, title)
- new_cluster = app.luci.systems.cluster.get(uid)
+ x.manage_addFolder(id, title)
+ new_cluster = app.luci.systems.cluster.get(id)
if not new_cluster:
- raise
+ raise Exception, 'unable to add cluster %s' % id
+
new_cluster.manage_acquiredPermissions([])
- new_cluster.manage_role('View', [ 'Access contents information', 'View' ])
+ new_cluster.manage_role('View',
+ [ 'Access contents information', 'View' ])
except Exception, e:
transaction.abort()
- sys.stderr.write('An error occurred while restoring the cluster "%s": %s\n' \
- % (uid, str(e)))
+ err.write('An error occurred while restoring the cluster "%s": %s\n' % (id, str(e)))
return -1
viewperm = list()
@@ -637,63 +641,60 @@
newuser = str(newuser)
try:
- new_cluster.manage_setLocalRoles(newuser, ['View'])
- verbose.write('Added view permission to cluster "%s" for "%s"\n' \
- % (uid, newuser))
+ new_cluster.manage_setLocalRoles(newuser, [ 'View' ])
+ verbose.write('Added view permission to cluster "%s" for "%s"\n' % (id, newuser))
except Exception, e:
- sys.stderr.write('An error occurred while restoring permission for cluster "%s" for "%s": %s' \
- % (uid, newuser, str(e)))
+ err.write('An error occurred while restoring permission for cluster "%s" for user "%s"\n' % (id, newuser))
viewperm.append(newuser)
clusterSystems = c.getElementsByTagName('csystemList')
if not clusterSystems or len(clusterSystems) < 1:
- verbose.write('Cluster "%s" has no storage systems\n' % uid)
+ verbose.write('Cluster "%s" has no nodes\n' % id)
else:
clusterSystems = clusterSystems[0].getElementsByTagName('csystem')
for i in clusterSystems:
newsys = i.getAttribute('id')
if not newsys:
transaction.abort()
- sys.stderr.write('Storage system missing id attribute for cluster "%s"\n' \
- % uid)
+ err.write('Missing node name for cluster "%s"\n' % id)
return -1
newsys = str(newsys)
stitle = i.getAttribute('title')
if not stitle:
- stitle = '__luci__:csystem:%s' % uid
+ stitle = ''
else:
stitle = str(stitle)
try:
new_cluster.manage_addFolder(newsys, stitle)
- newcs = app.luci.systems.cluster.get(uid).get(newsys)
+ newcs = app.luci.systems.cluster.get(id).get(newsys)
if not newcs:
- raise
+ raise Exception, 'unable to add node %s to cluster %s' \
+ % (newsys, id)
+
newcs.manage_acquiredPermissions([])
- newcs.manage_role('View', [ 'Access contents information', 'View' ])
+ newcs.manage_role('View',
+ [ 'Access contents information', 'View' ])
except Exception, e:
transaction.abort()
- sys.stderr.write('An error occurred while restoring the storage system "%s" for cluster "%s": %s' \
- % (newsys, uid, str(e)))
+ err.write('An error occurred while restoring node "%s" for cluster "%s": %s\n' % (newsys, id, str(e)))
return -1
transaction.commit()
try:
for i in viewperm:
- newcs.manage_setLocalRoles(i, ['View'])
- verbose.write('Added view permission to cluster system "%s" for "%s"\n' \
- % (newsys, i))
- except:
+ newcs.manage_setLocalRoles(i, [ 'View' ])
+ verbose.write('Added view permission to node "%s" in cluster "%s" for user "%s"\n' % (newsys, id, i))
+ except Exception, e:
transaction.abort()
- sys.stderr.write('An error occurred while restoring permissions for cluster system "%s" in cluster "%s" for user "%s"\n' \
- % (newsys, uid, i))
+ err.write('An error occurred while restoring view permission to node "%s" in cluster "%s" for user "%s"\n' % (newsys, id, i))
return -1
- verbose.write('Added storage system "%s" for cluster "%s"\n' \
- % (newsys, uid))
+ verbose.write('Added node "%s" to cluster "%s"\n' \
+ % (newsys, id))
- verbose.write('Added cluster "%s"\n' % uid)
+ verbose.write('Added cluster "%s"\n' % id)
transaction.commit()
transaction.commit()
@@ -704,35 +705,34 @@
certList = node.getElementsByTagName('certificateList')
if not certList or len(certList) < 1:
- sys.stderr.write('Backup file "%s" contains no certificate data.\n' \
- % backupfn)
+ err.write('No certificate data was found.\n')
return -1
- if luci_restore_certs(backupfn, certList):
- sys.stderr.write('An error occurred while restoring certificate data.\n')
+ if luci_restore_certs(certList):
+ err.write('An error occurred while restoring certificate data.\n')
return -1
return 0
# This function's ability to work is dependent
-# upon the structure of @ddict
-def dataToXML(doc, ddict, tltag):
+# upon the structure of @obj_dict
+def dataToXML(doc, obj_dict, tltag):
node = doc.createElement(tltag)
- for i in ddict:
- if isinstance(ddict[i], types.DictType):
+ for i in obj_dict:
+ if isinstance(obj_dict[i], types.DictType):
if i[-4:] == 'List':
tagname = i
else:
tagname = tltag[:-4]
- temp = dataToXML(doc, ddict[i], tagname)
+ temp = dataToXML(doc, obj_dict[i], tagname)
node.appendChild(temp)
- elif isinstance(ddict[i], types.StringType) or isinstance(ddict[i], types.IntType):
- node.setAttribute(i, str(ddict[i]))
- elif isinstance(ddict[i], types.ListType):
- if len(ddict[i]) < 1:
+ elif isinstance(obj_dict[i], types.StringType) or isinstance(obj_dict[i], types.IntType):
+ node.setAttribute(i, str(obj_dict[i]))
+ elif isinstance(obj_dict[i], types.ListType):
+ if len(obj_dict[i]) < 1:
continue
temp = doc.createElement(i)
- for x in ddict[i]:
+ for x in obj_dict[i]:
t = doc.createElement('ref')
t.setAttribute('name', x)
temp.appendChild(t.cloneNode(True))
@@ -741,6 +741,7 @@
def luci_backup(argv):
sys.stderr = verbose
+
from ZODB.FileStorage import FileStorage
from ZODB.DB import DB
from OFS.Application import AppInitializer
@@ -748,10 +749,11 @@
import AccessControl.User
from AccessControl.SecurityManagement import newSecurityManager
import transaction
- import CMFPlone
+ from CMFPlone.utils import getToolByName
import App.ImageFile
+
App.ImageFile.__init__ = lambda x, y: None
- sys.stderr = orig_stderr
+ sys.stderr = err
if len(argv) > 0:
dbfn = argv[0]
@@ -765,14 +767,14 @@
conn = db.open()
except IOError, e:
if e[0] == 11:
- sys.stderr.write('It appears that Luci is running. Please stop Luci before attempting to backup your installation.\n')
+ err.write('It appears that luci is running. Please stop luci before attempting to backup your installation.\n')
return -1
else:
- sys.stderr.write('Unable to open the Luci database "%s: %s\n' \
+ err.write('Unable to open the luci database "%s": %s\n' \
% (dbfn, str(e)))
return -1
except Exception, e:
- sys.stderr.write('Unable to open the Luci database "%s: %s\n' \
+ err.write('Unable to open the luci database "%s": %s\n' \
% (dbfn, str(e)))
return -1
@@ -785,11 +787,10 @@
app = conn.root()['Application']
AppInitializer(app).initialize()
- sys.stderr = orig_stderr
+ sys.stderr = err
except Exception, e:
- sys.stderr = orig_stderr
- sys.stderr.write('An error occurred while initializing luci for restore from backup: %s\n' \
- % str(e))
+ sys.stderr = err
+ err.write('An error occurred while initializing the luci installation for restoration from backup: %s\n' % str(e))
return -1
app.luci.portal_memberdata.pruneMemberDataContents()
@@ -798,10 +799,9 @@
try:
acl_users = app.acl_users.users
if not (acl_users and len(acl_users)):
- raise Exception, 'no luci users exist'
+ raise Exception, 'no admin user account exists'
except Exception, e:
- sys.stderr.write('Your Luci installation appears to be corrupt: %s\n' \
- % str(e))
+ err.write('Your luci installation appears to be corrupt: %s\n' % str(e))
return -1
users = {}
@@ -811,15 +811,15 @@
try:
acl_users = app.acl_users.users
if len(acl_users) < 1:
- raise Exception, 'no users exist'
+ raise Exception, 'no admin user account exists'
users['admin'] = {
'id': 'admin',
'name': 'admin',
'passwd': app.acl_users.users._user_passwords['admin']
}
- except:
- sys.stderr.write('Unable to find the luci admin user.\n')
+ except Exception, e:
+ err.write('Unable to find the admin user account: %s\n' % str(e))
return -1
acl_users = app.luci.acl_users.source_users
@@ -833,17 +833,15 @@
}
except Exception, e:
try:
- sys.stderr.write('An error occurred while saving details for user "%s": %s' \
- % (i[0], str(e)))
+ err.write('An error occurred while saving details for user "%s": %s\n' % (i[0], str(e)))
except:
- sys.stderr.write('An error occurred while saving user information: %s' \
- % str(e))
+ err.write('An error occurred while saving user information.\n')
return -1
try:
- membertool = CMFPlone.utils.getToolByName(app.luci, 'portal_membership')
+ membertool = getToolByName(app.luci, 'portal_membership')
if not membertool:
- raise Exception, 'unable to retrieve luci users'
+ raise Exception, 'unable to find user list'
for mem in membertool.listMembers():
try:
@@ -856,14 +854,13 @@
% str(e1))
continue
except Exception, e:
- verbose.write('Error retrieving luci user data: %s\n' % str(e))
+ verbose.write('Error: %s\n' % str(e))
try:
storagedir = app.luci.systems.storage
clusterdir = app.luci.systems.cluster
- except Exception, e:
- sys.stderr.write('Your Luci installation appears to be corrupt.\n')
- sys.stderr.write('Server error: %s\n' % str(e))
+ except:
+ err.write('Your luci installation appears to be corrupt.')
return -1
if storagedir and len(storagedir):
@@ -903,7 +900,7 @@
if hasattr(csystem[1], 'title'):
csystem_hash['title'] = getattr(csystem[1], 'title')
else:
- csystem_hash['title'] = '__luci__:csystem:' + cluster_name
+ csystem_hash['title'] = '__luci__:csystem:%s' % cluster_name
clusters[cluster_name]['csystemList'][csystem[0]] = csystem_hash
transaction.commit()
@@ -912,7 +909,7 @@
db.close()
fs.close()
- backup = {
+ backup_data = {
'userList': users,
'systemList': systems,
'clusterList': clusters
@@ -921,7 +918,7 @@
doc = xml.dom.minidom.Document()
luciData = doc.createElement('luci')
doc.appendChild(luciData)
- dataNode = dataToXML(doc, backup, 'backupData')
+ dataNode = dataToXML(doc, backup_data, 'backupData')
certList = doc.createElement('certificateList')
for i in ssl_key_data:
@@ -931,9 +928,11 @@
certfile.close()
if len(output) < 1:
- raise
- except:
- sys.stderr.write('Unable to read "%s"\n' % i['id'])
+ raise Exception, '%s contains no data' % i['id']
+ except Exception, e:
+ err.write('Unable to read certificate data from "%s": %s\n' \
+ % (i['id'], str(e)))
+
# An error backing up anything other than the config
# is fatal.
if i['type'] != 'config':
@@ -944,7 +943,7 @@
certNode.setAttribute('name', i['name'])
certNode.setAttribute('type', i['type'])
certNode.setAttribute('mode', str(oct(i['mode'])))
- textNode = doc.createTextNode('\n' + output)
+ textNode = doc.createTextNode('\n%s' % output)
certNode.appendChild(textNode)
certList.appendChild(certNode)
@@ -953,9 +952,10 @@
return doc
-def _execWithCaptureErrorStatus(command, argv, searchPath = 0, root = '/', stdin = 0, catchfd = 1, catcherrfd = 2, closefd = -1):
- if not os.access (root + command, os.X_OK):
- raise RuntimeError, '%s%s is not executable' % (root, command)
+
+def exec_cmd(command, argv, searchPath = 0, root = '/', stdin = 0, catchfd = 1, catcherrfd = 2, closefd = -1):
+ if not os.access ('%s%s' % (root, command), os.X_OK):
+ raise RuntimeError, '%s is not executable' % command
(read, write) = os.pipe()
(read_err, write_err) = os.pipe()
@@ -964,7 +964,7 @@
if (not childpid):
# child
if (root and root != '/'):
- os.chroot(root)
+ os.chroot (root)
if isinstance(catchfd, tuple):
for fd in catchfd:
os.dup2(write, fd)
@@ -1001,18 +1001,18 @@
rc_err = ""
in_list = [read, read_err]
while len(in_list) != 0:
- i, o, e = select.select(in_list, [], [], 0.1)
+ i, o, e = select(in_list, [], [], 0.1)
for fd in i:
if fd == read:
- s = os.read(read, 1024)
+ s = os.read(read, 4096)
if s == '':
in_list.remove(read)
- rc = rc + s
+ rc = '%s%s' % (rc, s)
if fd == read_err:
- s = os.read(read_err, 1024)
+ s = os.read(read_err, 4096)
if s == '':
in_list.remove(read_err)
- rc_err = rc_err + s
+ rc_err = '%s%s' % (rc_err, s)
os.close(read)
os.close(read_err)
@@ -1021,7 +1021,7 @@
try:
(pid, status) = os.waitpid(childpid, 0)
except OSError, (errno, msg):
- sys.stderr.write('%s waitpid: %s\n' % (__name__ , msg))
+ err.write('%s waitpid: %s\n' % (__name__, msg))
if os.WIFEXITED(status):
status = os.WEXITSTATUS(status)
@@ -1030,6 +1030,7 @@
return (rc, rc_err, status)
+
def luci_initialized():
# existence of privkey.pem file and
# admin password (not the one Data.fs comes with)
@@ -1040,18 +1041,18 @@
def generate_ssl_certs():
command = '/bin/rm'
- args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
- _execWithCaptureErrorStatus(command, args)
+ args = [ command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH ]
+ exec_cmd(command, args)
# /usr/bin/openssl genrsa -out /var/lib/luci/var/certs/privkey.pem 2048 > /dev/null 2>&1
command = '/usr/bin/openssl'
- args = [command, 'genrsa', '-out', SSL_PRIVKEY_PATH, '2048']
- _execWithCaptureErrorStatus(command, args)
+ args = [ command, 'genrsa', '-out', SSL_PRIVKEY_PATH, '2048' ]
+ exec_cmd(command, args)
# /usr/bin/openssl req -new -x509 -key /var/lib/luci/var/certs/privkey.pem -out /var/lib/luci/var/certs/cacert.pem -days 1825 -config /var/lib/luci/var/certs/cacert.config
command = '/usr/bin/openssl'
- args = [command, 'req', '-new', '-x509', '-key', SSL_PRIVKEY_PATH, '-out', SSL_PUBKEY_PATH, '-days', '1825', '-config', SSL_KEYCONFIG_PATH]
- _execWithCaptureErrorStatus(command, args)
+ args = [ command, 'req', '-new', '-x509', '-key', SSL_PRIVKEY_PATH, '-out', SSL_PUBKEY_PATH, '-days', '1825', '-config', SSL_KEYCONFIG_PATH ]
+ exec_cmd(command, args)
# take ownership and restrict access
try:
@@ -1061,92 +1062,96 @@
os.chmod(SSL_PRIVKEY_PATH, 0600)
os.chmod(SSL_PUBKEY_PATH, 0644)
except Exception, e:
- verbose.write('Error setting SSL cert file perms: %s\n' % str(e))
+ err.write('Error generating SSL certificates: %s\n' % str(e))
command = '/bin/rm'
- args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
- _execWithCaptureErrorStatus(command, args)
+ args = [ command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH ]
+ exec_cmd(command, args)
return False
return True
def restart_message():
- print
- print
- print 'Restart the Luci server for changes to take effect'
- print 'eg. service luci restart'
- print
- return
+ print '\n\nYou must restart the luci server for changes to take effect.\n'
+ print 'Run "service luci restart" to do so\n'
def init(argv):
if luci_initialized():
- sys.stderr.write('Luci site has been already initialized.\n')
- sys.stderr.write('If you want to reset admin password, execute\n')
- sys.stderr.write('\t%s password\n' % argv[0])
+ err.write('luci site has been already initialized.\n')
+ err.write('If you want to reset admin password, execute\n')
+ err.write('\t%s password\n' % argv[0])
sys.exit(1)
- print 'Initializing the Luci server\n'
-
+ print 'Initializing the luci server\n'
print '\nCreating the \'admin\' user\n'
- pwd_str = read_passwd('Enter password: ', 'Confirm password: ')
+
+ new_password = read_passwd('Enter password: ', 'Confirm password: ')
+
print '\nPlease wait...'
- if not set_zope_passwd('admin', pwd_str):
+
+ if not set_zope_passwd('admin', new_password):
restore_luci_db_fsattr()
print 'The admin password has been successfully set.'
else:
- sys.stderr.write('Unable to set the admin user\'s password.\n')
+ err.write('Unable to set the admin user\'s password.\n')
sys.exit(1)
- print 'Generating SSL certificates...'
+ print 'Generating SSL certificates... '
if generate_ssl_certs() == False:
- sys.stderr.write('failed. exiting ...\n')
sys.exit(1)
- print 'Luci server has been successfully initialized'
+ print 'The luci server has been successfully initialized'
restart_message()
- return
-
def password(argv):
- pwd_str = None
+ passwd = None
+
+ ret = exec_cmd('/sbin/service', [ 'service', 'luci', 'status' ])
+ if ret[2] == 0:
+ err.write('You must stop the luci server before attempting to set the admin password.\n')
+ sys.exit(1)
+
if '--random' in argv:
- print 'Setting the admin user\'s password to a random value.\n'
+ print 'Setting the admin user password to a random string...\n'
+
try:
rand = open('/dev/urandom', 'r')
- pwd_str = rand.read(16)
+ passwd = rand.read(16)
rand.close()
except Exception, e:
- sys.stderr.write('Unable to read from /dev/urandom: %s\n' % str(e))
+ err.write('Unable to read from /dev/urandom: %s\n' % str(e))
sys.exit(1)
else:
if not luci_initialized():
- sys.stderr.write('The Luci site has not been initialized.\n')
- sys.stderr.write('To initialize it, execute:\n')
- sys.stderr.write('\t%s init\n' % argv[0])
+ err.write('The luci site has not been initialized.\n')
+ err.write('To initialize it, execute\n')
+ err.write('\t%s init\n' % argv[0])
sys.exit(1)
- print 'Resetting the admin user\'s password\n'
- pwd_str = read_passwd('Enter new password: ', 'Confirm password: ')
+ print 'Setting the admin user\'s password\n'
+ passwd = read_passwd('Enter new password: ', 'Confirm password: ')
print '\nPlease wait...'
- if not set_zope_passwd('admin', pwd_str):
- print 'The admin password has been successfully reset.'
+ if not set_zope_passwd('admin', passwd):
+ print 'The admin password has been successfully set.'
else:
- sys.stderr.write('Unable to set the admin user\'s password.\n')
sys.exit(1)
restart_message()
- return
-
-def backup_db(argv):
+def backup(argv):
# If the site hasn't been initialized, there's nothing to
# save, and luci_backup() will fail
if not luci_initialized():
- print 'The Luci site has not been initialized\n'
- print 'Nothing to backup\n'
+ print 'The luci site has not been initialized\n'
+ print 'There is nothing to backup\n'
sys.exit(0)
- print 'Backing up the Luci server...'
+ ret = exec_cmd('/sbin/service', [ 'service', 'luci', 'status' ])
+ if ret[2] == 0:
+ err.write('You must stop the luci server before backing up the luci database.\n')
+ sys.exit(1)
+
+ print 'Backing up the luci server...'
try:
os.umask(077)
@@ -1156,7 +1161,7 @@
doc = luci_backup(argv[2:])
restore_luci_db_fsattr()
if doc == -1:
- sys.stderr.write('The Luci backup failed. Exiting.\n')
+ err.write('The luci backup failed. Exiting.\n')
sys.exit(1)
try:
@@ -1165,18 +1170,15 @@
# races.
os.stat(LUCI_BACKUP_PATH)
trynum = 1
- basename = '/luci_backup-'
while True:
- oldbackup = '%s%s%s.xml' % (LUCI_BACKUP_DIR, basename, str(trynum))
+ oldbackup = '%s/luci-backup-%d.xml' % (LUCI_BACKUP_DIR, trynum)
if not os.path.exists(oldbackup):
try:
os.rename(LUCI_BACKUP_PATH, oldbackup)
- except Exception, e1:
- sys.stderr.write('Unable to rename the existing backup file "%s" to "%s": %s\n' \
- % (LUCI_BACKUP_PATH, oldbackup, str(e1)))
- sys.stderr.write('The Luci backup failed.\n')
- sys.exit(1)
+ except Exception, e:
+ err.write('Unable to rename the existing backup file "%s" to "%s": %s\n' % (LUCI_BACKUP_PATH, oldbackup, str(e)))
+ err.write('The luci backup failed.\n')
break
trynum += 1
except OSError, e:
@@ -1185,33 +1187,35 @@
try:
f = file(LUCI_BACKUP_PATH, 'wb+')
- except:
- sys.stderr.write('Unable to open the file "%s" to write backup data.\n'
- % LUCI_BACKUP_PATH)
- sys.stderr.write('The Luci backup failed.\n')
+ except Exception, e:
+ err.write('Unable to open "%s" to write the backup: %s\n' \
+ % (LUCI_BACKUP_PATH, str(e)))
+ err.write('The luci backup failed.\n')
sys.exit(1)
try:
os.chmod(LUCI_BACKUP_PATH, 0600)
except OSError, e:
- sys.stderr.write('An error occurred while setting file permissions on backup file "%s": %s\n' \
- % (LUCI_BACKUP_PATH, str(e)))
- sys.stderr.write('Please check that this file is not world-readable.\n')
+ err.write('An error occurred while setting file system permissions for "%s": %s\n' % (LUCI_BACKUP_PATH, str(e)))
+ err.write('Please ensure this file is not world-readable.\n')
try:
f.write(doc.toprettyxml())
f.close()
except Exception, e:
- sys.stderr.write('An error occurred while writing backup file "%s": %s\n' \
- % (LUCI_BACKUP_PATH, str(e)))
- sys.stderr.write('Luci backup failed.\n')
+ err.write('The luci backup failed: %s\n' % str(e))
sys.exit(1)
- print 'The luci backup procedure was successful.'
- print 'Backup data is contained in the file "%s"' % LUCI_BACKUP_PATH
+ print 'The luci backup was successful.\n'
+ print 'The backup data is contained in the file "%s"\n' % LUCI_BACKUP_PATH
+
+def restore(argv):
+ ret = exec_cmd('/sbin/service', [ 'service', 'luci', 'status' ])
+ if ret[2] == 0:
+ err.write('You must stop the luci server before restoring the luci database from backup.\n')
+ sys.exit(1)
-def restore_db(argv):
- print 'Restoring the Luci server...'
+ print 'Restoring the luci server...'
try:
os.umask(077)
@@ -1220,11 +1224,11 @@
if luci_restore(argv[2:]):
ret = False
- sys.stderr.write('The Luci restore failed. Try reinstalling Luci, then restoring again.\n')
+ err.write('The luci restore failed. Try reinstalling luci, then restoring again.\n')
else:
set_default_passwd_reset_flag()
ret = True
- print 'Restore was successful.'
+ print 'The luci restore was successful.'
restart_message()
if restore_luci_db_fsattr():
@@ -1234,15 +1238,13 @@
def luci_help(argv):
print 'Usage:'
- print argv[0] + ' [init|backup|restore|password|help]'
- print
- print '\tinit: initialize Luci site'
- print '\tpassword: reset admin password'
- print '\t\t--random: reset admin password to random value (disable account)'
- print '\tbackup: backup Luci site to a file'
- print '\trestore: restore Luci site from backup'
- print '\thelp: this help message'
- print
+ print '%s [init|backup|restore|password|help]\n' % argv[0]
+ print '\tinit: initialize the luci server'
+ print '\tpassword: reset the admin password'
+ print '\t\t--random: set the admin password to a random value (disable account)'
+ print '\tbackup: backup the luci database to an XML file'
+ print '\trestore: restore luci database from a backup'
+ print '\thelp: display this help message\n'
def test_luci_installation():
# perform basic checks
@@ -1251,11 +1253,13 @@
# check if luci user and group are present on the system
try:
get_luci_uid_gid()
- except:
- sys.stderr.write('There is a problem with luci installation.\n')
- sys.stderr.write('Mising luci\'s system account and group.\n')
- sys.stderr.write('Recommended action: reinstall luci.\n\n')
+ except Exception, e:
+ err.write('There is a problem with your luci installation!\n')
+ err.write('The luci user\'s UID and GID could not be determined: %s\n' \
+ % str(e))
+ err.write('Reinstalling luci is recommended\n\n')
sys.exit(3)
+
return True
def main(argv):
@@ -1263,27 +1267,20 @@
luci_help(argv)
sys.exit(1)
- # only root should run this
- if os.getuid() != 0:
- sys.stderr.write('Only "root" can run %s\n' % argv[0])
- sys.stderr.write('Try again with root privileges.\n')
- sys.exit(2)
-
- # test if luci installation is OK
test_luci_installation()
if 'init' in argv:
init(argv)
elif 'backup' in argv:
- backup_db(argv)
+ backup(argv)
elif 'restore' in argv:
- restore_db(argv)
+ restore(argv)
elif 'password' in argv:
password(argv)
elif 'help' in argv:
luci_help(argv)
else:
- sys.stderr.write('Unknown command\n\n')
+ err.write('Unknown command\n\n')
luci_help(argv)
sys.exit(1)
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2007-08-10 18:36 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2007-08-10 18:36 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2007-08-10 18:36:31
Modified files:
luci/utils : luci_admin
Log message:
- backup returns -1, not 0 on failure.
- do not warn about not being about to chown/chmod nonexistent backups
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.54&r2=1.55
--- conga/luci/utils/luci_admin 2007/08/07 20:22:54 1.54
+++ conga/luci/utils/luci_admin 2007/08/10 18:36:31 1.55
@@ -161,12 +161,17 @@
os.chmod(LUCI_DB_PATH, 0600)
for ext in [ '.tmp', '.old', '.index', '.lock' ]:
cur_path = '%s%s' % (LUCI_DB_PATH, ext)
+
try:
os.chown(cur_path, uid, gid)
os.chmod(cur_path, 0600)
+ except OSError, eieio:
+ if eieio[0] != 2:
+ sys.stderr.write('Unable to change ownership of "%s" back to user "%s": %s\n' \
+ % (cur_path, LUCI_USER, str(eieio)))
except Exception, ei:
- sys.stderr.write('Unable to change ownership of "%s" to user "%s": %s\n' \
- % (cur_path, LUCI_USER, str(ei)))
+ sys.stderr.write('Unable to change ownership of "%s" to user "%s": %s %r\n' \
+ % (cur_path, LUCI_USER, str(ei), ei))
except Exception, e:
sys.stderr.write('Unable to change ownership of the Luci database "%s" back to user "%s": %s\n' \
% (LUCI_DB_PATH, LUCI_USER, str(e)))
@@ -1140,7 +1145,7 @@
doc = luci_backup(argv[2:])
restore_luci_db_fsattr()
- if not doc:
+ if doc == -1:
sys.stderr.write('The Luci backup failed. Exiting.\n')
sys.exit(1)
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2007-08-10 18:33 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2007-08-10 18:33 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Branch: RHEL4
Changes by: rmccabe at sourceware.org 2007-08-10 18:33:30
Modified files:
luci/utils : luci_admin
Log message:
backup returns -1, not 0 on backup.
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.52.2.1&r2=1.52.2.2
--- conga/luci/utils/luci_admin 2007/02/05 21:27:22 1.52.2.1
+++ conga/luci/utils/luci_admin 2007/08/10 18:33:30 1.52.2.2
@@ -1110,7 +1110,7 @@
doc = luci_backup(argv[2:])
restore_luci_db_fsattr()
- if not doc:
+ if doc == -1:
sys.stderr.write('The Luci backup failed. Exiting.\n')
sys.exit(1)
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2007-08-10 18:32 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2007-08-10 18:32 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Branch: RHEL5
Changes by: rmccabe at sourceware.org 2007-08-10 18:32:54
Modified files:
luci/utils : luci_admin
Log message:
backup returns -1, not 0 on failure
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.50.2.3&r2=1.50.2.4
--- conga/luci/utils/luci_admin 2007/03/01 00:31:19 1.50.2.3
+++ conga/luci/utils/luci_admin 2007/08/10 18:32:54 1.50.2.4
@@ -1110,7 +1110,7 @@
doc = luci_backup(argv[2:])
restore_luci_db_fsattr()
- if not doc:
+ if doc == -1:
sys.stderr.write('The Luci backup failed. Exiting.\n')
sys.exit(1)
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2007-08-07 20:22 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2007-08-07 20:22 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2007-08-07 20:22:54
Modified files:
luci/utils : luci_admin
Log message:
Big cleanup.
Detect and report more error conditions.
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.53&r2=1.54
--- conga/luci/utils/luci_admin 2007/02/05 20:08:28 1.53
+++ conga/luci/utils/luci_admin 2007/08/07 20:22:54 1.54
@@ -1,118 +1,116 @@
#!/usr/bin/python
# Copyright (C) 2006-2007 Red Hat, Inc.
+#
+# This program is free software; you can redistribute
+# it and/or modify it under the terms of version 2 of the
+# GNU General Public License as published by the
+# Free Software Foundation.
