ganeti.tools.ensure

1 # 2 # 3 4 # Copyright (C) 2011 Google Inc. 5 # All rights reserved. 6 # 7 # Redistribution and use in source and binary forms, with or without 8 # modification, are permitted provided that the following conditions are 9 # met: 10 # 11 # 1. Redistributions of source code must retain the above copyright notice, 12 # this list of conditions and the following disclaimer. 13 # 14 # 2. Redistributions in binary form must reproduce the above copyright 15 # notice, this list of conditions and the following disclaimer in the 16 # documentation and/or other materials provided with the distribution. 17 # 18 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 19 # IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 20 # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 21 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR 22 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 # EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 # PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 30 """Script to ensure permissions on files/dirs are accurate. 31 32 """ 33 34 import os 35 import os.path 36 import optparse 37 import sys 38 import logging 39 40 from ganeti import constants 41 from ganeti import errors 42 from ganeti import runtime 43 from ganeti import ssconf 44 from ganeti import utils 45 from ganeti import cli 46 from ganeti import pathutils 47 from ganeti import compat 48 49 50 (DIR, 51 FILE, 52 QUEUE_DIR) = range(1, 4) 53 54 ALL_TYPES = compat.UniqueFrozenset([ 55 DIR, 56 FILE, 57 QUEUE_DIR, 58 ]) 59 60

61 -def RecursiveEnsure(path, uid, gid, dir_perm, file_perm):

62 """Ensures permissions recursively down a directory. 63 64 This functions walks the path and sets permissions accordingly. 65 66 @param path: The absolute path to walk 67 @param uid: The uid used as owner 68 @param gid: The gid used as group 69 @param dir_perm: The permission bits set for directories 70 @param file_perm: The permission bits set for files 71 72 """ 73 assert os.path.isabs(path), "Path %s is not absolute" % path 74 assert os.path.isdir(path), "Path %s is not a dir" % path 75 76 logging.debug("Recursively processing %s", path) 77 78 for root, dirs, files in os.walk(path): 79 for subdir in dirs: 80 utils.EnforcePermission(os.path.join(root, subdir), dir_perm, uid=uid, 81 gid=gid) 82 83 for filename in files: 84 utils.EnforcePermission(os.path.join(root, filename), file_perm, uid=uid, 85 gid=gid)

86 87

88 -def EnsureQueueDir(path, mode, uid, gid):

89 """Sets the correct permissions on all job files in the queue. 90 91 @param path: Directory path 92 @param mode: Wanted file mode 93 @param uid: Wanted user ID 94 @param gid: Wanted group ID 95 96 """ 97 for filename in utils.ListVisibleFiles(path): 98 if constants.JOB_FILE_RE.match(filename): 99 utils.EnforcePermission(utils.PathJoin(path, filename), mode, uid=uid, 100 gid=gid)

101 102

103 -def ProcessPath(path):

104 """Processes a path component. 105 106 @param path: A tuple of the path component to process 107 108 """ 109 (pathname, pathtype, mode, uid, gid) = path[0:5] 110 111 assert pathtype in ALL_TYPES 112 113 if pathtype in (DIR, QUEUE_DIR): 114 # No additional parameters 115 assert len(path) == 5 116 if pathtype == DIR: 117 utils.MakeDirWithPerm(pathname, mode, uid, gid) 118 elif pathtype == QUEUE_DIR: 119 EnsureQueueDir(pathname, mode, uid, gid) 120 elif pathtype == FILE: 121 (must_exist, ) = path[5:] 122 utils.EnforcePermission(pathname, mode, uid=uid, gid=gid, 123 must_exist=must_exist)

124 125

126 -def GetPaths():

