X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fonion%2Ffiles%2Fcreate-onionbalance-config;h=d0b97fbb683d72522b4c2c0607e6e43579d049bf;hb=6e1fd1daa86aca513cd272f100ccc5ce558b5688;hp=f89f7d10b936f71134817073cc6845085c8154ab;hpb=389619af31c9e8a1a67a787b61c671a9b34a40f6;p=mirror%2Fdsa-puppet.git

diff --git a/modules/onion/files/create-onionbalance-config b/modules/onion/files/create-onionbalance-config
index f89f7d10b..d0b97fbb6 100755
--- a/modules/onion/files/create-onionbalance-config
+++ b/modules/onion/files/create-onionbalance-config
@@ -42,17 +42,20 @@
 # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 # OTHER DEALINGS IN THE SOFTWARE.
 
+import os
 import os.path
+import shutil
 import subprocess
 import yaml
 
 j = '/etc/onionbalance/config-dsa-snippet.yaml'
-outfile = '/etc/onionbalance/config.yaml-NEW'
+outfile = '/etc/onionbalance/config.yaml'
 
 relkeydir = 'private_keys'
 keydir = os.path.join('/etc/onionbalance', relkeydir)
 
-data = yaml.safe_load(open(j))
+with open(j) as conf:
+  data = yaml.safe_load(conf)
 
 service_instances = {}
 for entry in data:
@@ -70,8 +73,11 @@ services = []
 for s in service_instances:
   keyfile = os.path.join(keydir, s+'.key')
   relkeyfile = os.path.join(relkeydir, s+'.key')
-  if (not os.path.exists(keyfile)):
-    subprocess.check_call('umask 0027 && openssl genrsa -out %s 1024 && chgrp onionbalance %s'%(keyfile, keyfile), shell=True)
+  if not os.path.exists(keyfile):
+    subprocess.check_call(['openssl', 'genrsa', '-out', keyfile, '1024'],
+                          preexec_fn=lambda: os.umask(0o027))
+    shutil.chown(keyfile, group='onionbalance')
+    os.chmod(keyfile, 0o640)
 
   service = {
     'key': relkeyfile,
@@ -81,7 +87,7 @@ for s in service_instances:
 
 
 config = {}
-config['service'] = services
+config['services'] = services
 
 with open(outfile, 'w') as f:
   yaml.dump(config, f, indent=4)