-import sys, os, stat, select, string, pwd
-from sys import stderr, argv
+import sys, os, select, pwd
+from stat import S_ISREG
import types
import xml
import xml.dom
-from xml.dom import minidom
-
+
sys.path.extend((
'/usr/lib/luci/zope/lib/python',
'/usr/lib/luci/zope/lib/python/Products',
+ '/usr/lib/zope/lib/python',
+ '/usr/lib/zope/lib/python/Products'
'/usr/lib64/luci/zope/lib/python',
'/usr/lib64/luci/zope/lib/python/Products',
'/usr/lib64/luci/zope/lib64/python',
'/usr/lib64/luci/zope/lib64/python/Products',
'/usr/lib64/zope/lib64/python',
'/usr/lib64/zope/lib/python',
- '/usr/lib/zope/lib/python',
'/usr/lib64/zope/lib/python/Products',
'/usr/lib64/zope/lib64/python/Products',
- '/usr/lib/zope/lib/python/Products'
))
from Products import __path__
-for i in ['/usr/lib/luci/zope/lib/python/Products',
- '/usr/lib64/luci/zope/lib/python/Products',
- '/usr/lib64/luci/zope/lib64/python/Products',
- '/usr/lib64/zope/lib/python/Products',
- '/usr/lib64/zope/lib64/python/Products',
- '/usr/lib/zope/lib/python/Products']:
- if os.path.isdir(i):
- __path__.append(i)
-
-LUCI_INIT_DEBUG = 0
-
-LUCI_USER = 'luci'
-LUCI_GROUP = 'luci'
-
-LUCI_HOME_DIR = '/var/lib/luci'
-LUCI_DB_PATH = LUCI_HOME_DIR + '/var/Data.fs'
-LUCI_CERT_DIR = LUCI_HOME_DIR + '/var/certs/'
-LUCI_PEERS_DIR = LUCI_CERT_DIR + 'peers/'
-LUCI_BACKUP_DIR = LUCI_HOME_DIR + '/var'
-LUCI_BACKUP_PATH = LUCI_BACKUP_DIR + '/luci_backup.xml'
-LUCI_ADMIN_SET_PATH = LUCI_HOME_DIR + '/.default_password_has_been_reset'
-
-SSL_PRIVKEY_NAME = 'privkey.pem'
-SSL_PUBKEY_NAME = 'cacert.pem'
-SSL_HTTPS_PRIVKEY_NAME = 'https.key.pem'
-SSL_HTTPS_PUBKEY_NAME = 'https.pem'
-SSL_KEYCONFIG_NAME = 'cacert.config'
-
-SSL_PRIVKEY_PATH = LUCI_CERT_DIR + SSL_PRIVKEY_NAME
-SSL_PUBKEY_PATH = LUCI_CERT_DIR + SSL_PUBKEY_NAME
-SSL_HTTPS_PRIVKEY_PATH = LUCI_CERT_DIR + SSL_HTTPS_PRIVKEY_NAME
-SSL_HTTPS_PUBKEY_PATH = LUCI_CERT_DIR + SSL_HTTPS_PUBKEY_NAME
-SSL_KEYCONFIG_PATH = LUCI_CERT_DIR + SSL_KEYCONFIG_NAME
+
+for tmppath in [
+ '/usr/lib/luci/zope/lib/python/Products',
+ '/usr/lib64/luci/zope/lib/python/Products',
+ '/usr/lib64/luci/zope/lib64/python/Products',
+ '/usr/lib64/zope/lib/python/Products',
+ '/usr/lib64/zope/lib64/python/Products',
+ '/usr/lib/zope/lib/python/Products'
+]:
+ if os.path.isdir(tmppath):
+ __path__.append(tmppath)
+
+LUCI_USER = 'luci'
+LUCI_GROUP = 'luci'
+
+LUCI_HOME_DIR = '/var/lib/luci'
+LUCI_DB_PATH = '%s/var/Data.fs' % LUCI_HOME_DIR
+LUCI_CERT_DIR = '%s/var/certs/' % LUCI_HOME_DIR
+LUCI_PEERS_DIR = '%speers/' % LUCI_CERT_DIR
+LUCI_BACKUP_DIR = '%s/var' % LUCI_HOME_DIR
+LUCI_BACKUP_PATH = '%s/luci_backup.xml' % LUCI_BACKUP_DIR
+LUCI_ADMIN_SET_PATH = '%s/.default_password_has_been_reset' % LUCI_HOME_DIR
+
+SSL_PRIVKEY_NAME = 'privkey.pem'
+SSL_PUBKEY_NAME = 'cacert.pem'
+SSL_HTTPS_PRIVKEY_NAME = 'https.key.pem'
+SSL_HTTPS_PUBKEY_NAME = 'https.pem'
+SSL_KEYCONFIG_NAME = 'cacert.config'
+
+SSL_PRIVKEY_PATH = '%s%s' % (LUCI_CERT_DIR, SSL_PRIVKEY_NAME)
+SSL_PUBKEY_PATH = '%s%s' % (LUCI_CERT_DIR, SSL_PUBKEY_NAME)
+SSL_HTTPS_PRIVKEY_PATH = '%s%s' % (LUCI_CERT_DIR, SSL_HTTPS_PRIVKEY_NAME)
+SSL_HTTPS_PUBKEY_PATH = '%s%s' % (LUCI_CERT_DIR, SSL_HTTPS_PUBKEY_NAME)
+SSL_KEYCONFIG_PATH = '%s%s' % (LUCI_CERT_DIR, SSL_KEYCONFIG_NAME)
ssl_key_data = [
- { 'id' : SSL_PRIVKEY_PATH,
- 'name': SSL_PRIVKEY_NAME,
- 'type': 'private',
- 'mode': 0600 },
- { 'id' : SSL_HTTPS_PRIVKEY_PATH,
- 'name': SSL_HTTPS_PRIVKEY_NAME,
- 'type': 'private',
- 'mode': 0600 },
- { 'id' : SSL_PUBKEY_PATH,
- 'name': SSL_PUBKEY_NAME,
- 'type': 'public',
- 'mode': 0644 },
- { 'id' : SSL_HTTPS_PUBKEY_PATH,
- 'name': SSL_HTTPS_PUBKEY_NAME,
- 'type': 'public',
- 'mode': 0644 },
- { 'id' : SSL_KEYCONFIG_PATH,
- 'name': SSL_KEYCONFIG_NAME,
- 'type': 'config',
- 'mode': 0644 }
+ { 'id': SSL_PRIVKEY_PATH,
+ 'name': SSL_PRIVKEY_NAME,
+ 'type': 'private',
+ 'mode': 0600 },
+ { 'id': SSL_HTTPS_PRIVKEY_PATH,
+ 'name': SSL_HTTPS_PRIVKEY_NAME,
+ 'type': 'private',
+ 'mode': 0600 },
+ { 'id': SSL_PUBKEY_PATH,
+ 'name': SSL_PUBKEY_NAME,
+ 'type': 'public',
+ 'mode': 0644 },
+ { 'id': SSL_HTTPS_PUBKEY_PATH,
+ 'name': SSL_HTTPS_PUBKEY_NAME,
+ 'type': 'public',
+ 'mode': 0644 },
+ { 'id': SSL_KEYCONFIG_PATH,
+ 'name': SSL_KEYCONFIG_NAME,
+ 'type': 'config',
+ 'mode': 0644 }
]
+
for name in os.listdir(LUCI_PEERS_DIR):
- path = LUCI_PEERS_DIR + name
- if stat.S_ISREG(os.stat(path).st_mode):
- ssl_key_data.append({'id' : path,
- 'name' : path.lstrip(LUCI_CERT_DIR),
- 'type' : 'public',
- 'mode' : 0644})
+ ssl_path = '%s%s' % (LUCI_PEERS_DIR, name)
-#null = file(os.devnull, 'rwb+', 0) - available on python 2.4 and above!!!
-null = file('/dev/null', 'rwb+', 0)
-orig_stderr = sys.stderr
+ if S_ISREG(os.stat(ssl_path).st_mode):
+ ssl_key_data.append({
+ 'id': ssl_path,
+ 'name': ssl_path.lstrip(LUCI_CERT_DIR),
+ 'type': 'public',
+ 'mode': 0644
+ })
-if LUCI_INIT_DEBUG:
+orig_stderr = sys.stderr
+if '--debug' in sys.argv or '--verbose' in sys.argv:
verbose = sys.stderr
else:
- verbose = null
-
-
+ verbose = file('/dev/null', 'rwb+', 0)
def get_luci_uid_gid():
- try:
- luci = pwd.getpwnam(LUCI_USER)[2:4]
- if not luci:
- raise
- if len(luci) != 2:
- raise
- return luci
- except:
- msg = 'Cannot find the \"' + LUCI_USER + '\" user.\n'
- sys.stderr.write(msg)
- raise msg
-
+ luci = pwd.getpwnam(LUCI_USER)[2:4]
+ if not luci:
+ raise Exception, 'user lookup failed'
+ if len(luci) != 2:
+ raise Exception, 'user lookup failed'
+ return luci
def set_default_passwd_reset_flag():
# set flag marking admin password has been set
@@ -123,64 +121,68 @@
return True
def get_default_passwd_reset_flag():
- return open(LUCI_ADMIN_SET_PATH, 'r').read(16).strip() == 'True'
-
+ try:
+ return open(LUCI_ADMIN_SET_PATH, 'r').read(16).strip() == 'True'
+ except Exception, e:
+ verbose.write('Failed to write to "%s": %s\n' \
+ % (LUCI_ADMIN_SET_PATH, str(e)))
+ return False
def read_passwd(prompt, confirm_prompt):
from getpass import getpass
+
while True:
s1 = getpass(prompt)
if len(s1) < 6:
- print 'Password has to be at least 6 characters long'
+ sys.stderr.write('Passwords must be at least 6 characters long.\n')
continue
- if ' ' in s1:
- print 'Spaces are not allowed in passwords'
+
+ if ' ' in s1 or '\t' in s1:
+ sys.stderr.write('Spaces are not allowed in passwords.\n')
continue
+
s2 = getpass(confirm_prompt)
if s1 != s2:
- print 'Passwords mismatch, try again'
+ sys.stderr.write('Passwords don\'t match. Try again.\n')
continue
return s1
-
-
def restore_luci_db_fsattr():
uid, gid = -1, -1
try:
uid, gid = get_luci_uid_gid()
except:
+ sys.stderr.write('Unable to determine the user and group of the luci user "%s"\n' \
+ % LUCI_USER)
return -1
-
+
try:
os.chown(LUCI_DB_PATH, uid, gid)
os.chmod(LUCI_DB_PATH, 0600)
- for i in [ '.tmp', '.old', '.index', '.lock' ]:
+ for ext in [ '.tmp', '.old', '.index', '.lock' ]:
+ cur_path = '%s%s' % (LUCI_DB_PATH, ext)
try:
- os.chown(LUCI_DB_PATH + i, uid, gid)
- os.chmod(LUCI_DB_PATH + i, 0600)
- except: pass
- except:
- sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
+ os.chown(cur_path, uid, gid)
+ os.chmod(cur_path, 0600)
+ except Exception, ei:
+ sys.stderr.write('Unable to change ownership of "%s" to user "%s": %s\n' \
+ % (cur_path, LUCI_USER, str(ei)))
+ except Exception, e:
+ sys.stderr.write('Unable to change ownership of the Luci database "%s" back to user "%s": %s\n' \
+ % (LUCI_DB_PATH, LUCI_USER, str(e)))
return -1
def set_zope_passwd(user, passwd):
- sys.stderr = null
- import ZODB
+ sys.stderr = verbose
from ZODB.FileStorage import FileStorage
from ZODB.DB import DB
- import OFS
from OFS.Application import AppInitializer
- import OFS.Folder
import AccessControl
import AccessControl.User
from AccessControl.AuthEncoding import SSHADigestScheme
from AccessControl.SecurityManagement import newSecurityManager
import transaction
- import Products.CMFCore
- import Products.CMFCore.MemberDataTool
import App.ImageFile
- import Products.PluggableAuthService.plugins.ZODBUserManager
- import BTrees.OOBTree
# Zope wants to open a www/ok.gif and images/error.gif
# when you initialize the application object. This keeps
# the AppInitializer(app).initialize() call below from failing.
@@ -193,43 +195,48 @@
conn = db.open()
except IOError, e:
if e[0] == 11:
- sys.stderr.write('It appears that Luci is running. Please stop Luci before attempting to reset passwords.\n')
+ sys.stderr.write('It appears that the luci service is running. You must stop the luci service before using this tool to reset passwords.\n')
return -1
else:
- sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ sys.stderr.write('Unable to open the Luci database "%s": %s\n' \
+ % (LUCI_DB_PATH, str(e)))
return -1
except Exception, e:
- sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ sys.stderr.write('Unable to open the Luci database "%s": %s\n' \
+ % (LUCI_DB_PATH, str(e)))
return -1
try:
- sys.stderr = null
+ sys.stderr = verbose
tempuser = AccessControl.User.UnrestrictedUser('admin', '',
- ('manage','Manager', 'Owner', 'View', 'Authenticated'), [])
+ ('manage', 'Manager', 'Owner', 'View', 'Authenticated'), [])
newSecurityManager(None, tempuser)
app = conn.root()['Application']
AppInitializer(app).initialize()
sys.stderr = orig_stderr
- except:
+ except Exception, e:
sys.stderr = orig_stderr
- sys.stderr.write('An error occurred while setting the password for user \"' + user + '\"\n')
+ sys.stderr.write('An error occurred while setting the password for user "%s": %s\n' \
+ % (user, str(e)))
return -1
ret = -1
try:
pwd_scheme = SSHADigestScheme
- pwd_hash = '{SSHA}' + pwd_scheme.encrypt(SSHADigestScheme(), passwd)
+ pwd_hash = '{SSHA}%s' % pwd_scheme.encrypt(SSHADigestScheme(), passwd)
acl_users = app.acl_users.users
if len(acl_users):
acl_users._user_passwords[user] = pwd_hash
transaction.commit()
ret = 0
else:
- raise
- except:
- sys.stderr.write('Unable to set the password for user \"' + user + '\"\n')
+ raise Exception, 'failed to set password'
+ except Exception, e:
+ sys.stderr = orig_stderr
+ sys.stderr.write('Unable to set the password for user "%s": %s\n' \
+ % (user, str(e)))
conn.close()
db.pack()
@@ -238,34 +245,39 @@
if restore_luci_db_fsattr():
return -1
-
+
if user == 'admin' and ret == 0:
set_default_passwd_reset_flag()
-
- return ret
+ return ret
-def luci_restore_certs(certList):
+def luci_restore_certs(path, certList):
if not certList or len(certList) < 1:
- sys.stderr.write('Your backup file contains no certificate data. Please check that your backup file is not corrupt.\n')
+ sys.stderr.write('Backup file "%s" contains no certificate data\n' \
+ % path)
+ sys.stderr.write('Please check that your backup file is not corrupt.\n')
return -1
certList = certList[0].getElementsByTagName('certificate')
if not certList or len(certList) < 1:
- sys.stderr.write('Your backup file contains no certificate data. Please check that your backup file is not corrupt.\n')
+ sys.stderr.write('Backup file "%s" contains no certificate data\n' \
+ % path)
+ sys.stderr.write('Please check that your backup file is not corrupt.\n')
return -1
- uid, gid = -1, -1
+
try:
uid, gid = get_luci_uid_gid()
- except:
+ except Exception, e:
+ verbose.write('Error getting uid: %s' % str(e))
return -1
for c in certList:
- path = c.getAttribute('name')
- if not path:
- sys.stderr.write('Missing \"name\" field for certificate.\n')
+ cert_path = c.getAttribute('name')
+ if not cert_path :
+ sys.stderr.write('Backup file "%s" is missing the "name" attribute for a certificate.\n' \
+ % path)
return -1
- path = LUCI_CERT_DIR + str(path)
+ cert_path = '%s%s' % (LUCI_CERT_DIR, str(cert_path))
mode = c.getAttribute('mode')
if not mode:
@@ -275,48 +287,50 @@
data = c.firstChild
if not data or not data.wholeText:
- sys.stderr.write('\"' + path + '\" has no certificate data.')
+ sys.stderr.write('Backup file "%s" contains no certificate data.\n' \
+ % path)
return -1
# Because .prettyprint() was called to write the backup..
data = data.wholeText.strip()
if len(data) < 1:
- sys.stderr.write('\"' + path + '\" has no certificate data.')
+ sys.stderr.write('Backup file "%s" contains no certificate data.\n' \
+ % path)
return -1
data = str(data)
try:
- f = file(path, 'wb+')
- except:
- sys.stderr.write('Unable to create \" ' + path + '\" for writing.\n')
+ f = file(cert_path, 'wb+')
+ except Exception, e:
+ sys.stderr.write('Unable to open certificate file "%s" for writing: %s\n' \
+ % (cert_path, str(e)))
return -1
- os.chmod(path, mode)
- f.write(data + '\n')
- os.chown(path, uid, gid)
- f.close()
- return None
+ try:
+ os.chown(path, uid, gid)
+ os.chmod(path, mode)
+ f.write(data)
+ f.write('\n')
+ f.close()
+ except Exception, e:
+ sys.stderr.write('Unable to restore certificate file "%s": %s\n' \
+ % (cert_path, str(e)))
+ return -1
+ return None
def luci_restore(argv):
- sys.stderr = null
- import ZODB
+ sys.stderr = verbose
from ZODB.FileStorage import FileStorage
from ZODB.DB import DB
- import OFS
from OFS.Application import AppInitializer
- import OFS.Folder
import AccessControl
import AccessControl.User
- from AccessControl.AuthEncoding import SSHADigestScheme
from AccessControl.SecurityManagement import newSecurityManager
import transaction
- import Products.CMFCore
- import Products.CMFCore.MemberDataTool
import App.ImageFile
- import Products.PluggableAuthService.plugins.ZODBUserManager
- import BTrees.OOBTree
from DateTime import DateTime
+
App.ImageFile.__init__ = lambda x, y: None
sys.stderr = orig_stderr
@@ -337,34 +351,40 @@
conn = db.open()
except IOError, e:
if e[0] == 11:
- sys.stderr.write('It appears that Luci is running. Please stop Luci before attempting to restore your installation.\n')
+ sys.stderr.write('It appears that the luci service is running.\n')
+ sys.stderr.write('You must stop the luci service before using this tool restore from a backup.\n')
return -1
else:
- sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ sys.stderr.write('Unable to open the Luci database "%s": %s\n' \
+ % (dbfn, str(e)))
return -1
except Exception, e:
- sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ sys.stderr.write('Unable to open the Luci database "%s": %s\n' \
+ % (dbfn, str(e)))
return -1
try:
node = xml.dom.minidom.parse(backupfn)
- except:
- sys.stderr.write('Unable to open the Luci backup file \"'+ backupfn +'\"\n')
+ except Exception, e:
+ sys.stderr.write('Unable to parse backup data contained in file "%s": %s\n' \
+ % (backupfn, str(e)))
return -1
node = node.getElementsByTagName('luci')
if not node or len(node) < 1:
- sys.stderr.write('Backup file is missing the \'luci\' tag\n')
+ sys.stderr.write('Backup file "%s" is missing the "luci" XML tag.\n' \
+ % backupfn)
return -1
node = node[0].getElementsByTagName('backupData')
if not node or len(node) < 1:
- sys.stderr.write('Backup file is missing the \'backupData\' tag\n')
+ sys.stderr.write('Backup file "%s" is missing the "backupData" XML tag\n' \
+ % backupfn)
return -1
- node = node[0]
+ node = node[0]
try:
- sys.stderr = null
+ sys.stderr = verbose
tempuser = AccessControl.User.UnrestrictedUser('admin', '',
('manage','Manager', 'Owner', 'View', 'Authenticated'), [])
@@ -373,9 +393,10 @@
app = conn.root()['Application']
AppInitializer(app).initialize()
sys.stderr = orig_stderr
- except:
+ except Exception, e:
sys.stderr = orig_stderr
- sys.stderr.write('An error occurred while initializing the Luci installation for restoration from backup\n')
+ sys.stderr.write('An error occurred while restoring from backup file "%s": %s\n' \
+ % (backupfn, str(e)))
return -1
try:
@@ -383,52 +404,59 @@
portal_mem = app.luci.portal_membership
portal_reg = app.luci.portal_registration
if not (acl_users and len(acl_users) and portal_mem and portal_reg):
- raise
- except:
- sys.stderr.write('Your Luci installation appears to be corrupt.\n')
+ raise Exception, 'no users are present'
+ except Exception, e:
+ sys.stderr.write('Your Luci installation appears to be corrupt: %s' % str(e))
return -1
userList = node.getElementsByTagName('userList')
if not userList or len(userList) < 1:
- sys.stderr.write('Your backup file contains no users. At the very least, the admin user must exist. Please check that your backup file is not corrupt.\n')
+ sys.stderr.write('Backup file "%s" contains no users.\n' % backupfn)
+ sys.stderr.write('The admin user must exist.\n')
+ sys.stderr.write('Please check that your backup file is not corrupt.\n')
return -1
userList = userList[0].getElementsByTagName('user')
if not userList or len(userList) < 1:
- sys.stderr.write('Your backup file contains no users. At the very least, the admin user must exist. Please check that your backup file is not corrupt.\n')
+ sys.stderr.write('Backup file "%s" contains no users.\n' % backupfn)
+ sys.stderr.write('The admin user must exist.\n')
+ sys.stderr.write('Please check that your backup file is not corrupt.\n')
return -1
for u in userList:
- id = u.getAttribute('id')
- if not id:
+ uid = u.getAttribute('id')
+ if not uid:
transaction.abort()
- sys.stderr.write('Missing ID for user\n')
+ sys.stderr.write('Missing the id attribute for a user in backup file "%s"\n' \
+ % backupfn)
return -1
- id = str(id)
+ uid = str(uid)
passwd = u.getAttribute('passwd')
if not passwd:
transaction.abort()
- sys.stderr.write('Missing password for user \"' + id + '\"\n')
+ sys.stderr.write('Missing password for user "%s" in backup file "%s"\n' \
+ % (uid, backupfn))
return -1
passwd = str(passwd)
- if id == 'admin':
+ if uid == 'admin':
try:
acl_users._user_passwords['admin'] = passwd
- except:
+ except Exception, e:
transaction.abort()
- sys.stderr.write('Unable to restore admin password.')
+ sys.stderr.write('Unable to restore admin password from backup file "%s": %s\n' \
+ % (backupfn, str(e)))
return -1
else:
email = u.getAttribute('email')
if not email:
- email = id + '@luci.example.org'
+ email = '%s@luci.example.org' % uid
else:
email = str(email)
props = {
- 'username': id,
+ 'username': uid,
'roles': [ 'Member' ],
'domains': [],
'email': email,
@@ -449,34 +477,38 @@
if must_change_passwd == 'True' or '1':
props['must_change_password'] = True
- portal_reg.addMember(id, passwd, props)
+ portal_reg.addMember(uid, passwd, props)
- member = portal_mem.getMemberById(id)
+ member = portal_mem.getMemberById(uid)
if not member:
transaction.abort()
- sys.stderr.write('An error occurred while restoring the user \"' + id + '\"\n')
+ sys.stderr.write('An error occurred while restoring the user "%s" from backup file "%s"\n' \
+ % (uid, backupfn))
return -1
try:
aclu = app.luci.acl_users.source_users
if aclu and len(aclu):
- aclu._user_passwords[id] = passwd
+ aclu._user_passwords[uid] = passwd
else:
- raise
- except:
+ raise Exception, 'unable to set password for %s' % uid
+ except Exception, e:
transaction.abort()
- sys.stderr.write('An error occurred while restoring the password for user \"' + id + '\"\n')
+ sys.stderr.write('An error occurred while restoring the password for user "%s" from backup file "%s": %s\n'
+ % (uid, backupfn, str(e)))
return -1
- verbose.write('Added user \"' + id + '\"\n')
+ verbose.write('Added user "%s"' % uid)
transaction.commit()
try:
x = app.luci.systems.storage
if not x:
raise
- except:
+ except Exception, e:
transaction.abort()
- sys.stderr.write('Cannot find the Luci storage systems directory. Your Luci installation may be corrupt.\n')
+ sys.stderr.write('Cannot find the Luci storage systems directory.\n')
+ sys.stderr.write('Your Luci installation may be corrupt.\n')
+ sys.stderr.write('Server error: %s\n' % str(e))
return -1
systemList = node.getElementsByTagName('systemList')
@@ -488,32 +520,33 @@
verbose.write('No storage systems to add\n')
for s in systemList:
- id = s.getAttribute('id')
- if not id:
+ uid = s.getAttribute('id')
+ if not uid:
transaction.abort()
sys.stderr.write('Missing ID for storage system. Your backup may be corrupt.\n')
return -1
- id = str(id)
+ uid = str(uid)
try:
title = str(s.getAttribute('title'))
except:
title = '__luci__:system'
- x.manage_addFolder(id, title)
+ x.manage_addFolder(uid, title)
try:
- new_system = app.luci.systems.storage.get(id)
+ new_system = app.luci.systems.storage.get(uid)
if not new_system:
raise
new_system.manage_acquiredPermissions([])
- new_system.manage_role('View', ['Access contents information','View'])
- except:
+ new_system.manage_role('View', [ 'Access contents information', 'View' ])
+ except Exception, e:
transaction.abort()
- sys.stderr.write('An error occurred while restoring storage system \"' + id + '\"\n')
+ sys.stderr.write('An error occurred while restoring storage system "%s": %s\n' \
+ % (uid, str(e)))
return -1
userPerms = s.getElementsByTagName('permList')
if not userPerms or len(userPerms) < 1:
- verbose.write('Added storage system \"' + id + '\"\n')
+ verbose.write('Added storage system "%s"\n' % uid)
continue
userPerms = userPerms[0].getElementsByTagName('ref')
for i in userPerms:
@@ -522,20 +555,23 @@
continue
try:
new_system.manage_setLocalRoles(newuser, ['View'])
- verbose.write('Added view permission to storage system \"' + id + '\" for \"' + newuser + '\"\n')
- except:
- sys.stderr.write('An error occurred while restoring permission for storage system \"' + id + '\" for user \"' + newuser + '\"\n')
+ verbose.write('Added view permission to storage system "%s" for "%s"\n' \
+ % (uid, newuser))
+ except Exception, e:
+ sys.stderr.write('An error occurred while restoring permission for storage system "%s" for "%s": %s\n' \
+ % (uid, newuser, str(e)))
- verbose.write('Added storage system \"' + id + '\"\n')
+ verbose.write('Added storage system "%s"\n' % uid)
transaction.commit()
try:
x = app.luci.systems.cluster
if not x:
raise
- except:
+ except Exception, e:
transaction.abort()
sys.stderr.write('Cannot find the Luci cluster directory. Your Luci installation may be corrupt.\n')
+ sys.stderr.write('Error reported: %s\n' % str(e))
return -1
clusterList = node.getElementsByTagName('clusterList')
@@ -547,12 +583,12 @@
verbose.write('No clusters to add\n')
for c in clusterList:
- id = c.getAttribute('id')
- if not id:
+ uid = c.getAttribute('id')
+ if not uid:
transaction.abort()
- sys.stderr.write('Cluster element is missing id\n')
+ sys.stderr.write('Cluster element is missing id attribute\n')
return -1
- id = str(id)
+ uid = str(id)
title = c.getAttribute('title')
if not title:
@@ -561,16 +597,17 @@
title = str(title)
try:
- x.manage_addFolder(id, title)
- new_cluster = app.luci.systems.cluster.get(id)
+ x.manage_addFolder(uid, title)
+ new_cluster = app.luci.systems.cluster.get(uid)
if not new_cluster:
raise
new_cluster.manage_acquiredPermissions([])
- new_cluster.manage_role('View', ['Access contents information','View'])
- except:
+ new_cluster.manage_role('View', [ 'Access contents information', 'View' ])
+ except Exception, e:
transaction.abort()
- sys.stderr.write('An error occurred while restoring the cluster \"' + id + '\"\n')
+ sys.stderr.write('An error occurred while restoring the cluster "%s": %s\n' \
+ % (uid, str(e)))
return -1
viewperm = list()
@@ -586,55 +623,62 @@
try:
new_cluster.manage_setLocalRoles(newuser, ['View'])
- verbose.write('Added view permission to cluster \"' + id + '\" for \"' + newuser + '\"\n')
- except:
- sys.stderr.write('An error occurred while restoring permission for cluster \"' + id + '\" for user \"' + newuser + '\"\n')
+ verbose.write('Added view permission to cluster "%s" for "%s"\n' \
+ % (uid, newuser))
+ except Exception, e:
+ sys.stderr.write('An error occurred while restoring permission for cluster "%s" for "%s": %s' \
+ % (uid, newuser, str(e)))
viewperm.append(newuser)
clusterSystems = c.getElementsByTagName('csystemList')
if not clusterSystems or len(clusterSystems) < 1:
- verbose.write('Cluster \"' + id + '\" has no storage systems\n')
+ verbose.write('Cluster "%s" has no storage systems\n' % uid)
else:
clusterSystems = clusterSystems[0].getElementsByTagName('csystem')
for i in clusterSystems:
newsys = i.getAttribute('id')
if not newsys:
transaction.abort()
- sys.stderr.write('Storage system missing name for cluster \"' + id + '\"\n')
+ sys.stderr.write('Storage system missing id attribute for cluster "%s"\n' \
+ % uid)
return -1
newsys = str(newsys)
stitle = i.getAttribute('title')
if not stitle:
- stitle = '__luci__:csystem:' + id
+ stitle = '__luci__:csystem:%s' % uid
else:
stitle = str(stitle)
try:
new_cluster.manage_addFolder(newsys, stitle)
- newcs = app.luci.systems.cluster.get(id).get(newsys)
+ newcs = app.luci.systems.cluster.get(uid).get(newsys)
if not newcs:
raise
newcs.manage_acquiredPermissions([])
- newcs.manage_role('View', ['Access contents information','View'])
- except:
+ newcs.manage_role('View', [ 'Access contents information', 'View' ])
+ except Exception, e:
transaction.abort()
- sys.stderr.write('An error occurred while restoring the storage system \"' + newsys + '\" for cluster \"' + id + '\"\n')
+ sys.stderr.write('An error occurred while restoring the storage system "%s" for cluster "%s": %s' \
+ % (newsys, uid, str(e)))
return -1
transaction.commit()
try:
for i in viewperm:
newcs.manage_setLocalRoles(i, ['View'])
- verbose.write('Added view permission to cluster system \"' + newsys + '\" for \"' + i + '\"\n')
+ verbose.write('Added view permission to cluster system "%s" for "%s"\n' \
+ % (newsys, i))
except:
transaction.abort()
- sys.stderr.write('An error occurred while restoring permissions for cluster system \"' + newsys + '\" in cluster \"' + id + '\" for user \"' + i + '\"\n')
+ sys.stderr.write('An error occurred while restoring permissions for cluster system "%s" in cluster "%s" for user "%s"\n' \
+ % (newsys, uid, i))
return -1
- verbose.write('Added storage system \"' + newsys + '\" for cluster \"' + id + '\"\n')
+ verbose.write('Added storage system "%s" for cluster "%s"\n' \
+ % (newsys, uid))
- verbose.write('Added cluster \"' + id + '\"\n')
+ verbose.write('Added cluster "%s"\n' % uid)
transaction.commit()
transaction.commit()
@@ -645,34 +689,35 @@
certList = node.getElementsByTagName('certificateList')
if not certList or len(certList) < 1:
- sys.stderr.write('No certificate data was found.\n')
+ sys.stderr.write('Backup file "%s" contains no certificate data.\n' \
+ % backupfn)
return -1
- if luci_restore_certs(certList):
+ if luci_restore_certs(backupfn, certList):
sys.stderr.write('An error occurred while restoring certificate data.\n')
return -1
return 0
# This function's ability to work is dependent
-# upon the structure of @dict
-def dataToXML(doc, dict, tltag):
+# upon the structure of @ddict
+def dataToXML(doc, ddict, tltag):
node = doc.createElement(tltag)
- for i in dict:
- if isinstance(dict[i], types.DictType):
+ for i in ddict:
+ if isinstance(ddict[i], types.DictType):
if i[-4:] == 'List':
tagname = i
else:
tagname = tltag[:-4]
- temp = dataToXML(doc, dict[i], tagname)
+ temp = dataToXML(doc, ddict[i], tagname)
node.appendChild(temp)
- elif isinstance(dict[i], types.StringType) or isinstance(dict[i], types.IntType):
- node.setAttribute(i, str(dict[i]))
- elif isinstance(dict[i], types.ListType):
- if len(dict[i]) < 1:
+ elif isinstance(ddict[i], types.StringType) or isinstance(ddict[i], types.IntType):
+ node.setAttribute(i, str(ddict[i]))
+ elif isinstance(ddict[i], types.ListType):
+ if len(ddict[i]) < 1:
continue
temp = doc.createElement(i)
- for x in dict[i]:
+ for x in ddict[i]:
t = doc.createElement('ref')
t.setAttribute('name', x)
temp.appendChild(t.cloneNode(True))
@@ -680,24 +725,16 @@
return node.cloneNode(True)
def luci_backup(argv):
- sys.stderr = null
- import ZODB
+ sys.stderr = verbose
from ZODB.FileStorage import FileStorage
from ZODB.DB import DB
- import OFS
from OFS.Application import AppInitializer
- import OFS.Folder
import AccessControl
import AccessControl.User
- from AccessControl.AuthEncoding import SSHADigestScheme
from AccessControl.SecurityManagement import newSecurityManager
import transaction
- import Products.CMFCore
- import Products.CMFCore.MemberDataTool
- from CMFPlone.utils import getToolByName
+ import CMFPlone
import App.ImageFile
- import Products.PluggableAuthService.plugins.ZODBUserManager
- import BTrees.OOBTree
App.ImageFile.__init__ = lambda x, y: None
sys.stderr = orig_stderr
@@ -706,11 +743,6 @@
else:
dbfn = LUCI_DB_PATH
- if len(argv) > 1:
- backupfn = argv[1]
- else:
- backupfn = LUCI_BACKUP_PATH
-
try:
fs = FileStorage(dbfn)
db = DB(fs)
@@ -721,14 +753,16 @@
sys.stderr.write('It appears that Luci is running. Please stop Luci before attempting to backup your installation.\n')
return -1
else:
- sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ sys.stderr.write('Unable to open the Luci database "%s: %s\n' \
+ % (dbfn, str(e)))
return -1
except Exception, e:
- sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ sys.stderr.write('Unable to open the Luci database "%s: %s\n' \
+ % (dbfn, str(e)))
return -1
try:
- sys.stderr = null
+ sys.stderr = verbose
tempuser = AccessControl.User.UnrestrictedUser('admin', '',
('manage','Manager', 'Owner', 'View', 'Authenticated'), [])
@@ -737,9 +771,10 @@
app = conn.root()['Application']
AppInitializer(app).initialize()
sys.stderr = orig_stderr
- except:
+ except Exception, e:
sys.stderr = orig_stderr
- sys.stderr.write('An error occurred while initializing the Luci installation for restoration from backup\n')
+ sys.stderr.write('An error occurred while initializing luci for restore from backup: %s\n' \
+ % str(e))
return -1
app.luci.portal_memberdata.pruneMemberDataContents()
@@ -748,9 +783,10 @@
try:
acl_users = app.acl_users.users
if not (acl_users and len(acl_users)):
- raise
- except:
- sys.stderr.write('Your Luci installation appears to be corrupt.\n')
+ raise Exception, 'no luci users exist'
+ except Exception, e:
+ sys.stderr.write('Your Luci installation appears to be corrupt: %s\n' \
+ % str(e))
return -1
users = {}
@@ -760,14 +796,15 @@
try:
acl_users = app.acl_users.users
if len(acl_users) < 1:
- raise
+ raise Exception, 'no users exist'
+
users['admin'] = {
'id': 'admin',
'name': 'admin',
'passwd': app.acl_users.users._user_passwords['admin']
}
except:
- sys.stderr.write('Unable to find the admin user.\n')
+ sys.stderr.write('Unable to find the luci admin user.\n')
return -1
acl_users = app.luci.acl_users.source_users
@@ -779,33 +816,39 @@
'name': i[0],
'passwd': i[1]
}
- except:
+ except Exception, e:
try:
- sys.stderr.write('An error occurred while saving details for user \"' + i[0] + '\"\n')
+ sys.stderr.write('An error occurred while saving details for user "%s": %s' \
+ % (i[0], str(e)))
except:
- sys.stderr.write('An error occurred while saving user information.')
