[node-patches] Change in ovirt-node[master]: security: Move persistence into model
fabiand at fedoraproject.org
fabiand at fedoraproject.org
Mon May 12 18:08:50 UTC 2014
Fabian Deutsch has uploaded a new change for review.
Change subject: security: Move persistence into model
......................................................................
security: Move persistence into model
Change-Id: I545c0d0d37f599038a43abe028b834e2a1cc5ff7
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M src/ovirt/node/config/defaults.py
M src/ovirt/node/utils/security.py
2 files changed, 11 insertions(+), 9 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/00/27600/1
diff --git a/src/ovirt/node/config/defaults.py b/src/ovirt/node/config/defaults.py
index adf2ee3..289df98 100644
--- a/src/ovirt/node/config/defaults.py
+++ b/src/ovirt/node/config/defaults.py
@@ -1466,11 +1466,19 @@
def commit(self):
ssh.disable_aesni(disable_aesni)
+ class PersistConfig(utils.Transaction.Element):
+ title = "Persisting configuration"
+
+ def commit(self):
+ Config().persist("/etc/ssh/sshd_config")
+ Config().persist("/etc/profile")
+
tx = utils.Transaction("Configuring SSH")
tx.append(ConfigurePasswordAuthentication())
tx.append(ConfigureSSHPort())
tx.append(ConfigureStrongRNG())
tx.append(ConfigureAESNI())
+ tx.append(PersistConfig())
return tx
diff --git a/src/ovirt/node/utils/security.py b/src/ovirt/node/utils/security.py
index c658273..a0acef4 100755
--- a/src/ovirt/node/utils/security.py
+++ b/src/ovirt/node/utils/security.py
@@ -20,7 +20,7 @@
# also available at http://www.gnu.org/copyleft/gpl.html.
from ovirt.node import base, valid, utils
from ovirt.node.utils import system
-from ovirt.node.utils.fs import File, Config
+from ovirt.node.utils.fs import File
import PAM as _PAM # @UnresolvedImport
import cracklib
import os.path
@@ -102,16 +102,14 @@
super(Ssh, self).__init__()
def __update_profile(self, rng_num_bytes, disable_aes):
- import ovirtnode.ovirtfunctions as ofunc
additional_lines = []
- ofunc.unmount_config("/etc/profile")
- process.check_call("sed -i '/OPENSSL_DISABLE_AES_NI/d' /etc/profile",
+ process.check_call("sed -ic '/OPENSSL_DISABLE_AES_NI/d' /etc/profile",
shell=True)
if disable_aes:
additional_lines += ["export OPENSSL_DISABLE_AES_NI=1"]
- process.check_call("sed -i '/SSH_USE_STRONG_RNG/d' /etc/profile",
+ process.check_call("sed -ic '/SSH_USE_STRONG_RNG/d' /etc/profile",
shell=True)
if rng_num_bytes:
additional_lines += ["export SSH_USE_STRONG_RNG=%s" %
@@ -121,7 +119,6 @@
self.logger.debug("Updating /etc/profile")
lines = "\n" + "\n".join(additional_lines)
File("/etc/profile").write(lines, "a")
- ofunc.ovirt_store_config("/etc/profile")
self.restart()
@@ -169,12 +166,10 @@
augpath = "/files/etc/ssh/sshd_config/PasswordAuthentication"
aug = utils.AugeasWrapper()
if enable in [True, False]:
- import ovirtnode.ovirtfunctions as ofunc
value = "yes" if enable else "no"
self.logger.debug("Setting SSH PasswordAuthentication to " +
"%s" % value)
aug.set(augpath, value)
- ofunc.ovirt_store_config("/etc/ssh/sshd_config")
self.restart()
state = str(aug.get(augpath)).lower()
if state not in ["yes", "no", "none"]:
@@ -195,7 +190,6 @@
if int(port) in range(1, 65535):
self.logger.debug("Setting SSH port to %s" % port)
aug.set(augpath, port)
- Config().persist("/etc/ssh/sshd_config")
self.restart()
else:
--
To view, visit http://gerrit.ovirt.org/27600
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I545c0d0d37f599038a43abe028b834e2a1cc5ff7
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <fabiand at fedoraproject.org>
More information about the node-patches
mailing list