func/jobthing.py | 2 +-
func/overlord/client.py | 19 ++++++++++++++-----
2 files changed, 15 insertions(+), 6 deletions(-)
New commits:
commit 70bedb875e77944b8cbec5a0d1d905f873525064
Author: Seth Vidal <skvidal@xxxxxxxxxxxxxxxxx>
Date: Tue Feb 22 00:07:19 2011 -0500
misc fixes to make minion to minion make sense
when we setup the minions_class - pass it the config we are running from in our overlord.
otherwise we'll end up ignoring valuable things like allow_unknown_minions = True
commandautomagic being the __getattr__ causes very odd errors when you're you've
got gummed up overlord configs for setting up the ssl connection. adding a default of ''
to the key, ca and cert keep this from happening.
Also add slightly nicer errors if we end up with ssl files we can't get read
diff --git a/func/overlord/client.py b/func/overlord/client.py
index fc75fa5..2d0aba0 100644
--- a/func/overlord/client.py
+++ b/func/overlord/client.py
@@ -506,6 +506,8 @@ class Overlord(object):
noglobs=self.noglobs, verbose=self.verbose,
delegate=self.delegate,minionmap=self.minionmap,
exclude_spec=self.exclude_spec)
+ # once we setup the minionsclass insert our current config object
+ self.minions_class.overlord_config = self.config
self.minions = self.minions_class.get_urls()
if len(self.minions) == 0:
@@ -517,6 +519,7 @@ class Overlord(object):
self.methods = module_loader.load_methods('func/overlord/modules/', overlord_module.BaseModule, self)
def setup_ssl(self, client_key=None, client_cert=None, ca=None):
+ self.ca = self.key = self.cert = ''
# defaults go:
# certmaster key, cert, ca
# funcd key, cert, ca
@@ -541,11 +544,9 @@ class Overlord(object):
if not os.access(self.ca, os.R_OK):
self.ca = '%s/ca.cert' % self.cm_config.cert_dir
if client_key and client_cert and ca:
- if (os.access(client_key, os.R_OK) and os.access(client_cert, os.R_OK)
- and os.access(ca, os.R_OK)):
- self.key = client_key
- self.cert = client_cert
- self.ca = ca
+ self.key = client_key
+ self.cert = client_cert
+ self.ca = ca
# otherwise fall through our defaults
elif os.access(ol_key, os.R_OK) and os.access(ol_crt, os.R_OK):
self.key = ol_key
@@ -557,6 +558,14 @@ class Overlord(object):
raise Func_Client_Exception, 'Cannot read ssl credentials: ssl, cert, ca. '+\
'Ensure you have permission to read files in /etc/pki/certmaster/ directory.'
+ if not os.access(self.ca, os.R_OK):
+ raise Func_Client_Exception, 'Cannot read ssl ca: %s' % self.ca
+ if not os.access(self.key, os.R_OK):
+ raise Func_Client_Exception, 'Cannot read ssl key: %s' % self.key
+ if not os.access(self.cert, os.R_OK):
+ raise Func_Client_Exception, 'Cannot read ssl cert: %s' % self.cert
+
+
commit 1cf7700bfce9c455da87de9cfd9f317d242a52c1
Author: Seth Vidal <skvidal@xxxxxxxxxxxxxxxxx>
Date: Tue Feb 22 00:06:42 2011 -0500
perms for our db files should be 0600 not 0644
diff --git a/func/jobthing.py b/func/jobthing.py
index 05f3fe2..11de4c6 100644
--- a/func/jobthing.py
+++ b/func/jobthing.py
@@ -118,7 +118,7 @@ def __access_status(jobid=0, status=0, results=0, clear=False, write=False, purg
except IOError, e:
raise Func_Client_Exception, 'Cannot create status file. Ensure you have permission to write in %s directory' % dir
fcntl.flock(handle.fileno(), fcntl.LOCK_EX)
- internal_db = dbm.open(filename, 'c', 0644 )
+ internal_db = dbm.open(filename, 'c', 0600 )
storage = shelve.Shelf(internal_db)
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