+ sys.stderr.write('An error occurred while saving user information: %s' \
+ % str(e))
return -1
try:
- membertool = getToolByName(app.luci, 'portal_membership')
+ membertool = CMFPlone.utils.getToolByName(app.luci, 'portal_membership')
if not membertool:
- raise
+ raise Exception, 'unable to retrieve luci users'
+
for mem in membertool.listMembers():
try:
for i in [ 'login_time', 'last_login_time', 'must_change_password', 'email' ]:
prop = mem.getProperty(i)
if prop != '':
users[mem.id][i] = str(prop)
- except:
+ except Exception, e1:
+ verbose.write('Error retrieving member properties: %s\n' \
+ % str(e1))
continue
- except:
- pass
-
+ except Exception, e:
+ verbose.write('Error retrieving luci user data: %s\n' % str(e))
+
try:
storagedir = app.luci.systems.storage
clusterdir = app.luci.systems.cluster
- except:
- sys.stderr.write('Your Luci installation appears to be corrupt.')
+ except Exception, e:
+ sys.stderr.write('Your Luci installation appears to be corrupt.\n')
+ sys.stderr.write('Server error: %s\n' % str(e))
return -1
if storagedir and len(storagedir):
@@ -822,7 +865,7 @@
systems[i[0]]['permList'] = map(lambda x: x[0], filter(lambda x: len(x) > 1 and 'View' in x[1], roles.items()))
else:
systems[i[0]]['permList'] = {}
-
+
if clusterdir and len(clusterdir):
for i in clusterdir.objectItems():
cluster_name = i[0]
@@ -875,7 +918,7 @@
if len(output) < 1:
raise
except:
- sys.stderr.write('Unable to read \"' + i['id'] + '\"\n')
+ sys.stderr.write('Unable to read "%s"\n' % i['id'])
# An error backing up anything other than the config
# is fatal.
if i['type'] != 'config':
@@ -895,195 +938,182 @@
return doc
-
def _execWithCaptureErrorStatus(command, argv, searchPath = 0, root = '/', stdin = 0, catchfd = 1, catcherrfd = 2, closefd = -1):
- if not os.access (root + command, os.X_OK):
- raise RuntimeError, command + " can not be run"
+ if not os.access (root + command, os.X_OK):
+ raise RuntimeError, '%s%s is not executable' % (root, command)
- (read, write) = os.pipe()
- (read_err,write_err) = os.pipe()
-
- childpid = os.fork()
- if (not childpid):
- # child
- if (root and root != '/'): os.chroot (root)
- if isinstance(catchfd, tuple):
- for fd in catchfd:
- os.dup2(write, fd)
- else:
- os.dup2(write, catchfd)
- os.close(write)
- os.close(read)
-
- if isinstance(catcherrfd, tuple):
- for fd in catcherrfd:
- os.dup2(write_err, fd)
- else:
- os.dup2(write_err, catcherrfd)
- os.close(write_err)
- os.close(read_err)
-
- if closefd != -1:
- os.close(closefd)
-
- if stdin:
- os.dup2(stdin, 0)
- os.close(stdin)
-
- if (searchPath):
- os.execvp(command, argv)
- else:
- os.execv(command, argv)
- # will never come here
-
- os.close(write)
- os.close(write_err)
-
- rc = ""
- rc_err = ""
- in_list = [read, read_err]
- while len(in_list) != 0:
- i,o,e = select.select(in_list, [], [], 0.1)
- for fd in i:
- if fd == read:
- s = os.read(read, 1000)
- if s == '':
- in_list.remove(read)
- rc = rc + s
- if fd == read_err:
- s = os.read(read_err, 1000)
- if s == '':
- in_list.remove(read_err)
- rc_err = rc_err + s
-
- os.close(read)
- os.close(read_err)
-
- status = -1
- try:
- (pid, status) = os.waitpid(childpid, 0)
- except OSError, (errno, msg):
- sys.stderr.write(__name__ + 'waitpid: ' + msg + '\n')
-
- if os.WIFEXITED(status):
- status = os.WEXITSTATUS(status)
- else:
- status = -1
-
- return (rc, rc_err, status)
+ (read, write) = os.pipe()
+ (read_err, write_err) = os.pipe()
+ childpid = os.fork()
+ if (not childpid):
+ # child
+ if (root and root != '/'):
+ os.chroot(root)
+ if isinstance(catchfd, tuple):
+ for fd in catchfd:
+ os.dup2(write, fd)
+ else:
+ os.dup2(write, catchfd)
+ os.close(write)
+ os.close(read)
+
+ if isinstance(catcherrfd, tuple):
+ for fd in catcherrfd:
+ os.dup2(write_err, fd)
+ else:
+ os.dup2(write_err, catcherrfd)
+ os.close(write_err)
+ os.close(read_err)
+
+ if closefd != -1:
+ os.close(closefd)
+
+ if stdin:
+ os.dup2(stdin, 0)
+ os.close(stdin)
+ if (searchPath):
+ os.execvp(command, argv)
+ else:
+ os.execv(command, argv)
+ # will never come here
+ os.close(write)
+ os.close(write_err)
+ rc = ""
+ rc_err = ""
+ in_list = [read, read_err]
+ while len(in_list) != 0:
+ i, o, e = select.select(in_list, [], [], 0.1)
+ for fd in i:
+ if fd == read:
+ s = os.read(read, 1024)
+ if s == '':
+ in_list.remove(read)
+ rc = rc + s
+ if fd == read_err:
+ s = os.read(read_err, 1024)
+ if s == '':
+ in_list.remove(read_err)
+ rc_err = rc_err + s
+
+ os.close(read)
+ os.close(read_err)
+
+ status = -1
+ try:
+ (pid, status) = os.waitpid(childpid, 0)
+ except OSError, (errno, msg):
+ sys.stderr.write('%s waitpid: %s\n' % (__name__ , msg))
+ if os.WIFEXITED(status):
+ status = os.WEXITSTATUS(status)
+ else:
+ status = -1
+ return (rc, rc_err, status)
def luci_initialized():
- # existence of privkey.pem file and
- # admin password (not the one Data.fs comes with)
- # mean that luci has been initialized
- b1 = get_default_passwd_reset_flag()
- b2 = os.access(SSL_PRIVKEY_PATH, os.F_OK)
- return b1 and b2
-
-
+ # existence of privkey.pem file and
+ # admin password (not the one Data.fs comes with)
+ # mean that luci has been initialized
+ b1 = get_default_passwd_reset_flag()
+ b2 = os.access(SSL_PRIVKEY_PATH, os.F_OK)
+ return b1 and b2
def generate_ssl_certs():
- command = '/bin/rm'
- args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
- _execWithCaptureErrorStatus(command, args)
-
- # /usr/bin/openssl genrsa -out /var/lib/luci/var/certs/privkey.pem 2048 > /dev/null 2>&1
- command = '/usr/bin/openssl'
- args = [command, 'genrsa', '-out', SSL_PRIVKEY_PATH, '2048']
- _execWithCaptureErrorStatus(command, args)
-
- # /usr/bin/openssl req -new -x509 -key /var/lib/luci/var/certs/privkey.pem -out /var/lib/luci/var/certs/cacert.pem -days 1825 -config /var/lib/luci/var/certs/cacert.config
- command = '/usr/bin/openssl'
- args = [command, 'req', '-new', '-x509', '-key', SSL_PRIVKEY_PATH, '-out', SSL_PUBKEY_PATH, '-days', '1825', '-config', SSL_KEYCONFIG_PATH]
- _execWithCaptureErrorStatus(command, args)
-
- # take ownership and restrict access
- try:
- uid, gid = get_luci_uid_gid()
- os.chown(SSL_PRIVKEY_PATH, uid, gid)
- os.chown(SSL_PUBKEY_PATH, uid, gid)
- os.chmod(SSL_PRIVKEY_PATH, 0600)
- os.chmod(SSL_PUBKEY_PATH, 0644)
- except:
- command = '/bin/rm'
- args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
- _execWithCaptureErrorStatus(command, args)
- return False
-
- return True
-
-
-def restart_message():
- print
- print
- print 'Restart the Luci server for changes to take effect'
- print 'eg. service luci restart'
- print
- return
-
+ command = '/bin/rm'
+ args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
+ _execWithCaptureErrorStatus(command, args)
+
+ # /usr/bin/openssl genrsa -out /var/lib/luci/var/certs/privkey.pem 2048 > /dev/null 2>&1
+ command = '/usr/bin/openssl'
+ args = [command, 'genrsa', '-out', SSL_PRIVKEY_PATH, '2048']
+ _execWithCaptureErrorStatus(command, args)
+
+ # /usr/bin/openssl req -new -x509 -key /var/lib/luci/var/certs/privkey.pem -out /var/lib/luci/var/certs/cacert.pem -days 1825 -config /var/lib/luci/var/certs/cacert.config
+ command = '/usr/bin/openssl'
+ args = [command, 'req', '-new', '-x509', '-key', SSL_PRIVKEY_PATH, '-out', SSL_PUBKEY_PATH, '-days', '1825', '-config', SSL_KEYCONFIG_PATH]
+ _execWithCaptureErrorStatus(command, args)
+ # take ownership and restrict access
+ try:
+ uid, gid = get_luci_uid_gid()
+ os.chown(SSL_PRIVKEY_PATH, uid, gid)
+ os.chown(SSL_PUBKEY_PATH, uid, gid)
+ os.chmod(SSL_PRIVKEY_PATH, 0600)
+ os.chmod(SSL_PUBKEY_PATH, 0644)
+ except Exception, e:
+ verbose.write('Error setting SSL cert file perms: %s\n' % str(e))
+ command = '/bin/rm'
+ args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
+ _execWithCaptureErrorStatus(command, args)
+ return False
+ return True
+def restart_message():
+ print
+ print
+ print 'Restart the Luci server for changes to take effect'
+ print 'eg. service luci restart'
+ print
+ return
def init(argv):
if luci_initialized():
sys.stderr.write('Luci site has been already initialized.\n')
sys.stderr.write('If you want to reset admin password, execute\n')
- sys.stderr.write('\t' + argv[0] + ' password\n')
+ sys.stderr.write('\t%s password\n' % argv[0])
sys.exit(1)
-
+
print 'Initializing the Luci server\n'
-
+
print '\nCreating the \'admin\' user\n'
- password = read_passwd('Enter password: ', 'Confirm password: ')
+ pwd_str = read_passwd('Enter password: ', 'Confirm password: ')
print '\nPlease wait...'
- if not set_zope_passwd('admin', password):
+ if not set_zope_passwd('admin', pwd_str):
restore_luci_db_fsattr()
print 'The admin password has been successfully set.'
else:
sys.stderr.write('Unable to set the admin user\'s password.\n')
sys.exit(1)
-
+
print 'Generating SSL certificates...'
if generate_ssl_certs() == False:
sys.stderr.write('failed. exiting ...\n')
sys.exit(1)
-
+
print 'Luci server has been successfully initialized'
restart_message()
-
- return
+ return
def password(argv):
- password = None
+ pwd_str = None
if '--random' in argv:
- print 'Resetting the admin user\'s password to some random value\n'
+ print 'Setting the admin user\'s password to a random value.\n'
try:
rand = open('/dev/urandom', 'r')
- password = rand.read(16)
+ pwd_str = rand.read(16)
rand.close()
- except:
- sys.stderr.write('Unable to read from /dev/urandom\n')
+ except Exception, e:
+ sys.stderr.write('Unable to read from /dev/urandom: %s\n' % str(e))
sys.exit(1)
else:
if not luci_initialized():
sys.stderr.write('The Luci site has not been initialized.\n')
- sys.stderr.write('To initialize it, execute\n')
- sys.stderr.write('\t' + argv[0] + ' init\n')
+ sys.stderr.write('To initialize it, execute:\n')
+ sys.stderr.write('\t%s init\n' % argv[0])
sys.exit(1)
-
+
print 'Resetting the admin user\'s password\n'
- password = read_passwd('Enter new password: ', 'Confirm password: ')
-
+ pwd_str = read_passwd('Enter new password: ', 'Confirm password: ')
+
print '\nPlease wait...'
- if not set_zope_passwd('admin', password):
+ if not set_zope_passwd('admin', pwd_str):
print 'The admin password has been successfully reset.'
else:
sys.stderr.write('Unable to set the admin user\'s password.\n')
@@ -1093,8 +1123,7 @@
return
-
-def backup(argv):
+def backup_db(argv):
# If the site hasn't been initialized, there's nothing to
# save, and luci_backup() will fail
if not luci_initialized():
@@ -1106,7 +1135,8 @@
try:
os.umask(077)
- except: pass
+ except:
+ pass
doc = luci_backup(argv[2:])
restore_luci_db_fsattr()
@@ -1118,18 +1148,20 @@
# The LUCI_BACKUP_DIR must not be world-writable
# as the code below is obviously not safe against
# races.
- stat = os.stat(LUCI_BACKUP_PATH)
+ os.stat(LUCI_BACKUP_PATH)
trynum = 1
basename = '/luci_backup-'
while True:
- oldbackup = LUCI_BACKUP_DIR + basename + str(trynum) + '.xml'
+ oldbackup = '%s%s%s.xml' % (LUCI_BACKUP_DIR, basename, str(trynum))
if not os.path.exists(oldbackup):
try:
os.rename(LUCI_BACKUP_PATH, oldbackup)
- except:
- sys.stderr.stderr('Unable to rename the existing backup file.\n')
+ except Exception, e1:
+ sys.stderr.write('Unable to rename the existing backup file "%s" to "%s": %s\n' \
+ % (LUCI_BACKUP_PATH, oldbackup, str(e1)))
sys.stderr.write('The Luci backup failed.\n')
+ sys.exit(1)
break
trynum += 1
except OSError, e:
@@ -1139,31 +1171,37 @@
try:
f = file(LUCI_BACKUP_PATH, 'wb+')
except:
- sys.stderr.write('Unable to open \"' + LUCI_BACKUP_PATH + '\" to write backup.\n')
+ sys.stderr.write('Unable to open the file "%s" to write backup data.\n'
+ % LUCI_BACKUP_PATH)
sys.stderr.write('The Luci backup failed.\n')
sys.exit(1)
try:
os.chmod(LUCI_BACKUP_PATH, 0600)
except OSError, e:
- sys.stderr.write('An error occurred while making \"' + LUCI_BACKUP_PATH + '\" read-only: ' + e + '\n')
+ sys.stderr.write('An error occurred while setting file permissions on backup file "%s": %s\n' \
+ % (LUCI_BACKUP_PATH, str(e)))
sys.stderr.write('Please check that this file is not world-readable.\n')
try:
f.write(doc.toprettyxml())
f.close()
- except:
- sys.stderr.write('The Luci backup failed.\n')
+ except Exception, e:
+ sys.stderr.write('An error occurred while writing backup file "%s": %s\n' \
+ % (LUCI_BACKUP_PATH, str(e)))
+ sys.stderr.write('Luci backup failed.\n')
sys.exit(1)
- print 'Luci backup was successful.\nThe backup data is contained in the file \"' + LUCI_BACKUP_PATH + '\"'
-
+ print 'The luci backup procedure was successful.'
+ print 'Backup data is contained in the file "%s"' % LUCI_BACKUP_PATH
-def restore(argv):
+def restore_db(argv):
print 'Restoring the Luci server...'
- try: os.umask(077)
- except: pass
+ try:
+ os.umask(077)
+ except:
+ pass
if luci_restore(argv[2:]):
ret = False
@@ -1179,67 +1217,61 @@
return ret
-
def luci_help(argv):
- print 'Usage:'
- print argv[0] + ' [init|backup|restore|password|help]'
- print
- print '\tinit: initialize Luci site'
- print '\tpassword: reset admin password'
- print '\t\t--random: reset admin password to random value (disable account)'
- print '\tbackup: backup Luci site to a file'
- print '\trestore: restore Luci site from backup'
- print '\thelp: this help message'
- print
-
-
+ print 'Usage:'
+ print argv[0] + ' [init|backup|restore|password|help]'
+ print
+ print '\tinit: initialize Luci site'
+ print '\tpassword: reset admin password'
+ print '\t\t--random: reset admin password to random value (disable account)'
+ print '\tbackup: backup Luci site to a file'
+ print '\trestore: restore Luci site from backup'
+ print '\thelp: this help message'
+ print
def test_luci_installation():
- # perform basic checks
- # TODO: do more tests
-
- # check if luci user and group are present on the system
- try:
- get_luci_uid_gid()
- except:
- sys.stderr.write('There is a problem with luci installation!\n')
- sys.stderr.write('Mising luci\'s system account and group')
- sys.stderr.write('Recommended action: reinstall luci\n\n')
- sys.exit(3)
-
- return True
+ # perform basic checks
+ # TODO: do more tests
+ # check if luci user and group are present on the system
+ try:
+ get_luci_uid_gid()
+ except:
+ sys.stderr.write('There is a problem with luci installation.\n')
+ sys.stderr.write('Mising luci\'s system account and group.\n')
+ sys.stderr.write('Recommended action: reinstall luci.\n\n')
+ sys.exit(3)
+ return True
def main(argv):
- if len(argv) < 2:
- luci_help(argv)
- sys.exit(1)
-
- # only root should run this
- if os.getuid() != 0:
- sys.stderr.write('Only \'root\' can run ' + argv[0] + '\n')
- sys.stderr.write('Try again with root privileges.\n')
- sys.exit(2)
-
- # test if luci installation is OK
- test_luci_installation()
-
- if 'init' in argv:
- init(argv)
- elif 'backup' in argv:
- backup(argv)
- elif 'restore' in argv:
- restore(argv)
- elif 'password' in argv:
- password(argv)
- elif 'help' in argv:
- luci_help(argv)
- else:
- sys.stderr.write('Unknown command\n\n')
- luci_help(argv)
- sys.exit(1)
+ if len(argv) < 2:
+ luci_help(argv)
+ sys.exit(1)
+ # only root should run this
+ if os.getuid() != 0:
+ sys.stderr.write('Only "root" can run %s\n' % argv[0])
+ sys.stderr.write('Try again with root privileges.\n')
+ sys.exit(2)
+
+ # test if luci installation is OK
+ test_luci_installation()
+
+ if 'init' in argv:
+ init(argv)
+ elif 'backup' in argv:
+ backup_db(argv)
+ elif 'restore' in argv:
+ restore_db(argv)
+ elif 'password' in argv:
+ password(argv)
+ elif 'help' in argv:
+ luci_help(argv)
+ else:
+ sys.stderr.write('Unknown command\n\n')
+ luci_help(argv)
+ sys.exit(1)
# If called from the command line
if __name__ == '__main__':
- main(sys.argv)
+ main(sys.argv)
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-10-13 6:56 kupcevic
0 siblings, 0 replies; 45+ messages in thread
From: kupcevic @ 2006-10-13 6:56 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: kupcevic at sourceware.org 2006-10-13 06:56:32
Modified files:
luci/utils : luci_admin
Log message:
luci: remove os.devnull for backwards compatibility
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.49&r2=1.50
--- conga/luci/utils/luci_admin 2006/08/23 19:58:43 1.49
+++ conga/luci/utils/luci_admin 2006/10/13 06:56:32 1.50
@@ -64,7 +64,8 @@
{ 'id': SSL_KEYCONFIG_PATH, 'name': SSL_KEYCONFIG_NAME, 'type': 'config', 'mode': 0644 }
]
-null = file(os.devnull, 'rwb+', 0)
+#null = file(os.devnull, 'rwb+', 0) - available on python 2.4 and above!!!
+null = file('/dev/null', 'rwb+', 0)
orig_stderr = sys.stderr
if LUCI_INIT_DEBUG:
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-08-18 18:03 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-08-18 18:03 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-08-18 18:03:36
Modified files:
luci/utils : luci_admin
Log message:
fix a typo that caused a dangling reference in /acl_users after a restore
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.46&r2=1.47
--- conga/luci/utils/luci_admin 2006/08/18 13:28:45 1.46
+++ conga/luci/utils/luci_admin 2006/08/18 18:03:36 1.47
@@ -434,7 +434,7 @@
try:
aclu = app.luci.acl_users.source_users
if aclu and len(aclu):
- acl_users._user_passwords[id] = passwd
+ aclu._user_passwords[id] = passwd
else:
raise
except:
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-08-04 19:19 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-08-04 19:19 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-08-04 19:19:10
Modified files:
luci/utils : luci_admin
Log message:
fix set password issue for rhel
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.44&r2=1.45
--- conga/luci/utils/luci_admin 2006/08/04 18:43:26 1.44
+++ conga/luci/utils/luci_admin 2006/08/04 19:19:10 1.45
@@ -121,13 +121,13 @@
import transaction
import Products.CMFCore
import Products.CMFCore.MemberDataTool
- import ImageFile
+ import App.ImageFile
import Products.PluggableAuthService.plugins.ZODBUserManager
import BTrees.OOBTree
# Zope wants to open a www/ok.gif and images/error.gif
# when you initialize the application object. This keeps
# the AppInitializer(app).initialize() call below from failing.
- ImageFile.ImageFile.__init__ = lambda x,y,z:None
+ App.ImageFile.__init__ = lambda x, y: None
sys.stderr = orig_stderr
try:
@@ -254,11 +254,11 @@
import transaction
import Products.CMFCore
import Products.CMFCore.MemberDataTool
- import ImageFile
+ import App.ImageFile
import Products.PluggableAuthService.plugins.ZODBUserManager
import BTrees.OOBTree
from DateTime import DateTime
- ImageFile.ImageFile.__init__ = lambda x,y,z:None
+ App.ImageFile.__init__ = lambda x, y: None
sys.stderr = orig_stderr
if len(argv) > 0:
@@ -636,10 +636,10 @@
import Products.CMFCore
import Products.CMFCore.MemberDataTool
from CMFPlone.utils import getToolByName
- import ImageFile
+ import App.ImageFile
import Products.PluggableAuthService.plugins.ZODBUserManager
import BTrees.OOBTree
- ImageFile.ImageFile.__init__ = lambda x,y,z:None
+ App.ImageFile.__init__ = lambda x, y: None
sys.stderr = orig_stderr
if len(argv) > 0:
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-08-04 18:37 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-08-04 18:37 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-08-04 18:37:57
Modified files:
luci/utils : luci_admin
Log message:
do nothing when backup is requested if luci has not been initialized
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.42&r2=1.43
--- conga/luci/utils/luci_admin 2006/08/03 23:39:00 1.42
+++ conga/luci/utils/luci_admin 2006/08/04 18:37:57 1.43
@@ -1029,11 +1029,10 @@
def backup(argv):
+ # If the site hasn't been initialized, there's nothing to
+ # save, and luci_backup() will fail
if not luci_initialized():
- sys.stderr.write('The Luci server has not yet been initialized\n')
- sys.stderr.write('To initialize it, execute\n')
- sys.stderr.write('\t' + argv[0] + ' init\n')
- sys.exit(1)
+ sys.exit(0)
print 'Backing up the Luci server...'
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-08-03 22:58 kupcevic
0 siblings, 0 replies; 45+ messages in thread
From: kupcevic @ 2006-08-03 22:58 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: kupcevic at sourceware.org 2006-08-03 22:58:26
Modified files:
luci/utils : luci_admin
Log message:
luci: use python getpass library to prompt for passwords
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.40&r2=1.41
--- conga/luci/utils/luci_admin 2006/08/03 21:19:13 1.40
+++ conga/luci/utils/luci_admin 2006/08/03 22:58:26 1.41
@@ -68,30 +68,18 @@
verbose = null
def read_passwd(prompt, confirm_prompt):
- import termios
-
- # If 1 is not standard in, it's your own fault.
- attr = termios.tcgetattr(0)
- orig_attr = attr[:]
- attr[3] &= ~termios.ECHO
-
- try:
- termios.tcsetattr(1, termios.TCSADRAIN, attr)
- passwd = raw_input(prompt)
- print
- confirm = raw_input(confirm_prompt)
- print "\n"
- termios.tcsetattr(1, termios.TCSADRAIN, orig_attr)
- except:
- termios.tcsetattr(1, termios.TCSADRAIN, orig_attr)
- sys.stderr.write('Error reading passwords.\n')
- return None
-
- if passwd != confirm:
- sys.stderr.write('The passwords don\'t match.\n')
- return None
+ from getpass import getpass
+ while True:
+ s1 = getpass(prompt)
+ if len(s1) < 6:
+ print 'Password has to be@least 6 characters long'
+ continue
+ s2 = getpass(confirm_prompt)
+ if s1 != s2:
+ print 'Passwords mismatch, try again'
+ continue
+ return s1
- return passwd
def restore_luci_db_fsattr():
@@ -987,18 +975,13 @@
sys.exit(1)
print 'Initializing the Luci server\n'
print 'Generating SSL certificates...'
-
if generate_ssl_certs() == False:
sys.stderr.write('failed. exiting ...\n')
sys.exit(1)
- print '\nCreating the \'admin\' user'
-
+ print '\nCreating the \'admin\' user\n'
password = read_passwd('Enter password: ', 'Confirm password: ')
- if not password:
- sys.exit(1)
- print "Passwords match. Setting the admin password...\n"
-
+ print '\nPlease wait...'
if not set_zope_passwd('admin', password):
restore_luci_db_fsattr()
print 'The admin password has been successfully set.'
@@ -1008,7 +991,7 @@
print 'The Luci server has been successfully initialized'
restart_message()
-
+
return
@@ -1020,12 +1003,8 @@
sys.exit(1)
print 'Resetting the admin user\'s password\n'
-
- password = read_passwd('Enter password: ', 'Confirm password: ')
- if not password:
- sys.exit(1)
- print "Passwords match. Resetting the admin password...\n"
-
+ password = read_passwd('Enter new password: ', 'Confirm password: ')
+ print '\nPlease wait...'
if not set_zope_passwd('admin', password):
print 'The admin password has been successfully reset.'
else:
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-08-03 21:19 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-08-03 21:19 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-08-03 21:19:13
Modified files:
luci/utils : luci_admin
Log message:
fix a typo
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.39&r2=1.40
--- conga/luci/utils/luci_admin 2006/08/03 21:11:35 1.39
+++ conga/luci/utils/luci_admin 2006/08/03 21:19:13 1.40
@@ -1,6 +1,6 @@
#!/usr/bin/python
-import sys, os, stat, random, crypt, select, string, pwd
+import sys, os, stat, select, string, pwd
from sys import stderr, argv
import types
import xml
@@ -84,11 +84,11 @@
termios.tcsetattr(1, termios.TCSADRAIN, orig_attr)
except:
termios.tcsetattr(1, termios.TCSADRAIN, orig_attr)
+ sys.stderr.write('Error reading passwords.\n')
return None
if passwd != confirm:
- raise
- sys.stderr.write('The passwords don\'t match.')
+ sys.stderr.write('The passwords don\'t match.\n')
return None
return passwd
@@ -996,7 +996,6 @@
password = read_passwd('Enter password: ', 'Confirm password: ')
if not password:
- sys.stderr.write('Error reading password. Exiting.')
sys.exit(1)
print "Passwords match. Setting the admin password...\n"
@@ -1024,7 +1023,6 @@
password = read_passwd('Enter password: ', 'Confirm password: ')
if not password:
- sys.stderr.write('Error reading password. Exiting.')
sys.exit(1)
print "Passwords match. Resetting the admin password...\n"
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-08-03 21:11 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-08-03 21:11 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-08-03 21:11:35
Modified files:
luci/utils : luci_admin
Log message:
don't echo passwords when prompting for them
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.38&r2=1.39
--- conga/luci/utils/luci_admin 2006/08/03 16:32:08 1.38
+++ conga/luci/utils/luci_admin 2006/08/03 21:11:35 1.39
@@ -67,6 +67,33 @@
else:
verbose = null
+def read_passwd(prompt, confirm_prompt):
+ import termios
+
+ # If 1 is not standard in, it's your own fault.
+ attr = termios.tcgetattr(0)
+ orig_attr = attr[:]
+ attr[3] &= ~termios.ECHO
+
+ try:
+ termios.tcsetattr(1, termios.TCSADRAIN, attr)
+ passwd = raw_input(prompt)
+ print
+ confirm = raw_input(confirm_prompt)
+ print "\n"
+ termios.tcsetattr(1, termios.TCSADRAIN, orig_attr)
+ except:
+ termios.tcsetattr(1, termios.TCSADRAIN, orig_attr)
+ return None
+
+ if passwd != confirm:
+ raise
+ sys.stderr.write('The passwords don\'t match.')
+ return None
+
+ return passwd
+
+
def restore_luci_db_fsattr():
try:
luci = pwd.getpwnam(LUCI_USER)[2:4]
@@ -967,7 +994,12 @@
print '\nCreating the \'admin\' user'
- password = raw_input('Enter password: ')
+ password = read_passwd('Enter password: ', 'Confirm password: ')
+ if not password:
+ sys.stderr.write('Error reading password. Exiting.')
+ sys.exit(1)
+ print "Passwords match. Setting the admin password...\n"
+
if not set_zope_passwd('admin', password):
restore_luci_db_fsattr()
print 'The admin password has been successfully set.'
@@ -990,7 +1022,12 @@
print 'Resetting the admin user\'s password\n'
- password = raw_input('Enter password: ')
+ password = read_passwd('Enter password: ', 'Confirm password: ')
+ if not password:
+ sys.stderr.write('Error reading password. Exiting.')
+ sys.exit(1)
+ print "Passwords match. Resetting the admin password...\n"
+
if not set_zope_passwd('admin', password):
print 'The admin password has been successfully reset.'
else:
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-08-03 16:32 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-08-03 16:32 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-08-03 16:32:09
Modified files:
luci/utils : luci_admin
Log message:
set the initial admin password the same way it's reset
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.37&r2=1.38
--- conga/luci/utils/luci_admin 2006/08/03 15:55:54 1.37
+++ conga/luci/utils/luci_admin 2006/08/03 16:32:08 1.38
@@ -31,15 +31,13 @@
LUCI_INIT_DEBUG = 0
-LUCI_USER='luci'
-LUCI_GROUP='luci'
+LUCI_USER = 'luci'
+LUCI_GROUP = 'luci'
-LUCI_BACKUP_DIR='/var/lib/luci/var'
-LUCI_CERT_DIR='/var/lib/luci/var/certs/'
-LUCI_BACKUP_PATH=LUCI_BACKUP_DIR + '/luci_backup.xml'
-LUCI_DB_PATH='/var/lib/luci/var/Data.fs'
-
-INITUSER_FILE_PATH = '/var/lib/luci/inituser'
+LUCI_BACKUP_DIR = '/var/lib/luci/var'
+LUCI_CERT_DIR = '/var/lib/luci/var/certs/'
+LUCI_BACKUP_PATH = LUCI_BACKUP_DIR + '/luci_backup.xml'
+LUCI_DB_PATH = '/var/lib/luci/var/Data.fs'
SSL_PRIVKEY_NAME = 'privkey.pem'
SSL_PUBKEY_NAME = 'cacert.pem'
@@ -69,27 +67,7 @@
else:
verbose = null
-def save_password(user, password):
- inituser = file(INITUSER_FILE_PATH, 'w')
- try: os.chmod(INITUSER_FILE_PATH, 0600)
- except OSError, e:
- sys.stderr.write('An error occurred while saving user' + user + '\'s password: ' + e + '\n')
- try:
- os.unlink(INITUSER_FILE_PATH)
- except: pass
- inituser.close()
- return -1
-
- inituser.write(user + ':' + password)
- inituser.close()
-
- try:
- luci = pwd.getpwnam(LUCI_USER)[2:4]
- os.chown(INITUSER_FILE_PATH, luci[0], luci[1])
- except:
- return -1
-
-def restore_luci_fsattr():
+def restore_luci_db_fsattr():
try:
luci = pwd.getpwnam(LUCI_USER)[2:4]
if not luci or len(luci) != 2:
@@ -183,7 +161,7 @@
db.close()
fs.close()
- if restore_luci_fsattr():
+ if restore_luci_db_fsattr():
return -1
return ret
@@ -962,16 +940,6 @@
return True
-
-def generate_password_hash(password):
- salt_choices = ("ABCDEFGHIJKLMNOPQRSTUVWXYZ"
- "abcdefghijklmnopqrstuvwxyz"
- "0123456789./")
- salt = random.choice(salt_choices) + random.choice(salt_choices)
- pswd = '{CRYPT}' + crypt.crypt(password, salt)
- return pswd
-
-
def restart_message():
print
print
@@ -985,45 +953,53 @@
def init(argv):
- if luci_initialized():
- sys.stderr.write('Luci site has been already initialized.\n')
- sys.stderr.write('If you want to reset admin password, execute\n')
- sys.stderr.write('\t' + argv[0] + ' password\n')
- sys.exit(1)
- print 'Initializing the Luci server'
- print
- print 'Generating SSL certificates...'
- if generate_ssl_certs() == False:
- sys.stderr.write('failed. exiting ...\n')
- sys.exit(1)
+ if luci_initialized():
+ sys.stderr.write('Luci site has been already initialized.\n')
+ sys.stderr.write('If you want to reset admin password, execute\n')
+ sys.stderr.write('\t' + argv[0] + ' password\n')
+ sys.exit(1)
+ print 'Initializing the Luci server\n'
+ print 'Generating SSL certificates...'
- print
- print 'Creating the \'admin\' user'
- password = raw_input('Enter password: ')
- save_password('admin', generate_password_hash(password))
- print 'The Luci server has been successfully initialized'
+ if generate_ssl_certs() == False:
+ sys.stderr.write('failed. exiting ...\n')
+ sys.exit(1)
- restart_message()
+ print '\nCreating the \'admin\' user'
- return
+ password = raw_input('Enter password: ')
+ if not set_zope_passwd('admin', password):
+ restore_luci_db_fsattr()
+ print 'The admin password has been successfully set.'
+ else:
+ sys.stderr.write('Unable to set the admin user\'s password.\n')
+ sys.exit(1)
+
+ print 'The Luci server has been successfully initialized'
+ restart_message()
+
+ return
def password(argv):
- if not luci_initialized():
- sys.stderr.write('The Luci site has not been initialized.\n')
- sys.stderr.write('To initialize it, execute\n')
- sys.stderr.write('\t' + argv[0] + ' init\n')
- sys.exit(1)
+ if not luci_initialized():
+ sys.stderr.write('The Luci site has not been initialized.\n')
+ sys.stderr.write('To initialize it, execute\n')
+ sys.stderr.write('\t' + argv[0] + ' init\n')
+ sys.exit(1)
- print 'Resetting the admin user\'s password'
- print
- password = raw_input('Enter password: ')
- if not set_zope_passwd('admin', password):
- print 'The admin password has been successfully reset.'
+ print 'Resetting the admin user\'s password\n'
- restart_message()
+ password = raw_input('Enter password: ')
+ if not set_zope_passwd('admin', password):
+ print 'The admin password has been successfully reset.'
+ else:
+ sys.stderr.write('Unable to set the admin user\'s password.\n')
+ sys.exit(1)
- return
+ restart_message()
+
+ return
def backup(argv):
@@ -1040,7 +1016,7 @@
except: pass
doc = luci_backup(argv[2:])
- restore_luci_fsattr()
+ restore_luci_db_fsattr()
if not doc:
sys.stderr.write('The Luci backup failed. Exiting.\n')
sys.exit(1)
@@ -1103,7 +1079,7 @@
print 'Restore was successful.'
restart_message()
- if restore_luci_fsattr():
+ if restore_luci_db_fsattr():
return False
return ret
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-08-03 15:55 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-08-03 15:55 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-08-03 15:55:55
Modified files:
luci/utils : luci_admin
Log message:
restore additional user info, nitpicking
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.36&r2=1.37
--- conga/luci/utils/luci_admin 2006/08/03 12:26:38 1.36
+++ conga/luci/utils/luci_admin 2006/08/03 15:55:54 1.37
@@ -73,8 +73,9 @@
inituser = file(INITUSER_FILE_PATH, 'w')
try: os.chmod(INITUSER_FILE_PATH, 0600)
except OSError, e:
- print 'An error occurred while saving',user,'password:',e
- try: os.unlink(INITUSER_FILE_PATH)
+ sys.stderr.write('An error occurred while saving user' + user + '\'s password: ' + e + '\n')
+ try:
+ os.unlink(INITUSER_FILE_PATH)
except: pass
inituser.close()
return -1
@@ -260,6 +261,7 @@
import ImageFile
import Products.PluggableAuthService.plugins.ZODBUserManager
import BTrees.OOBTree
+ from DateTime import DateTime
ImageFile.ImageFile.__init__ = lambda x,y,z:None
sys.stderr = orig_stderr
@@ -344,23 +346,25 @@
for u in userList:
id = u.getAttribute('id')
if not id:
+ transaction.abort()
sys.stderr.write('Missing ID for user\n')
- continue
+ return -1
id = str(id)
passwd = u.getAttribute('passwd')
if not passwd:
+ transaction.abort()
sys.stderr.write('Missing password for user \"' + id + '\"\n')
- continue
+ return -1
passwd = str(passwd)
if id == 'admin':
try:
acl_users._user_passwords['admin'] = passwd
- transaction.commit()
except:
+ transaction.abort()
sys.stderr.write('Unable to restore admin password.')
- continue
+ return -1
else:
email = u.getAttribute('email')
if not email:
@@ -372,9 +376,24 @@
'username': id,
'roles': [ 'Member' ],
'domains': [],
- 'email': email
+ 'email': email,
+ 'must_change_password': False
}
+ login_time = u.getAttribute('login_time')
+ if login_time:
+ props['login_time'] = DateTime(str(login_time))
+
+ last_login_time = u.getAttribute('last_login_time')
+ if last_login_time:
+ props['last_login_time'] = DateTime(str(last_login_time))
+
+ must_change_passwd = u.getAttribute('must_change_password')
+ if must_change_passwd:
+ must_change_passwd = str(must_change_passwd)
+ if must_change_passwd == 'True' or '1':
+ props['must_change_password'] = True
+
portal_reg.addMember(id, passwd, props)
member = portal_mem.getMemberById(id)
@@ -392,16 +411,17 @@
except:
transaction.abort()
sys.stderr.write('An error occurred while restoring the password for user \"' + id + '\"\n')
+ return -1
verbose.write('Added user \"' + id + '\"\n')
- transaction.commit()
+ transaction.commit()
try:
x = app.luci.systems.storage
if not x:
raise
except:
- sys.stderr.write('Cannot find the Luci storage systems directory. Your Luci installation may be corrupt.\n')
transaction.abort()
+ sys.stderr.write('Cannot find the Luci storage systems directory. Your Luci installation may be corrupt.\n')
return -1
systemList = node.getElementsByTagName('systemList')
@@ -415,8 +435,8 @@
for s in systemList:
id = s.getAttribute('id')
if not id:
- sys.stderr.write('Missing ID for storage system. Your backup may be corrupt.\n')
transaction.abort()
+ sys.stderr.write('Missing ID for storage system. Your backup may be corrupt.\n')
return -1
id = str(id)
try:
@@ -432,8 +452,8 @@
new_system.manage_acquiredPermissions([])
new_system.manage_role('View', ['Access contents information','View'])
except:
- sys.stderr.write('An error occurred while restoring storage system \"' + id + '\"\n')
transaction.abort()
+ sys.stderr.write('An error occurred while restoring storage system \"' + id + '\"\n')
return -1
userPerms = s.getElementsByTagName('permList')
@@ -459,8 +479,8 @@
if not x:
raise
except:
- sys.stderr.write('Cannot find the Luci cluster directory. Your Luci installation may be corrupt.\n')
transaction.abort()
+ sys.stderr.write('Cannot find the Luci cluster directory. Your Luci installation may be corrupt.\n')
return -1
clusterList = node.getElementsByTagName('clusterList')
@@ -474,8 +494,8 @@
for c in clusterList:
id = c.getAttribute('id')
if not id:
- sys.stderr.write('Cluster element is missing id\n')
transaction.abort()
+ sys.stderr.write('Cluster element is missing id\n')
return -1
id = str(id)
@@ -494,8 +514,8 @@
new_cluster.manage_acquiredPermissions([])
new_cluster.manage_role('View', ['Access contents information','View'])
except:
- sys.stderr.write('An error occurred while restoring the cluster \"' + id + '\"\n')
transaction.abort()
+ sys.stderr.write('An error occurred while restoring the cluster \"' + id + '\"\n')
return -1
viewperm = list()
@@ -524,8 +544,10 @@
for i in clusterSystems:
newsys = i.getAttribute('id')
if not newsys:
+ transaction.abort()
sys.stderr.write('Storage system missing name for cluster \"' + id + '\"\n')
- continue
+ return -1
+
newsys = str(newsys)
stitle = i.getAttribute('title')
if not stitle:
@@ -541,8 +563,8 @@
newcs.manage_acquiredPermissions([])
newcs.manage_role('View', ['Access contents information','View'])
except:
- sys.stderr.write('An error occurred while restoring the storage system \"' + newsys + '\" for cluster \"' + id + '\"\n')
transaction.abort()
+ sys.stderr.write('An error occurred while restoring the storage system \"' + newsys + '\" for cluster \"' + id + '\"\n')
return -1
transaction.commit()
@@ -551,10 +573,12 @@
newcs.manage_setLocalRoles(i, ['View'])
verbose.write('Added view permission to cluster system \"' + newsys + '\" for \"' + i + '\"\n')
except:
- sys.stderr.write('An error occurred while restoring permissions for cluster system \"' + newsys + '\" in cluster \"' + id + '\" for user \"' + i + '\"\n')
transaction.abort()
+ sys.stderr.write('An error occurred while restoring permissions for cluster system \"' + newsys + '\" in cluster \"' + id + '\" for user \"' + i + '\"\n')
return -1
+
verbose.write('Added storage system \"' + newsys + '\" for cluster \"' + id + '\"\n')
+
verbose.write('Added cluster \"' + id + '\"\n')
transaction.commit()
@@ -707,14 +731,13 @@
sys.stderr.write('An error occurred while saving user information.')
return -1
- save_member_properties = [ 'login_time', 'last_login_time', 'must_change_password', 'email' ]
try:
membertool = getToolByName(app.luci, 'portal_membership')
if not membertool:
raise
for mem in membertool.listMembers():
try:
- for i in save_member_properties:
+ for i in [ 'login_time', 'last_login_time', 'must_change_password', 'email' ]:
prop = mem.getProperty(i)
if prop != '':
users[mem.id][i] = str(prop)
@@ -770,6 +793,7 @@
csystem_hash['title'] = '__luci__:csystem:' + cluster_name
clusters[cluster_name]['csystemList'][csystem[0]] = csystem_hash
+ transaction.commit()
conn.close()
db.pack()
db.close()
@@ -884,7 +908,7 @@
try:
(pid, status) = os.waitpid(childpid, 0)
except OSError, (errno, msg):
- print __name__, "waitpid:", msg
+ sys.stderr.write(__name__ + 'waitpid: ' + msg + '\n')
if os.WIFEXITED(status):
status = os.WEXITSTATUS(status)
@@ -939,9 +963,7 @@
-
-def generate_password():
- password = raw_input('Enter password: ')
+def generate_password_hash(password):
salt_choices = ("ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789./")
@@ -964,22 +986,22 @@
def init(argv):
if luci_initialized():
- print 'Luci site has been already initialized'
- print 'If you want to reset admin password, execute'
- print argv[0] + ' password'
+ sys.stderr.write('Luci site has been already initialized.\n')
+ sys.stderr.write('If you want to reset admin password, execute\n')
+ sys.stderr.write('\t' + argv[0] + ' password\n')
sys.exit(1)
- pass
- print 'Initializing Luci site'
+ print 'Initializing the Luci server'
print
print 'Generating SSL certificates...'
if generate_ssl_certs() == False:
- print 'failed. exiting ...'
+ sys.stderr.write('failed. exiting ...\n')
sys.exit(1)
print
- print 'Creating \'admin\' user'
- save_password('admin', generate_password())
- print 'Luci server has been successfully initialized'
+ print 'Creating the \'admin\' user'
+ password = raw_input('Enter password: ')
+ save_password('admin', generate_password_hash(password))
+ print 'The Luci server has been successfully initialized'
restart_message()
@@ -988,17 +1010,16 @@
def password(argv):
if not luci_initialized():
- print 'Luci site has not yet been initialized'
- print 'To initialize it, execute'
- print argv[0] + ' init'
+ sys.stderr.write('The Luci site has not been initialized.\n')
+ sys.stderr.write('To initialize it, execute\n')
+ sys.stderr.write('\t' + argv[0] + ' init\n')
sys.exit(1)
- pass
- print 'Reseting admin password'
+ print 'Resetting the admin user\'s password'
print
password = raw_input('Enter password: ')
if not set_zope_passwd('admin', password):
- print 'admin password has been successfully reset'
+ print 'The admin password has been successfully reset.'
restart_message()
@@ -1007,20 +1028,21 @@
def backup(argv):
if not luci_initialized():
- print 'Luci site has not yet been initialized'
- print 'To initialize it, execute'
- print argv[0] + ' init'
+ sys.stderr.write('The Luci server has not yet been initialized\n')
+ sys.stderr.write('To initialize it, execute\n')
+ sys.stderr.write('\t' + argv[0] + ' init\n')
sys.exit(1)
print 'Backing up the Luci server...'
- try: os.umask(077)
+ try:
+ os.umask(077)
except: pass
doc = luci_backup(argv[2:])
restore_luci_fsattr()
if not doc:
- sys.stderr.write('The Luci backup failed.\n')
+ sys.stderr.write('The Luci backup failed. Exiting.\n')
sys.exit(1)
try:
@@ -1075,7 +1097,7 @@
if luci_restore(argv[2:]):
ret = False
- print 'The Luci restore failed. Try reinstalling Luci, then restoring again.'
+ sys.stderr.write('The Luci restore failed. Try reinstalling Luci, then restoring again.\n')
else:
ret = True
print 'Restore was successful.'
@@ -1103,15 +1125,13 @@
if len(argv) != 2:
luci_help(argv)
sys.exit(1)
- pass
# only root can modify Luci server
if os.getuid() != 0:
- print 'Only root can modify Luci server.'
- print 'Try again with root privileges.'
+ sys.stderr.write('Only root can modify Luci server.\n')
+ sys.stderr.write('Try again with root privileges.\n')
sys.exit(2)
- pass
if 'init' in argv:
@@ -1125,8 +1145,7 @@
elif 'help' in argv:
luci_help(argv)
else:
- print 'Unknown command'
- print
+ sys.stderr.write('Unknown command\n\n')
luci_help(argv)
sys.exit(1)
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-08-03 12:26 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-08-03 12:26 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-08-03 12:26:39
Modified files:
luci/utils : luci_admin
Log message:
fix a couple of restore bugs
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.35&r2=1.36
--- conga/luci/utils/luci_admin 2006/08/03 03:58:23 1.35
+++ conga/luci/utils/luci_admin 2006/08/03 12:26:38 1.36
@@ -740,7 +740,8 @@
if hasattr(i[1], '__ac_local_roles__'):
roles = getattr(i[1], '__ac_local_roles__')
- systems[i[0]]['permList'] = map(lambda x: x[0], filter(lambda x: len(x) > 1 and 'View' in x[1], roles.items()))
+ if roles:
+ systems[i[0]]['permList'] = map(lambda x: x[0], filter(lambda x: len(x) > 1 and 'View' in x[1], roles.items()))
else:
systems[i[0]]['permList'] = {}
@@ -755,12 +756,13 @@
if hasattr(i[1], '__ac_local_roles__'):
roles = getattr(i[1], '__ac_local_roles__')
- clusters[cluster_name]['permList'] = map(lambda x: x[0], filter(lambda x: len(x) > 1 and 'View' in x[1], roles.items()))
+ if roles:
+ clusters[cluster_name]['permList'] = map(lambda x: x[0], filter(lambda x: len(x) > 1 and 'View' in x[1], roles.items()))
else:
clusters[cluster_name]['permList'] = {}
for csystem in i[1].objectItems():
- csystem_hash = { 'id': csystem[0], 'permList': {} }
+ csystem_hash = { 'id': csystem[0] }
if hasattr(csystem[1], 'title'):
csystem_hash['title'] = getattr(csystem[1], 'title')
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-08-03 3:58 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-08-03 3:58 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-08-03 03:58:23
Modified files:
luci/utils : luci_admin
Log message:
fix restore
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.34&r2=1.35
--- conga/luci/utils/luci_admin 2006/08/03 03:30:02 1.34
+++ conga/luci/utils/luci_admin 2006/08/03 03:58:23 1.35
@@ -426,7 +426,7 @@
x.manage_addFolder(id, title)
try:
- new_system = eval('app.luci.systems.storage.' + id)
+ new_system = app.luci.systems.storage.get(id)
if not new_system:
raise
new_system.manage_acquiredPermissions([])
@@ -487,7 +487,7 @@
try:
x.manage_addFolder(id, title)
- new_cluster = eval('app.luci.systems.cluster.' + id)
+ new_cluster = app.luci.systems.cluster.get(id)
if not new_cluster:
raise
@@ -535,7 +535,7 @@
try:
new_cluster.manage_addFolder(newsys, stitle)
- newcs = eval('app.luci.systems.cluster.' + id + '.' + newsys)
+ newcs = app.luci.systems.cluster.get(id).get(newsys)
if not newcs:
raise
newcs.manage_acquiredPermissions([])
@@ -723,7 +723,6 @@
except:
pass
-
try:
storagedir = app.luci.systems.storage
clusterdir = app.luci.systems.cluster
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-08-03 3:30 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-08-03 3:30 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-08-03 03:30:03
Modified files:
luci/utils : luci_admin
Log message:
save misc. member data (other than id and passwd)
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.33&r2=1.34
--- conga/luci/utils/luci_admin 2006/08/02 23:29:27 1.33
+++ conga/luci/utils/luci_admin 2006/08/03 03:30:02 1.34
@@ -88,6 +88,27 @@
except:
return -1
+def restore_luci_fsattr():
+ try:
+ luci = pwd.getpwnam(LUCI_USER)[2:4]
+ if not luci or len(luci) != 2:
+ raise
+ except:
+ sys.stderr.write('Cannot find the \"' + LUCI_USER + '\" user.\n')
+ return -1
+
+ try:
+ os.chown(LUCI_DB_PATH, luci[0], luci[1])
+ os.chmod(LUCI_DB_PATH, 0600)
+ for i in [ '.tmp', '.old', '.index', '.lock' ]:
+ try:
+ os.chown(LUCI_DB_PATH + i, luci[0], luci[1])
+ os.chmod(LUCI_DB_PATH + i, 0600)
+ except: pass
+ except:
+ sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
+ return -1
+
def set_zope_passwd(user, passwd):
sys.stderr = null
import ZODB
@@ -155,30 +176,15 @@
raise
except:
sys.stderr.write('Unable to set the password for user \"' + user + '\"\n')
+
conn.close()
db.pack()
db.close()
fs.close()
- try:
- luci = pwd.getpwnam(LUCI_USER)[2:4]
- if not luci or len(luci) != 2:
- raise
- except:
- sys.stderr.write('Cannot find the \"' + LUCI_USER + '\" user.\n')
+ if restore_luci_fsattr():
return -1
- try:
- os.chown(LUCI_DB_PATH, luci[0], luci[1])
- os.chmod(LUCI_DB_PATH, 0600)
- for i in [ '.tmp', '.old', '.index', '.lock' ]:
- try:
- os.chown(LUCI_DB_PATH + i, luci[0], luci[1])
- os.chmod(LUCI_DB_PATH + i, 0600)
- except: pass
- except:
- sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
- return -1
return ret
@@ -254,9 +260,6 @@
import ImageFile
import Products.PluggableAuthService.plugins.ZODBUserManager
import BTrees.OOBTree
- # Zope wants to open a www/ok.gif and images/error.gif
- # when you initialize the application object. This keeps
- # the AppInitializer(app).initialize() call below from failing.
ImageFile.ImageFile.__init__ = lambda x,y,z:None
sys.stderr = orig_stderr
@@ -612,12 +615,10 @@
import transaction
import Products.CMFCore
import Products.CMFCore.MemberDataTool
+ from CMFPlone.utils import getToolByName
import ImageFile
import Products.PluggableAuthService.plugins.ZODBUserManager
import BTrees.OOBTree
- # Zope wants to open a www/ok.gif and images/error.gif
- # when you initialize the application object. This keeps
- # the AppInitializer(app).initialize() call below from failing.
ImageFile.ImageFile.__init__ = lambda x,y,z:None
sys.stderr = orig_stderr
@@ -662,11 +663,12 @@
sys.stderr.write('An error occurred while initializing the Luci installation for restoration from backup\n')
return -1
+ app.luci.portal_memberdata.pruneMemberDataContents()
+ transaction.commit()
+
try:
acl_users = app.acl_users.users
- portal_mem = app.luci.portal_membership
- portal_reg = app.luci.portal_registration
- if not (acl_users and len(acl_users) and portal_mem and portal_reg):
+ if not (acl_users and len(acl_users)):
raise
except:
sys.stderr.write('Your Luci installation appears to be corrupt.\n')
@@ -705,6 +707,23 @@
sys.stderr.write('An error occurred while saving user information.')
return -1
+ save_member_properties = [ 'login_time', 'last_login_time', 'must_change_password', 'email' ]
+ try:
+ membertool = getToolByName(app.luci, 'portal_membership')
+ if not membertool:
+ raise
+ for mem in membertool.listMembers():
+ try:
+ for i in save_member_properties:
+ prop = mem.getProperty(i)
+ if prop != '':
+ users[mem.id][i] = str(prop)
+ except:
+ continue
+ except:
+ pass
+
+
try:
storagedir = app.luci.systems.storage
clusterdir = app.luci.systems.cluster
@@ -714,7 +733,7 @@
if storagedir and len(storagedir):
for i in storagedir.objectItems():
- systems[i[0]] = { 'id': i[0], 'name': i[0] }
+ systems[i[0]] = { 'id': i[0] }
if hasattr(i[1], 'title'):
systems[i[0]]['title'] = getattr(i[1], 'title')
else:
@@ -742,32 +761,19 @@
clusters[cluster_name]['permList'] = {}
for csystem in i[1].objectItems():
- csystem_hash = { 'id': csystem[0] }
+ csystem_hash = { 'id': csystem[0], 'permList': {} }
if hasattr(csystem[1], 'title'):
csystem_hash['title'] = getattr(csystem[1], 'title')
else:
csystem_hash['title'] = '__luci__:csystem:' + cluster_name
-
- if hasattr(csystem[1], '__ac_local_roles__'):
- roles = getattr(csystem[1], '__ac_local_roles__')
- csystem_hash['permList'] = map(lambda x: x[0], filter(lambda x: len(x) > 1 and 'View' in x[1], roles.items()))
- else:
- csystem_hash['permList'] = {}
clusters[cluster_name]['csystemList'][csystem[0]] = csystem_hash
- sys.stderr = orig_stderr
conn.close()
+ db.pack()
db.close()
fs.close()
- junk = list()
- for i in users:
- if not 'passwd' in users[i]:
- junk.append(i)
- for i in junk:
- del users[i]
-
backup = {
'userList': users,
'systemList': systems,
@@ -809,6 +815,7 @@
return doc
+
def _execWithCaptureErrorStatus(command, argv, searchPath = 0, root = '/', stdin = 0, catchfd = 1, catcherrfd = 2, closefd = -1):
if not os.access (root + command, os.X_OK):
raise RuntimeError, command + " can not be run"
@@ -1009,25 +1016,8 @@
try: os.umask(077)
except: pass
- try:
- luci = pwd.getpwnam(LUCI_USER)[2:4]
- except:
- sys.stderr.write('Cannot find the \"' + LUCI_USER + '\" user.\n')
- sys.exit(1)
-
doc = luci_backup(argv[2:])
-
- try:
- os.chown(LUCI_DB_PATH, luci[0], luci[1])
- os.chmod(LUCI_DB_PATH, 0600)
- for i in [ '.tmp', '.old', '.index', '.lock' ]:
- try:
- os.chown(LUCI_DB_PATH + i, luci[0], luci[1])
- os.chmod(LUCI_DB_PATH + i, 0600)
- except: pass
- except:
- sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
-
+ restore_luci_fsattr()
if not doc:
sys.stderr.write('The Luci backup failed.\n')
sys.exit(1)
@@ -1039,6 +1029,7 @@
stat = os.stat(LUCI_BACKUP_PATH)
trynum = 1
basename = '/luci_backup-'
+
while True:
oldbackup = LUCI_BACKUP_DIR + basename + str(trynum) + '.xml'
if not os.path.exists(oldbackup):
@@ -1046,7 +1037,7 @@
os.rename(LUCI_BACKUP_PATH, oldbackup)
except:
sys.stderr.stderr('Unable to rename the existing backup file.\n')
- return -1
+ sys.stderr.write('The Luci backup failed.\n')
break
trynum += 1
except OSError, e:
@@ -1057,13 +1048,14 @@
f = file(LUCI_BACKUP_PATH, 'wb+')
except:
sys.stderr.write('Unable to open \"' + LUCI_BACKUP_PATH + '\" to write backup.\n')
+ sys.stderr.write('The Luci backup failed.\n')
sys.exit(1)
try:
os.chmod(LUCI_BACKUP_PATH, 0600)
except OSError, e:
- print "An error occurred while making",LUCI_BACKUP_PATH,"read-only:",e
- print "Please check that this file is not world-readable."
+ sys.stderr.write('An error occurred while making \"' + LUCI_BACKUP_PATH + '\" read-only: ' + e + '\n')
+ sys.stderr.write('Please check that this file is not world-readable.\n')
try:
f.write(doc.toprettyxml())
@@ -1081,27 +1073,17 @@
except: pass
if luci_restore(argv[2:]):
- retCode = False
+ ret = False
print 'The Luci restore failed. Try reinstalling Luci, then restoring again.'
else:
- retCode = True
+ ret = True
print 'Restore was successful.'
restart_message()
- try:
- luci = pwd.getpwnam(LUCI_USER)[2:4]
- os.chown(LUCI_DB_PATH, luci[0], luci[1])
- os.chmod(LUCI_DB_PATH, 0600)
- for i in [ '.tmp', '.old', '.index', '.lock' ]:
- try:
- os.chown(LUCI_DB_PATH + i, luci[0], luci[1])
- os.chmod(LUCI_DB_PATH + i, 0600)
- except: pass
- except:
- sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
+ if restore_luci_fsattr():
return False
- return retCode
+ return ret
def luci_help(argv):
@@ -1116,7 +1098,6 @@
print
-
def main(argv):
if len(argv) != 2:
luci_help(argv)
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-08-02 23:29 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-08-02 23:29 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-08-02 23:29:27
Modified files:
luci/utils : luci_admin
Log message:
almost complete rewrite. thanks, zope!
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.32&r2=1.33
--- conga/luci/utils/luci_admin 2006/08/02 20:52:23 1.32
+++ conga/luci/utils/luci_admin 2006/08/02 23:29:27 1.33
@@ -106,6 +106,9 @@
import ImageFile
import Products.PluggableAuthService.plugins.ZODBUserManager
import BTrees.OOBTree
+ # Zope wants to open a www/ok.gif and images/error.gif
+ # when you initialize the application object. This keeps
+ # the AppInitializer(app).initialize() call below from failing.
ImageFile.ImageFile.__init__ = lambda x,y,z:None
sys.stderr = orig_stderr
@@ -143,11 +146,13 @@
try:
pwd_scheme = SSHADigestScheme
pwd_hash = '{SSHA}' + pwd_scheme.encrypt(SSHADigestScheme(), passwd)
- acl_users = app.unrestrictedTraverse('/acl_users/users/')
- len(acl_users)
- acl_users.__dict__['_user_passwords'][user] = pwd_hash
- transaction.commit()
- ret = 0
+ acl_users = app.acl_users.users
+ if len(acl_users):
+ acl_users._user_passwords[user] = pwd_hash
+ transaction.commit()
+ ret = 0
+ else:
+ raise
except:
sys.stderr.write('Unable to set the password for user \"' + user + '\"\n')
conn.close()
@@ -232,6 +237,7 @@
return None
def luci_restore(argv):
+ sys.stderr = null
import ZODB
from ZODB.FileStorage import FileStorage
from ZODB.DB import DB
@@ -240,18 +246,19 @@
import OFS.Folder
import AccessControl
import AccessControl.User
+ from AccessControl.AuthEncoding import SSHADigestScheme
from AccessControl.SecurityManagement import newSecurityManager
import transaction
- sys.stderr = null
import Products.CMFCore
- sys.stderr = orig_stderr
import Products.CMFCore.MemberDataTool
import ImageFile
-
+ import Products.PluggableAuthService.plugins.ZODBUserManager
+ import BTrees.OOBTree
# Zope wants to open a www/ok.gif and images/error.gif
# when you initialize the application object. This keeps
# the AppInitializer(app).initialize() call below from failing.
ImageFile.ImageFile.__init__ = lambda x,y,z:None
+ sys.stderr = orig_stderr
if len(argv) > 0:
dbfn = argv[0]
@@ -311,12 +318,13 @@
sys.stderr.write('An error occurred while initializing the Luci installation for restoration from backup\n')
return -1
- if True:
- portal_mem = app.unrestrictedTraverse('/luci/portal_membership')
- portal_reg = app.unrestrictedTraverse('/luci/portal_registration')
- if not portal_mem or not portal_reg:
+ try:
+ acl_users = app.acl_users.users
+ portal_mem = app.luci.portal_membership
+ portal_reg = app.luci.portal_registration
+ if not (acl_users and len(acl_users) and portal_mem and portal_reg):
raise
- else:
+ except:
sys.stderr.write('Your Luci installation appears to be corrupt.\n')
return -1
@@ -344,7 +352,12 @@
passwd = str(passwd)
if id == 'admin':
- save_password('admin', passwd)
+ try:
+ acl_users._user_passwords['admin'] = passwd
+ transaction.commit()
+ except:
+ sys.stderr.write('Unable to restore admin password.')
