Created
August 5, 2016 18:17
-
-
Save harlowja/e6d79d1de62e0edd821bedf76bfd5a20 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Map action name to (function, frequency). | |
actions_to_func_freq = { | |
'init': (do_init, PER_ONCE), | |
'cron': (do_cron, PER_INSTANCE), | |
'pbis_auth': (do_pbis_auth, PER_INSTANCE), | |
'spacewalk_register': (do_spacewalk_register, PER_INSTANCE), | |
'sysctl': (do_sysctl, PER_INSTANCE), | |
# This one creates the initial login user and the service account | |
# and we want to run it at every boot incase a new login user or | |
# service account gets added. | |
'service_account': (do_service_account, PER_ALWAYS), | |
# This one is special since a cron job will also call into it | |
# periodically to trigger sudoers refreshing... (see `update-sudoers` | |
# script and cron action). | |
'sudoers': (do_sudoers, PER_INSTANCE), | |
'ds_agent': (do_ds_agent, PER_INSTANCE), | |
'cleanup': (do_cleanup, PER_ALWAYS), | |
'ntpd': (do_ntpd, PER_INSTANCE), | |
} | |
def handle(mod_name, cfg, cloud, log, args): | |
# This uses vendordata *only* and currently does not allow itself | |
# to be overridden (at least for the time being); at a future point | |
# we can consider merging the two or doing something different, but | |
# for now this module can't really be user 'controlled/tweaked'. | |
vd_cfg = cloud.datasource.get_vendordata() | |
if not vd_cfg: | |
vd_cfg = {} | |
# Use a subkey so that we could at some point have other root keys | |
# in vendordata that may or may not be godaddy related... | |
try: | |
gd_cfg = vd_cfg['godaddy'] | |
if not gd_cfg: | |
gd_cfg = {} | |
except KeyError: | |
gd_cfg = {} | |
# Disable ourself by default; so that this code can be activated/installed | |
# without causing issues with the existing puppet codes and packages... | |
try: | |
if gd_cfg["disabled"]: | |
log.debug("Skipping module named %s, it is" | |
" actively (explicitly) disabled.", mod_name) | |
return | |
except KeyError: | |
log.debug("Skipping module named %s, it is" | |
" passively (by default) disabled.", mod_name) | |
return | |
# The actions that we will run (and the order in which they | |
# will run); these must match to a method of the action class/object. | |
actions = list(gd_cfg.get('actions', default_actions)) | |
gd_meta = fetch_gd_meta(cloud) | |
disable_spacewalk = util.get_cfg_option_bool( | |
gd_cfg, 'disable_spacewalk', | |
default=util.get_cfg_option_bool(gd_meta, 'disable_spacewalk', | |
default=False)) | |
if not disable_spacewalk: | |
# Only add it if not explicitly (already) provided... | |
if 'spacewalk_register' not in actions: | |
actions.append('spacewalk_register') | |
# See: https://www.powerbrokeropen.org/ (PowerBroker Identity Services) | |
disable_pbis = util.get_cfg_option_bool( | |
gd_cfg, 'disable_pbis', | |
default=util.get_cfg_option_bool(gd_meta, 'disable_pbis', | |
default=False)) | |
if not disable_pbis: | |
# Only add it if not explicitly (already) provided... | |
if 'pbis_auth' not in actions: | |
# Ensure that pbis auth happens before 'sudoers' | |
# or 'service_account' activities... | |
find_mods = ['sudoers', 'service_account'] | |
if not disable_spacewalk: | |
# Make sure PBIS is *also* done before | |
# spacewalk registration, if we are doing both. | |
find_mods.append('spacewalk_register') | |
idx_choices = [] | |
for mod in find_mods: | |
try: | |
idx_choices.append(actions.index(mod)) | |
except (IndexError, ValueError): | |
pass | |
if len(idx_choices): | |
actions.insert(min(idx_choices), 'pbis_auth') | |
else: | |
actions.append('pbis_auth') | |
log.info("Godaddy module %s will run the" | |
" following subactions (in order): %s", mod_name, actions) | |
needs_secrets = False | |
for action in actions: | |
handler_func, _freq = actions_to_func_freq[action] | |
if getattr(handler_func, 'needs_secrets', False): | |
needs_secrets = True | |
if needs_secrets: | |
secrets_blob = gd_cfg['secrets'] | |
secrets = read_secrets( | |
util.load_file(gd_cfg.get('secrets_key', key_path)), | |
secrets_blob) | |
else: | |
secrets = {} | |
# TODO(harlowja): it'd be nice to have sub-modules in cloud-init at | |
# some point so that we don't have to do this ourselves here... | |
runner = helpers.Runners(cloud.paths) | |
for action in actions: | |
handler_func, freq = actions_to_func_freq[action] | |
action_name = "%s%s.%s" % (sem_prefix, mod_name, action) | |
runner.run( | |
action_name, handler_func, | |
[mod_name, action, gd_cfg, cloud, log, secrets], freq=freq) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment