[node-patches] Change in ovirt-node[master]: scripts: Replace ovirt-node-password tool

fabiand at fedoraproject.org fabiand at fedoraproject.org
Fri May 31 10:18:35 UTC 2013 

Fabian Deutsch has uploaded a new change for review.

Change subject: scripts: Replace ovirt-node-password tool
......................................................................

scripts: Replace ovirt-node-password tool

The old password tool gets replaced with a rewritten version using the
new codebase.

Change-Id: I7acf7fe4782fb7cee3d493e3eb26f7c6230491d8
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M ovirt-node.spec.in
M scripts/Makefile.am
D scripts/ovirt-config-password
A src/ovirt/node/tools/__init__.py
A src/ovirt/node/tools/password.py
5 files changed, 111 insertions(+), 139 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/50/15250/1

diff --git a/ovirt-node.spec.in b/ovirt-node.spec.in
index c01a6c9..595c102 100644
--- a/ovirt-node.spec.in
+++ b/ovirt-node.spec.in
@@ -509,11 +509,11 @@
 %{dracutdir}/91ovirtnode/ovirt-cleanup.sh
 %{_sysconfdir}/dracut.conf.d/ovirt-dracut.conf
 %{_libexecdir}/ovirt-auto-install
-%{_libexecdir}/ovirt-config-password
 %{_libexecdir}/ovirt-config-uninstall
 %{_libexecdir}/ovirt-functions
 %{_libexecdir}/ovirt-admin-shell
 %{_libexecdir}/ovirt-init-functions.sh
+%{_libexecdir}/ovirt-node-password
 %{_sbindir}/persist
 %{_sbindir}/unpersist
 %{_sbindir}/ovirt-node-upgrade
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index 332222e..2b401b0 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -28,13 +28,13 @@
   ovirt-node-doc
 
 dist_libexec_SCRIPTS = \
-  ovirt-config-password \
   ovirt-config-uninstall \
   ovirt-functions \
   ovirt-init-functions.sh \
   ovirt-auto-install.py \
   ovirt-admin-shell \
-  ovirt-node-igor-slave
+  ovirt-node-igor-slave \
+  ovirt-node-password
 