+ continue
else:
email = u.getAttribute('email')
if not email:
@@ -368,8 +381,11 @@
return -1
try:
- aclu = app.unrestrictedTraverse('/luci/acl_users/Users/acl_users/')
- aclu.__dict__['data'][id].__dict__['__'] = passwd
+ aclu = app.luci.acl_users.source_users
+ if aclu and len(aclu):
+ acl_users._user_passwords[id] = passwd
+ else:
+ raise
except:
transaction.abort()
sys.stderr.write('An error occurred while restoring the password for user \"' + id + '\"\n')
@@ -377,7 +393,7 @@
transaction.commit()
try:
- x = app.unrestrictedTraverse('/luci/systems/storage')
+ x = app.luci.systems.storage
if not x:
raise
except:
@@ -407,7 +423,7 @@
x.manage_addFolder(id, title)
try:
- new_system = app.unrestrictedTraverse('/luci/systems/storage/' + id)
+ new_system = eval('app.luci.systems.storage.' + id)
if not new_system:
raise
new_system.manage_acquiredPermissions([])
@@ -436,7 +452,7 @@
transaction.commit()
try:
- x = app.unrestrictedTraverse('/luci/systems/cluster')
+ x = app.luci.systems.cluster
if not x:
raise
except:
@@ -468,7 +484,8 @@
try:
x.manage_addFolder(id, title)
- new_cluster = app.unrestrictedTraverse('/luci/systems/cluster/'+ id)
+ new_cluster = eval('app.luci.systems.cluster.' + id)
+
if not new_cluster:
raise
new_cluster.manage_acquiredPermissions([])
@@ -515,7 +532,7 @@
try:
new_cluster.manage_addFolder(newsys, stitle)
- newcs = app.unrestrictedTraverse('/luci/systems/cluster/' + id + '/' + newsys)
+ newcs = eval('app.luci.systems.cluster.' + id + '.' + newsys)
if not newcs:
raise
newcs.manage_acquiredPermissions([])
@@ -581,19 +598,39 @@
return node.cloneNode(True)
def luci_backup(argv):
+ sys.stderr = null
import ZODB
from ZODB.FileStorage import FileStorage
from ZODB.DB import DB
import OFS
+ from OFS.Application import AppInitializer
import OFS.Folder
import AccessControl
import AccessControl.User
+ from AccessControl.AuthEncoding import SSHADigestScheme
+ from AccessControl.SecurityManagement import newSecurityManager
+ import transaction
+ import Products.CMFCore
+ import Products.CMFCore.MemberDataTool
+ import ImageFile
+ import Products.PluggableAuthService.plugins.ZODBUserManager
+ import BTrees.OOBTree
+ # Zope wants to open a www/ok.gif and images/error.gif
+ # when you initialize the application object. This keeps
+ # the AppInitializer(app).initialize() call below from failing.
+ ImageFile.ImageFile.__init__ = lambda x,y,z:None
+ sys.stderr = orig_stderr
if len(argv) > 0:
dbfn = argv[0]
else:
dbfn = LUCI_DB_PATH
+ if len(argv) > 1:
+ backupfn = argv[1]
+ else:
+ backupfn = LUCI_BACKUP_PATH
+
try:
fs = FileStorage(dbfn)
db = DB(fs)
@@ -602,130 +639,122 @@
except IOError, e:
if e[0] == 11:
sys.stderr.write('It appears that Luci is running. Please stop Luci before attempting to backup your installation.\n')
- return None
+ return -1
else:
sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
- return None
+ return -1
except Exception, e:
sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
- return None
+ return -1
+
+ try:
+ sys.stderr = null
+ tempuser = AccessControl.User.UnrestrictedUser('admin', '',
+ ('manage','Manager', 'Owner', 'View', 'Authenticated'), [])
- examine_classes = [
- 'OFS.Folder.Folder',
- 'AccessControl.User.User',
- 'Products.CMFCore.MemberDataTool.MemberData'
- ]
+ newSecurityManager(None, tempuser)
+ app = conn.root()['Application']
+ AppInitializer(app).initialize()
+ sys.stderr = orig_stderr
+ except:
+ sys.stderr = orig_stderr
+ sys.stderr.write('An error occurred while initializing the Luci installation for restoration from backup\n')
+ return -1
+
+ try:
+ acl_users = app.acl_users.users
+ portal_mem = app.luci.portal_membership
+ portal_reg = app.luci.portal_registration
+ if not (acl_users and len(acl_users) and portal_mem and portal_reg):
+ raise
+ except:
+ sys.stderr.write('Your Luci installation appears to be corrupt.\n')
+ return -1
+
+ users = {}
systems = {}
clusters = {}
- users = {}
- # To suppress some useless zope error messages.
- sys.stderr = null
+ try:
+ acl_users = app.acl_users.users
+ if len(acl_users) < 1:
+ raise
+ users['admin'] = {
+ 'id': 'admin',
+ 'name': 'admin',
+ 'passwd': app.acl_users.users._user_passwords['admin']
+ }
+ except:
+ sys.stderr.write('Unable to find the admin user.\n')
+ return -1
+
+ acl_users = app.luci.acl_users.source_users
+ if acl_users and len(acl_users):
+ for i in app.luci.acl_users.source_users._user_passwords.items():
+ try:
+ users[i[0]] = {
+ 'id': i[0],
+ 'name': i[0],
+ 'passwd': i[1]
+ }
+ except:
+ try:
+ sys.stderr.write('An error occurred while saving details for user \"' + i[0] + '\"\n')
+ except:
+ sys.stderr.write('An error occurred while saving user information.')
+ return -1
- next_oid = None
- while True:
- oid, tid, data, next_oid = fs.record_iternext(next_oid)
+ try:
+ storagedir = app.luci.systems.storage
+ clusterdir = app.luci.systems.cluster
+ except:
+ sys.stderr.write('Your Luci installation appears to be corrupt.')
+ return -1
- try:
- obj = conn.get(oid)
- obj_class = str(type(obj)).split('\'')[1]
- except:
- if next_oid is None: break
- else: continue
+ if storagedir and len(storagedir):
+ for i in storagedir.objectItems():
+ systems[i[0]] = { 'id': i[0], 'name': i[0] }
+ if hasattr(i[1], 'title'):
+ systems[i[0]]['title'] = getattr(i[1], 'title')
+ else:
+ systems[i[0]]['title'] = '__luci__:system'
- if not obj_class in examine_classes:
- if next_oid is None: break
- else: continue
+ if hasattr(i[1], '__ac_local_roles__'):
+ roles = getattr(i[1], '__ac_local_roles__')
+ systems[i[0]]['permList'] = map(lambda x: x[0], filter(lambda x: len(x) > 1 and 'View' in x[1], roles.items()))
+ else:
+ systems[i[0]]['permList'] = {}
+
+ if clusterdir and len(clusterdir):
+ for i in clusterdir.objectItems():
+ cluster_name = i[0]
+ clusters[cluster_name] = { 'id': cluster_name, 'csystemList': {} }
+ if hasattr(i[1], 'title'):
+ clusters[cluster_name]['title'] = getattr(i[1], 'title')
+ else:
+ clusters[cluster_name]['title'] = '__luci__:cluster'
- try:
- conn.setstate(obj)
- except:
- if next_oid is None: break
- else: continue
+ if hasattr(i[1], '__ac_local_roles__'):
+ roles = getattr(i[1], '__ac_local_roles__')
+ clusters[cluster_name]['permList'] = map(lambda x: x[0], filter(lambda x: len(x) > 1 and 'View' in x[1], roles.items()))
+ else:
+ clusters[cluster_name]['permList'] = {}
- dict = obj.__dict__
+ for csystem in i[1].objectItems():
+ csystem_hash = { 'id': csystem[0] }
- if obj_class == 'OFS.Folder.Folder':
- if not 'title' in dict or not dict['title'] or dict['title'][0:9] != '__luci__:':
- if next_oid is None: break
- else: continue
- title = dict['title'].split(':')
- cur = None
-
- if title[1] == 'cluster':
- if not dict['id'] in clusters:
- clusters[dict['id']] = {
- 'id': dict['id'],
- 'title': dict['title'],
- 'permList': [],
- 'csystemList': {}
- }
- cur = clusters[dict['id']]
+ if hasattr(csystem[1], 'title'):
+ csystem_hash['title'] = getattr(csystem[1], 'title')
else:
- cur = clusters[dict['id']]
- cur['id'] = dict['id']
- cur['title'] = dict['title']
- elif title[1] == 'csystem':
- if len(title) > 2:
- clusterName = title[2]
- if not clusterName in clusters:
- clusters[clusterName] = {
- 'id': clusterName,
- 'csystemList': {},
- 'permList': []
- }
- clusters[clusterName]['csystemList'][dict['id']] = {
- 'id': dict['id'],
- 'title': '__luci__:csystem:' + clusterName,
- }
- elif title[1] == 'system':
- systems[dict['id']] = {
- 'id': dict['id'],
- 'title': dict['title'],
- 'permList': []
- }
- cur = systems[dict['id']]
- else:
- # we don't care
- if next_oid is None: break
- else: continue
-
- if cur and '__ac_local_roles__' in dict:
- roles = dict['__ac_local_roles__']
- for i in roles:
- if not i in users:
- users[i] = { 'id': i, 'name': i }
- if 'View' in roles[i]:
- cur['permList'].append(i)
- elif obj_class == 'AccessControl.User.User':
- try:
- cur_user = users[dict['name']]
- except:
- try:
- cur_user = users[dict['id']]
- except:
- users[dict['name']] = { 'id': dict['name'] }
- cur_user = users[dict['name']]
- cur_user['name'] = dict['name']
- cur_user['passwd'] = dict['__']
- elif obj_class == 'Products.CMFCore.MemberDataTool.MemberData':
- if not 'id' in dict and not 'name' in dict:
- if next_oid is None: break
- else: continue
+ csystem_hash['title'] = '__luci__:csystem:' + cluster_name
- try:
- cur_user = users[dict['id']]
- except:
- try:
- cur_user = users[dict['name']]
- except:
- users[dict['id']] = { 'name': dict['id'] }
- cur_user = users[dict['id']]
- for i in dict:
- cur_user[i] = dict[i]
- if next_oid is None:
- break
+ if hasattr(csystem[1], '__ac_local_roles__'):
+ roles = getattr(csystem[1], '__ac_local_roles__')
+ csystem_hash['permList'] = map(lambda x: x[0], filter(lambda x: len(x) > 1 and 'View' in x[1], roles.items()))
+ else:
+ csystem_hash['permList'] = {}
+ clusters[cluster_name]['csystemList'][csystem[0]] = csystem_hash
sys.stderr = orig_stderr
conn.close()
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-08-02 20:52 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-08-02 20:52 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-08-02 20:52:23
Modified files:
luci/utils : luci_admin
Log message:
correct an error message that could be printed during an unsuccessful password reset
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.31&r2=1.32
--- conga/luci/utils/luci_admin 2006/08/02 20:45:26 1.31
+++ conga/luci/utils/luci_admin 2006/08/02 20:52:23 1.32
@@ -136,7 +136,7 @@
sys.stderr = orig_stderr
except:
sys.stderr = orig_stderr
- sys.stderr.write('An error occurred while initializing the Luci installation for restoration from backup\n')
+ sys.stderr.write('An error occurred while setting the password for user \"' + user + '\"\n')
return -1
ret = -1
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-08-02 20:45 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-08-02 20:45 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-08-02 20:45:26
Modified files:
luci/utils : luci_admin
Log message:
fix luci_admin password
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.30&r2=1.31
--- conga/luci/utils/luci_admin 2006/07/26 01:17:18 1.30
+++ conga/luci/utils/luci_admin 2006/08/02 20:45:26 1.31
@@ -88,6 +88,95 @@
except:
return -1
+def set_zope_passwd(user, passwd):
+ sys.stderr = null
+ import ZODB
+ from ZODB.FileStorage import FileStorage
+ from ZODB.DB import DB
+ import OFS
+ from OFS.Application import AppInitializer
+ import OFS.Folder
+ import AccessControl
+ import AccessControl.User
+ from AccessControl.AuthEncoding import SSHADigestScheme
+ from AccessControl.SecurityManagement import newSecurityManager
+ import transaction
+ import Products.CMFCore
+ import Products.CMFCore.MemberDataTool
+ import ImageFile
+ import Products.PluggableAuthService.plugins.ZODBUserManager
+ import BTrees.OOBTree
+ ImageFile.ImageFile.__init__ = lambda x,y,z:None
+ sys.stderr = orig_stderr
+
+ try:
+ fs = FileStorage(LUCI_DB_PATH)
+ db = DB(fs)
+ conn = db.open()
+ except IOError, e:
+ if e[0] == 11:
+ sys.stderr.write('It appears that Luci is running. Please stop Luci before attempting to reset passwords.\n')
+ return -1
+ else:
+ sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ return -1
+ except Exception, e:
+ sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ return -1
+
+ try:
+ sys.stderr = null
+ tempuser = AccessControl.User.UnrestrictedUser('admin', '',
+ ('manage','Manager', 'Owner', 'View', 'Authenticated'), [])
+
+ newSecurityManager(None, tempuser)
+
+ app = conn.root()['Application']
+ AppInitializer(app).initialize()
+ sys.stderr = orig_stderr
+ except:
+ sys.stderr = orig_stderr
+ sys.stderr.write('An error occurred while initializing the Luci installation for restoration from backup\n')
+ return -1
+
+ ret = -1
+ try:
+ pwd_scheme = SSHADigestScheme
+ pwd_hash = '{SSHA}' + pwd_scheme.encrypt(SSHADigestScheme(), passwd)
+ acl_users = app.unrestrictedTraverse('/acl_users/users/')
+ len(acl_users)
+ acl_users.__dict__['_user_passwords'][user] = pwd_hash
+ transaction.commit()
+ ret = 0
+ except:
+ sys.stderr.write('Unable to set the password for user \"' + user + '\"\n')
+ conn.close()
+ db.pack()
+ db.close()
+ fs.close()
+
+ try:
+ luci = pwd.getpwnam(LUCI_USER)[2:4]
+ if not luci or len(luci) != 2:
+ raise
+ except:
+ sys.stderr.write('Cannot find the \"' + LUCI_USER + '\" user.\n')
+ return -1
+
+ try:
+ os.chown(LUCI_DB_PATH, luci[0], luci[1])
+ os.chmod(LUCI_DB_PATH, 0600)
+ for i in [ '.tmp', '.old', '.index', '.lock' ]:
+ try:
+ os.chown(LUCI_DB_PATH + i, luci[0], luci[1])
+ os.chmod(LUCI_DB_PATH + i, 0600)
+ except: pass
+ except:
+ sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
+ return -1
+ return ret
+
+
def luci_restore_certs(certList):
if not certList or len(certList) < 1:
sys.stderr.write('Your backup file contains no certificate data. Please check that your backup file is not corrupt.\n')
@@ -870,8 +959,9 @@
print 'Reseting admin password'
print
- save_password('admin', generate_password())
- print 'admin password has been successfully reset'
+ password = raw_input('Enter password: ')
+ if not set_zope_passwd('admin', password):
+ print 'admin password has been successfully reset'
restart_message()
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-07-26 1:17 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-07-26 1:17 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-07-26 01:17:18
Modified files:
luci/utils : luci_admin
Log message:
fix problem of zope choking on nonexistent directories in the product path
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.29&r2=1.30
--- conga/luci/utils/luci_admin 2006/07/25 22:36:14 1.29
+++ conga/luci/utils/luci_admin 2006/07/26 01:17:18 1.30
@@ -21,13 +21,13 @@
))
from Products import __path__
-__path__.extend((
- '/usr/lib/luci/zope/lib/python/Products',
- '/usr/lib64/luci/zope/lib/python/Products',
- '/usr/lib64/zope/lib/python/Products',
- '/usr/lib64/zope/lib64/python/Products',
- '/usr/lib/zope/lib/python/Products'
-))
+for i in [ '/usr/lib/luci/zope/lib/python/Products',
+ '/usr/lib64/luci/zope/lib/python/Products',
+ '/usr/lib64/zope/lib/python/Products',
+ '/usr/lib64/zope/lib64/python/Products',
+ '/usr/lib/zope/lib/python/Products' ]:
+ if os.path.isdir(i):
+ __path__.append(i)
LUCI_INIT_DEBUG = 0
@@ -223,7 +223,6 @@
return -1
if True:
- print app.unrestrictedTraverse('/luci/')
portal_mem = app.unrestrictedTraverse('/luci/portal_membership')
portal_reg = app.unrestrictedTraverse('/luci/portal_registration')
if not portal_mem or not portal_reg:
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-07-25 22:36 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-07-25 22:36 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-07-25 22:36:15
Modified files:
luci/utils : luci_admin
Log message:
restore uid/gid and permissions if backup or restore fails
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.28&r2=1.29
--- conga/luci/utils/luci_admin 2006/07/24 20:17:02 1.28
+++ conga/luci/utils/luci_admin 2006/07/25 22:36:14 1.29
@@ -895,16 +895,25 @@
luci = pwd.getpwnam(LUCI_USER)[2:4]
except:
sys.stderr.write('Cannot find the \"' + LUCI_USER + '\" user.\n')
- return -1
+ sys.exit(1)
doc = luci_backup(argv[2:])
try:
os.chown(LUCI_DB_PATH, luci[0], luci[1])
os.chmod(LUCI_DB_PATH, 0600)
+ for i in [ '.tmp', '.old', '.index', '.lock' ]:
+ try:
+ os.chown(LUCI_DB_PATH + i, luci[0], luci[1])
+ os.chmod(LUCI_DB_PATH + i, 0600)
+ except: pass
except:
sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
+ if not doc:
+ sys.stderr.write('The Luci backup failed.\n')
+ sys.exit(1)
+
try:
# The LUCI_BACKUP_DIR must not be world-writable
# as the code below is obviously not safe against
@@ -930,7 +939,7 @@
f = file(LUCI_BACKUP_PATH, 'wb+')
except:
sys.stderr.write('Unable to open \"' + LUCI_BACKUP_PATH + '\" to write backup.\n')
- return -1
+ sys.exit(1)
try:
os.chmod(LUCI_BACKUP_PATH, 0600)
@@ -938,16 +947,12 @@
print "An error occurred while making",LUCI_BACKUP_PATH,"read-only:",e
print "Please check that this file is not world-readable."
- if not doc:
- sys.stderr.write('The Luci backup failed.\n')
- return -1
-
try:
f.write(doc.toprettyxml())
f.close()
except:
sys.stderr.write('The Luci backup failed.\n')
- return -1
+ sys.exit(1)
print 'Luci backup was successful.\nThe backup data is contained in the file \"' + LUCI_BACKUP_PATH + '\"'
@@ -958,9 +963,10 @@
except: pass
if luci_restore(argv[2:]):
+ retCode = False
print 'The Luci restore failed. Try reinstalling Luci, then restoring again.'
- return False
else:
+ retCode = True
print 'Restore was successful.'
restart_message()
@@ -977,7 +983,7 @@
sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
return False
- return True
+ return retCode
def luci_help(argv):
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-07-11 18:46 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-07-11 18:46 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-07-11 18:46:48
Modified files:
luci/utils : luci_admin
Log message:
more zope2.9/plone2.5 fixes
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.26&r2=1.27
--- conga/luci/utils/luci_admin 2006/07/11 14:51:32 1.26
+++ conga/luci/utils/luci_admin 2006/07/11 18:46:47 1.27
@@ -6,16 +6,23 @@
import xml
import xml.dom
from xml.dom import minidom
-
+
sys.path.extend((
'/usr/lib64/zope/lib64/python',
- '/usr/lib64/zope/lib64/python/Products',
'/usr/lib64/zope/lib/python',
- '/usr/lib64/zope/lib/python/Products',
'/usr/lib/zope/lib/python',
+ '/usr/lib64/zope/lib/python/Products',
+ '/usr/lib64/zope/lib64/python/Products',
'/usr/lib/zope/lib/python/Products'
))
+from Products import __path__
+__path__.extend((
+ '/usr/lib64/zope/lib/python/Products',
+ '/usr/lib64/zope/lib64/python/Products',
+ '/usr/lib/zope/lib/python/Products',
+))
+
LUCI_INIT_DEBUG = 0
LUCI_USER='luci'
@@ -209,12 +216,13 @@
sys.stderr.write('An error occurred while initializing the Luci installation for restoration from backup\n')
return -1
- try:
+ if True:
+ print app.unrestrictedTraverse('/luci/')
portal_mem = app.unrestrictedTraverse('/luci/portal_membership')
portal_reg = app.unrestrictedTraverse('/luci/portal_registration')
if not portal_mem or not portal_reg:
raise
- except:
+ else:
sys.stderr.write('Your Luci installation appears to be corrupt.\n')
return -1
@@ -905,7 +913,7 @@
os.rename(LUCI_BACKUP_PATH, oldbackup)
except:
sys.stderr.stderr('Unable to rename the existing backup file.\n')
- sys.exit(1)
+ return -1
break
trynum += 1
except OSError, e:
@@ -923,13 +931,19 @@
except OSError, e:
print "An error occurred while making",LUCI_BACKUP_PATH,"read-only:",e
print "Please check that this file is not world-readable."
+
if not doc:
sys.stderr.write('The Luci backup failed.\n')
- sys.exit(1)
+ return -1
+
+ try:
+ f.write(doc.toprettyxml())
+ f.close()
+ except:
+ sys.stderr.write('The Luci backup failed.\n')
+ return -1
- f.write(doc.toprettyxml())
- f.flush()
- f.close()
+ print 'Luci backup was successful.\nThe backup data is contained in the file \"' + LUCI_BACKUP_PATH + '\"'
def restore(argv):
print 'Restoring the Luci server...'
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-07-11 14:51 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-07-11 14:51 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-07-11 14:51:32
Modified files:
luci/utils : luci_admin
Log message:
fix breakage caused by the fc6 zope2.8 -> zope2.9 upgrade
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.25&r2=1.26
--- conga/luci/utils/luci_admin 2006/06/29 18:04:31 1.25
+++ conga/luci/utils/luci_admin 2006/07/11 14:51:32 1.26
@@ -8,6 +8,8 @@
from xml.dom import minidom
sys.path.extend((
+ '/usr/lib64/zope/lib64/python',
+ '/usr/lib64/zope/lib64/python/Products',
'/usr/lib64/zope/lib/python',
'/usr/lib64/zope/lib/python/Products',
'/usr/lib/zope/lib/python',
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-29 18:04 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-29 18:04 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-29 18:04:32
Modified files:
luci/utils : luci_admin
Log message:
make sure auxiliary DB files have the correct ownership after backup and restore.
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.24&r2=1.25
--- conga/luci/utils/luci_admin 2006/06/29 17:51:12 1.24
+++ conga/luci/utils/luci_admin 2006/06/29 18:04:31 1.25
@@ -875,10 +875,15 @@
try: os.umask(077)
except: pass
+ try:
+ luci = pwd.getpwnam(LUCI_USER)[2:4]
+ except:
+ sys.stderr.write('Cannot find the \"' + LUCI_USER + '\" user.\n')
+ return -1
+
doc = luci_backup(argv[2:])
try:
- luci = pwd.getpwnam(LUCI_USER)[2:4]
os.chown(LUCI_DB_PATH, luci[0], luci[1])
os.chmod(LUCI_DB_PATH, 0600)
except:
@@ -930,10 +935,9 @@
try: os.umask(077)
except: pass
- ret = True
if luci_restore(argv[2:]):
print 'The Luci restore failed. Try reinstalling Luci, then restoring again.'
- ret = False
+ return False
else:
print 'Restore was successful.'
restart_message()
@@ -942,11 +946,16 @@
luci = pwd.getpwnam(LUCI_USER)[2:4]
os.chown(LUCI_DB_PATH, luci[0], luci[1])
os.chmod(LUCI_DB_PATH, 0600)
+ for i in [ '.tmp', '.old', '.index', '.lock' ]:
+ try:
+ os.chown(LUCI_DB_PATH + i, luci[0], luci[1])
+ os.chmod(LUCI_DB_PATH + i, 0600)
+ except: pass
except:
- ret = False
sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
+ return False
- return ret
+ return True
def luci_help(argv):
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-29 17:51 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-29 17:51 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-29 17:51:12
Modified files:
luci/utils : luci_admin
Log message:
fix permissions bug after a restore for non-admin users
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.23&r2=1.24
--- conga/luci/utils/luci_admin 2006/06/27 19:50:09 1.23
+++ conga/luci/utils/luci_admin 2006/06/29 17:51:12 1.24
@@ -306,6 +306,8 @@
new_system = app.unrestrictedTraverse('/luci/systems/storage/' + id)
if not new_system:
raise
+ new_system.manage_acquiredPermissions([])
+ new_system.manage_role('View', ['Access contents information','View'])
except:
sys.stderr.write('An error occurred while restoring storage system \"' + id + '\"\n')
transaction.abort()
@@ -365,6 +367,8 @@
new_cluster = app.unrestrictedTraverse('/luci/systems/cluster/'+ id)
if not new_cluster:
raise
+ new_cluster.manage_acquiredPermissions([])
+ new_cluster.manage_role('View', ['Access contents information','View'])
except:
sys.stderr.write('An error occurred while restoring the cluster \"' + id + '\"\n')
transaction.abort()
@@ -410,6 +414,8 @@
newcs = app.unrestrictedTraverse('/luci/systems/cluster/' + id + '/' + newsys)
if not newcs:
raise
+ newcs.manage_acquiredPermissions([])
+ newcs.manage_role('View', ['Access contents information','View'])
except:
sys.stderr.write('An error occurred while restoring the storage system \"' + newsys + '\" for cluster \"' + id + '\"\n')
transaction.abort()
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-27 19:50 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-27 19:50 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-27 19:50:10
Modified files:
luci/utils : luci_admin
Log message:
fix for fc5 works on fc6, too and lets me get rid of all the temporary file ugliness
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.22&r2=1.23
--- conga/luci/utils/luci_admin 2006/06/27 19:40:37 1.22
+++ conga/luci/utils/luci_admin 2006/06/27 19:50:09 1.23
@@ -23,7 +23,6 @@
LUCI_CERT_DIR='/var/lib/luci/var/certs/'
LUCI_BACKUP_PATH=LUCI_BACKUP_DIR + '/luci_backup.xml'
LUCI_DB_PATH='/var/lib/luci/var/Data.fs'
-LUCI_TEMP='/var/lib/luci/var/temp/'
INITUSER_FILE_PATH = '/var/lib/luci/inituser'
@@ -143,8 +142,11 @@
import Products.CMFCore
sys.stderr = orig_stderr
import Products.CMFCore.MemberDataTool
- # This is why I love zope.
import ImageFile
+
+ # Zope wants to open a www/ok.gif and images/error.gif
+ # when you initialize the application object. This keeps
+ # the AppInitializer(app).initialize() call below from failing.
ImageFile.ImageFile.__init__ = lambda x,y,z:None
if len(argv) > 0:
@@ -922,35 +924,6 @@
try: os.umask(077)
except: pass
- # for reasons that make no sense, zope/plone will fall
- # on its face if www/ok.gif and images/version.gif don't
- # exist and have at least something in them.
- try:
- os.makedirs(LUCI_TEMP + 'www')
- os.makedirs(LUCI_TEMP + 'images')
- except: pass
-
- try:
- f = file(LUCI_TEMP + 'www/ok.gif', 'w')
- f.write('luci\n')
- f.close()
-
- f = file(LUCI_TEMP + 'images/version.gif', 'w')
- f.write('luci\n')
- f.close()
- except:
- try:
- os.unlink(LUCI_TEMP + 'www/ok.gif')
- os.unlink(LUCI_TEMP + 'images/version.gif')
- os.rmdir(LUCI_TEMP + 'www')
- os.rmdir(LUCI_TEMP + 'images')
- os.rmdir(LUCI_TEMP)
- except: pass
- print 'Unable to initialize restore.'
- sys.exit(1)
-
- os.chdir(LUCI_TEMP)
-
ret = True
if luci_restore(argv[2:]):
print 'The Luci restore failed. Try reinstalling Luci, then restoring again.'
@@ -959,20 +932,12 @@
print 'Restore was successful.'
restart_message()
- os.chdir(LUCI_BACKUP_DIR)
- try:
- os.unlink(LUCI_TEMP + 'www/ok.gif')
- os.unlink(LUCI_TEMP + 'images/version.gif')
- os.rmdir(LUCI_TEMP + 'www')
- os.rmdir(LUCI_TEMP + 'images')
- os.rmdir(LUCI_TEMP)
- except: pass
-
try:
luci = pwd.getpwnam(LUCI_USER)[2:4]
os.chown(LUCI_DB_PATH, luci[0], luci[1])
os.chmod(LUCI_DB_PATH, 0600)
except:
+ ret = False
sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
return ret
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-27 19:40 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-27 19:40 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-27 19:40:37
Modified files:
luci/utils : luci_admin
Log message:
fix restore bug on FC5
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.21&r2=1.22
--- conga/luci/utils/luci_admin 2006/06/27 18:19:52 1.21
+++ conga/luci/utils/luci_admin 2006/06/27 19:40:37 1.22
@@ -143,6 +143,9 @@
import Products.CMFCore
sys.stderr = orig_stderr
import Products.CMFCore.MemberDataTool
+ # This is why I love zope.
