Move security task to common tasks

Converted root pw task to plugin

manifests/one-ide.manifest.json

@@ -3,8 +3,7 @@
 	"virtualization": "ide",
 	"credentials"   : {
 		"access-key": null,
-		"secret-key": null,
-		"root": "test"
+		"secret-key": null
 	},
 
 	"bootstrapper": {

manifests/one-virtio.manifest.json

@@ -3,8 +3,7 @@
 	"virtualization": "virtio",
 	"credentials"   : {
 		"access-key": null,
-		"secret-key": null,
-		"root": "test"
+		"secret-key": null
 	},
 
 	"bootstrapper": {

plugins/root_password/__init__.py

@@ -0,0 +1,12 @@
+
+
+def tasks(tasklist, manifest):
+	from common.tasks import DisableSSHPasswordAuthentication
+	from tasks import SetRootPassword
+	tasklist.replace(DisableSSHPasswordAuthentication, SetRootPassword())
+
+
+def validate_manifest(data, schema_validate):
+	from os import path
+	schema_path = path.normpath(path.join(path.dirname(__file__), 'manifest-schema.json'))
+	schema_validate(data, schema_path)

plugins/root_password/manifest-schema.json

@@ -0,0 +1,23 @@
+{
+	"$schema": "http://json-schema.org/draft-04/schema#",
+	"title": "Root password plugin manifest",
+	"type": "object",
+	"properties": {
+		"plugins": {
+			"type": "object",
+			"properties": {
+				"root_password": {
+					"type": "object",
+					"properties": {
+						"password": {
+							"type": "string"
+						}
+					},
+					"required": ["password"]
+				}
+			},
+			"required": ["root_password"]
+		}
+	},
+	"required": ["plugins"]
+}

plugins/root_password/tasks.py

@@ -0,0 +1,12 @@
+from base import Task
+from common import phases
+
+
+class SetRootPassword(Task):
+	description = 'Setting the root password'
+	phase = phases.system_modification
+
+	def run(self, info):
+		from common.tools import log_check_call
+		log_check_call(['/usr/sbin/chroot', info.root, '/usr/sbin/chpasswd'],
+		               'root:'+info.manifest.plugins['root_password']['password'])

providers/ec2/__init__.py

@@ -12,7 +12,7 @@ from common.tasks import locale
 from common.tasks import apt
 from tasks import boot
 from common.tasks import boot as common_boot
-from tasks import security
+from common.tasks import security
 from common.tasks import network
 from tasks import initd
 from common.tasks import initd as common_initd

providers/raw/__init__.py

@@ -7,7 +7,7 @@ from common.tasks import locale
 from common.tasks import apt
 from tasks import boot
 from common.tasks import boot as common_boot
-from tasks import security
+from common.tasks import security
 from common.tasks import network
 from common.tasks import initd
 from common.tasks import cleanup

providers/raw/tasks/security.py

@@ -1,42 +0,0 @@
-from base import Task
-from common import phases
-import os.path
-
-
-class EnableShadowConfig(Task):
-	description = 'Enabling shadowconfig'
-	phase = phases.system_modification
-
-	def run(self, info):
-		from common.tools import log_check_call
-		log_check_call(['/usr/sbin/chroot', info.root, '/sbin/shadowconfig', 'on'])
-
-class SetRootPassword(Task):
-	description = 'Set password for root'
-	phase = phases.system_modification
-
-	def run(self, info):
-		from common.tools import log_check_call
-		if info.manifest.credentials['root']:
-			log_check_call(['/usr/sbin/chroot', info.root, '/usr/sbin/chpasswd'], 'root:'+info.manifest.credentials['root'])
-
-class DisableSSHPasswordAuthentication(Task):
-	description = 'Disabling SSH password authentication'
-	phase = phases.system_modification
-
-	def run(self, info):
-		from common.tools import sed_i
-		if 'root' not in info.manifest.credentials:
-			# If no password set for root
-			sshd_config_path = os.path.join(info.root, 'etc/ssh/sshd_config')
-			sed_i(sshd_config_path, '^#PasswordAuthentication yes', 'PasswordAuthentication no')
-
-
-class DisableSSHDNSLookup(Task):
-	description = 'Disabling sshd remote host name lookup'
-	phase = phases.system_modification
-
-	def run(self, info):
-		sshd_config_path = os.path.join(info.root, 'etc/ssh/sshd_config')
-		with open(sshd_config_path, 'a') as sshd_config:
-			sshd_config.write('UseDNS no')