Package ganeti :: Package tools :: Module ensure_dirs
[hide private]
[frames] | no frames]

Source Code for Module ganeti.tools.ensure_dirs

  1  # 
  2  # 
  3   
  4  # Copyright (C) 2011 Google Inc. 
  5  # All rights reserved. 
  6  # 
  7  # Redistribution and use in source and binary forms, with or without 
  8  # modification, are permitted provided that the following conditions are 
  9  # met: 
 10  # 
 11  # 1. Redistributions of source code must retain the above copyright notice, 
 12  # this list of conditions and the following disclaimer. 
 13  # 
 14  # 2. Redistributions in binary form must reproduce the above copyright 
 15  # notice, this list of conditions and the following disclaimer in the 
 16  # documentation and/or other materials provided with the distribution. 
 17  # 
 18  # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 
 19  # IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 
 20  # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
 21  # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR 
 22  # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
 23  # EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 
 24  # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 
 25  # PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 
 26  # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 
 27  # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
 28  # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
 29   
 30  """Script to ensure permissions on files/dirs are accurate. 
 31   
 32  """ 
 33   
 34  import os 
 35  import os.path 
 36  import optparse 
 37  import sys 
 38  import logging 
 39   
 40  from ganeti import constants 
 41  from ganeti import errors 
 42  from ganeti import runtime 
 43  from ganeti import ssconf 
 44  from ganeti import utils 
 45  from ganeti import cli 
 46  from ganeti import pathutils 
 47  from ganeti import compat 
 48   
 49   
 50  (DIR, 
 51   FILE, 
 52   QUEUE_DIR) = range(1, 4) 
 53   
 54  ALL_TYPES = compat.UniqueFrozenset([ 
 55    DIR, 
 56    FILE, 
 57    QUEUE_DIR, 
 58    ]) 
 59   
 60   
61 -def RecursiveEnsure(path, uid, gid, dir_perm, file_perm):
62 """Ensures permissions recursively down a directory. 63 64 This functions walks the path and sets permissions accordingly. 65 66 @param path: The absolute path to walk 67 @param uid: The uid used as owner 68 @param gid: The gid used as group 69 @param dir_perm: The permission bits set for directories 70 @param file_perm: The permission bits set for files 71 72 """ 73 assert os.path.isabs(path), "Path %s is not absolute" % path 74 assert os.path.isdir(path), "Path %s is not a dir" % path 75 76 logging.debug("Recursively processing %s", path) 77 78 for root, dirs, files in os.walk(path): 79 for subdir in dirs: 80 utils.EnforcePermission(os.path.join(root, subdir), dir_perm, uid=uid, 81 gid=gid) 82 83 for filename in files: 84 utils.EnforcePermission(os.path.join(root, filename), file_perm, uid=uid, 85 gid=gid)
86 87
88 -def EnsureQueueDir(path, mode, uid, gid):
89 """Sets the correct permissions on all job files in the queue. 90 91 @param path: Directory path 92 @param mode: Wanted file mode 93 @param uid: Wanted user ID 94 @param gid: Wanted group ID 95 96 """ 97 for filename in utils.ListVisibleFiles(path): 98 if constants.JOB_FILE_RE.match(filename): 99 utils.EnforcePermission(utils.PathJoin(path, filename), mode, uid=uid, 100 gid=gid)
101 102
103 -def ProcessPath(path):