+ import ImageFile
+ ImageFile.ImageFile.__init__ = lambda x,y,z:None
if len(argv) > 0:
dbfn = argv[0]
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-27 18:19 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-27 18:19 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-27 18:19:52
Modified files:
luci/utils : luci_admin
Log message:
More informative messages when the Luci db can't be opened (f.e. when Luci is running)
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.20&r2=1.21
--- conga/luci/utils/luci_admin 2006/06/26 22:30:34 1.20
+++ conga/luci/utils/luci_admin 2006/06/27 18:19:52 1.21
@@ -159,14 +159,21 @@
db = DB(fs)
db.pack()
conn = db.open()
- except:
- stderr.write('Unable to open the Luci database \"' + dbfn + '\"\n')
+ except IOError, e:
+ if e[0] == 11:
+ sys.stderr.write('It appears that Luci is running. Please stop Luci before attempting to restore your installation.\n')
+ return -1
+ else:
+ sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ return -1
+ except Exception, e:
+ sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
return -1
try:
node = xml.dom.minidom.parse(backupfn)
except:
- stderr.write('Unable to open the Luci backup file \"'+ backupfn +'\"\n')
+ sys.stderr.write('Unable to open the Luci backup file \"'+ backupfn +'\"\n')
return -1
node = node.getElementsByTagName('luci')
@@ -477,8 +484,15 @@
db = DB(fs)
db.pack()
conn = db.open()
- except:
- stderr.write('Unable to open the luci database \"' + dbfn + '\"\n')
+ except IOError, e:
+ if e[0] == 11:
+ sys.stderr.write('It appears that Luci is running. Please stop Luci before attempting to backup your installation.\n')
+ return None
+ else:
+ sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ return None
+ except Exception, e:
+ sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
return None
examine_classes = [
@@ -872,7 +886,7 @@
try:
os.rename(LUCI_BACKUP_PATH, oldbackup)
except:
- sys.write.stderr('Unable to rename the existing backup file.\n')
+ sys.stderr.stderr('Unable to rename the existing backup file.\n')
sys.exit(1)
break
trynum += 1
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-26 22:30 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-26 22:30 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-26 22:30:34
Modified files:
luci/utils : luci_admin
Log message:
fix a typo that broke public certificate generation
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.19&r2=1.20
--- conga/luci/utils/luci_admin 2006/06/26 20:01:40 1.19
+++ conga/luci/utils/luci_admin 2006/06/26 22:30:34 1.20
@@ -34,7 +34,7 @@
SSL_KEYCONFIG_NAME = 'cacert.config'
SSL_PRIVKEY_PATH = LUCI_CERT_DIR + SSL_PRIVKEY_NAME
-SSL_PUBKEY_PATH = LUCI_CERT_DIR + SSL_HTTPS_PRIVKEY_NAME
+SSL_PUBKEY_PATH = LUCI_CERT_DIR + SSL_PUBKEY_NAME
SSL_HTTPS_PRIVKEY_PATH = LUCI_CERT_DIR + SSL_HTTPS_PRIVKEY_NAME
SSL_HTTPS_PUBKEY_PATH = LUCI_CERT_DIR + SSL_HTTPS_PUBKEY_NAME
SSL_KEYCONFIG_PATH = LUCI_CERT_DIR + SSL_KEYCONFIG_NAME
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-26 20:01 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-26 20:01 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-26 20:01:40
Modified files:
luci/utils : luci_admin
Log message:
fix certificate backup and restore, and some other cleanups.
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.18&r2=1.19
--- conga/luci/utils/luci_admin 2006/06/21 23:06:28 1.18
+++ conga/luci/utils/luci_admin 2006/06/26 20:01:40 1.19
@@ -19,16 +19,34 @@
LUCI_USER='luci'
LUCI_GROUP='luci'
-SSL_PRIVKEY_PATH='/var/lib/luci/var/certs/privkey.pem'
-SSL_PUBKEY_PATH='/var/lib/luci/var/certs/cacert.pem'
-SSL_KEYCONFIG_PATH='/var/lib/luci/var/certs/cacert.config'
LUCI_BACKUP_DIR='/var/lib/luci/var'
+LUCI_CERT_DIR='/var/lib/luci/var/certs/'
LUCI_BACKUP_PATH=LUCI_BACKUP_DIR + '/luci_backup.xml'
LUCI_DB_PATH='/var/lib/luci/var/Data.fs'
LUCI_TEMP='/var/lib/luci/var/temp/'
INITUSER_FILE_PATH = '/var/lib/luci/inituser'
+SSL_PRIVKEY_NAME = 'privkey.pem'
+SSL_PUBKEY_NAME = 'cacert.pem'
+SSL_HTTPS_PRIVKEY_NAME = 'https.key.pem'
+SSL_HTTPS_PUBKEY_NAME = 'https.pem'
+SSL_KEYCONFIG_NAME = 'cacert.config'
+
+SSL_PRIVKEY_PATH = LUCI_CERT_DIR + SSL_PRIVKEY_NAME
+SSL_PUBKEY_PATH = LUCI_CERT_DIR + SSL_HTTPS_PRIVKEY_NAME
+SSL_HTTPS_PRIVKEY_PATH = LUCI_CERT_DIR + SSL_HTTPS_PRIVKEY_NAME
+SSL_HTTPS_PUBKEY_PATH = LUCI_CERT_DIR + SSL_HTTPS_PUBKEY_NAME
+SSL_KEYCONFIG_PATH = LUCI_CERT_DIR + SSL_KEYCONFIG_NAME
+
+ssl_key_data = [
+ { 'id': SSL_PRIVKEY_PATH, 'name': SSL_PRIVKEY_NAME, 'type': 'private', 'mode': 0600 },
+ { 'id': SSL_HTTPS_PRIVKEY_PATH, 'name': SSL_HTTPS_PRIVKEY_NAME, 'type': 'private', 'mode': 0600 },
+ { 'id': SSL_PUBKEY_PATH, 'name': SSL_PUBKEY_NAME, 'type': 'public', 'mode': 0644 },
+ { 'id': SSL_HTTPS_PUBKEY_PATH, 'name': SSL_HTTPS_PUBKEY_NAME, 'type': 'public', 'mode': 0644 },
+ { 'id': SSL_KEYCONFIG_PATH, 'name': SSL_KEYCONFIG_NAME, 'type': 'config', 'mode': 0644 }
+]
+
null = file(os.devnull, 'rwb+', 0)
orig_stderr = sys.stderr
@@ -56,6 +74,60 @@
except:
return -1
+def luci_restore_certs(certList):
+ if not certList or len(certList) < 1:
+ sys.stderr.write('Your backup file contains no certificate data. Please check that your backup file is not corrupt.\n')
+ return -1
+
+ certList = certList[0].getElementsByTagName('certificate')
+ if not certList or len(certList) < 1:
+ sys.stderr.write('Your backup file contains no certificate data. Please check that your backup file is not corrupt.\n')
+ return -1
+ try:
+ luci = pwd.getpwnam(LUCI_USER)[2:4]
+ if not luci or len(luci) != 2:
+ raise
+ except:
+ sys.stderr.write('Cannot find the \"' + LUCI_USER + '\" user.\n')
+ return -1
+
+ for c in certList:
+ path = c.getAttribute('name')
+ if not path:
+ sys.stderr.write('Missing \"name\" field for certificate.\n')
+ return -1
+ path = LUCI_CERT_DIR + str(path)
+
+ mode = c.getAttribute('mode')
+ if not mode:
+ mode = 0600
+ else:
+ mode = int(mode, 8)
+
+ data = c.firstChild
+ if not data or not data.wholeText:
+ sys.stderr.write('\"' + path + '\" has no certificate data.')
+ return -1
+
+ # Because .prettyprint() was called to write the backup..
+ data = data.wholeText.strip()
+ if len(data) < 1:
+ sys.stderr.write('\"' + path + '\" has no certificate data.')
+ return -1
+ data = str(data)
+
+ try:
+ f = file(path, 'wb+')
+ except:
+ sys.stderr.write('Unable to create \" ' + path + '\" for writing.\n')
+ return -1
+
+ os.chmod(path, mode)
+ f.write(data + '\n')
+ os.chown(path, luci[0], luci[1])
+ f.close()
+ return None
+
def luci_restore(argv):
import ZODB
from ZODB.FileStorage import FileStorage
@@ -349,6 +421,16 @@
db.pack()
db.close()
fs.close()
+
+ certList = node.getElementsByTagName('certificateList')
+ if not certList or len(certList) < 1:
+ sys.stderr.write('No certificate data was found.\n')
+ return -1
+
+ if luci_restore_certs(certList):
+ sys.stderr.write('An error occurred while restoring certificate data.\n')
+ return -1
+
return 0
# This function's ability to work is dependent
@@ -539,69 +621,43 @@
doc.appendChild(luciData)
dataNode = dataToXML(doc, backup, 'backupData')
- try:
- certfile = file(SSL_PRIVKEY_PATH, 'rb')
- output = certfile.read()
-
- # should be at least some length greater than one
- # TODO: find out what the min length of a valid keyfile is.
- if len(output) < 1:
- raise
-
- certNode = doc.createElement('certificate')
- certNode.setAttribute('name', SSL_PRIVKEY_PATH)
- certNode.setAttribute('data', output)
- dataNode.appendChild(certNode.cloneNode(True))
- certfile.close()
- except False:
- sys.stderr.write('Unable to read ' + SSL_PRIVKEY_PATH + '\n')
- return None
-
- try:
- certfile = file(SSL_PUBKEY_PATH, 'rb')
- output = certfile.read()
+ certList = doc.createElement('certificateList')
+ for i in ssl_key_data:
+ try:
+ certfile = file(i['id'], 'rb')
+ output = certfile.read()
+ certfile.close()
- # should be at least some length greater than one
- # TODO: find out what the min length of a valid keyfile is.
- if len(output) < 1:
- raise
+ if len(output) < 1:
+ raise
+ except:
+ sys.stderr.write('Unable to read \"' + i['id'] + '\"\n')
+ # An error backing up anything other than the config
+ # is fatal.
+ if i['type'] != 'config':
+ return None
certNode = doc.createElement('certificate')
- certNode.setAttribute('name', SSL_PUBKEY_PATH)
- certNode.setAttribute('data', output)
- dataNode.appendChild(certNode.cloneNode(True))
- certfile.close()
- except:
- sys.stderr.write('Unable to read ' + SSL_PUBKEY_PATH + '\n')
- return None
-
- try:
- certfile = file(SSL_KEYCONFIG_PATH, 'rb')
- output = certfile.read()
-
- # should be at least some length greater than one
- # TODO: find out what the min length of a valid key conf is.
- if len(output) < 1:
- raise
-
- certNode = document.createElement('certificateConfig')
- certNode.setAttribute('name', SSL_KEYCONFIG_PATH)
- certNode.setAttribute('data', output)
- dataNode.appendChild(certNode.cloneNode(TRUE))
- certfile.close()
- except:
- sys.stderr.write('Unable to read ' + SSL_KEYCONFIG_PATH + '\n')
+ certNode.setAttribute('id', i['id'])
+ certNode.setAttribute('name', i['name'])
+ certNode.setAttribute('type', i['type'])
+ certNode.setAttribute('mode', str(oct(i['mode'])))
+ textNode = doc.createTextNode('\n' + output)
+ certNode.appendChild(textNode)
+ certList.appendChild(certNode)
+ dataNode.appendChild(certList.cloneNode(True))
luciData.appendChild(dataNode)
+
return doc
def _execWithCaptureErrorStatus(command, argv, searchPath = 0, root = '/', stdin = 0, catchfd = 1, catcherrfd = 2, closefd = -1):
if not os.access (root + command, os.X_OK):
raise RuntimeError, command + " can not be run"
-
+
(read, write) = os.pipe()
(read_err,write_err) = os.pipe()
-
+
childpid = os.fork()
if (not childpid):
# child
@@ -613,7 +669,7 @@
os.dup2(write, catchfd)
os.close(write)
os.close(read)
-
+
if isinstance(catcherrfd, tuple):
for fd in catcherrfd:
os.dup2(write_err, fd)
@@ -621,23 +677,23 @@
os.dup2(write_err, catcherrfd)
os.close(write_err)
os.close(read_err)
-
+
if closefd != -1:
os.close(closefd)
-
+
if stdin:
os.dup2(stdin, 0)
os.close(stdin)
-
+
if (searchPath):
os.execvp(command, argv)
else:
os.execv(command, argv)
# will never come here
-
+
os.close(write)
os.close(write_err)
-
+
rc = ""
rc_err = ""
in_list = [read, read_err]
@@ -654,21 +710,21 @@
if s == '':
in_list.remove(read_err)
rc_err = rc_err + s
-
+
os.close(read)
os.close(read_err)
-
+
status = -1
try:
(pid, status) = os.waitpid(childpid, 0)
except OSError, (errno, msg):
print __name__, "waitpid:", msg
-
+
if os.WIFEXITED(status):
status = os.WEXITSTATUS(status)
else:
status = -1
-
+
return (rc, rc_err, status)
@@ -688,31 +744,31 @@
command = '/usr/bin/openssl'
args = [command, 'genrsa', '-out', SSL_PRIVKEY_PATH, '2048']
_execWithCaptureErrorStatus(command, args)
-
+
# /usr/bin/openssl req -new -x509 -key /var/lib/luci/var/certs/privkey.pem -out /var/lib/luci/var/certs/cacert.pem -days 1095 -config /var/lib/luci/var/certs/cacert.config
command = '/usr/bin/openssl'
args = [command, 'req', '-new', '-x509', '-key', SSL_PRIVKEY_PATH, '-out', SSL_PUBKEY_PATH, '-days', '1095', '-config', SSL_KEYCONFIG_PATH]
_execWithCaptureErrorStatus(command, args)
-
+
# /bin/chown -R zope:zope /var/lib/luci/var/certs/*
command = '/bin/chown'
args = [command, LUCI_USER + ':' + LUCI_GROUP, SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
_execWithCaptureErrorStatus(command, args)
-
+
# /bin/chmod 644 /var/lib/luci/var/certs/*
command = '/bin/chmod'
args = [command, '644', SSL_PUBKEY_PATH]
o, e, s = _execWithCaptureErrorStatus(command, args)
if s != 0:
return False
-
+
# /bin/chmod 400 /var/lib/luci/var/certs/privkey.pem
command = '/bin/chmod'
args = [command, '600', SSL_PRIVKEY_PATH]
o, e, s = _execWithCaptureErrorStatus(command, args)
if s != 0:
return False
-
+
return True
@@ -734,7 +790,7 @@
print 'Restart the Luci server for changes to take effect'
print 'eg. service luci restart'
print
- return
+ return
@@ -753,14 +809,14 @@
if generate_ssl_certs() == False:
print 'failed. exiting ...'
sys.exit(1)
-
+
print
print 'Creating \'admin\' user'
save_password('admin', generate_password())
print 'Luci server has been successfully initialized'
-
+
restart_message()
-
+
return
@@ -771,14 +827,14 @@
print argv[0] + ' init'
sys.exit(1)
pass
-
+
print 'Reseting admin password'
print
save_password('admin', generate_password())
print 'admin password has been successfully reset'
-
+
restart_message()
-
+
return
@@ -788,18 +844,25 @@
print 'To initialize it, execute'
print argv[0] + ' init'
sys.exit(1)
-
+
print 'Backing up the Luci server...'
try: os.umask(077)
except: pass
doc = luci_backup(argv[2:])
- if not doc:
- sys.stderr.write('The Luci backup failed.\n')
- sys.exit(1)
try:
+ luci = pwd.getpwnam(LUCI_USER)[2:4]
+ os.chown(LUCI_DB_PATH, luci[0], luci[1])
+ os.chmod(LUCI_DB_PATH, 0600)
+ except:
+ sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
+
+ try:
+ # The LUCI_BACKUP_DIR must not be world-writable
+ # as the code below is obviously not safe against
+ # races.
stat = os.stat(LUCI_BACKUP_PATH)
trynum = 1
basename = '/luci_backup-'
@@ -816,46 +879,41 @@
except OSError, e:
#if e[0] == 2:
pass
-
- try:
- f = file(LUCI_BACKUP_PATH, 'w')
- except:
- sys.stderr.write('Unable to open \"' + LUCI_BACKUP_PATH + '\" to write backup.\n')
- return -1
-
- f.write(doc.toprettyxml())
- f.flush()
- f.close()
-
- print 'Backup was successful. The backup file is',LUCI_BACKUP_PATH
try:
- luci = pwd.getpwnam(LUCI_USER)[2:4]
- os.chown(LUCI_DB_PATH, luci[0], luci[1])
- os.chmod(LUCI_DB_PATH, 0600)
+ f = file(LUCI_BACKUP_PATH, 'wb+')
except:
- sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
+ sys.stderr.write('Unable to open \"' + LUCI_BACKUP_PATH + '\" to write backup.\n')
+ return -1
try:
os.chmod(LUCI_BACKUP_PATH, 0600)
except OSError, e:
print "An error occurred while making",LUCI_BACKUP_PATH,"read-only:",e
print "Please check that this file is not world-readable."
+ if not doc:
+ sys.stderr.write('The Luci backup failed.\n')
+ sys.exit(1)
+ f.write(doc.toprettyxml())
+ f.flush()
+ f.close()
def restore(argv):
print 'Restoring the Luci server...'
-
+
+ try: os.umask(077)
+ except: pass
+
# for reasons that make no sense, zope/plone will fall
# on its face if www/ok.gif and images/version.gif don't
# exist and have@least something in them.
try:
os.makedirs(LUCI_TEMP + 'www')
os.makedirs(LUCI_TEMP + 'images')
- except:pass
+ except: pass
try:
- os.chdir(LUCI_TEMP)
f = file(LUCI_TEMP + 'www/ok.gif', 'w')
f.write('luci\n')
f.close()
@@ -864,12 +922,18 @@
f.write('luci\n')
f.close()
except:
- os.unlink(LUCI_TEMP + 'www/ok.gif')
- os.unlink(LUCI_TEMP + 'images/version.gif')
- os.removedirs(LUCI_TEMP)
+ try:
+ os.unlink(LUCI_TEMP + 'www/ok.gif')
+ os.unlink(LUCI_TEMP + 'images/version.gif')
+ os.rmdir(LUCI_TEMP + 'www')
+ os.rmdir(LUCI_TEMP + 'images')
+ os.rmdir(LUCI_TEMP)
+ except: pass
print 'Unable to initialize restore.'
sys.exit(1)
+ os.chdir(LUCI_TEMP)
+
ret = True
if luci_restore(argv[2:]):
print 'The Luci restore failed. Try reinstalling Luci, then restoring again.'
@@ -878,6 +942,15 @@
print 'Restore was successful.'
restart_message()
+ os.chdir(LUCI_BACKUP_DIR)
+ try:
+ os.unlink(LUCI_TEMP + 'www/ok.gif')
+ os.unlink(LUCI_TEMP + 'images/version.gif')
+ os.rmdir(LUCI_TEMP + 'www')
+ os.rmdir(LUCI_TEMP + 'images')
+ os.rmdir(LUCI_TEMP)
+ except: pass
+
try:
luci = pwd.getpwnam(LUCI_USER)[2:4]
os.chown(LUCI_DB_PATH, luci[0], luci[1])
@@ -885,12 +958,6 @@
except:
sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
- try:
- os.unlink(LUCI_TEMP + 'www/ok.gif')
- os.unlink(LUCI_TEMP + 'images/version.gif')
- os.removedirs(LUCI_TEMP)
- except: pass
-
return ret
@@ -904,7 +971,7 @@
print '\tpassword: reset admin password'
print '\thelp: this help message'
print
-
+
def main(argv):
@@ -912,16 +979,16 @@
luci_help(argv)
sys.exit(1)
pass
-
-
+
+
# only root can modify Luci server
if os.getuid() != 0:
print 'Only root can modify Luci server.'
print 'Try again with root privileges.'
sys.exit(2)
pass
-
-
+
+
if 'init' in argv:
init(argv)
elif 'backup' in argv:
@@ -938,7 +1005,7 @@
luci_help(argv)
sys.exit(1)
-
+
# If called from the command line
if __name__ == '__main__':
main(sys.argv)
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-21 23:06 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-21 23:06 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-21 23:06:29
Modified files:
luci/utils : luci_admin
Log message:
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.17&r2=1.18
--- conga/luci/utils/luci_admin 2006/06/21 17:41:30 1.17
+++ conga/luci/utils/luci_admin 2006/06/21 23:06:28 1.18
@@ -322,7 +322,7 @@
stitle = str(stitle)
try:
- x.manage_addFolder(newsys, stitle)
+ new_cluster.manage_addFolder(newsys, stitle)
newcs = app.unrestrictedTraverse('/luci/systems/cluster/' + id + '/' + newsys)
if not newcs:
raise
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-21 17:41 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-21 17:41 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-21 17:41:30
Modified files:
luci/utils : luci_admin
Log message:
more cleanup
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.16&r2=1.17
--- conga/luci/utils/luci_admin 2006/06/21 17:06:44 1.16
+++ conga/luci/utils/luci_admin 2006/06/21 17:41:30 1.17
@@ -1,6 +1,6 @@
#!/usr/bin/python
-import sys, os, stat, random, crypt, select, string
+import sys, os, stat, random, crypt, select, string, pwd
from sys import stderr, argv
import types
import xml
@@ -22,7 +22,8 @@
SSL_PRIVKEY_PATH='/var/lib/luci/var/certs/privkey.pem'
SSL_PUBKEY_PATH='/var/lib/luci/var/certs/cacert.pem'
SSL_KEYCONFIG_PATH='/var/lib/luci/var/certs/cacert.config'
-LUCI_BACKUP_PATH='/var/lib/luci/var/luci_backup.xml'
+LUCI_BACKUP_DIR='/var/lib/luci/var'
+LUCI_BACKUP_PATH=LUCI_BACKUP_DIR + '/luci_backup.xml'
LUCI_DB_PATH='/var/lib/luci/var/Data.fs'
LUCI_TEMP='/var/lib/luci/var/temp/'
@@ -50,7 +51,6 @@
inituser.close()
try:
- import pwd
luci = pwd.getpwnam(LUCI_USER)[2:4]
os.chown(INITUSER_FILE_PATH, luci[0], luci[1])
except:
@@ -129,7 +129,7 @@
if not portal_mem or not portal_reg:
raise
except:
- sys.stderr.write('Your Luci installation appears to be corrupt.')
+ sys.stderr.write('Your Luci installation appears to be corrupt.\n')
return -1
userList = node.getElementsByTagName('userList')
@@ -193,17 +193,17 @@
if not x:
raise
except:
- sys.stderr.write('Cannot find the Luci storage systems directory. Your Luci installation may be corrupt.')
+ sys.stderr.write('Cannot find the Luci storage systems directory. Your Luci installation may be corrupt.\n')
transaction.abort()
return -1
systemList = node.getElementsByTagName('systemList')
if not systemList or len(systemList) < 1:
- verbose.write('No storage systems to add')
+ verbose.write('No storage systems to add\n')
else:
systemList = systemList[0].getElementsByTagName('system')
if len(systemList) < 1:
- verbose.write('No storage systems to add')
+ verbose.write('No storage systems to add\n')
for s in systemList:
id = s.getAttribute('id')
@@ -250,17 +250,17 @@
if not x:
raise
except:
- sys.stderr.write('Cannot find the Luci cluster directory. Your Luci installation may be corrupt.')
+ sys.stderr.write('Cannot find the Luci cluster directory. Your Luci installation may be corrupt.\n')
transaction.abort()
return -1
clusterList = node.getElementsByTagName('clusterList')
if not clusterList or len(clusterList) < 1:
- verbose.write('No clusters to add')
+ verbose.write('No clusters to add\n')
else:
clusterList = clusterList[0].getElementsByTagName('cluster')
if len(clusterList) < 1:
- verbose.write('No clusters to add')
+ verbose.write('No clusters to add\n')
for c in clusterList:
id = c.getAttribute('id')
@@ -397,7 +397,7 @@
conn = db.open()
except:
stderr.write('Unable to open the luci database \"' + dbfn + '\"\n')
- return -1
+ return None
examine_classes = [
'OFS.Folder.Folder',
@@ -409,11 +409,6 @@
clusters = {}
users = {}
- if len(argv) > 1:
- backupfn = argv[1]
- else:
- backupfn = LUCI_BACKUP_PATH
-
# To suppress some useless zope error messages.
sys.stderr = null
@@ -560,7 +555,7 @@
certfile.close()
except False:
sys.stderr.write('Unable to read ' + SSL_PRIVKEY_PATH + '\n')
- return -1
+ return None
try:
certfile = file(SSL_PUBKEY_PATH, 'rb')
@@ -578,7 +573,7 @@
certfile.close()
except:
sys.stderr.write('Unable to read ' + SSL_PUBKEY_PATH + '\n')
- return -1
+ return None
try:
certfile = file(SSL_KEYCONFIG_PATH, 'rb')
@@ -598,18 +593,7 @@
sys.stderr.write('Unable to read ' + SSL_KEYCONFIG_PATH + '\n')
luciData.appendChild(dataNode)
-
- # TODO: this needs to backup the backup, if any, and should
- # write to a tempfile, then rename.
- try:
- f = file(backupfn, 'w')
- except:
- sys.stderr.write('Unable to open \"' + backupfn + '\" to write backup.\n')
- return -1
-
- f.write(doc.toprettyxml())
- f.flush()
- f.close()
+ return doc
def _execWithCaptureErrorStatus(command, argv, searchPath = 0, root = '/', stdin = 0, catchfd = 1, catcherrfd = 2, closefd = -1):
if not os.access (root + command, os.X_OK):
@@ -810,13 +794,49 @@
try: os.umask(077)
except: pass
- if luci_backup(argv[2:]):
+ doc = luci_backup(argv[2:])
+ if not doc:
sys.stderr.write('The Luci backup failed.\n')
sys.exit(1)
+ try:
+ stat = os.stat(LUCI_BACKUP_PATH)
+ trynum = 1
+ basename = '/luci_backup-'
+ while True:
+ oldbackup = LUCI_BACKUP_DIR + basename + str(trynum) + '.xml'
+ if not os.path.exists(oldbackup):
+ try:
+ os.rename(LUCI_BACKUP_PATH, oldbackup)
+ except:
+ sys.write.stderr('Unable to rename the existing backup file.\n')
+ sys.exit(1)
+ break
+ trynum += 1
+ except OSError, e:
+ #if e[0] == 2:
+ pass
+
+ try:
+ f = file(LUCI_BACKUP_PATH, 'w')
+ except:
+ sys.stderr.write('Unable to open \"' + LUCI_BACKUP_PATH + '\" to write backup.\n')
+ return -1
+
+ f.write(doc.toprettyxml())
+ f.flush()
+ f.close()
+
print 'Backup was successful. The backup file is',LUCI_BACKUP_PATH
try:
+ luci = pwd.getpwnam(LUCI_USER)[2:4]
+ os.chown(LUCI_DB_PATH, luci[0], luci[1])
+ os.chmod(LUCI_DB_PATH, 0600)
+ except:
+ sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
+
+ try:
os.chmod(LUCI_BACKUP_PATH, 0600)
except OSError, e:
print "An error occurred while making",LUCI_BACKUP_PATH,"read-only:",e
@@ -859,6 +879,13 @@
restart_message()
try:
+ luci = pwd.getpwnam(LUCI_USER)[2:4]
+ os.chown(LUCI_DB_PATH, luci[0], luci[1])
+ os.chmod(LUCI_DB_PATH, 0600)
+ except:
+ sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
+
+ try:
os.unlink(LUCI_TEMP + 'www/ok.gif')
os.unlink(LUCI_TEMP + 'images/version.gif')
os.removedirs(LUCI_TEMP)
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-21 17:06 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-21 17:06 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-21 17:06:44
Modified files:
luci/utils : luci_admin
Log message:
cleanups
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.15&r2=1.16
--- conga/luci/utils/luci_admin 2006/06/18 15:02:47 1.15
+++ conga/luci/utils/luci_admin 2006/06/21 17:06:44 1.16
@@ -24,6 +24,7 @@
SSL_KEYCONFIG_PATH='/var/lib/luci/var/certs/cacert.config'
LUCI_BACKUP_PATH='/var/lib/luci/var/luci_backup.xml'
LUCI_DB_PATH='/var/lib/luci/var/Data.fs'
+LUCI_TEMP='/var/lib/luci/var/temp/'
INITUSER_FILE_PATH = '/var/lib/luci/inituser'
@@ -198,11 +199,11 @@
systemList = node.getElementsByTagName('systemList')
if not systemList or len(systemList) < 1:
- sys.write.stderr('No storage systems to add')
+ verbose.write('No storage systems to add')
else:
systemList = systemList[0].getElementsByTagName('system')
if len(systemList) < 1:
- sys.write.stderr('No storage systems to add')
+ verbose.write('No storage systems to add')
for s in systemList:
id = s.getAttribute('id')
@@ -255,11 +256,11 @@
clusterList = node.getElementsByTagName('clusterList')
if not clusterList or len(clusterList) < 1:
- verbose('No clusters to add')
+ verbose.write('No clusters to add')
else:
clusterList = clusterList[0].getElementsByTagName('cluster')
if len(clusterList) < 1:
- verbose('No clusters to add')
+ verbose.write('No clusters to add')
for c in clusterList:
id = c.getAttribute('id')
@@ -810,7 +811,7 @@
except: pass
if luci_backup(argv[2:]):
- sys.write.stderr('The Luci backup failed.\n')
+ sys.stderr.write('The Luci backup failed.\n')
sys.exit(1)
print 'Backup was successful. The backup file is',LUCI_BACKUP_PATH
@@ -825,13 +826,45 @@
def restore(argv):
print 'Restoring the Luci server...'
+ # for reasons that make no sense, zope/plone will fall
+ # on its face if www/ok.gif and images/version.gif don't
+ # exist and have@least something in them.
+ try:
+ os.makedirs(LUCI_TEMP + 'www')
+ os.makedirs(LUCI_TEMP + 'images')
+ except:pass
+
+ try:
+ os.chdir(LUCI_TEMP)
+ f = file(LUCI_TEMP + 'www/ok.gif', 'w')
+ f.write('luci\n')
+ f.close()
+
+ f = file(LUCI_TEMP + 'images/version.gif', 'w')
+ f.write('luci\n')
+ f.close()
+ except:
+ os.unlink(LUCI_TEMP + 'www/ok.gif')
+ os.unlink(LUCI_TEMP + 'images/version.gif')
+ os.removedirs(LUCI_TEMP)
+ print 'Unable to initialize restore.'
+ sys.exit(1)
+
+ ret = True
if luci_restore(argv[2:]):
print 'The Luci restore failed. Try reinstalling Luci, then restoring again.'
- sys.exit(1)
+ ret = False
+ else:
+ print 'Restore was successful.'
+ restart_message()
+
+ try:
+ os.unlink(LUCI_TEMP + 'www/ok.gif')
+ os.unlink(LUCI_TEMP + 'images/version.gif')
+ os.removedirs(LUCI_TEMP)
+ except: pass
- print 'Restore was successful.'