 # default hook for local_boot_trigger
 dist_localboottrigger_SCRIPTS = \
diff --git a/scripts/ovirt-config-password b/scripts/ovirt-config-password
deleted file mode 100755
index d6c5025..0000000
--- a/scripts/ovirt-config-password
+++ /dev/null
@@ -1,136 +0,0 @@
-#!/bin/bash
-#
-# Set the root password and others
-# Source functions library
-. /etc/init.d/functions
-. /usr/libexec/ovirt-functions
-
-trap '__st=$?; stop_log; exit $__st' 0
-trap 'exit $?' 1 2 13 15
-
-warn() { printf '%s\n' "$*" >&2; }
-
-if ! is_local_storage_configured; then
-    warn "Local storage must be configured prior to setting the administrator password."
-    exit 99
-fi
-
-# Usage: set_sasl_password USER
-# Prompt(twice) for a password for the specified USER.
-# If they match, set that user's system password,
-# and add USER to the SASL list for libvirt.
-function set_sasl_password {
-    user=$1
-
-    printf "\nNode SASL User ($user):\n"
-    saslpasswd2 -a libvirt "$user"
-    return 0
-}
-
-# Prompts the user for a single username, password combo
-function prompt_sasl_user {
-    while true; do
-        printf "\nPlease enter a new username (hit return to skip) "
-        read -e
-        test -z "$REPLY" && return 1
-        set_sasl_password "$REPLY"
-    done
-}
-
-set_password () {
-    local user=${1-root}
-
-    # prompt user
-    # Set the password for the root user first
-    runlevel|grep -q ^1
-    rc=$?
-    if [ $rc -eq 0 ]; then
-        restorecon -R /etc &> /dev/null
-    fi
-
-    cat <<EOP | python
-import sys
-import getpass
-import ovirtnode.password as p
-import ovirtnode.ovirtfunctions as f
-
-err = lambda m: sys.stderr.write("ERROR: " + str(m) + "\n")
-
-username = "$user"
-min_pw_length = 1
-
-print("\n\n Password Configuration\n\n")
-print("System Administrator (%s):\n" % username)
-print("Changing password for user '%s'." % username)
-pw = getpass.getpass("New password: ")
-pwc = getpass.getpass("Reytpe new Password: ")
-
-success = False
-r, msg = f.password_check(pw, pwc, min_pw_length)
-
-if r == 1:
-    err(msg.strip() or ("Password is not long enough. It needs to be at " + \
-                        "least %d character(s) long." % min_pw_length))
-else:
-    success = p.set_password(pw, username)
-
-if success:
-    print("Password updated successfully.")
-else:
-    err("Password update failed.")
-EOP
-}
-
-toggle_ssh_access ()
-{
-    local permit=$1
-
-    augtool <<EOF
-set /files/etc/ssh/sshd_config/PasswordAuthentication ${permit}
-EOF
-    ovirt_store_config /etc/ssh/sshd_config
-    service sshd reload
-}
-
-toggle_ssh () {
-    printf "\nSSH password authentication\n\n"
-
-    if ask_yes_or_no "Enable SSH password authentication ([Y]es/[N]o)?"; then
-        toggle_ssh_access yes
-    else
-        toggle_ssh_access no
-    fi
-}
-
-PASSWORD="Set root password"
-ADMIN_PASSWORD="Set admin user password"
-SSH="Toggle SSH password authentication"
-QUIT="Quit and Return To Menu"
-
-if [[ "$1" == "AUTO" ]]; then
-    if [ -n "${OVIRT_SSH_PWAUTH}" ]; then
-	toggle_ssh_access $OVIRT_SSH_PWAUTH
-    fi
-else
-    while true; do
-	state="disabled"
-	/usr/bin/augtool get /files/etc/ssh/sshd_config/PasswordAuthentication|grep -q yes$
-	if [ $? == 0 ]; then
-            state="enabled"
-	fi
-	printf "\nSSH password authentication is currently ${state}.\n\n"
-
-	PS3="Please select an option: "
-	select option in "$PASSWORD" "$ADMIN_PASSWORD" "$SSH" "$QUIT"
-	do
-            case $option in
-		$PASSWORD) set_password; break;;
-		$ADMIN_PASSWORD) set_password admin; break;;
-		$SSH) toggle_ssh; break;;
-		$QUIT) sync; exit;;
-            esac
-	done
-
-	printf "\n"
-    done
-fi
diff --git a/src/ovirt/node/tools/__init__.py b/src/ovirt/node/tools/__init__.py
new file mode 100644
index 0000000..537d60c
--- /dev/null
+++ b/src/ovirt/node/tools/__init__.py
@@ -0,0 +1 @@
+# Tools
\ No newline at end of file
diff --git a/src/ovirt/node/tools/password.py b/src/ovirt/node/tools/password.py
new file mode 100644
index 0000000..9f1fc19
--- /dev/null
+++ b/src/ovirt/node/tools/password.py
@@ -0,0 +1,107 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# password.py - Copyright (C) 2013 Red Hat, Inc.
+# Written by Fabian Deutsch <fabiand at redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA  02110-1301, USA.  A copy of the GNU General Public License is
+# also available at http://www.gnu.org/copyleft/gpl.html.
+from ovirt.node.utils import security
+from ovirt.node.utils.security import password_check
+import cmd
+import getpass
+import logging
+import optparse
+import sys
+
+
+class PasswordTool(cmd.Cmd):
+    intro = "\n\n Password Configuration\n\n Enter ? for help.\n"
+    prompt = "> "
+
+    def __init__(self):
+        cmd.Cmd.__init__(self)
+        self.logger = logging.getLogger(__name__)
+
+    def do_set_root_password(self, line):
+        """Set root password
+        """
+        self.__ask_and_set_user_pasword("root")
+
+    def do_set_admin_password(self, line):
+        """Set admin user password
+        """
+        self.__ask_and_set_user_pasword("admin")
+
+    def do_set_ssh_password_authentication(self, line):
+        """Toggle SSH password authentication
+        """
+        print("\n SSH password authentication\n")
+        prompt = "Enable SSH password authentication ([Y]es/[N]o)?"
+        do_enable = self.__ask_yes_or_no(prompt)
+        self.logger.debug("Setting SSH password authentication")
+        security.Ssh().password_authentication(do_enable)
+
+    def do_quit(self, line):
+        """Quit
+        """
+        return True
+
+    def __ask_yes_or_no(self, prompt):
+        self.logger.debug("Asking for yes and no")
+        sys.stdout.write(prompt)
+        response = sys.stdin.readline()
+        return response and response.lower()[0] == "y"
+
+    def __ask_and_set_user_pasword(self, username):
+        min_pw_length = 1
+
+        print("\n Password Configuration\n")
+        print("System Administrator (%s):\n" % username)
+        print("Changing password for user '%s'." % username)
+        pw = getpass.getpass("New password: ")
+        pwc = getpass.getpass("Reytpe new Password: ")
+
+        try:
+            self.logger.debug("Running password check")
+            password_check(pw, pwc, min_pw_length)
+            self.logger.debug("Setting password")
+            security.Passwd().set_password(pw, username)
+            self.logger.info("Password updated successfully.")
+        except ValueError as e:
+            self.logger.exception("Exception:")
+            self.logger.error("Password update failed: %s" % e.message)
+
+
+if __name__ == "__main__":
+    # Parse args
+    parser = optparse.OptionParser(description="Node Password Tool")
+    parser.add_option("-v", "--verbose", action="store_true",
+                      help="Be verbose")
+    namespace, rest = parser.parse_args()
+
+    # Configure logging
+    lvl = logging.DEBUG if namespace.verbose else logging.INFO
+    logging.basicConfig(level=lvl, format='[%(levelname)s] %(message)s')
+
+    # Setup CLI
+    cli = PasswordTool()
+
+    #if namespace.command:
+    #    for command in namespace.command:
+    #        if command.strip():
+    #            cli.onecmd(command)
+    #else:
+    cli.cmdloop()


--
To view, visit http://gerrit.ovirt.org/15250
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7acf7fe4782fb7cee3d493e3eb26f7c6230491d8
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <fabiand at fedoraproject.org>

More information about the node-patches mailing list