X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=accounts.py;h=df339770d41d1a23266bbf0a35dbc8949ae57b58;hb=refs%2Fheads%2F1.8;hp=0dbf000ea731c13df5b93a0f3c47cd481af2b2e5;hpb=7bd46ae8316b530247e548283f709f47af87cd79;p=nodemanager.git diff --git a/accounts.py b/accounts.py index 0dbf000..df33977 100644 --- a/accounts.py +++ b/accounts.py @@ -23,7 +23,7 @@ maximum stack size. import Queue import os import pwd -from grp import getgrnam +import grp import threading import logger @@ -37,6 +37,10 @@ shell_acct_class = {} # account type -> account class association type_acct_class = {} +# these semaphores are acquired before creating/destroying an account +create_sem = threading.Semaphore(1) +destroy_sem = threading.Semaphore(1) + def register_class(acct_class): """Call once for each account class. This method adds the class to the dictionaries used to look up account classes by shell and type.""" shell_acct_class[acct_class.SHELL] = acct_class @@ -81,38 +85,55 @@ class Account: logger.verbose('%s: in accounts:configure'%self.name) new_keys = rec['keys'] if new_keys != self.keys: - self.keys = new_keys - dot_ssh = '/home/%s/.ssh' % self.name - if not os.access(dot_ssh, os.F_OK): os.mkdir(dot_ssh) + # get the unix account info + gid = grp.getgrnam("slices")[2] + pw_info = pwd.getpwnam(self.name) + uid = pw_info[2] + pw_dir = pw_info[5] + + # write out authorized_keys file and conditionally create + # the .ssh subdir if need be. + dot_ssh = os.path.join(pw_dir,'.ssh') + if not os.path.isdir(dot_ssh): + if not os.path.isdir(pw_dir): + logger.verbose('WARNING: homedir %s does not exist for %s!'%(pw_dir,self.name)) + os.mkdir(pw_dir) + os.chown(pw_dir, uid, gid) + os.mkdir(dot_ssh) + + auth_keys = os.path.join(dot_ssh,'authorized_keys') + tools.write_file(auth_keys, lambda f: f.write(new_keys)) + + # set access permissions and ownership properly os.chmod(dot_ssh, 0700) - tools.write_file(dot_ssh + '/authorized_keys', lambda f: f.write(new_keys)) - logger.log('%s: installing ssh keys' % self.name) - user = pwd.getpwnam(self.name)[2] - group = getgrnam("slices")[2] - os.chown(dot_ssh, user, group) - os.chown(dot_ssh + '/authorized_keys', user, group) + os.chown(dot_ssh, uid, gid) + os.chmod(auth_keys, 0600) + os.chown(auth_keys, uid, gid) + + # set self.keys to new_keys only when all of the above ops succeed + self.keys = new_keys + + logger.log('%s: installed ssh keys' % self.name) def start(self, delay=0): pass def stop(self): pass def is_running(self): pass class Worker: - # these semaphores are acquired before creating/destroying an account - _create_sem = threading.Semaphore(1) - _destroy_sem = threading.Semaphore(1) - def __init__(self, name): self.name = name # username self._acct = None # the account object currently associated with this worker def ensure_created(self, rec, startingup = Startingup): + """Check account type is still valid. If not, recreate sliver. If still valid, + check if running and configure/start if not.""" curr_class = self._get_class() next_class = type_acct_class[rec['type']] if next_class != curr_class: self._destroy(curr_class) - self._create_sem.acquire() + create_sem.acquire() try: next_class.create(self.name, rec['vref']) - finally: self._create_sem.release() + finally: create_sem.release() if not isinstance(self._acct, next_class): self._acct = next_class(rec) if startingup or \ not self.is_running() or \ @@ -130,7 +151,7 @@ class Worker: def stop(self): self._acct.stop() def is_running(self): - if self._acct.is_running(): + if (self._acct != None) and self._acct.is_running(): status = True else: status = False @@ -140,9 +161,9 @@ class Worker: def _destroy(self, curr_class): self._acct = None if curr_class: - self._destroy_sem.acquire() + destroy_sem.acquire() try: curr_class.destroy(self.name) - finally: self._destroy_sem.release() + finally: destroy_sem.release() def _get_class(self): try: shell = pwd.getpwnam(self.name)[6]