From ec6639c8be223102e19253925b76053f4c8189f3 Mon Sep 17 00:00:00 2001 From: Anders Ingemann Date: Sat, 10 Aug 2013 17:12:58 +0200 Subject: [PATCH] Move security task to common tasks Converted root pw task to plugin --- {providers/ec2 => common}/tasks/security.py | 0 ...one-ide.manifest => one-ide.manifest.json} | 3 +- ...rtio.manifest => one-virtio.manifest.json} | 3 +- plugins/root_password/__init__.py | 12 ++++++ plugins/root_password/manifest-schema.json | 23 ++++++++++ plugins/root_password/tasks.py | 12 ++++++ providers/ec2/__init__.py | 2 +- providers/raw/__init__.py | 2 +- providers/raw/tasks/security.py | 42 ------------------- 9 files changed, 51 insertions(+), 48 deletions(-) rename {providers/ec2 => common}/tasks/security.py (100%) rename manifests/{one-ide.manifest => one-ide.manifest.json} (96%) rename manifests/{one-virtio.manifest => one-virtio.manifest.json} (96%) create mode 100644 plugins/root_password/__init__.py create mode 100644 plugins/root_password/manifest-schema.json create mode 100644 plugins/root_password/tasks.py delete mode 100644 providers/raw/tasks/security.py diff --git a/providers/ec2/tasks/security.py b/common/tasks/security.py similarity index 100% rename from providers/ec2/tasks/security.py rename to common/tasks/security.py diff --git a/manifests/one-ide.manifest b/manifests/one-ide.manifest.json similarity index 96% rename from manifests/one-ide.manifest rename to manifests/one-ide.manifest.json index e1add0c..e525120 100644 --- a/manifests/one-ide.manifest +++ b/manifests/one-ide.manifest.json @@ -3,8 +3,7 @@ "virtualization": "ide", "credentials" : { "access-key": null, - "secret-key": null, - "root": "test" + "secret-key": null }, "bootstrapper": { diff --git a/manifests/one-virtio.manifest b/manifests/one-virtio.manifest.json similarity index 96% rename from manifests/one-virtio.manifest rename to manifests/one-virtio.manifest.json index 19b2748..387950c 100644 --- a/manifests/one-virtio.manifest +++ b/manifests/one-virtio.manifest.json @@ -3,8 +3,7 @@ "virtualization": "virtio", "credentials" : { "access-key": null, - "secret-key": null, - "root": "test" + "secret-key": null }, "bootstrapper": { diff --git a/plugins/root_password/__init__.py b/plugins/root_password/__init__.py new file mode 100644 index 0000000..f9590f5 --- /dev/null +++ b/plugins/root_password/__init__.py @@ -0,0 +1,12 @@ + + +def tasks(tasklist, manifest): + from common.tasks import DisableSSHPasswordAuthentication + from tasks import SetRootPassword + tasklist.replace(DisableSSHPasswordAuthentication, SetRootPassword()) + + +def validate_manifest(data, schema_validate): + from os import path + schema_path = path.normpath(path.join(path.dirname(__file__), 'manifest-schema.json')) + schema_validate(data, schema_path) diff --git a/plugins/root_password/manifest-schema.json b/plugins/root_password/manifest-schema.json new file mode 100644 index 0000000..4344d4a --- /dev/null +++ b/plugins/root_password/manifest-schema.json @@ -0,0 +1,23 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Root password plugin manifest", + "type": "object", + "properties": { + "plugins": { + "type": "object", + "properties": { + "root_password": { + "type": "object", + "properties": { + "password": { + "type": "string" + } + }, + "required": ["password"] + } + }, + "required": ["root_password"] + } + }, + "required": ["plugins"] +} diff --git a/plugins/root_password/tasks.py b/plugins/root_password/tasks.py new file mode 100644 index 0000000..55c98d1 --- /dev/null +++ b/plugins/root_password/tasks.py @@ -0,0 +1,12 @@ +from base import Task +from common import phases + + +class SetRootPassword(Task): + description = 'Setting the root password' + phase = phases.system_modification + + def run(self, info): + from common.tools import log_check_call + log_check_call(['/usr/sbin/chroot', info.root, '/usr/sbin/chpasswd'], + 'root:'+info.manifest.plugins['root_password']['password']) diff --git a/providers/ec2/__init__.py b/providers/ec2/__init__.py index 9d7704e..bc19ab8 100644 --- a/providers/ec2/__init__.py +++ b/providers/ec2/__init__.py @@ -12,7 +12,7 @@ from common.tasks import locale from common.tasks import apt from tasks import boot from common.tasks import boot as common_boot -from tasks import security +from common.tasks import security from common.tasks import network from tasks import initd from common.tasks import initd as common_initd diff --git a/providers/raw/__init__.py b/providers/raw/__init__.py index 8faf20c..eee4fa3 100644 --- a/providers/raw/__init__.py +++ b/providers/raw/__init__.py @@ -7,7 +7,7 @@ from common.tasks import locale from common.tasks import apt from tasks import boot from common.tasks import boot as common_boot -from tasks import security +from common.tasks import security from common.tasks import network from common.tasks import initd from common.tasks import cleanup diff --git a/providers/raw/tasks/security.py b/providers/raw/tasks/security.py deleted file mode 100644 index 77f986c..0000000 --- a/providers/raw/tasks/security.py +++ /dev/null @@ -1,42 +0,0 @@ -from base import Task -from common import phases -import os.path - - -class EnableShadowConfig(Task): - description = 'Enabling shadowconfig' - phase = phases.system_modification - - def run(self, info): - from common.tools import log_check_call - log_check_call(['/usr/sbin/chroot', info.root, '/sbin/shadowconfig', 'on']) - -class SetRootPassword(Task): - description = 'Set password for root' - phase = phases.system_modification - - def run(self, info): - from common.tools import log_check_call - if info.manifest.credentials['root']: - log_check_call(['/usr/sbin/chroot', info.root, '/usr/sbin/chpasswd'], 'root:'+info.manifest.credentials['root']) - -class DisableSSHPasswordAuthentication(Task): - description = 'Disabling SSH password authentication' - phase = phases.system_modification - - def run(self, info): - from common.tools import sed_i - if 'root' not in info.manifest.credentials: - # If no password set for root - sshd_config_path = os.path.join(info.root, 'etc/ssh/sshd_config') - sed_i(sshd_config_path, '^#PasswordAuthentication yes', 'PasswordAuthentication no') - - -class DisableSSHDNSLookup(Task): - description = 'Disabling sshd remote host name lookup' - phase = phases.system_modification - - def run(self, info): - sshd_config_path = os.path.join(info.root, 'etc/ssh/sshd_config') - with open(sshd_config_path, 'a') as sshd_config: - sshd_config.write('UseDNS no')