127 """Returns a tuple of path objects to process. 128 129 """ 130 getent = runtime.GetEnts() 131 masterd_log = constants.DAEMONS_LOGFILES[constants.MASTERD] 132 noded_log = constants.DAEMONS_LOGFILES[constants.NODED] 133 confd_log = constants.DAEMONS_LOGFILES[constants.CONFD] 134 luxid_log = constants.DAEMONS_LOGFILES[constants.LUXID] 135 rapi_log = constants.DAEMONS_LOGFILES[constants.RAPI] 136 mond_log = constants.DAEMONS_LOGFILES[constants.MOND] 137 138 rapi_dir = os.path.join(pathutils.DATA_DIR, "rapi") 139 cleaner_log_dir = os.path.join(pathutils.LOG_DIR, "cleaner") 140 master_cleaner_log_dir = os.path.join(pathutils.LOG_DIR, "master-cleaner") 141 142 # A note on the ordering: The parent directory (type C{DIR}) must always be 143 # listed before files (type C{FILE}) in that directory. Once the directory is 144 # set, only files directly in that directory can be listed. 145 paths = [ 146 (pathutils.DATA_DIR, DIR, 0755, getent.masterd_uid, getent.masterd_gid), 147 (pathutils.CLUSTER_DOMAIN_SECRET_FILE, FILE, 0640, 148 getent.masterd_uid, getent.masterd_gid, False), 149 (pathutils.CLUSTER_CONF_FILE, FILE, 0640, 150 getent.masterd_uid, getent.confd_gid, False), 151 (pathutils.CONFD_HMAC_KEY, FILE, 0440, 152 getent.confd_uid, getent.masterd_gid, False), 153 (pathutils.SSH_KNOWN_HOSTS_FILE, FILE, 0644, 154 getent.masterd_uid, getent.masterd_gid, False), 155 (pathutils.RAPI_CERT_FILE, FILE, 0440, 156 getent.rapi_uid, getent.masterd_gid, False), 157 (pathutils.SPICE_CERT_FILE, FILE, 0440, 158 getent.noded_uid, getent.masterd_gid, False), 159 (pathutils.SPICE_CACERT_FILE, FILE, 0440, 160 getent.noded_uid, getent.masterd_gid, False), 161 (pathutils.NODED_CERT_FILE, FILE, pathutils.NODED_CERT_MODE, 162 getent.masterd_uid, getent.masterd_gid, False), 163 (pathutils.WATCHER_PAUSEFILE, FILE, 0644, 164 getent.masterd_uid, getent.masterd_gid, False), 165 ] 166 167 ss = ssconf.SimpleStore() 168 for ss_path in ss.GetFileList(): 169 paths.append((ss_path, FILE, constants.SS_FILE_PERMS, 170 getent.noded_uid, getent.noded_gid, False)) 171 172 paths.extend([ 173 (pathutils.QUEUE_DIR, DIR, 0750, getent.masterd_uid, getent.daemons_gid), 174 (pathutils.QUEUE_DIR, QUEUE_DIR, constants.JOB_QUEUE_FILES_PERMS, 175 getent.masterd_uid, getent.daemons_gid), 176 (pathutils.JOB_QUEUE_DRAIN_FILE, FILE, 0644, 177 getent.masterd_uid, getent.daemons_gid, False), 178 (pathutils.JOB_QUEUE_LOCK_FILE, FILE, constants.JOB_QUEUE_FILES_PERMS, 179 getent.masterd_uid, getent.daemons_gid, False), 180 (pathutils.JOB_QUEUE_SERIAL_FILE, FILE, constants.JOB_QUEUE_FILES_PERMS, 181 getent.masterd_uid, getent.daemons_gid, False), 182 (pathutils.JOB_QUEUE_VERSION_FILE, FILE, constants.JOB_QUEUE_FILES_PERMS, 183 getent.masterd_uid, getent.daemons_gid, False), 184 (pathutils.JOB_QUEUE_ARCHIVE_DIR, DIR, 0750, 185 getent.masterd_uid, getent.daemons_gid), 186 (rapi_dir, DIR, 0750, getent.rapi_uid, getent.masterd_gid), 187 (pathutils.RAPI_USERS_FILE, FILE, 0640, 188 getent.rapi_uid, getent.masterd_gid, False), 189 (pathutils.RUN_DIR, DIR, 0775, getent.masterd_uid, getent.daemons_gid), 190 (pathutils.SOCKET_DIR, DIR, 0770, getent.masterd_uid, getent.daemons_gid), 191 (pathutils.MASTER_SOCKET, FILE, 0660, 192 getent.masterd_uid, getent.daemons_gid, False), 193 (pathutils.QUERY_SOCKET, FILE, 0660, 194 getent.luxid_uid, getent.daemons_gid, False), 195 (pathutils.BDEV_CACHE_DIR, DIR, 0755, 196 getent.noded_uid, getent.masterd_gid), 197 (pathutils.UIDPOOL_LOCKDIR, DIR, 0750, 198 getent.noded_uid, getent.masterd_gid), 199 (pathutils.DISK_LINKS_DIR, DIR, 0755, 200 getent.noded_uid, getent.masterd_gid), 201 (pathutils.CRYPTO_KEYS_DIR, DIR, 0700, 202 getent.noded_uid, getent.masterd_gid), 203 (pathutils.IMPORT_EXPORT_DIR, DIR, 0755, 204 getent.noded_uid, getent.masterd_gid), 205 (pathutils.LOG_DIR, DIR, 0770, getent.masterd_uid, getent.daemons_gid), 206 (masterd_log, FILE, 0600, getent.masterd_uid, getent.masterd_gid, False), 207 (confd_log, FILE, 0600, getent.confd_uid, getent.masterd_gid, False), 208 (luxid_log, FILE, 0600, getent.luxid_uid, getent.masterd_gid, False), 209 (noded_log, FILE, 0600, getent.noded_uid, getent.masterd_gid, False), 210 (rapi_log, FILE, 0600, getent.rapi_uid, getent.masterd_gid, False), 211 (mond_log, FILE, 0600, getent.mond_uid, getent.masterd_gid, False), 212 (pathutils.LOG_OS_DIR, DIR, 0750, getent.noded_uid, getent.daemons_gid), 213 (pathutils.LOG_XEN_DIR, DIR, 0750, getent.noded_uid, getent.daemons_gid), 214 (cleaner_log_dir, DIR, 0750, getent.noded_uid, getent.noded_gid), 215 (master_cleaner_log_dir, DIR, 0750, getent.masterd_uid, getent.masterd_gid), 216 (pathutils.INSTANCE_REASON_DIR, DIR, 0755, getent.noded_uid, 217 getent.noded_gid), 218 ]) 219 220 return paths

