From 4292c340e869f3510409563131d630fbff3a4092 Mon Sep 17 00:00:00 2001 From: Tom Vaughan Date: Tue, 24 Apr 2012 12:15:52 -0300 Subject: [PATCH 1/2] Replace shell-isms with python-isms in Upstart service module. Everything in salt/modules/upstart.py is run on the minion. Previously it looked like the 'cmd.run' and 'cmd.retcode' were RPC-like calls. But that's not the case... Assume at least Python 2.6 and only the stdlib. --- salt/modules/upstart.py | 44 ++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/salt/modules/upstart.py b/salt/modules/upstart.py index 144ec90108..23751aacf0 100644 --- a/salt/modules/upstart.py +++ b/salt/modules/upstart.py @@ -33,6 +33,9 @@ DO NOT use this module on red hat systems, as red hat systems should use the rh_service module, since red hat systems support chkconfig ''' +import glob +import os + from salt import utils @@ -56,6 +59,10 @@ def _runlevel(): return out.split()[1] +def _is_symlink(name): + return not os.path.abspath(name) == os.path.realpath(name) + + def _service_is_upstart(name): ''' From "Writing Jobs" at @@ -64,9 +71,7 @@ def _service_is_upstart(name): Jobs are defined in files placed in /etc/init, the name of the job is the filename under this directory without the .conf extension. ''' - if not __salt__['cmd.retcode']('test -f /etc/init/{0}.conf'.format(name)): - return True - return False + return os.access('/etc/init/{0}.conf'.format(name), os.R_OK) def _upstart_is_disabled(name): @@ -76,9 +81,7 @@ def _upstart_is_disabled(name): NOTE: An Upstart service can also be disabled by placing "manual" in /etc/init/[name].conf. ''' - if not __salt__['cmd.retcode']('test -f /etc/init/{0}.conf.override'.format(name)): - return True - return False + return os.access('/etc/init/{0}.conf.override'.format(name), os.R_OK) def _upstart_is_enabled(name): @@ -94,11 +97,11 @@ def _service_is_sysv(name): A System-V style service will have a control script in /etc/init.d. We make sure to skip over symbolic links that point to Upstart's /lib/init/upstart-job, and anything that isn't an - executable, like README or skelton. + executable, like README or skeleton. ''' - if not __salt__['cmd.retcode']('test -f /etc/init.d/{0}'.format(name)): - if not __salt__['cmd.retcode']('test -x /etc/init.d/{0}'.format(name)): - return True + script = '/etc/init.d/{0}'.format(name) + if not _is_symlink(script): + return os.access(script, os.X_OK) return False @@ -108,10 +111,7 @@ def _sysv_is_disabled(name): start-up link (starts with "S") to its script in /etc/init.d in the current runlevel. ''' - cmd = 'ls /etc/rc{0}.d/S*{1}'.format(_runlevel(), name) - if not __salt__['cmd.run'](cmd).strip().endswith(name): - return True - return False + return not bool(glob.glob('/etc/rc{0}.d/S*{1}'.format(_runlevel(), name))) def _sysv_is_enabled(name): @@ -131,9 +131,7 @@ def get_enabled(): salt '*' service.get_enabled ''' ret = set() - cmd = '(cd /etc/init.d; ls -1 *)' - lines = __salt__['cmd.run'](cmd).split('\n') - for line in lines: + for line in glob.glob('/etc/init.d/*'): name = line if _service_is_upstart(name): if _upstart_is_enabled(name): @@ -154,9 +152,7 @@ def get_disabled(): salt '*' service.get_disabled ''' ret = set() - cmd = '(cd /etc/init.d; ls -1 *)' - lines = __salt__['cmd.run'](cmd).split('\n') - for line in lines: + for line in glob.glob('/etc/init.d/*'): name = line if _service_is_upstart(name): if _upstart_is_disabled(name): @@ -242,7 +238,9 @@ def _upstart_disable(name): ''' Disable an Upstart service. ''' - __salt__['cmd.run']('echo manual > /etc/init/{0}.conf.override'.format(name)) + override = '/etc/init/{0}.conf.override'.format(name) + with file(override, 'w') as fd: + fd.write('manual') return _upstart_is_disabled(name) @@ -250,7 +248,9 @@ def _upstart_enable(name): ''' Enable an Upstart service. ''' - __salt__['cmd.run']('rm -f /etc/init/{0}.conf.override'.format(name)) + override = '/etc/init/{0}.conf.override'.format(name) + if os.access(override, os.R_OK): + os.unlink(override) return _upstart_is_enabled(name) From 20569986d28237cae0bc905661fcebe1a3b3000a Mon Sep 17 00:00:00 2001 From: Tom Vaughan Date: Tue, 24 Apr 2012 12:23:18 -0300 Subject: [PATCH 2/2] Read public key before it is removed. --- salt/crypt.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/salt/crypt.py b/salt/crypt.py index e1ed4cb0ab..a554587298 100644 --- a/salt/crypt.py +++ b/salt/crypt.py @@ -194,9 +194,7 @@ class Auth(object): os.close(fd_) with open(tmp_pub, 'w+') as fp_: fp_.write(master_pub) - os.remove(tmp_pub) m_pub_fn = os.path.join(self.opts['pki_dir'], self.mpub) - pub = RSA.load_pub_key(tmp_pub) if os.path.isfile(m_pub_fn) and not self.opts['open_mode']: local_master_pub = open(m_pub_fn).read() if not master_pub == local_master_pub: @@ -207,7 +205,10 @@ class Auth(object): return False else: open(m_pub_fn, 'w+').write(master_pub) - if pub.public_decrypt(token, 5) == 'salty bacon': + pub = RSA.load_pub_key(tmp_pub) + plaintext = pub.public_decrypt(token, 5) + os.remove(tmp_pub) + if plaintext == 'salty bacon': return True log.error('The salt master has failed verification for an unknown ' 'reason, verify your salt keys')