X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fonion%2Ffiles%2Fcreate-onionbalance-config;h=fae6d767c4d8ee359fbfd6d77ee9d319f5f49c7c;hb=HEAD;hp=5903a7482896e80e99991f9005450fa4baab6318;hpb=4a5dfea232e9dd56ba533e811e817afb38a827c6;p=mirror%2Fdsa-puppet.git diff --git a/modules/onion/files/create-onionbalance-config b/modules/onion/files/create-onionbalance-config index 5903a7482..fae6d767c 100755 --- a/modules/onion/files/create-onionbalance-config +++ b/modules/onion/files/create-onionbalance-config @@ -6,14 +6,8 @@ # file that puppet puts together. # the input file looks like this: # - service: www.debian.org -# address: jmri7yqqjpdxob4s -# name: busoni-www.debian.org -# - service: www.debian.org # address: ufhzy7r7qfy2tmy3 # name: klecker-www.debian.org -# - service: www.ports.debian.org -# address: g32eridc6ocxni5w -# name: busoni-www.ports.debian.org # and so on. This script collect together instances for the same # service name, creates a new key if none is present already, and # writes a new config. @@ -42,7 +36,9 @@ # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR # OTHER DEALINGS IN THE SOFTWARE. +import os import os.path +import shutil import subprocess import yaml @@ -52,7 +48,8 @@ outfile = '/etc/onionbalance/config.yaml' relkeydir = 'private_keys' keydir = os.path.join('/etc/onionbalance', relkeydir) -data = yaml.safe_load(open(j)) +with open(j) as conf: + data = yaml.safe_load(conf) service_instances = {} for entry in data: @@ -70,8 +67,11 @@ services = [] for s in service_instances: keyfile = os.path.join(keydir, s+'.key') relkeyfile = os.path.join(relkeydir, s+'.key') - if (not os.path.exists(keyfile)): - subprocess.check_call('umask 0027 && openssl genrsa -out %s 1024 && chgrp onionbalance %s && chmod 0640 %s'%(keyfile, keyfile, keyfile), shell=True) + if not os.path.exists(keyfile): + subprocess.check_call(['openssl', 'genrsa', '-out', keyfile, '1024'], + preexec_fn=lambda: os.umask(0o027)) + shutil.chown(keyfile, group='onionbalance') + os.chmod(keyfile, 0o640) service = { 'key': relkeyfile,