3 # create onionbalance config file
5 # create an onionbalance config file from a pre-cursor yaml
6 # file that puppet puts together.
7 # the input file looks like this:
8 # - service: www.debian.org
9 # address: jmri7yqqjpdxob4s
10 # name: busoni-www.debian.org
11 # - service: www.debian.org
12 # address: ufhzy7r7qfy2tmy3
13 # name: klecker-www.debian.org
14 # - service: www.ports.debian.org
15 # address: g32eridc6ocxni5w
16 # name: busoni-www.ports.debian.org
17 # and so on. This script collect together instances for the same
18 # service name, creates a new key if none is present already, and
19 # writes a new config.
22 # Copyright (c) 2016 Peter Palfrader
24 # Permission is hereby granted, free of charge, to any person
25 # obtaining a copy of this software and associated documentation
26 # files (the "Software"), to deal in the Software without
27 # restriction, including without limitation the rights to use,
28 # copy, modify, merge, publish, distribute, sublicense, and/or sell
29 # copies of the Software, and to permit persons to whom the
30 # Software is furnished to do so, subject to the following
33 # The above copyright notice and this permission notice shall be
34 # included in all copies or substantial portions of the Software.
36 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
37 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
38 # OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
39 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
40 # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
41 # WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
42 # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
43 # OTHER DEALINGS IN THE SOFTWARE.
51 j = '/etc/onionbalance/config-dsa-snippet.yaml'
52 outfile = '/etc/onionbalance/config.yaml'
54 relkeydir = 'private_keys'
55 keydir = os.path.join('/etc/onionbalance', relkeydir)
58 data = yaml.safe_load(conf)
60 service_instances = {}
63 if s not in service_instances:
64 service_instances[s] = []
67 'address': entry['address'],
68 'name' : entry['name'],
70 service_instances[s].append(instance)
73 for s in service_instances:
74 keyfile = os.path.join(keydir, s+'.key')
75 relkeyfile = os.path.join(relkeydir, s+'.key')
76 if not os.path.exists(keyfile):
77 subprocess.check_call(['openssl', 'genrsa', '-out', keyfile, '1024'],
78 preexec_fn=lambda: os.umask(0027))
79 shutil.chown(keyfile, group='onionbalance')
80 os.chmod(keyfile, 0o640)
84 'instances': service_instances[s]
86 services.append(service)
90 config['services'] = services
92 with open(outfile, 'w') as f:
93 yaml.dump(config, f, indent=4)