221 222

223 -def ParseOptions():

224 """Parses the options passed to the program. 225 226 @return: Options and arguments 227 228 """ 229 program = os.path.basename(sys.argv[0]) 230 231 parser = optparse.OptionParser(usage="%prog [--full-run]", 232 prog=program) 233 parser.add_option(cli.DEBUG_OPT) 234 parser.add_option(cli.VERBOSE_OPT) 235 parser.add_option("--full-run", "-f", dest="full_run", action="store_true", 236 default=False, help=("Make a full run and set permissions" 237 " on archived jobs (time consuming)")) 238 239 return parser.parse_args()

240 241

242 -def Main():

243 """Main routine. 244 245 """ 246 (opts, args) = ParseOptions() 247 248 utils.SetupToolLogging(opts.debug, opts.verbose) 249 250 if args: 251 logging.error("No arguments are expected") 252 return constants.EXIT_FAILURE 253 254 if opts.full_run: 255 logging.info("Running in full mode") 256 257 getent = runtime.GetEnts() 258 259 try: 260 for path in GetPaths(): 261 ProcessPath(path) 262 263 if opts.full_run: 264 RecursiveEnsure(pathutils.JOB_QUEUE_ARCHIVE_DIR, getent.masterd_uid, 265 getent.daemons_gid, 0750, constants.JOB_QUEUE_FILES_PERMS) 266 except errors.GenericError, err: 267 logging.error("An error occurred while setting permissions: %s", err) 268 return constants.EXIT_FAILURE 269 270 return constants.EXIT_SUCCESS

271

Source Code for Module ganeti.tools.ensure_dirs