- restart_message()
- return True
+ return ret
def luci_help(argv):
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-18 15:02 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-18 15:02 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-18 15:02:48
Modified files:
luci/utils : luci_admin
Log message:
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.14&r2=1.15
--- conga/luci/utils/luci_admin 2006/06/18 12:50:31 1.14
+++ conga/luci/utils/luci_admin 2006/06/18 15:02:47 1.15
@@ -44,6 +44,7 @@
except: pass
inituser.close()
return -1
+
inituser.write(user + ':' + password)
inituser.close()
@@ -165,23 +166,27 @@
props = {
'username': id,
'roles': [ 'Member' ],
- 'password': 'changeme',
- 'confirm': 'changeme',
'domains': [],
'email': email
}
- portal_reg.addMember(id, 'changeme', props)
+ portal_reg.addMember(id, passwd, props)
+
member = portal_mem.getMemberById(id)
if not member:
transaction.abort()
sys.stderr.write('An error occurred while restoring the user \"' + id + '\"\n')
return -1
+ try:
+ aclu = app.unrestrictedTraverse('/luci/acl_users/Users/acl_users/')
+ aclu.__dict__['data'][id].__dict__['__'] = passwd
+ except:
+ transaction.abort()
+ sys.stderr.write('An error occurred while restoring the password for user \"' + id + '\"\n')
verbose.write('Added user \"' + id + '\"\n')
transaction.commit()
-
try:
x = app.unrestrictedTraverse('/luci/systems/storage')
if not x:
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-18 12:50 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-18 12:50 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-18 12:50:31
Modified files:
luci/utils : luci_admin
Log message:
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.13&r2=1.14
--- conga/luci/utils/luci_admin 2006/06/18 03:26:29 1.13
+++ conga/luci/utils/luci_admin 2006/06/18 12:50:31 1.14
@@ -1,6 +1,11 @@
#!/usr/bin/python
import sys, os, stat, random, crypt, select, string
+from sys import stderr, argv
+import types
+import xml
+import xml.dom
+from xml.dom import minidom
sys.path.extend((
'/usr/lib64/zope/lib/python',
@@ -9,32 +14,6 @@
'/usr/lib/zope/lib/python/Products'
))
-from sys import stderr, argv
-import ZODB
-from ZODB.FileStorage import FileStorage
-from ZODB.DB import DB
-import xml
-import xml.dom
-from xml.dom import minidom
-import types
-
-import OFS
-from OFS.Application import AppInitializer
-import OFS.Folder
-import AccessControl
-import AccessControl.User
-from AccessControl.SecurityManagement import newSecurityManager
-import transaction
-
-null = file('/dev/null', 'rwb+', 0)
-orig_stderr = sys.stderr
-
-sys.stderr = null
-import Products.CMFCore
-sys.stderr = orig_stderr
-
-import Products.CMFCore.MemberDataTool
-
LUCI_INIT_DEBUG = 0
LUCI_USER='luci'
@@ -48,19 +27,49 @@
INITUSER_FILE_PATH = '/var/lib/luci/inituser'
-examine_classes = [
- 'OFS.Folder.Folder',
- 'AccessControl.User.User',
- 'Products.CMFCore.MemberDataTool.MemberData'
-]
-
+null = file(os.devnull, 'rwb+', 0)
+orig_stderr = sys.stderr
if LUCI_INIT_DEBUG:
verbose = sys.stderr
else:
verbose = null
+def save_password(user, password):
+ inituser = file(INITUSER_FILE_PATH, 'w')
+ try: os.chmod(INITUSER_FILE_PATH, 0600)
+ except OSError, e:
+ print 'An error occurred while saving',user,'password:',e
+ try: os.unlink(INITUSER_FILE_PATH)
+ except: pass
+ inituser.close()
+ return -1
+ inituser.write(user + ':' + password)
+ inituser.close()
+
+ try:
+ import pwd
+ luci = pwd.getpwnam(LUCI_USER)[2:4]
+ os.chown(INITUSER_FILE_PATH, luci[0], luci[1])
+ except:
+ return -1
+
def luci_restore(argv):
+ import ZODB
+ from ZODB.FileStorage import FileStorage
+ from ZODB.DB import DB
+ import OFS
+ from OFS.Application import AppInitializer
+ import OFS.Folder
+ import AccessControl
+ import AccessControl.User
+ from AccessControl.SecurityManagement import newSecurityManager
+ import transaction
+ sys.stderr = null
+ import Products.CMFCore
+ sys.stderr = orig_stderr
+ import Products.CMFCore.MemberDataTool
+
if len(argv) > 0:
dbfn = argv[0]
else:
@@ -144,7 +153,9 @@
continue
passwd = str(passwd)
- if id != 'admin':
+ if id == 'admin':
+ save_password('admin', passwd)
+ else:
email = u.getAttribute('email')
if not email:
email = id + '@luci.example.org'
@@ -360,6 +371,14 @@
return node.cloneNode(True)
def luci_backup(argv):
+ import ZODB
+ from ZODB.FileStorage import FileStorage
+ from ZODB.DB import DB
+ import OFS
+ import OFS.Folder
+ import AccessControl
+ import AccessControl.User
+
if len(argv) > 0:
dbfn = argv[0]
else:
@@ -374,6 +393,12 @@
stderr.write('Unable to open the luci database \"' + dbfn + '\"\n')
return -1
+ examine_classes = [
+ 'OFS.Folder.Folder',
+ 'AccessControl.User.User',
+ 'Products.CMFCore.MemberDataTool.MemberData'
+ ]
+
systems = {}
clusters = {}
users = {}
@@ -711,25 +736,12 @@
salt = random.choice(salt_choices) + random.choice(salt_choices)
pswd = '{CRYPT}' + crypt.crypt(password, salt)
return pswd
-def save_password(user, password):
- inituser = file(INITUSER_FILE_PATH, 'w')
- os.chmod(INITUSER_FILE_PATH, stat.S_IRUSR|stat.S_IWUSR)
- inituser.write(user + ':' + password)
- inituser.close()
-
- command = '/bin/chown'
- args = [command, LUCI_USER, INITUSER_FILE_PATH]
- _execWithCaptureErrorStatus(command, args)
-
- return
-
-
def restart_message():
print
print
- print 'Restart Luci server for changes to take effect'
+ print 'Restart the Luci server for changes to take effect'
print 'eg. service luci restart'
print
return
@@ -812,6 +824,7 @@
print 'The Luci restore failed. Try reinstalling Luci, then restoring again.'
sys.exit(1)
+ print 'Restore was successful.'
restart_message()
return True
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-18 3:26 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-18 3:26 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-18 03:26:29
Modified files:
luci/utils : luci_admin
Log message:
silence useless zope/plone warnings, make sure luci_backup.xml is not world-readable.
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.12&r2=1.13
--- conga/luci/utils/luci_admin 2006/06/16 23:19:58 1.12
+++ conga/luci/utils/luci_admin 2006/06/18 03:26:29 1.13
@@ -18,20 +18,22 @@
from xml.dom import minidom
import types
-import Zope2
import OFS
-import App
-import App.Extensions
-import OFS.Application
-from App.Extensions import *
from OFS.Application import AppInitializer
import OFS.Folder
import AccessControl
import AccessControl.User
from AccessControl.SecurityManagement import newSecurityManager
+import transaction
+
+null = file('/dev/null', 'rwb+', 0)
+orig_stderr = sys.stderr
+
+sys.stderr = null
import Products.CMFCore
+sys.stderr = orig_stderr
+
import Products.CMFCore.MemberDataTool
-import transaction
LUCI_INIT_DEBUG = 0
@@ -52,13 +54,11 @@
'Products.CMFCore.MemberDataTool.MemberData'
]
-null = file('/dev/null', 'rwb+', 0)
if LUCI_INIT_DEBUG:
verbose = sys.stderr
else:
verbose = null
-orig_stderr = sys.stderr
def luci_restore(argv):
if len(argv) > 0:
@@ -130,7 +130,7 @@
if not userList or len(userList) < 1:
sys.stderr.write('Your backup file contains no users. At the very least, the admin user must exist. Please check that your backup file is not corrupt.\n')
return -1
-
+
for u in userList:
id = u.getAttribute('id')
if not id:
@@ -468,9 +468,8 @@
try:
cur_user = users[dict['id']]
except:
- users[dict['name']] = {}
+ users[dict['name']] = { 'id': dict['name'] }
cur_user = users[dict['name']]
- cur_user['id'] = dict['name']
cur_user['name'] = dict['name']
cur_user['passwd'] = dict['__']
elif obj_class == 'Products.CMFCore.MemberDataTool.MemberData':
@@ -484,9 +483,8 @@
try:
cur_user = users[dict['name']]
except:
- users[dict['id']] = {}
+ users[dict['id']] = { 'name': dict['id'] }
cur_user = users[dict['id']]
- cur_user['name'] = dict['id']
for i in dict:
cur_user[i] = dict[i]
if next_oid is None:
@@ -783,32 +781,39 @@
def backup(argv):
- if not luci_initialized():
- print 'Luci site has not yet been initialized'
- print 'To initialize it, execute'
- print argv[0] + ' init'
- sys.exit(1)
- pass
-
- print 'Backing up the Luci server...'
-
- if luci_backup(argv[2:]):
- sys.write.stderr('The Luci backup failed.\n')
- sys.exit(1)
- print 'Backup was successful. The backup file is',LUCI_BACKUP_PATH
- return
+ if not luci_initialized():
+ print 'Luci site has not yet been initialized'
+ print 'To initialize it, execute'
+ print argv[0] + ' init'
+ sys.exit(1)
+
+ print 'Backing up the Luci server...'
+
+ try: os.umask(077)
+ except: pass
+
+ if luci_backup(argv[2:]):
+ sys.write.stderr('The Luci backup failed.\n')
+ sys.exit(1)
+
+ print 'Backup was successful. The backup file is',LUCI_BACKUP_PATH
+
+ try:
+ os.chmod(LUCI_BACKUP_PATH, 0600)
+ except OSError, e:
+ print "An error occurred while making",LUCI_BACKUP_PATH,"read-only:",e
+ print "Please check that this file is not world-readable."
def restore(argv):
- print 'Restoring the Luci server...'
+ print 'Restoring the Luci server...'
- if luci_restore(argv[2:]):
- print 'The Luci restore failed. Try reinstalling Luci, then restoring again.'
- sys.exit(1)
+ if luci_restore(argv[2:]):
+ print 'The Luci restore failed. Try reinstalling Luci, then restoring again.'
+ sys.exit(1)
- restart_message()
-
- return
+ restart_message()
+ return True
def luci_help(argv):
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-16 23:19 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-16 23:19 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-16 23:19:59
Modified files:
luci/utils : luci_admin
Log message:
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.11&r2=1.12
--- conga/luci/utils/luci_admin 2006/06/16 19:35:33 1.11
+++ conga/luci/utils/luci_admin 2006/06/16 23:19:58 1.12
@@ -118,7 +118,7 @@
if not portal_mem or not portal_reg:
raise
except:
- sys.stderr.write('Your Luci installation appears to be corrupt. Please reinstall, then try to restore again.')
+ sys.stderr.write('Your Luci installation appears to be corrupt.')
return -1
userList = node.getElementsByTagName('userList')
@@ -127,6 +127,10 @@
return -1
userList = userList[0].getElementsByTagName('user')
+ if not userList or len(userList) < 1:
+ sys.stderr.write('Your backup file contains no users. At the very least, the admin user must exist. Please check that your backup file is not corrupt.\n')
+ return -1
+
for u in userList:
id = u.getAttribute('id')
if not id:
@@ -164,7 +168,8 @@
return -1
verbose.write('Added user \"' + id + '\"\n')
- #transaction.commit()
+ transaction.commit()
+
try:
x = app.unrestrictedTraverse('/luci/systems/storage')
@@ -180,14 +185,20 @@
sys.write.stderr('No storage systems to add')
else:
systemList = systemList[0].getElementsByTagName('system')
+ if len(systemList) < 1:
+ sys.write.stderr('No storage systems to add')
for s in systemList:
id = s.getAttribute('id')
if not id:
- sys.stderr.write('Missing ID for storage system')
- continue
+ sys.stderr.write('Missing ID for storage system. Your backup may be corrupt.\n')
+ transaction.abort()
+ return -1
id = str(id)
- title = str(s.getAttribute('title'))
+ try:
+ title = str(s.getAttribute('title'))
+ except:
+ title = '__luci__:system'
x.manage_addFolder(id, title)
try:
@@ -201,18 +212,21 @@
userPerms = s.getElementsByTagName('permList')
if not userPerms or len(userPerms) < 1:
+ verbose.write('Added storage system \"' + id + '\"\n')
continue
userPerms = userPerms[0].getElementsByTagName('ref')
for i in userPerms:
- if i.nodeType != xml.dom.Node.ELEMENT_NODE:
- continue
newuser = i.getAttribute('name')
if not newuser:
continue
- new_system.manage_setLocalRoles(newuser, ['View'])
+ try:
+ new_system.manage_setLocalRoles(newuser, ['View'])
+ verbose.write('Added view permission to storage system \"' + id + '\" for \"' + newuser + '\"\n')
+ except:
+ sys.stderr.write('An error occurred while restoring permission for storage system \"' + id + '\" for user \"' + newuser + '\"\n')
verbose.write('Added storage system \"' + id + '\"\n')
- #transaction.commit()
+ transaction.commit()
try:
x = app.unrestrictedTraverse('/luci/systems/cluster')
@@ -222,14 +236,28 @@
sys.stderr.write('Cannot find the Luci cluster directory. Your Luci installation may be corrupt.')
transaction.abort()
return -1
- clusterList = node.getElementsByTagName('cluster')
+
+ clusterList = node.getElementsByTagName('clusterList')
+ if not clusterList or len(clusterList) < 1:
+ verbose('No clusters to add')
+ else:
+ clusterList = clusterList[0].getElementsByTagName('cluster')
+ if len(clusterList) < 1:
+ verbose('No clusters to add')
+
for c in clusterList:
id = c.getAttribute('id')
if not id:
sys.stderr.write('Cluster element is missing id\n')
- continue
+ transaction.abort()
+ return -1
id = str(id)
- title = str(c.getAttribute('title'))
+
+ title = c.getAttribute('title')
+ if not title:
+ title = '__luci__:cluster'
+ else:
+ title = str(title)
try:
x.manage_addFolder(id, title)
@@ -241,49 +269,65 @@
transaction.abort()
return -1
+ viewperm = list()
+
userPerms = c.getElementsByTagName('permList')
- if not userPerms or len(userPerms) < 1:
- continue
- userPerms = userPerms[0].getElementsByTagName('ref')
- for i in userPerms:
- if i.nodeType != xml.dom.Node.ELEMENT_NODE:
- continue
- newuser = i.getAttribute('name')
- if not newuser:
- continue
- new_cluster.manage_setLocalRoles(newuser, ['View'])
+ if userPerms and len(userPerms) > 0:
+ userPerms = userPerms[0].getElementsByTagName('ref')
+ for i in userPerms:
+ newuser = i.getAttribute('name')
+ if not newuser:
+ continue
+ newuser = str(newuser)
- clusterSystems = c.getElementsByTagName('systemsList')
+ try:
+ new_cluster.manage_setLocalRoles(newuser, ['View'])
+ verbose.write('Added view permission to cluster \"' + id + '\" for \"' + newuser + '\"\n')
+ except:
+ sys.stderr.write('An error occurred while restoring permission for cluster \"' + id + '\" for user \"' + newuser + '\"\n')
+ viewperm.append(newuser)
+
+ clusterSystems = c.getElementsByTagName('csystemList')
if not clusterSystems or len(clusterSystems) < 1:
verbose.write('Cluster \"' + id + '\" has no storage systems\n')
- continue
- clusterSystems = clusterSystems[0].getElementsByTagName('ref')
- for i in clusterSystems:
- newsys = i.getAttribute('name')
- if not newsys:
- sys.stderr.write('Storage system missing name for cluster \"' + id + '\"\n')
- continue
- newsys = str(newsys)
- stitle = i.getAttribute('title')
- if stitle:
- stitle = str(stitle)
- else:
- stitle = None
- try:
- x.manage_addFolder(newsys, stitle)
- newcs = app.unrestrictedTraverse('/luci/systems/cluster/' + id + '/' + newsys)
- if not newcs:
- raise
- except:
- sys.stderr.write('An error occurred while restoring the storage system \"' + newsys + '\" for cluster \"' + id + '\"')
- transaction.abort()
- return -1
- verbose.write('Added storage system \"' + newsys + '\" for cluster \"' + id)
- verbose.write('Added cluster\"' + id + '\"')
- #transaction.commit()
+ else:
+ clusterSystems = clusterSystems[0].getElementsByTagName('csystem')
+ for i in clusterSystems:
+ newsys = i.getAttribute('id')
+ if not newsys:
+ sys.stderr.write('Storage system missing name for cluster \"' + id + '\"\n')
+ continue
+ newsys = str(newsys)
+ stitle = i.getAttribute('title')
+ if not stitle:
+ stitle = '__luci__:csystem:' + id
+ else:
+ stitle = str(stitle)
+
+ try:
+ x.manage_addFolder(newsys, stitle)
+ newcs = app.unrestrictedTraverse('/luci/systems/cluster/' + id + '/' + newsys)
+ if not newcs:
+ raise
+ except:
+ sys.stderr.write('An error occurred while restoring the storage system \"' + newsys + '\" for cluster \"' + id + '\"\n')
+ transaction.abort()
+ return -1
+ transaction.commit()
+
+ try:
+ for i in viewperm:
+ newcs.manage_setLocalRoles(i, ['View'])
+ verbose.write('Added view permission to cluster system \"' + newsys + '\" for \"' + i + '\"\n')
+ except:
+ sys.stderr.write('An error occurred while restoring permissions for cluster system \"' + newsys + '\" in cluster \"' + id + '\" for user \"' + i + '\"\n')
+ transaction.abort()
+ return -1
+ verbose.write('Added storage system \"' + newsys + '\" for cluster \"' + id + '\"\n')
+ verbose.write('Added cluster \"' + id + '\"\n')
+ transaction.commit()
- #transaction.commit()
- transaction.abort()
+ transaction.commit()
conn.close()
db.pack()
db.close()
@@ -328,7 +372,7 @@
conn = db.open()
except:
stderr.write('Unable to open the luci database \"' + dbfn + '\"\n')
- sys.exit(1)
+ return -1
systems = {}
clusters = {}
@@ -339,14 +383,6 @@
else:
backupfn = LUCI_BACKUP_PATH
- # TODO: this needs to backup the backup, if any, and should
- # write to a tempfile, then rename.
- try:
- f = file(backupfn, 'w')
- except:
- sys.stderr.write('Unable to open \"' + backupfn + '\" to write backup.\n')
- sys.exit(1)
-
# To suppress some useless zope error messages.
sys.stderr = null
@@ -374,27 +410,38 @@
dict = obj.__dict__
if obj_class == 'OFS.Folder.Folder':
- if not 'title' in dict or dict['title'][0:9] != '__luci__:':
+ if not 'title' in dict or not dict['title'] or dict['title'][0:9] != '__luci__:':
if next_oid is None: break
else: continue
title = dict['title'].split(':')
cur = None
if title[1] == 'cluster':
- clusters[dict['id']] = {
- 'id': dict['id'],
- 'title': dict['title'],
- 'permList': [],
- 'systemsList:': []
- }
- cur = clusters[dict['id']]
+ if not dict['id'] in clusters:
+ clusters[dict['id']] = {
+ 'id': dict['id'],
+ 'title': dict['title'],
+ 'permList': [],
+ 'csystemList': {}
+ }
+ cur = clusters[dict['id']]
+ else:
+ cur = clusters[dict['id']]
+ cur['id'] = dict['id']
+ cur['title'] = dict['title']
elif title[1] == 'csystem':
if len(title) > 2:
clusterName = title[2]
- else:
- parent = obj.parentNode()
- clusterName = parent.__dict__['id']
- clusters[clusterName]['systemsList'].append(dict['id'])
+ if not clusterName in clusters:
+ clusters[clusterName] = {
+ 'id': clusterName,
+ 'csystemList': {},
+ 'permList': []
+ }
+ clusters[clusterName]['csystemList'][dict['id']] = {
+ 'id': dict['id'],
+ 'title': '__luci__:csystem:' + clusterName,
+ }
elif title[1] == 'system':
systems[dict['id']] = {
'id': dict['id'],
@@ -407,7 +454,7 @@
if next_oid is None: break
else: continue
- if cur:
+ if cur and '__ac_local_roles__' in dict:
roles = dict['__ac_local_roles__']
for i in roles:
if not i in users:
@@ -446,7 +493,6 @@
break
sys.stderr = orig_stderr
- null.close()
conn.close()
db.close()
fs.close()
@@ -459,9 +505,9 @@
del users[i]
backup = {
+ 'userList': users,
'systemList': systems,
- 'clusterList': clusters,
- 'userList': users
+ 'clusterList': clusters
}
doc = xml.dom.minidom.Document()
@@ -485,7 +531,7 @@
certfile.close()
except False:
sys.stderr.write('Unable to read ' + SSL_PRIVKEY_PATH + '\n')
- sys.exit(1)
+ return -1
try:
certfile = file(SSL_PUBKEY_PATH, 'rb')
@@ -503,7 +549,7 @@
certfile.close()
except:
sys.stderr.write('Unable to read ' + SSL_PUBKEY_PATH + '\n')
- sys.exit(1)
+ return -1
try:
certfile = file(SSL_KEYCONFIG_PATH, 'rb')
@@ -523,6 +569,15 @@
sys.stderr.write('Unable to read ' + SSL_KEYCONFIG_PATH + '\n')
luciData.appendChild(dataNode)
+
+ # TODO: this needs to backup the backup, if any, and should
+ # write to a tempfile, then rename.
+ try:
+ f = file(backupfn, 'w')
+ except:
+ sys.stderr.write('Unable to open \"' + backupfn + '\" to write backup.\n')
+ return -1
+
f.write(doc.toprettyxml())
f.flush()
f.close()
@@ -735,16 +790,22 @@
sys.exit(1)
pass
- print 'Backing up Luci server'
- luci_backup(argv[2:])
-
+ print 'Backing up the Luci server...'
+
+ if luci_backup(argv[2:]):
+ sys.write.stderr('The Luci backup failed.\n')
+ sys.exit(1)
+ print 'Backup was successful. The backup file is',LUCI_BACKUP_PATH
return
def restore(argv):
- print 'Restoring Luci server'
+ print 'Restoring the Luci server...'
- luci_restore(argv[2:])
+ if luci_restore(argv[2:]):
+ print 'The Luci restore failed. Try reinstalling Luci, then restoring again.'
+ sys.exit(1)
+
restart_message()
return
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-16 19:35 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-16 19:35 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-16 19:35:33
Modified files:
luci/utils : luci_admin
Log message:
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.10&r2=1.11
--- conga/luci/utils/luci_admin 2006/06/16 18:17:24 1.10
+++ conga/luci/utils/luci_admin 2006/06/16 19:35:33 1.11
@@ -33,6 +33,8 @@
import Products.CMFCore.MemberDataTool
import transaction
+LUCI_INIT_DEBUG = 0
+
LUCI_USER='luci'
LUCI_GROUP='luci'
@@ -50,6 +52,14 @@
'Products.CMFCore.MemberDataTool.MemberData'
]
+null = file('/dev/null', 'rwb+', 0)
+
+if LUCI_INIT_DEBUG:
+ verbose = sys.stderr
+else:
+ verbose = null
+orig_stderr = sys.stderr
+
def luci_restore(argv):
if len(argv) > 0:
dbfn = argv[0]
@@ -67,40 +77,56 @@
db.pack()
conn = db.open()
except:
- stderr.write('Unable to open the luci database \"' + dbfn + '\"\n')
- sys.exit(1)
+ stderr.write('Unable to open the Luci database \"' + dbfn + '\"\n')
+ return -1
try:
node = xml.dom.minidom.parse(backupfn)
except:
- stderr.write('Unable to open the luci backup file \"'+ backupfn +'\"\n')
- sys.exit(1)
+ stderr.write('Unable to open the Luci backup file \"'+ backupfn +'\"\n')
+ return -1
node = node.getElementsByTagName('luci')
if not node or len(node) < 1:
sys.stderr.write('Backup file is missing the \'luci\' tag\n')
- sys.exit(1)
+ return -1
node = node[0].getElementsByTagName('backupData')
if not node or len(node) < 1:
sys.stderr.write('Backup file is missing the \'backupData\' tag\n')
- sys.exit(1)
+ return -1
node = node[0]
- tempuser = AccessControl.User.UnrestrictedUser('admin', '',
- ('manage','Manager', 'Owner', 'View', 'Authenticated'), [])
+ try:
+ sys.stderr = null
+ tempuser = AccessControl.User.UnrestrictedUser('admin', '',
+ ('manage','Manager', 'Owner', 'View', 'Authenticated'), [])
- newSecurityManager(None, tempuser)
+ newSecurityManager(None, tempuser)
- app = conn.root()['Application']
- AppInitializer(app).initialize()
+ app = conn.root()['Application']
+ AppInitializer(app).initialize()
+ sys.stderr = orig_stderr
+ except:
+ sys.stderr = orig_stderr
+ sys.stderr.write('An error occurred while initializing the Luci installation for restoration from backup\n')
+ return -1
- portal_mem = app.unrestrictedTraverse('/luci/portal_membership')
- portal_reg = app.unrestrictedTraverse('/luci/portal_registration')
+ try:
+ portal_mem = app.unrestrictedTraverse('/luci/portal_membership')
+ portal_reg = app.unrestrictedTraverse('/luci/portal_registration')
+ if not portal_mem or not portal_reg:
+ raise
+ except:
+ sys.stderr.write('Your Luci installation appears to be corrupt. Please reinstall, then try to restore again.')
+ return -1
userList = node.getElementsByTagName('userList')
- if userList and len(userList) > 0:
- userList = userList[0].getElementsByTagName('user')
+ if not userList or len(userList) < 1:
+ sys.stderr.write('Your backup file contains no users. At the very least, the admin user must exist. Please check that your backup file is not corrupt.\n')
+ return -1
+
+ userList = userList[0].getElementsByTagName('user')
for u in userList:
id = u.getAttribute('id')
if not id:
@@ -134,10 +160,21 @@
member = portal_mem.getMemberById(id)
if not member:
transaction.abort()
- sys.stderr.write('Error adding user \"' + id + '\"\n')
+ sys.stderr.write('An error occurred while restoring the user \"' + id + '\"\n')
+ return -1
+
+ verbose.write('Added user \"' + id + '\"\n')
#transaction.commit()
- x = app.unrestrictedTraverse('/luci/systems/storage')
+ try:
+ x = app.unrestrictedTraverse('/luci/systems/storage')
+ if not x:
+ raise
+ except:
+ sys.stderr.write('Cannot find the Luci storage systems directory. Your Luci installation may be corrupt.')
+ transaction.abort()
+ return -1
+
systemList = node.getElementsByTagName('systemList')
if not systemList or len(systemList) < 1:
sys.write.stderr('No storage systems to add')
@@ -158,9 +195,9 @@
if not new_system:
raise
except:
- sys.stderr.write('Unable to add system \"' + id + '\"\n')
+ sys.stderr.write('An error occurred while restoring storage system \"' + id + '\"\n')
transaction.abort()
- sys.exit(1)
+ return -1
userPerms = s.getElementsByTagName('permList')
if not userPerms or len(userPerms) < 1:
@@ -173,9 +210,18 @@
if not newuser:
continue
new_system.manage_setLocalRoles(newuser, ['View'])
+
+ verbose.write('Added storage system \"' + id + '\"\n')
#transaction.commit()
- x = app.unrestrictedTraverse('/luci/systems/cluster')
+ try:
+ x = app.unrestrictedTraverse('/luci/systems/cluster')
+ if not x:
+ raise
+ except:
+ sys.stderr.write('Cannot find the Luci cluster directory. Your Luci installation may be corrupt.')
+ transaction.abort()
+ return -1
clusterList = node.getElementsByTagName('cluster')
for c in clusterList:
id = c.getAttribute('id')
@@ -191,9 +237,9 @@
if not new_cluster:
raise
except:
- sys.stderr.write('Error adding cluster \"' + id + '\"\n')
+ sys.stderr.write('An error occurred while restoring the cluster \"' + id + '\"\n')
transaction.abort()
- sys.exit(1)
+ return -1
userPerms = c.getElementsByTagName('permList')
if not userPerms or len(userPerms) < 1:
@@ -209,13 +255,13 @@
clusterSystems = c.getElementsByTagName('systemsList')
if not clusterSystems or len(clusterSystems) < 1:
- sys.stderr.write('No cluster storage systems to add\n')
+ verbose.write('Cluster \"' + id + '\" has no storage systems\n')
continue
clusterSystems = clusterSystems[0].getElementsByTagName('ref')
for i in clusterSystems:
newsys = i.getAttribute('name')
if not newsys:
- sys.stderr.write('Cluster system element missing name tag\n')
+ sys.stderr.write('Storage system missing name for cluster \"' + id + '\"\n')
continue
newsys = str(newsys)
stitle = i.getAttribute('title')
@@ -223,15 +269,26 @@
stitle = str(stitle)
else:
stitle = None
+ try:
x.manage_addFolder(newsys, stitle)
-
+ newcs = app.unrestrictedTraverse('/luci/systems/cluster/' + id + '/' + newsys)
+ if not newcs:
+ raise
+ except:
+ sys.stderr.write('An error occurred while restoring the storage system \"' + newsys + '\" for cluster \"' + id + '\"')
+ transaction.abort()
+ return -1
+ verbose.write('Added storage system \"' + newsys + '\" for cluster \"' + id)
+ verbose.write('Added cluster\"' + id + '\"')
#transaction.commit()
+ #transaction.commit()
transaction.abort()
conn.close()
db.pack()
db.close()
fs.close()
+ return 0
# This function's ability to work is dependent
# upon the structure of @dict
@@ -290,39 +347,36 @@
sys.stderr.write('Unable to open \"' + backupfn + '\" to write backup.\n')
sys.exit(1)
- # To suppress some meaningless zope errors upon unpickling certain
- # kinds of objects.
- temp = sys.stderr
- null = file('/dev/null')
+ # To suppress some useless zope error messages.
