func/commonconfig.py func/overlord func/utils.py

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 func/commonconfig.py              |    2 -
 func/overlord/client.py           |   70 +++++++++++++++++++++++++-------------
 func/overlord/delegation_tools.py |   13 ++++---
 func/utils.py                     |    7 +++
 4 files changed, 63 insertions(+), 29 deletions(-)

New commits:
commit 82c08a57832a7a7bc057c655af49f1392e8b1568
Author: S.Ã?aÄ?lar Onur <caglar@xxxxxxxxxxxxxxxx>
Date:   Tue Aug 10 15:36:23 2010 -0400

    * Add globbing support to delegation mode,
    * Invoke the sub-overlord only if it is really required,
    * Incorporate Seth Vidal's "make sure we catch unresolveable hostname errors and behave accordingly" patch so that non-fqdn hostnames can be used with delegation as well,
    * Introduce allow_unknown_minions (False by default) Overlord config option to onditionalize the unknown-host behavior

diff --git a/func/commonconfig.py b/func/commonconfig.py
index ab2ce04..224c156 100644
--- a/func/commonconfig.py
+++ b/func/commonconfig.py
@@ -48,5 +48,5 @@ class OverlordConfig(BaseConfig):
     puppet_signed_certs_dir = Option('/var/lib/puppet/ssl/ca/signed')
     puppet_crl = Option('/var/lib/puppet/ssl/ca/ca_crl.pem')
     host_down_list = Option('/var/lib/func/hosts_down.lst')
-
+    allow_unknown_minions = BoolOption(False)
     
diff --git a/func/overlord/client.py b/func/overlord/client.py
index 4ccd98e..0931172 100644
--- a/func/overlord/client.py
+++ b/func/overlord/client.py
@@ -22,7 +22,6 @@ import shlex
 import subprocess
 import re
 import fnmatch
-import socket
 import func.yaml as yaml
 
 from certmaster.commonconfig import CMConfig
@@ -149,6 +148,16 @@ class Minions(object):
         tmp_certs = set()
         tmp_hosts = set()
 
+        # if call is delegated find the shortest path to the minion and use the sub-overlord's certificate
+        if self.delegate:
+            try:
+                each_gloob = func_utils.get_all_host_aliases(each_gloob)[0]
+                shortest_path = dtools.get_shortest_path(each_gloob, self.minionmap)
+            except IndexError:
+                return tmp_hosts,tmp_certs
+            else:
+                each_gloob = shortest_path[0]
+
         actual_gloob = "%s/%s.%s" % (self.cm_config.certroot, each_gloob, self.cm_config.cert_extension)
         certs = glob.glob(actual_gloob)
         
@@ -161,19 +170,19 @@ class Minions(object):
         # let the gloob be the hostname we try to connect to.
         if not certs and not func_utils.re_glob(each_gloob):
             found_by_alias = False
-            (fqdn, aliases, ips) = socket.gethostbyname_ex(each_gloob)
+            aliases = func_utils.get_all_host_aliases(each_gloob)
 
-            for name in [fqdn] + aliases:
+            for name in aliases:
                 actual_gloob = "%s/%s.%s" % (self.cm_config.certroot, name, self.cm_config.cert_extension)
                 certs += glob.glob(actual_gloob)
                 if self.cm_config.peering:
                     peer_gloob = "%s/%s.%s" % (self.cm_config.peerroot, name, self.cm_config.cert_extension)
                     certs += glob.glob(peer_gloob)
                     break
-                    
-            if not certs:
+
+            if self.overlord_config.allow_unknown_minions and not certs:
                 tmp_hosts.add(each_gloob)
-        
+
         for cert in certs:
             tmp_certs.add(cert)
             # use basename to trim off any excess /'s, fix
@@ -330,7 +339,17 @@ class PuppetMinions(Minions):
                     host_inv[hn] = serial
                 fo.close()
                 self._host_inv = host_inv # store ours
-                
+
+        # if call is delegated find the shortest path to the minion and use the sub-overlord's certificate
+        if self.delegate:
+            try:
+                each_gloob = func_utils.get_all_host_aliases(each_gloob)[0]
+                shortest_path = dtools.get_shortest_path(each_gloob, self.minionmap)
+            except IndexError:
+                return tmp_hosts,tmp_certs
+            else:
+                each_gloob = shortest_path[0]
+
         # revoked certs
         self._return_revoked_serials(self.overlord_config.puppet_crl)
         for hostname in self._host_inv.keys():
@@ -349,17 +368,17 @@ class PuppetMinions(Minions):
             # or aliases matches _something_ we know about
             if not matched_gloob and not func_utils.re_glob(each_gloob):
                 found_by_alias = False
-                (fqdn, aliases, ips) = socket.gethostbyname_ex(each_gloob)
-                for name in [fqdn] + aliases:
+                aliases = func_utils.get_all_host_aliases(each_gloob)
+                for name in aliases:
                     if name in self._host_inv and int(self._host_inv[name], 16) not in self._revoked_serials:
                         if os.path.exists(self.overlord_config.puppet_signed_certs_dir + '/' + name + '.pem'):
                             tmp_hosts.add(name)
                             found_by_alias = True
                             break
-                
-                if not found_by_alias:
+
+                if self.overlord_config.allow_unknown_minions and not found_by_alias:
                     tmp_hosts.add(each_gloob)
-                    
+
                 # don't return certs path - just hosts
 
