this facilitates non-root people with proper keys/certs using func and being able to track async jobs sanely. --- func/forkbomb.py | 3 ++- func/index_db.py | 9 +++------ func/jobthing.py | 2 +- func/overlord/client.py | 8 ++++++++ func/utils.py | 31 +++++++++++++++++++++++++++++++ 5 files changed, 45 insertions(+), 8 deletions(-) diff --git a/func/forkbomb.py b/func/forkbomb.py index d682300..13e6a4e 100644 --- a/func/forkbomb.py +++ b/func/forkbomb.py @@ -20,9 +20,10 @@ import dbm import sys import tempfile import fcntl +from func import utils DEFAULT_FORKS = 4 -DEFAULT_CACHE_DIR = "/var/lib/func" +DEFAULT_CACHE_DIR = utils.getCacheDir() def __get_storage(dir): """ diff --git a/func/index_db.py b/func/index_db.py index 51d7c0d..86e96f8 100644 --- a/func/index_db.py +++ b/func/index_db.py @@ -1,8 +1,8 @@ import shelve import dbm import fcntl +from func import utils -MY_STORE = "/var/lib/func" INTERNAL_DB_FILE = "log_matcher" class IndexDb(object): @@ -19,17 +19,14 @@ class IndexDb(object): """ self.__storage = None self.__handle = None - self.__dir = dir + self.__dir = utils.getCacheDir() def __load_index(self): """ Gets the store object for that instance """ import os - if not self.__dir or not os.path.exists(self.__dir): - filename=os.path.join(MY_STORE,INTERNAL_DB_FILE) - else: - filename=os.path.join(self.__dir,INTERNAL_DB_FILE) + filename=os.path.join(self.__dir,INTERNAL_DB_FILE) try: self.__handle = open(filename,self.__mode) except IOError, e: diff --git a/func/jobthing.py b/func/jobthing.py index 11de4c6..c75ee00 100644 --- a/func/jobthing.py +++ b/func/jobthing.py @@ -37,7 +37,7 @@ JOB_ID_REMOTE_ERROR = 4 RETAIN_INTERVAL = 60 * 60 # where to store the internal job id database -CACHE_DIR = "/var/lib/func" +CACHE_DIR = utils.getCacheDir() def __update_status(jobid, status, results, clear=False): return __access_status(jobid=jobid, status=status, results=results, write=True) diff --git a/func/overlord/client.py b/func/overlord/client.py index 2d0aba0..80df7fd 100644 --- a/func/overlord/client.py +++ b/func/overlord/client.py @@ -157,6 +157,14 @@ class Minions(object): return tmp_hosts,tmp_certs else: each_gloob = shortest_path[0] + + if not os.access(self.cm_config.certroot, os.R_OK): + if self.overlord_config.allow_unknown_minions: + tmp_hosts.add(each_gloob) + else: + sys.stderr.write("Cannot read certs dir: %s and cannot use unknown minion\n" % (self.cm_config.certroot)) + + return tmp_hosts,tmp_certs #actual_gloob = "%s/%s.%s" % (self.cm_config.certroot, each_gloob, self.cm_config.cert_extension) certs = func_utils.find_files_by_hostname(each_gloob, self.cm_config.certroot, self.cm_config.cert_extension) diff --git a/func/utils.py b/func/utils.py index fd456c1..64a7a83 100644 --- a/func/utils.py +++ b/func/utils.py @@ -12,11 +12,16 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. import inspect import os +import pwd import socket import string import sys import re import fnmatch +import tempfile +import glob +from stat import * + from certmaster.config import read_config from certmaster.commonconfig import MinionConfig @@ -215,6 +220,32 @@ def re_glob(s): if _re_compiled_glob_match is None: _re_compiled_glob_match = re.compile('[*?]|\[.+\]').search return _re_compiled_glob_match(s) + +def getCacheDir(tmpdir='/var/tmp', reuse=True, prefix='func-'): + """return a path to a valid and safe cachedir - only used when not running + as root or when --tempcache is set""" + + uid = os.geteuid() + try: + usertup = pwd.getpwuid(uid) + username = usertup[0] + except KeyError: + return None # if it returns None then, well, it's bollocksed + + if reuse: + # check for /var/tmp/func-username-* - + prefix = '%s%s-' % (prefix, username) + dirpath = '%s/%s*' % (tmpdir, prefix) + cachedirs = sorted(glob.glob(dirpath)) + for thisdir in cachedirs: + stats = os.lstat(thisdir) + if S_ISDIR(stats[0]) and S_IMODE(stats[0]) == 448 and stats[4] == uid: + return thisdir + + # make the dir (tempfile.mkdtemp()) + cachedir = tempfile.mkdtemp(prefix=prefix, dir=tmpdir) + return cachedir + #################### PROGRESS BAR ################################## # The code below can be used for progress bar purposes as we will do -- 1.7.4 _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list