U Ad @sUdZddlZddlZddlmZddlmZddlmZddl m Zddl m Z m Z ddl mZdd lmZdd lmZmZdd lmZd Zd ZdZeeZdZdgZdddeeedgedgdZeed<eeZeeefddZ e!eeee"ddddZ#dS)z6 Mcollective: Install, configure and start mcollectiveN)Logger)dedent) ConfigObj)log)subputil)Cloud)Config) MetaSchema get_meta_doc) PER_INSTANCEz&/etc/mcollective/ssl/server-public.pemz'/etc/mcollective/ssl/server-private.pemz/etc/mcollective/server.cfgaThis module installs, configures and starts mcollective. If the ``mcollective`` key is present in config, then mcollective will be installed and started. Configuration for ``mcollective`` can be specified in the ``conf`` key under ``mcollective``. Each config value consists of a key value pair and will be written to ``/etc/mcollective/server.cfg``. The ``public-cert`` and ``private-cert`` keys, if present in conf may be used to specify the public and private certificates for mcollective. Their values will be written to ``/etc/mcollective/ssl/server-public.pem`` and ``/etc/mcollective/ssl/server-private.pem``. .. note:: The ec2 metadata service is readable by non-root users. If security is a concern, use include-once and ssl urls. allZcc_mcollectiveZ Mcollectivez(Install, configure and start mcollectivea # Provide server private and public key and provide the following # config settings in /etc/mcollective/server.cfg: # loglevel: debug # plugin.stomp.host: dbhost # WARNING WARNING WARNING # The ec2 metadata service is a network service, and thus is # readable by non-root users on the system # (ie: 'ec2metadata --user-data') # If you want security for this, please use include-once + SSL urls mcollective: conf: loglevel: debug plugin.stomp.host: dbhost public-cert: | -------BEGIN CERTIFICATE-------- -------END CERTIFICATE-------- private-cert: | -------BEGIN CERTIFICATE-------- -------END CERTIFICATE-------- mcollective)idnametitleZ descriptiondistrosZexamplesZ frequencyZactivate_by_schema_keysmetac Csz"tj|ddd}tt|}WnDtk rf}z&|jtjkrDnt d|t}W5d}~XYnX| D]\}}|dkrtj ||dd||d<d|d <qp|d krtj ||d d||d <d|d <qpt |t r|||<qpt |tr ||jkri||<| D]\} } | ||| <qqpt |||<qpzt|d |Wn6tk rx}z|jtjkrfnW5d}~XYnXt} || tj || dddS)NF)quietdecodez4Did not find file %s (starting with an empty config)z public-certi)modezplugin.ssl_server_publicZsslZsecurityproviderz private-certizplugin.ssl_server_privatez%s.old)rZ load_filerioBytesIOIOErrorerrnoZENOENTLOGdebugitemsZ write_file isinstancestrdictZsectionscopywritegetvalue) configZ server_cfgZ pubcert_fileZ pricert_fileZ old_contentsZmcollective_configeZcfg_namecfgovcontentsr*A/usr/lib/python3/dist-packages/cloudinit/config/cc_mcollective.py configure^sJ        r,)rr&cloudrargsreturncCsZd|kr|d|dS|d}|jdd|krBt|ddtjdddgdd dS) Nrz?Skipping module named %s, no 'mcollective' key in configuration)rconf)r$serviceZrestartF)Zcapture)rZdistroZinstall_packagesr,r)rr&r-rr.Zmcollective_cfgr*r*r+handles r2)$__doc__rrZloggingrtextwraprZ configobjrZ cloudinitrrrZcloudinit.cloudrZcloudinit.configr Zcloudinit.config.schemar r Zcloudinit.settingsr Z PUBCERT_FILEZ PRICERT_FILEZ SERVER_CFGZ getLogger__name__rZMODULE_DESCRIPTIONrr__annotations__r,rlistr2r*r*r*r+ sR        & >