+ sys.stderr = null
next_oid = None
while True:
oid, tid, data, next_oid = fs.record_iternext(next_oid)
- sys.stderr = null
try:
obj = conn.get(oid)
obj_class = str(type(obj)).split('\'')[1]
except:
- continue
- sys.stderr = temp
+ if next_oid is None: break
+ else: continue
if not obj_class in examine_classes:
- continue
+ if next_oid is None: break
+ else: continue
- # for some reason, when stderr is dumped to /dev/null
- # something goes wrong here, which is why it's set and restored
- # inside the loop.
try:
conn.setstate(obj)
except:
- continue
+ if next_oid is None: break
+ else: continue
dict = obj.__dict__
if obj_class == 'OFS.Folder.Folder':
if not 'title' in dict or dict['title'][0:9] != '__luci__:':
- continue
+ if next_oid is None: break
+ else: continue
title = dict['title'].split(':')
cur = None
@@ -350,7 +404,8 @@
cur = systems[dict['id']]
else:
# we don't care
- continue
+ if next_oid is None: break
+ else: continue
if cur:
roles = dict['__ac_local_roles__']
@@ -373,7 +428,8 @@
cur_user['passwd'] = dict['__']
elif obj_class == 'Products.CMFCore.MemberDataTool.MemberData':
if not 'id' in dict and not 'name' in dict:
- continue
+ if next_oid is None: break
+ else: continue
try:
cur_user = users[dict['id']]
@@ -388,7 +444,8 @@
cur_user[i] = dict[i]
if next_oid is None:
break
- sys.stderr = temp
+
+ sys.stderr = orig_stderr
null.close()
conn.close()
db.close()
@@ -411,7 +468,7 @@
luciData = doc.createElement('luci')
doc.appendChild(luciData)
dataNode = dataToXML(doc, backup, 'backupData')
-
+
try:
certfile = file(SSL_PRIVKEY_PATH, 'rb')
output = certfile.read()
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-16 18:17 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-16 18:17 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-16 18:17:25
Modified files:
luci/utils : luci_admin
Log message:
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.9&r2=1.10
--- conga/luci/utils/luci_admin 2006/06/16 17:44:17 1.9
+++ conga/luci/utils/luci_admin 2006/06/16 18:17:24 1.10
@@ -44,7 +44,6 @@
INITUSER_FILE_PATH = '/var/lib/luci/inituser'
-
examine_classes = [
'OFS.Folder.Folder',
'AccessControl.User.User',
@@ -77,15 +76,16 @@
stderr.write('Unable to open the luci backup file \"'+ backupfn +'\"\n')
sys.exit(1)
- node = node.getElementsByName('luci')
- if not node:
+ node = node.getElementsByTagName('luci')
+ if not node or len(node) < 1:
sys.stderr.write('Backup file is missing the \'luci\' tag\n')
sys.exit(1)
- node = node.getElementsByName('backupData')
- if not node:
+ node = node[0].getElementsByTagName('backupData')
+ if not node or len(node) < 1:
sys.stderr.write('Backup file is missing the \'backupData\' tag\n')
sys.exit(1)
+ node = node[0]
tempuser = AccessControl.User.UnrestrictedUser('admin', '',
('manage','Manager', 'Owner', 'View', 'Authenticated'), [])
@@ -96,8 +96,11 @@
AppInitializer(app).initialize()
portal_mem = app.unrestrictedTraverse('/luci/portal_membership')
+ portal_reg = app.unrestrictedTraverse('/luci/portal_registration')
- userList = node.getElementsByTagName('user')
+ userList = node.getElementsByTagName('userList')
+ if userList and len(userList) > 0:
+ userList = userList[0].getElementsByTagName('user')
for u in userList:
id = u.getAttribute('id')
if not id:
@@ -136,10 +139,11 @@
x = app.unrestrictedTraverse('/luci/systems/storage')
systemList = node.getElementsByTagName('systemList')
- if not systemList:
+ if not systemList or len(systemList) < 1:
sys.write.stderr('No storage systems to add')
else:
- systemList = systemList.getElementsByTagName('system')
+ systemList = systemList[0].getElementsByTagName('system')
+
for s in systemList:
id = s.getAttribute('id')
if not id:
@@ -148,7 +152,7 @@
id = str(id)
title = str(s.getAttribute('title'))
- x.manage_addFolder(id)
+ x.manage_addFolder(id, title)
try:
new_system = app.unrestrictedTraverse('/luci/systems/storage/' + id)
if not new_system:
@@ -159,16 +163,16 @@
sys.exit(1)
userPerms = s.getElementsByTagName('permList')
- if not userPerms:
+ if not userPerms or len(userPerms) < 1:
continue
- userPerms = userPerms.getElementsByTagName('ref')
+ userPerms = userPerms[0].getElementsByTagName('ref')
for i in userPerms:
if i.nodeType != xml.dom.Node.ELEMENT_NODE:
continue
newuser = i.getAttribute('name')
if not newuser:
continue
- new_system.setLocalRoles(newuser, ['View'])
+ new_system.manage_setLocalRoles(newuser, ['View'])
#transaction.commit()
x = app.unrestrictedTraverse('/luci/systems/cluster')
@@ -182,38 +186,45 @@
title = str(c.getAttribute('title'))
try:
+ x.manage_addFolder(id, title)
new_cluster = app.unrestrictedTraverse('/luci/systems/cluster/'+ id)
if not new_cluster:
raise
except:
sys.stderr.write('Error adding cluster \"' + id + '\"\n')
- tranaction.abort()
+ transaction.abort()
sys.exit(1)
userPerms = c.getElementsByTagName('permList')
- if not userPerms:
+ if not userPerms or len(userPerms) < 1:
continue
- userPerms = userPerms.getElementsByTagName('ref')
+ userPerms = userPerms[0].getElementsByTagName('ref')
for i in userPerms:
if i.nodeType != xml.dom.Node.ELEMENT_NODE:
continue
newuser = i.getAttribute('name')
if not newuser:
continue
- new_cluster.setLocalRoles(newuser, ['View'])
+ new_cluster.manage_setLocalRoles(newuser, ['View'])
clusterSystems = c.getElementsByTagName('systemsList')
- if not clusterSystems:
+ if not clusterSystems or len(clusterSystems) < 1:
sys.stderr.write('No cluster storage systems to add\n')
continue
- clusterSystems = clusterSystems.getElementsByTagName('ref')
+ clusterSystems = clusterSystems[0].getElementsByTagName('ref')
for i in clusterSystems:
newsys = i.getAttribute('name')
if not newsys:
sys.stderr.write('Cluster system element missing name tag\n')
continue
newsys = str(newsys)
- x.manage_addFolder(newsys)
+ stitle = i.getAttribute('title')
+ if stitle:
+ stitle = str(stitle)
+ else:
+ stitle = None
+ x.manage_addFolder(newsys, stitle)
+
#transaction.commit()
transaction.abort()
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-16 17:44 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-16 17:44 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-16 17:44:17
Modified files:
luci/utils : luci_admin
Log message:
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.8&r2=1.9
--- conga/luci/utils/luci_admin 2006/06/16 05:35:22 1.8
+++ conga/luci/utils/luci_admin 2006/06/16 17:44:17 1.9
@@ -74,45 +74,50 @@
try:
node = xml.dom.minidom.parse(backupfn)
except:
- stderr.write('Unable to open the luci backup file \"' + backupfn + '\"\n')
+ stderr.write('Unable to open the luci backup file \"'+ backupfn +'\"\n')
sys.exit(1)
- if node.firstChild.nodeName != 'luci':
- 'The backup file \"' + backupfn + '\" is not in the expected format (expected <luci>)\n'
+ node = node.getElementsByName('luci')
+ if not node:
+ sys.stderr.write('Backup file is missing the \'luci\' tag\n')
sys.exit(1)
- if not node.getElementsByTagName('backupData'):
- 'The backup file \"' + backupfn + '\" is not in the expected format (expected <luci>)\n'
+ node = node.getElementsByName('backupData')
+ if not node:
+ sys.stderr.write('Backup file is missing the \'backupData\' tag\n')
sys.exit(1)
tempuser = AccessControl.User.UnrestrictedUser('admin', '',
('manage','Manager', 'Owner', 'View', 'Authenticated'), [])
+
newSecurityManager(None, tempuser)
app = conn.root()['Application']
AppInitializer(app).initialize()
portal_mem = app.unrestrictedTraverse('/luci/portal_membership')
+
userList = node.getElementsByTagName('user')
for u in userList:
id = u.getAttribute('id')
if not id:
- sys.stderr.write('Missing ID for user')
+ sys.stderr.write('Missing ID for user\n')
continue
id = str(id)
passwd = u.getAttribute('passwd')
if not passwd:
- sys.stderr.write('Missing password for user \"' + id + '\"')
+ sys.stderr.write('Missing password for user \"' + id + '\"\n')
continue
passwd = str(passwd)
- email = u.getAttribute('email')
- if not email:
- email = id + '@luci.example.org'
- else:
- email = str(email)
if id != 'admin':
+ email = u.getAttribute('email')
+ if not email:
+ email = id + '@luci.example.org'
+ else:
+ email = str(email)
+
props = {
'username': id,
'roles': [ 'Member' ],
@@ -126,22 +131,37 @@
member = portal_mem.getMemberById(id)
if not member:
transaction.abort()
- sys.stderr.write('Error adding user \"' + id + '\"')
- #transaction.commit()
+ sys.stderr.write('Error adding user \"' + id + '\"\n')
+ #transaction.commit()
x = app.unrestrictedTraverse('/luci/systems/storage')
- systemList = node.getElementsByTagName('system')
+ systemList = node.getElementsByTagName('systemList')
+ if not systemList:
+ sys.write.stderr('No storage systems to add')
+ else:
+ systemList = systemList.getElementsByTagName('system')
for s in systemList:
id = s.getAttribute('id')
if not id:
+ sys.stderr.write('Missing ID for storage system')
continue
id = str(id)
title = str(s.getAttribute('title'))
x.manage_addFolder(id)
- new_system = app.unrestrictedTraverse('/luci/systems/storage/' + id)
+ try:
+ new_system = app.unrestrictedTraverse('/luci/systems/storage/' + id)
+ if not new_system:
+ raise
+ except:
+ sys.stderr.write('Unable to add system \"' + id + '\"\n')
+ transaction.abort()
+ sys.exit(1)
- userPerms = s.getElementsByTagName('permList')[0].childNodes
+ userPerms = s.getElementsByTagName('permList')
+ if not userPerms:
+ continue
+ userPerms = userPerms.getElementsByTagName('ref')
for i in userPerms:
if i.nodeType != xml.dom.Node.ELEMENT_NODE:
continue
@@ -149,7 +169,6 @@
if not newuser:
continue
new_system.setLocalRoles(newuser, ['View'])
-
#transaction.commit()
x = app.unrestrictedTraverse('/luci/systems/cluster')
@@ -157,17 +176,24 @@
for c in clusterList:
id = c.getAttribute('id')
if not id:
+ sys.stderr.write('Cluster element is missing id\n')
continue
id = str(id)
title = str(c.getAttribute('title'))
- new_cluster = app.unrestrictedTraverse('/luci/systems/cluster/' + id)
- if not new_cluster:
- print 'error adding cluster',id
+ try:
+ new_cluster = app.unrestrictedTraverse('/luci/systems/cluster/'+ id)
+ if not new_cluster:
+ raise
+ except:
+ sys.stderr.write('Error adding cluster \"' + id + '\"\n')
tranaction.abort()
sys.exit(1)
- userPerms = c.getElementsByTagName('permList')[0].childNodes
+ userPerms = c.getElementsByTagName('permList')
+ if not userPerms:
+ continue
+ userPerms = userPerms.getElementsByTagName('ref')
for i in userPerms:
if i.nodeType != xml.dom.Node.ELEMENT_NODE:
continue
@@ -176,15 +202,19 @@
continue
new_cluster.setLocalRoles(newuser, ['View'])
- clusterSystems = c.getElementsByTagName('systemsList')[0].childNodes
+ clusterSystems = c.getElementsByTagName('systemsList')
+ if not clusterSystems:
+ sys.stderr.write('No cluster storage systems to add\n')
+ continue
+ clusterSystems = clusterSystems.getElementsByTagName('ref')
for i in clusterSystems:
- if i.nodeType != xml.dom.Node.ELEMENT_NODE:
- continue
newsys = i.getAttribute('name')
if not newsys:
+ sys.stderr.write('Cluster system element missing name tag\n')
continue
newsys = str(newsys)
x.manage_addFolder(newsys)
+ #transaction.commit()
transaction.abort()
conn.close()
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-16 5:35 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-16 5:35 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-16 05:35:22
Modified files:
luci/utils : luci_admin
Log message:
85% restore. i hate zope.
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.7&r2=1.8
--- conga/luci/utils/luci_admin 2006/06/14 20:59:37 1.7
+++ conga/luci/utils/luci_admin 2006/06/16 05:35:22 1.8
@@ -7,9 +7,10 @@
'/usr/lib64/zope/lib/python/Products',
'/usr/lib/zope/lib/python',
'/usr/lib/zope/lib/python/Products'
-));
+))
from sys import stderr, argv
+import ZODB
from ZODB.FileStorage import FileStorage
from ZODB.DB import DB
import xml
@@ -17,6 +18,20 @@
from xml.dom import minidom
import types
+import Zope2
+import OFS
+import App
+import App.Extensions
+import OFS.Application
+from App.Extensions import *
+from OFS.Application import AppInitializer
+import OFS.Folder
+import AccessControl
+import AccessControl.User
+from AccessControl.SecurityManagement import newSecurityManager
+import Products.CMFCore
+import Products.CMFCore.MemberDataTool
+import transaction
LUCI_USER='luci'
LUCI_GROUP='luci'
@@ -30,10 +45,152 @@
INITUSER_FILE_PATH = '/var/lib/luci/inituser'
+examine_classes = [
+ 'OFS.Folder.Folder',
+ 'AccessControl.User.User',
+ 'Products.CMFCore.MemberDataTool.MemberData'
+]
def luci_restore(argv):
- print "TODO: implement me"
- return 1
+ if len(argv) > 0:
+ dbfn = argv[0]
+ else:
+ dbfn = LUCI_DB_PATH
+
+ if len(argv) > 1:
+ backupfn = argv[1]
+ else:
+ backupfn = LUCI_BACKUP_PATH
+
+ try:
+ fs = FileStorage(dbfn)
+ db = DB(fs)
+ db.pack()
+ conn = db.open()
+ except:
+ stderr.write('Unable to open the luci database \"' + dbfn + '\"\n')
+ sys.exit(1)
+
+ try:
+ node = xml.dom.minidom.parse(backupfn)
+ except:
+ stderr.write('Unable to open the luci backup file \"' + backupfn + '\"\n')
+ sys.exit(1)
+
+ if node.firstChild.nodeName != 'luci':
+ 'The backup file \"' + backupfn + '\" is not in the expected format (expected <luci>)\n'
+ sys.exit(1)
+
+ if not node.getElementsByTagName('backupData'):
+ 'The backup file \"' + backupfn + '\" is not in the expected format (expected <luci>)\n'
+ sys.exit(1)
+
+ tempuser = AccessControl.User.UnrestrictedUser('admin', '',
+ ('manage','Manager', 'Owner', 'View', 'Authenticated'), [])
+ newSecurityManager(None, tempuser)
+
+ app = conn.root()['Application']
+ AppInitializer(app).initialize()
+
+ portal_mem = app.unrestrictedTraverse('/luci/portal_membership')
+ userList = node.getElementsByTagName('user')
+ for u in userList:
+ id = u.getAttribute('id')
+ if not id:
+ sys.stderr.write('Missing ID for user')
+ continue
+ id = str(id)
+
+ passwd = u.getAttribute('passwd')
+ if not passwd:
+ sys.stderr.write('Missing password for user \"' + id + '\"')
+ continue
+ passwd = str(passwd)
+
+ email = u.getAttribute('email')
+ if not email:
+ email = id + '@luci.example.org'
+ else:
+ email = str(email)
+ if id != 'admin':
+ props = {
+ 'username': id,
+ 'roles': [ 'Member' ],
+ 'password': 'changeme',
+ 'confirm': 'changeme',
+ 'domains': [],
+ 'email': email
+ }
+
+ portal_reg.addMember(id, 'changeme', props)
+ member = portal_mem.getMemberById(id)
+ if not member:
+ transaction.abort()
+ sys.stderr.write('Error adding user \"' + id + '\"')
+ #transaction.commit()
+
+ x = app.unrestrictedTraverse('/luci/systems/storage')
+ systemList = node.getElementsByTagName('system')
+ for s in systemList:
+ id = s.getAttribute('id')
+ if not id:
+ continue
+ id = str(id)
+ title = str(s.getAttribute('title'))
+
+ x.manage_addFolder(id)
+ new_system = app.unrestrictedTraverse('/luci/systems/storage/' + id)
+
+ userPerms = s.getElementsByTagName('permList')[0].childNodes
+ for i in userPerms:
+ if i.nodeType != xml.dom.Node.ELEMENT_NODE:
+ continue
+ newuser = i.getAttribute('name')
+ if not newuser:
+ continue
+ new_system.setLocalRoles(newuser, ['View'])
+
+ #transaction.commit()
+
+ x = app.unrestrictedTraverse('/luci/systems/cluster')
+ clusterList = node.getElementsByTagName('cluster')
+ for c in clusterList:
+ id = c.getAttribute('id')
+ if not id:
+ continue
+ id = str(id)
+ title = str(c.getAttribute('title'))
+
+ new_cluster = app.unrestrictedTraverse('/luci/systems/cluster/' + id)
+ if not new_cluster:
+ print 'error adding cluster',id
+ tranaction.abort()
+ sys.exit(1)
+
+ userPerms = c.getElementsByTagName('permList')[0].childNodes
+ for i in userPerms:
+ if i.nodeType != xml.dom.Node.ELEMENT_NODE:
+ continue
+ newuser = i.getAttribute('name')
+ if not newuser:
+ continue
+ new_cluster.setLocalRoles(newuser, ['View'])
+
+ clusterSystems = c.getElementsByTagName('systemsList')[0].childNodes
+ for i in clusterSystems:
+ if i.nodeType != xml.dom.Node.ELEMENT_NODE:
+ continue
+ newsys = i.getAttribute('name')
+ if not newsys:
+ continue
+ newsys = str(newsys)
+ x.manage_addFolder(newsys)
+
+ transaction.abort()
+ conn.close()
+ db.pack()
+ db.close()
+ fs.close()
# This function's ability to work is dependent
# upon the structure of @dict
@@ -79,10 +236,6 @@
clusters = {}
users = {}
- examine_classes = [ 'OFS.Folder.Folder',
- 'AccessControl.User.User',
- 'Products.CMFCore.MemberDataTool.MemberData' ]
-
if len(argv) > 1:
backupfn = argv[1]
else:
@@ -100,27 +253,32 @@
# kinds of objects.
temp = sys.stderr
null = file('/dev/null')
- sys.stderr = null
next_oid = None
while True:
oid, tid, data, next_oid = fs.record_iternext(next_oid)
+ sys.stderr = null
try:
obj = conn.get(oid)
obj_class = str(type(obj)).split('\'')[1]
except:
continue
+ sys.stderr = temp
if not obj_class in examine_classes:
continue
+ # for some reason, when stderr is dumped to /dev/null
+ # something goes wrong here, which is why it's set and restored
+ # inside the loop.
try:
conn.setstate(obj)
- dict = obj.__dict__
except:
continue
+ dict = obj.__dict__
+
if obj_class == 'OFS.Folder.Folder':
if not 'title' in dict or dict['title'][0:9] != '__luci__:':
continue
@@ -157,21 +315,34 @@
roles = dict['__ac_local_roles__']
for i in roles:
if not i in users:
- users[i] = { 'id': i }
+ users[i] = { 'id': i, 'name': i }
if 'View' in roles[i]:
cur['permList'].append(i)
elif obj_class == 'AccessControl.User.User':
- if not dict['name'] in users:
- users[dict['name']] = {}
- cur_user = users[dict['name']]
+ try:
+ cur_user = users[dict['name']]
+ except:
+ try:
+ cur_user = users[dict['id']]
+ except:
+ users[dict['name']] = {}
+ cur_user = users[dict['name']]
+ cur_user['id'] = dict['name']
cur_user['name'] = dict['name']
cur_user['passwd'] = dict['__']
elif obj_class == 'Products.CMFCore.MemberDataTool.MemberData':
- if not 'id' in dict:
+ if not 'id' in dict and not 'name' in dict:
continue
- if not dict['id'] in users:
- users[dict['id']] = {}
- cur_user = users[dict['id']]
+
+ try:
+ cur_user = users[dict['id']]
+ except:
+ try:
+ cur_user = users[dict['name']]
+ except:
+ users[dict['id']] = {}
+ cur_user = users[dict['id']]
+ cur_user['name'] = dict['id']
for i in dict:
cur_user[i] = dict[i]
if next_oid is None:
@@ -180,8 +351,20 @@
null.close()
conn.close()
db.close()
+ fs.close()
- backup = {'systemList': systems, 'clusterList': clusters, 'userList': users }
+ junk = list()
+ for i in users:
+ if not 'passwd' in users[i]:
+ junk.append(i)
+ for i in junk:
+ del users[i]
+
+ backup = {
+ 'systemList': systems,
+ 'clusterList': clusters,
+ 'userList': users
+ }
doc = xml.dom.minidom.Document()
luciData = doc.createElement('luci')
@@ -469,7 +652,7 @@
return
-def help(argv):
+def luci_help(argv):
print 'Usage:'
print argv[0] + ' [init|backup|restore|password|help]'
print
@@ -484,7 +667,7 @@
def main(argv):
if len(argv) != 2:
- help(argv)
+ luci_help(argv)
sys.exit(1)
pass
@@ -506,11 +689,11 @@
elif 'password' in argv:
password(argv)
elif 'help' in argv:
- help(argv)
+ luci_help(argv)
else:
print 'Unknown command'
print
- help(argv)
+ luci_help(argv)
sys.exit(1)
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-13 18:42 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-13 18:42 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-13 18:42:58
Modified files:
luci/utils : luci_admin
Log message:
changes based on stan's suggestions
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.5&r2=1.6
--- conga/luci/utils/luci_admin 2006/06/13 17:36:20 1.5
+++ conga/luci/utils/luci_admin 2006/06/13 18:42:58 1.6
@@ -45,10 +45,7 @@
temp = dataToXML(doc, dict[i], tagname)
node.appendChild(temp)
elif isinstance(dict[i], types.StringType) or isinstance(dict[i], types.IntType):
- temp = doc.createElement('item')
- temp.setAttribute('key', i)
- temp.setAttribute('value', str(dict[i]))
- node.appendChild(temp.cloneNode(True))
+ node.setAttribute(i, str(dict[i]))
elif isinstance(dict[i], types.ListType):
if len(dict[i]) < 1:
continue
@@ -102,8 +99,6 @@
null = file('/dev/null')
sys.stderr = null
- f.write('<?xml version="1.0"?>\n')
-
next_oid = None
while True:
oid, tid, data, next_oid = fs.record_iternext(next_oid)
@@ -179,10 +174,15 @@
if next_oid is None:
break
sys.stderr = temp
+ null.close()
+ conn.close()
+ db.close()
- backup = {'systemList': systems, 'cluterList': clusters, 'userList': users }
+ backup = {'systemList': systems, 'clusterList': clusters, 'userList': users }
doc = xml.dom.minidom.Document()
+ luciData = doc.createElement('luci')
+ doc.appendChild(luciData)
dataNode = dataToXML(doc, backup, 'backupData')
try:
@@ -194,7 +194,7 @@
if len(output) < 1:
raise
- certNode = doc.createElement('Certificate')
+ certNode = doc.createElement('certificate')
certNode.setAttribute('name', SSL_PRIVKEY_PATH)
certNode.setAttribute('data', output)
dataNode.appendChild(certNode.cloneNode(True))
@@ -212,7 +212,7 @@
if len(output) < 1:
raise
- certNode = doc.createElement('Certificate')
+ certNode = doc.createElement('certificate')
certNode.setAttribute('name', SSL_PUBKEY_PATH)
certNode.setAttribute('data', output)
dataNode.appendChild(certNode.cloneNode(True))
@@ -230,7 +230,7 @@
if len(output) < 1:
raise
- certNode = document.createElement('CertificateConfig')
+ certNode = document.createElement('certificateConfig')
certNode.setAttribute('name', SSL_KEYCONFIG_PATH)
certNode.setAttribute('data', output)
dataNode.appendChild(certNode.cloneNode(TRUE))
@@ -238,7 +238,8 @@
except:
sys.stderr.write('Unable to read ' + SSL_KEYCONFIG_PATH + '\n')
- f.write(dataNode.toprettyxml())
+ luciData.appendChild(dataNode)
+ f.write(doc.toprettyxml())
f.flush()
f.close()
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Cluster-devel] conga/luci/utils luci_admin
@ 2006-06-13 17:36 rmccabe
0 siblings, 0 replies; 45+ messages in thread
From: rmccabe @ 2006-06-13 17:36 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2006-06-13 17:36:20
Modified files:
luci/utils : luci_admin
Log message:
new backup
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.4&r2=1.5
--- conga/luci/utils/luci_admin 2006/06/06 21:05:43 1.4
+++ conga/luci/utils/luci_admin 2006/06/13 17:36:20 1.5
@@ -12,17 +12,10 @@
from sys import stderr, argv
from ZODB.FileStorage import FileStorage
from ZODB.DB import DB
-from ZODB.serialize import referencesf
-from ZODB.ExportImport import *
-from ZODB.FileStorage.format import *
-from ZODB.Connection import *
-from OFS.ZDOM import *
-import OFS
-from OFS.XMLExportImport import *
-from Products.ZODBMountPoint import MountedObject
-
-
-
+import xml
+import xml.dom
+from xml.dom import minidom
+import types
LUCI_USER='zope'
@@ -39,6 +32,34 @@
print "TODO: implement me"
return 1
+# This function's ability to work is dependent
+# upon the structure of @dict
+def dataToXML(doc, dict, tltag):
+ node = doc.createElement(tltag)
+ for i in dict:
+ if isinstance(dict[i], types.DictType):
+ if i[-4:] == 'List':
+ tagname = i
+ else:
+ tagname = tltag[:-4]
+ temp = dataToXML(doc, dict[i], tagname)
+ node.appendChild(temp)
+ elif isinstance(dict[i], types.StringType) or isinstance(dict[i], types.IntType):
+ temp = doc.createElement('item')
+ temp.setAttribute('key', i)
+ temp.setAttribute('value', str(dict[i]))
+ node.appendChild(temp.cloneNode(True))
+ elif isinstance(dict[i], types.ListType):
+ if len(dict[i]) < 1:
+ continue
+ temp = doc.createElement(i)
+ for x in dict[i]:
+ t = doc.createElement('ref')
+ t.setAttribute('name', x)
+ temp.appendChild(t.cloneNode(True))
+ node.appendChild(temp.cloneNode(True))
+ return node.cloneNode(True)
+
def luci_backup(argv):
if len(argv) > 0:
dbfn = argv[0]
@@ -54,6 +75,10 @@
stderr.write('Unable to open the luci database \"' + dbfn + '\"\n')
sys.exit(1)
+ systems = {}
+ clusters = {}
+ users = {}
+
examine_classes = [ 'OFS.Folder.Folder',
'AccessControl.User.User',
'Products.CMFCore.MemberDataTool.MemberData' ]
@@ -78,7 +103,6 @@
sys.stderr = null
f.write('<?xml version="1.0"?>\n')
- f.write('<ZopeData>\n')
next_oid = None
while True:
@@ -87,81 +111,137 @@
try:
obj = conn.get(oid)
obj_class = str(type(obj)).split('\'')[1]
+ except:
+ continue
- if obj_class in examine_classes:
- conn.setstate(obj)
- if obj_class == 'OFS.Folder.Folder':
- if obj.__dict__['title'].split(':')[0] != '__luci__':
- raise
- elif obj_class == 'AccessControl.User.User':
- if not 'name' in obj.__dict__ or not '__' in obj.__dict__ or obj.__dict__['__'][0] != '{':
- raise
- elif obj_class == 'Products.CMFCore.MemberDataTool.MemberData':
- if not 'id' in obj.__dict__:
- raise
-
- # This better not fail.
- try:
- pickle, serial = conn._storage.load(oid, conn._version)
- referencesf(pickle, [oid])
- f.write(OFS.XMLExportImport.XMLrecord(oid, len(pickle), pickle))
- except:
- sys.stderr = temp
- sys.stderr.write('An error occurred while backing up the luci database.')
- sys.exit(1)
-
- # Anything that is caught here will have been raised by something
- # we don't care about.
- except: pass
+ if not obj_class in examine_classes:
+ continue
+ try:
+ conn.setstate(obj)
+ dict = obj.__dict__
+ except:
+ continue
+
+ if obj_class == 'OFS.Folder.Folder':
+ if not 'title' in dict or dict['title'][0:9] != '__luci__:':
+ continue
+ title = dict['title'].split(':')
+ cur = None
+
+ if title[1] == 'cluster':
+ clusters[dict['id']] = {
+ 'id': dict['id'],
+ 'title': dict['title'],
+ 'permList': [],
+ 'systemsList:': []
+ }
+ cur = clusters[dict['id']]
+ elif title[1] == 'csystem':
+ if len(title) > 2:
+ clusterName = title[2]
+ else:
+ parent = obj.parentNode()
+ clusterName = parent.__dict__['id']
+ clusters[clusterName]['systemsList'].append(dict['id'])
+ elif title[1] == 'system':
+ systems[dict['id']] = {
+ 'id': dict['id'],
+ 'title': dict['title'],
+ 'permList': []
+ }
+ cur = systems[dict['id']]
+ else:
+ # we don't care
+ continue
+
+ if cur:
+ roles = dict['__ac_local_roles__']
+ for i in roles:
+ if not i in users:
+ users[i] = { 'id': i }
+ if 'View' in roles[i]:
+ cur['permList'].append(i)
+ elif obj_class == 'AccessControl.User.User':
+ if not dict['name'] in users:
+ users[dict['name']] = {}
+ cur_user = users[dict['name']]
+ cur_user['name'] = dict['name']
+ cur_user['passwd'] = dict['__']
+ elif obj_class == 'Products.CMFCore.MemberDataTool.MemberData':
+ if not 'id' in dict:
+ continue
+ if not dict['id'] in users:
+ users[dict['id']] = {}
+ cur_user = users[dict['id']]
+ for i in dict:
+ cur_user[i] = dict[i]
if next_oid is None:
break
-
sys.stderr = temp
- f.write('</ZopeData>\n\n')
- f.flush()
- f.write('<CertificateData>\n\t<list>\n')
+ backup = {'systemList': systems, 'cluterList': clusters, 'userList': users }
+ doc = xml.dom.minidom.Document()
+ dataNode = dataToXML(doc, backup, 'backupData')
+
try:
certfile = file(SSL_PRIVKEY_PATH, 'rb')
output = certfile.read()
+
# should be at least some length greater than one
# TODO: find out what the min length of a valid keyfile is.
if len(output) < 1:
raise
- except:
+
+ certNode = doc.createElement('Certificate')
+ certNode.setAttribute('name', SSL_PRIVKEY_PATH)
+ certNode.setAttribute('data', output)
+ dataNode.appendChild(certNode.cloneNode(True))
+ certfile.close()
+ except False:
sys.stderr.write('Unable to read ' + SSL_PRIVKEY_PATH + '\n')
sys.exit(1)
- f.write('\t\t<tuple>\n\t\t\t<name=\"' + SSL_PRIVKEY_PATH + '\" />\n\t\t\t<data=\"' + output + '\" />\n\t\t</tuple>\n')
try:
certfile = file(SSL_PUBKEY_PATH, 'rb')
output = certfile.read()
+
# should be at least some length greater than one
# TODO: find out what the min length of a valid keyfile is.
if len(output) < 1:
raise
+
+ certNode = doc.createElement('Certificate')
+ certNode.setAttribute('name', SSL_PUBKEY_PATH)
+ certNode.setAttribute('data', output)
+ dataNode.appendChild(certNode.cloneNode(True))
+ certfile.close()
except:
sys.stderr.write('Unable to read ' + SSL_PUBKEY_PATH + '\n')
sys.exit(1)
- f.write('\t\t<tuple>\n\t\t\t<name=\"' + SSL_PUBKEY_PATH + '\" />\n\t\t\t<data=\"' + output + '\" />\n\t\t</tuple>\n')
try:
certfile = file(SSL_KEYCONFIG_PATH, 'rb')
output = certfile.read()
+
# should be at least some length greater than one
# TODO: find out what the min length of a valid key conf is.
if len(output) < 1:
raise
+
+ certNode = document.createElement('CertificateConfig')
+ certNode.setAttribute('name', SSL_KEYCONFIG_PATH)
+ certNode.setAttribute('data', output)
+ dataNode.appendChild(certNode.cloneNode(TRUE))
+ certfile.close()
except:
sys.stderr.write('Unable to read ' + SSL_KEYCONFIG_PATH + '\n')
- f.write('\t\t<tuple>\n\t\t\t<name=\"' + SSL_KEYCONFIG_PATH + '\" />\n\t\t\t<data=\"' + output + '\" />\n\t\t</tuple>\n')
- f.write('\t</list>\n</CertificateData>\n')
+ f.write(dataNode.toprettyxml())
+ f.flush()
f.close()
-
def _execWithCaptureErrorStatus(command, argv, searchPath = 0, root = '/', stdin = 0, catchfd = 1, catcherrfd = 2, closefd = -1):
if not os.access (root + command, os.X_OK):
raise RuntimeError, command + " can not be run"
^ permalink raw reply [flat|nested] 45+ messages in thread
end of thread, other threads:[~2011-03-25 20:14 UTC | newest]
Thread overview: 45+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-03-25 20:14 [Cluster-devel] conga/luci/utils luci_admin rmccabe
-- strict thread matches above, loose matches on Subject: below --
2007-09-19 5:17 rmccabe
2007-08-10 18:36 rmccabe
2007-08-10 18:33 rmccabe
2007-08-10 18:32 rmccabe
2007-08-07 20:22 rmccabe
2006-10-13 6:56 kupcevic
2006-08-18 18:03 rmccabe
2006-08-04 19:19 rmccabe
2006-08-04 18:37 rmccabe
2006-08-03 22:58 kupcevic
2006-08-03 21:19 rmccabe
2006-08-03 21:11 rmccabe
2006-08-03 16:32 rmccabe
2006-08-03 15:55 rmccabe
2006-08-03 12:26 rmccabe
2006-08-03 3:58 rmccabe
2006-08-03 3:30 rmccabe
2006-08-02 23:29 rmccabe
2006-08-02 20:52 rmccabe
2006-08-02 20:45 rmccabe
2006-07-26 1:17 rmccabe
2006-07-25 22:36 rmccabe
2006-07-11 18:46 rmccabe
2006-07-11 14:51 rmccabe
2006-06-29 18:04 rmccabe
2006-06-29 17:51 rmccabe
2006-06-27 19:50 rmccabe
2006-06-27 19:40 rmccabe
2006-06-27 18:19 rmccabe
2006-06-26 22:30 rmccabe
2006-06-26 20:01 rmccabe
2006-06-21 23:06 rmccabe
2006-06-21 17:41 rmccabe
2006-06-21 17:06 rmccabe
2006-06-18 15:02 rmccabe
2006-06-18 12:50 rmccabe
2006-06-18 3:26 rmccabe
2006-06-16 23:19 rmccabe
2006-06-16 19:35 rmccabe
2006-06-16 18:17 rmccabe
2006-06-16 17:44 rmccabe
2006-06-16 5:35 rmccabe
2006-06-13 18:42 rmccabe
2006-06-13 17:36 rmccabe
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.