o
    w7e                  
   @   s  U d Z ddlZddlZddlmZ ddlmZ ddlmZ	 ddlm
Z
mZ ddlmZ ddlmZ dd	lmZmZ dd
lmZ dZdZdZe	eZdZdgZdddeeedgedgdZeed< eeZ e	eZeeefddZde dedede!ddf
ddZ"dS ) z6 Mcollective: Install, configure and start mcollective    N)dedent)	ConfigObj)log)subputil)Cloud)Config)
MetaSchemaget_meta_doc)PER_INSTANCEz&/etc/mcollective/ssl/server-public.pemz'/etc/mcollective/ssl/server-private.pemz/etc/mcollective/server.cfga  This module installs, configures and starts mcollective. If the ``mcollective``
key is present in config, then mcollective will be installed and started.

Configuration for ``mcollective`` can be specified in the ``conf`` key under
``mcollective``. Each config value consists of a key value pair and will be
written to ``/etc/mcollective/server.cfg``. The ``public-cert`` and
``private-cert`` keys, if present in conf may be used to specify the public and
private certificates for mcollective. Their values will be written to
``/etc/mcollective/ssl/server-public.pem`` and
``/etc/mcollective/ssl/server-private.pem``.

.. note::
    The ec2 metadata service is readable by non-root users.
    If security is a concern, use include-once and ssl urls.
allcc_mcollectiveMcollectivez(Install, configure and start mcollectivea              # Provide server private and public key and provide the following
            # config settings in /etc/mcollective/server.cfg:
            # loglevel: debug
            # plugin.stomp.host: dbhost

            # WARNING WARNING WARNING
            # The ec2 metadata service is a network service, and thus is
            # readable by non-root users on the system
            # (ie: 'ec2metadata --user-data')
            # If you want security for this, please use include-once + SSL urls
            mcollective:
              conf:
                loglevel: debug
                plugin.stomp.host: dbhost
                public-cert: |
                    -------BEGIN CERTIFICATE--------
                    <cert data>
                    -------END CERTIFICATE--------
                private-cert: |
                    -------BEGIN CERTIFICATE--------
                    <cert data>
                    -------END CERTIFICATE--------
            mcollective)idnametitledescriptiondistrosexamples	frequencyactivate_by_schema_keysmetac              
   C   s  zt j|ddd}tt|}W n" ty3 } z|jtjkr  t	d| t }W Y d }~nd }~ww | 
 D ]\\}}|dkrQt j||dd ||d< d|d	< q8|d
krft j||dd ||d< d|d	< q8t|trp|||< q8t|tr||jvr~i ||< |
 D ]
\}	}
|
|| |	< qq8t|||< q8z
t |d|  W n ty } z|jtjkrn W Y d }~nd }~ww t }|| t j|| dd d S )NF)quietdecodez4Did not find file %s (starting with an empty config)zpublic-certi  )modezplugin.ssl_server_publicsslsecurityproviderzprivate-certi  zplugin.ssl_server_privatez%s.old)r   	load_filer   ioBytesIOIOErrorerrnoENOENTLOGdebugitems
write_file
isinstancestrdictsectionscopywritegetvalue)config
server_cfgpubcert_filepricert_fileold_contentsmcollective_configecfg_namecfgovcontents r;   A/usr/lib/python3/dist-packages/cloudinit/config/cc_mcollective.py	configure^   sV   	






r=   r   r7   cloudargsreturnc                 C   sX   d|vrt d|  d S |d }|jd d|v r!t|d d tjg ddd d S )	Nr   z?Skipping module named %s, no 'mcollective' key in configuration)r   conf)r/   )servicer   restartF)capture)r$   r%   distroinstall_packagesr=   r   )r   r7   r>   r?   mcollective_cfgr;   r;   r<   handle   s   rH   )#__doc__r"   r   textwrapr   	configobjr   	cloudinitr   loggingr   r   cloudinit.cloudr   cloudinit.configr   cloudinit.config.schemar	   r
   cloudinit.settingsr   PUBCERT_FILEPRICERT_FILE
SERVER_CFG	getLogger__name__r$   MODULE_DESCRIPTIONr   r   __annotations__r=   r)   listrH   r;   r;   r;   r<   <module>   sH   	
&

"=