104 """Processes a path component. 105 106 @param path: A tuple of the path component to process 107 108 """ 109 (pathname, pathtype, mode, uid, gid) = path[0:5] 110 111 assert pathtype in ALL_TYPES 112 113 if pathtype in (DIR, QUEUE_DIR): 114 # No additional parameters 115 assert len(path) == 5 116 if pathtype == DIR: 117 utils.MakeDirWithPerm(pathname, mode, uid, gid) 118 elif pathtype == QUEUE_DIR: 119 EnsureQueueDir(pathname, mode, uid, gid) 120 elif pathtype == FILE: 121 (must_exist, ) = path[5:] 122 utils.EnforcePermission(pathname, mode, uid=uid, gid=gid, 123 must_exist=must_exist)
124 125
126 -def GetPaths():
127 """Returns a tuple of path objects to process. 128 129 """ 130 getent = runtime.GetEnts() 131 masterd_log = constants.DAEMONS_LOGFILES[constants.MASTERD] 132 noded_log = constants.DAEMONS_LOGFILES[constants.NODED] 133 confd_log = constants.DAEMONS_LOGFILES[constants.CONFD] 134 luxid_log = constants.DAEMONS_LOGFILES[constants.LUXID] 135 rapi_log = constants.DAEMONS_LOGFILES[constants.RAPI] 136 mond_log = constants.DAEMONS_LOGFILES[constants.MOND] 137 138 rapi_dir = os.path.join(pathutils.DATA_DIR, "rapi") 139 cleaner_log_dir = os.path.join(pathutils.LOG_DIR, "cleaner") 140 master_cleaner_log_dir = os.path.join(pathutils.LOG_DIR, "master-cleaner") 141 142 # A note on the ordering: The parent directory (type C{DIR}) must always be 143 # listed before files (type C{FILE}) in that directory. Once the directory is 144 # set, only files directly in that directory can be listed. 145 paths = [ 146 (pathutils.DATA_DIR, DIR, 0755, getent.masterd_uid, getent.masterd_gid), 147 (pathutils.CLUSTER_DOMAIN_SECRET_FILE, FILE, 0640, 148 getent.masterd_uid, getent.masterd_gid, False), 149 (pathutils.CLUSTER_CONF_FILE, FILE, 0640, 150 getent.masterd_uid, getent.confd_gid, False), 151 (pathutils.CONFD_HMAC_KEY, FILE, 0440, 152 getent.confd_uid, getent.masterd_gid, False), 153 (pathutils.SSH_KNOWN_HOSTS_FILE, FILE, 0644, 154 getent.masterd_uid, getent.masterd_gid, False), 155 (pathutils.RAPI_CERT_FILE, FILE, 0440, 156 getent.rapi_uid, getent.masterd_gid, False), 157 (pathutils.SPICE_CERT_FILE, FILE, 0440, 158 getent.noded_uid, getent.masterd_gid, False), 159 (pathutils.SPICE_CACERT_FILE, FILE, 0440, 160 getent.noded_uid, getent.masterd_gid, False), 161 (pathutils.NODED_CERT_FILE, FILE, pathutils.NODED_CERT_MODE, 162 getent.masterd_uid, getent.masterd_gid, False), 163 (pathutils.NODED_CLIENT_CERT_FILE, FILE, pathutils.NODED_CERT_MODE, 164 getent.masterd_uid, getent.masterd_gid, False), 165 (pathutils.WATCHER_PAUSEFILE, FILE, 0644, 166 getent.masterd_uid, getent.masterd_gid, False), 167 ] 168 169 ss = ssconf.SimpleStore() 170 for ss_path in ss.GetFileList(): 171 paths.append((ss_path, FILE, constants.SS_FILE_PERMS, 172 getent.noded_uid, getent.noded_gid, False)) 173 174 paths.extend([ 175 (pathutils.QUEUE_DIR, DIR, 0750, getent.masterd_uid, getent.daemons_gid), 176 (pathutils.QUEUE_DIR, QUEUE_DIR, constants.JOB_QUEUE_FILES_PERMS, 177 getent.masterd_uid, getent.daemons_gid), 178 (pathutils.JOB_QUEUE_DRAIN_FILE, FILE, 0644, 179 getent.masterd_uid, getent.daemons_gid, False), 180 (pathutils.JOB_QUEUE_LOCK_FILE, FILE, constants.JOB_QUEUE_FILES_PERMS, 181 getent.masterd_uid, getent.daemons_gid, False), 182 (pathutils.JOB_QUEUE_SERIAL_FILE, FILE, constants.JOB_QUEUE_FILES_PERMS, 183 getent.masterd_uid, getent.daemons_gid, False), 184 (pathutils.JOB_QUEUE_VERSION_FILE, FILE, constants.JOB_QUEUE_FILES_PERMS, 185 getent.masterd_uid, getent.daemons_gid, False), 186 (pathutils.JOB_QUEUE_ARCHIVE_DIR, DIR, 0750, 187 getent.masterd_uid, getent.daemons_gid), 188 (rapi_dir, DIR, 0750, getent.rapi_uid, getent.masterd_gid), 189 (pathutils.RAPI_USERS_FILE, FILE, 0640, 190 getent.rapi_uid, getent.masterd_gid, False), 191 (pathutils.RUN_DIR, DIR, 0775, getent.masterd_uid, getent.daemons_gid), 192 (pathutils.SOCKET_DIR, DIR, 0770, getent.masterd_uid, getent.daemons_gid), 193 (pathutils.MASTER_SOCKET, FILE, 0660, 194 getent.masterd_uid, getent.daemons_gid, False), 195 (pathutils.QUERY_SOCKET, FILE, 0660, 196 getent.luxid_uid, getent.daemons_gid, False), 197 (pathutils.BDEV_CACHE_DIR, DIR, 0755, 198 getent.noded_uid, getent.masterd_gid), 199 (pathutils.UIDPOOL_LOCKDIR, DIR, 0750, 200 getent.noded_uid, getent.masterd_gid), 201 (pathutils.DISK_LINKS_DIR, DIR, 0755, 202 getent.noded_uid, getent.masterd_gid), 203 (pathutils.CRYPTO_KEYS_DIR, DIR, 0700, 204 getent.noded_uid, getent.masterd_gid), 205 (pathutils.IMPORT_EXPORT_DIR, DIR, 0755, 206 getent.noded_uid, getent.masterd_gid), 207 (pathutils.LOG_DIR, DIR, 0770, getent.masterd_uid, getent.daemons_gid), 208 (masterd_log, FILE, 0600, getent.masterd_uid, getent.masterd_gid, False), 209 (confd_log, FILE, 0600, getent.confd_uid, getent.masterd_gid, False), 210 (luxid_log, FILE, 0600, getent.luxid_uid, getent.masterd_gid, False), 211 (noded_log, FILE, 0600, getent.noded_uid, getent.masterd_gid, False), 212 (rapi_log, FILE, 0600, getent.rapi_uid, getent.masterd_gid, False), 213 (mond_log, FILE, 0600, getent.mond_uid, getent.masterd_gid, False), 214 (pathutils.LOG_OS_DIR, DIR, 0750, getent.noded_uid, getent.daemons_gid), 215 (pathutils.LOG_XEN_DIR, DIR, 0750, getent.noded_uid, getent.daemons_gid), 216 (cleaner_log_dir, DIR, 0750, getent.noded_uid, getent.noded_gid), 217 (master_cleaner_log_dir, DIR, 0750, getent.masterd_uid, getent.masterd_gid), 218 (pathutils.INSTANCE_REASON_DIR, DIR, 0755, getent.noded_uid, 219 getent.noded_gid), 220 (pathutils.LIVELOCK_DIR, DIR, 0750, getent.masterd_uid, getent.daemons_gid), 221 (pathutils.LUXID_MESSAGE_DIR, DIR, 0750, getent.masterd_uid, 222 getent.daemons_gid), 223 ]) 224 225 return paths
226 227
228 -def ParseOptions():
229 """Parses the options passed to the program. 230 231 @return: Options and arguments 232 233 """ 234 program = os.path.basename(sys.argv[0]) 235 236 parser = optparse.OptionParser(usage="%prog [--full-run]", 237 prog=program) 238 parser.add_option(cli.DEBUG_OPT) 239 parser.add_option(cli.VERBOSE_OPT) 240 parser.add_option("--full-run", "-f", dest="full_run", action="store_true", 241 default=False, help=("Make a full run and set permissions" 242 " on archived jobs (time consuming)")) 243 244 return parser.parse_args()
245 246
247 -def Main():
248 """Main routine. 249 250 """ 251 (opts, args) = ParseOptions() 252 253 utils.SetupToolLogging( 254 opts.debug, opts.verbose, 255 toolname=os.path.splitext(os.path.basename(__file__))[0]) 256 257 if args: 258 logging.error("No arguments are expected") 259 return constants.EXIT_FAILURE 260 261 if opts.full_run: 262 logging.info("Running in full mode") 263 264 getent = runtime.GetEnts() 265 266 try: 267 for path in GetPaths(): 268 ProcessPath(path) 269 270 if opts.full_run: 271 RecursiveEnsure(pathutils.JOB_QUEUE_ARCHIVE_DIR, getent.masterd_uid, 272 getent.daemons_gid, 0750, constants.JOB_QUEUE_FILES_PERMS) 273 except errors.GenericError, err: 274 logging.error("An error occurred while setting permissions: %s", err) 275 return constants.EXIT_FAILURE 276 277 return constants.EXIT_SUCCESS
278