Fabian Deutsch has uploaded a new change for review. Change subject: security: Move persistence into model ......................................................................
security: Move persistence into model Change-Id: I545c0d0d37f599038a43abe028b834e2a1cc5ff7 Signed-off-by: Fabian Deutsch <[email protected]> --- M src/ovirt/node/config/defaults.py M src/ovirt/node/utils/security.py 2 files changed, 11 insertions(+), 9 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/00/27600/1 diff --git a/src/ovirt/node/config/defaults.py b/src/ovirt/node/config/defaults.py index adf2ee3..289df98 100644 --- a/src/ovirt/node/config/defaults.py +++ b/src/ovirt/node/config/defaults.py @@ -1466,11 +1466,19 @@ def commit(self): ssh.disable_aesni(disable_aesni) + class PersistConfig(utils.Transaction.Element): + title = "Persisting configuration" + + def commit(self): + Config().persist("/etc/ssh/sshd_config") + Config().persist("/etc/profile") + tx = utils.Transaction("Configuring SSH") tx.append(ConfigurePasswordAuthentication()) tx.append(ConfigureSSHPort()) tx.append(ConfigureStrongRNG()) tx.append(ConfigureAESNI()) + tx.append(PersistConfig()) return tx diff --git a/src/ovirt/node/utils/security.py b/src/ovirt/node/utils/security.py index c658273..a0acef4 100755 --- a/src/ovirt/node/utils/security.py +++ b/src/ovirt/node/utils/security.py @@ -20,7 +20,7 @@ # also available at http://www.gnu.org/copyleft/gpl.html. from ovirt.node import base, valid, utils from ovirt.node.utils import system -from ovirt.node.utils.fs import File, Config +from ovirt.node.utils.fs import File import PAM as _PAM # @UnresolvedImport import cracklib import os.path @@ -102,16 +102,14 @@ super(Ssh, self).__init__() def __update_profile(self, rng_num_bytes, disable_aes): - import ovirtnode.ovirtfunctions as ofunc additional_lines = [] - ofunc.unmount_config("/etc/profile") - process.check_call("sed -i '/OPENSSL_DISABLE_AES_NI/d' /etc/profile", + process.check_call("sed -ic '/OPENSSL_DISABLE_AES_NI/d' /etc/profile", shell=True) if disable_aes: additional_lines += ["export OPENSSL_DISABLE_AES_NI=1"] - process.check_call("sed -i '/SSH_USE_STRONG_RNG/d' /etc/profile", + process.check_call("sed -ic '/SSH_USE_STRONG_RNG/d' /etc/profile", shell=True) if rng_num_bytes: additional_lines += ["export SSH_USE_STRONG_RNG=%s" % @@ -121,7 +119,6 @@ self.logger.debug("Updating /etc/profile") lines = "\n" + "\n".join(additional_lines) File("/etc/profile").write(lines, "a") - ofunc.ovirt_store_config("/etc/profile") self.restart() @@ -169,12 +166,10 @@ augpath = "/files/etc/ssh/sshd_config/PasswordAuthentication" aug = utils.AugeasWrapper() if enable in [True, False]: - import ovirtnode.ovirtfunctions as ofunc value = "yes" if enable else "no" self.logger.debug("Setting SSH PasswordAuthentication to " + "%s" % value) aug.set(augpath, value) - ofunc.ovirt_store_config("/etc/ssh/sshd_config") self.restart() state = str(aug.get(augpath)).lower() if state not in ["yes", "no", "none"]: @@ -195,7 +190,6 @@ if int(port) in range(1, 65535): self.logger.debug("Setting SSH port to %s" % port) aug.set(augpath, port) - Config().persist("/etc/ssh/sshd_config") self.restart() else: -- To view, visit http://gerrit.ovirt.org/27600 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I545c0d0d37f599038a43abe028b834e2a1cc5ff7 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Fabian Deutsch <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