         return tmp_hosts,tmp_certs
@@ -460,7 +479,10 @@ class Overlord(object):
 
         self.delegate    = delegate
         self.mapfile     = mapfile
-        
+        self.minionmap   = {}
+
+        self.allow_unknown_minions = self.config.allow_unknown_minions
+
         #overlord_query stuff
         self.overlord_query = OverlordQuery()
         if self.config.puppet_minions:
@@ -468,14 +490,6 @@ class Overlord(object):
         else:
             self._mc = Minions
             
-        self.minions_class = self._mc(self.server_spec, port=self.port, 
-                                noglobs=self.noglobs, verbose=self.verbose, 
-                                exclude_spec=self.exclude_spec)
-        self.minions = self.minions_class.get_urls()
-        
-        if len(self.minions) == 0:
-            raise Func_Client_Exception, 'Can\'t find any minions matching \"%s\". ' % self.server_spec
-        
         if self.delegate:
             try:
                 mapstream = file(self.mapfile, 'r').read()
@@ -483,7 +497,16 @@ class Overlord(object):
             except e:
                 sys.stderr.write("mapfile load failed, switching delegation off")
                 self.delegate = False
-    
+
+        self.minions_class = self._mc(self.server_spec, port=self.port,
+                                noglobs=self.noglobs, verbose=self.verbose,
+                                delegate=self.delegate,minionmap=self.minionmap,
+                                exclude_spec=self.exclude_spec)
+        self.minions = self.minions_class.get_urls()
+
+        if len(self.minions) == 0:
+            raise Func_Client_Exception, 'Can\'t find any minions matching \"%s\". ' % self.server_spec
+
         if init_ssl:
             self.setup_ssl()
 
@@ -730,7 +753,8 @@ class Overlord(object):
         #Next, we run everything that can be run directly beneath this overlord
         #Why do we do this after delegation calls?  Imagine what happens when
         #reboot is called...
-        directhash.update(self.run_direct(module,method,args,nforks))
+        if single_paths != []:
+            directhash.update(self.run_direct(module,method,args,nforks))
         
         #poll async results if we've async turned on
         if self.async:
diff --git a/func/overlord/delegation_tools.py b/func/overlord/delegation_tools.py
index 0f3b43e..eb192b4 100644
--- a/func/overlord/delegation_tools.py
+++ b/func/overlord/delegation_tools.py
@@ -15,6 +15,7 @@
 ## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 ##
 
+from func import utils as func_utils
 import fnmatch
 
 class groupby(object):
@@ -60,17 +61,19 @@ def group_paths(ungrouped_list):
     
     return (single_paths,path_group)
                                           
-def get_paths_for_glob(glob, minionmap):
+def get_paths_for_glob(glob_list, minionmap):
     """
     Given a glob, returns shortest path to all minions
     matching it in the delegation dictionary tree
     """
     
     pathlist = []
-    for elem in match_glob_in_tree(glob,minionmap):
-        result = get_shortest_path(elem,minionmap)
-        if result not in pathlist: #prevents duplicates
-            pathlist.append(result)
+    for glob in glob_list.split(";"):
+        glob = func_utils.get_all_host_aliases(glob)[0]
+        for elem in match_glob_in_tree(glob,minionmap):
+            result = get_shortest_path(elem,minionmap)
+            if result not in pathlist: #prevents duplicates
+                pathlist.append(result)
     return pathlist
 
 def list_all_minions(minionmap):
diff --git a/func/utils.py b/func/utils.py
index 632d727..fcc5cdc 100644
--- a/func/utils.py
+++ b/func/utils.py
@@ -141,6 +141,13 @@ def get_hostname_by_route():
     # an ip address
     return socket.gethostbyname(socket.gethostname())
 
+def get_all_host_aliases(hostname):
+    try:
+        (fqdn, aliases, ips) = socket.gethostbyname_ex(hostname)
+    except socket.gaierror, e:
+        return [hostname]
+    else:
+        return [fqdn] + aliases
 
 def get_fresh_method_instance(function_ref):
     """


_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list

[Index of Archives]     [Fedora Users]     [Linux Networking]     [Fedora Legacy List]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux