o w7e @sUdZddlZddlZddlmZddlmZddlmZ ddlm Z m Z ddl m Z ddlmZdd lmZmZdd lmZd Zd Zd Ze eZdZdgZdddeeedgedgdZeed<eeZe eZeeefddZde dede de!ddf ddZ"dS) z6 Mcollective: Install, configure and start mcollectiveN)dedent) ConfigObj)log)subputil)Cloud)Config) MetaSchema get_meta_doc) PER_INSTANCEz&/etc/mcollective/ssl/server-public.pemz'/etc/mcollective/ssl/server-private.pemz/etc/mcollective/server.cfgaThis module installs, configures and starts mcollective. If the ``mcollective`` key is present in config, then mcollective will be installed and started. Configuration for ``mcollective`` can be specified in the ``conf`` key under ``mcollective``. Each config value consists of a key value pair and will be written to ``/etc/mcollective/server.cfg``. The ``public-cert`` and ``private-cert`` keys, if present in conf may be used to specify the public and private certificates for mcollective. Their values will be written to ``/etc/mcollective/ssl/server-public.pem`` and ``/etc/mcollective/ssl/server-private.pem``. .. note:: The ec2 metadata service is readable by non-root users. If security is a concern, use include-once and ssl urls. allcc_mcollective Mcollectivez(Install, configure and start mcollectivea # Provide server private and public key and provide the following # config settings in /etc/mcollective/server.cfg: # loglevel: debug # plugin.stomp.host: dbhost # WARNING WARNING WARNING # The ec2 metadata service is a network service, and thus is # readable by non-root users on the system # (ie: 'ec2metadata --user-data') # If you want security for this, please use include-once + SSL urls mcollective: conf: loglevel: debug plugin.stomp.host: dbhost public-cert: | -------BEGIN CERTIFICATE-------- -------END CERTIFICATE-------- private-cert: | -------BEGIN CERTIFICATE-------- -------END CERTIFICATE-------- mcollective)idnametitle descriptiondistrosexamples frequencyactivate_by_schema_keysmetac Csztj|ddd}tt|}Wn"ty3}z|jtjkr t d|t}WYd}~nd}~ww| D]\\}}|dkrQtj ||dd||d<d|d <q8|d krftj ||d d||d <d|d <q8t |t rp|||<q8t |tr||jvr~i||<| D] \} } | ||| <qq8t |||<q8z t|d |Wnty}z|jtjkrnWYd}~nd}~wwt} || tj || dddS)NF)quietdecodez4Did not find file %s (starting with an empty config)z public-certi)modezplugin.ssl_server_publicsslsecurityproviderz private-certizplugin.ssl_server_privatez%s.old)r load_filerioBytesIOIOErrorerrnoENOENTLOGdebugitems write_file isinstancestrdictsectionscopywritegetvalue) config server_cfg pubcert_file pricert_file old_contentsmcollective_configecfg_namecfgovcontentsr;A/usr/lib/python3/dist-packages/cloudinit/config/cc_mcollective.py configure^sV           r=rr7cloudargsreturncCsXd|vr td|dS|d}|jdd|vr!t|ddtjgddddS) Nrz?Skipping module named %s, no 'mcollective' key in configuration)rconf)r/)servicerrestartF)capture)r$r%distroinstall_packagesr=r)rr7r>r?mcollective_cfgr;r;r<handles rH)#__doc__r"rtextwrapr configobjr cloudinitrloggingrrcloudinit.cloudrcloudinit.configrcloudinit.config.schemar r cloudinit.settingsr PUBCERT_FILE PRICERT_FILE SERVER_CFG getLogger__name__r$MODULE_DESCRIPTIONrr__annotations__r=r)listrHr;r;r;r<sH        &  "=