Commit 20328497 authored by Andrii Salnikov's avatar Andrii Salnikov

IGTF packages and repositories deployment

parent 94fe5795
import subprocess
import logging
import requests
import sys
......@@ -14,8 +15,10 @@ class OSPackageManagement(object):
stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
stdout = yum_output.communicate()
if yum_output.returncode == 0:
self.pm_version = stdout[0].split('\n')[0]
self.pm = 'yum'
self.pm_cmd = 'yum'
self.pm_repodir = '/etc/yum.repos.d/'
self.pm_version = stdout[0].split('\n')[0]
return
except OSError:
pass
......@@ -25,15 +28,78 @@ class OSPackageManagement(object):
stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
stdout = apt_output.communicate()
if apt_output.returncode == 0:
self.pm_version = stdout[0].split('\n')[0].replace('apt ', '')
self.pm = 'apt'
self.pm_cmd = 'apt-get'
self.pm_repodir = '/etc/apt/sources.list.d/'
self.pm_version = stdout[0].split('\n')[0].replace('apt ', '')
return
except OSError:
pass
self.logger.error('Cannot find both yum and apt-get to manage OS packages.')
self.logger.error('Cannot find yum or apt-get to manage OS packages. You distribution is not supported yet.')
sys.exit(1)
def version(self):
print '{} version {}'.format(self.pm, self.pm_version)
def __get_url_content(self, url):
try:
r = requests.get(url)
except requests.exceptions.RequestException as e:
self.logger.error('Failed to fetch content from URL: %s. Error: %s', url, e.strerror)
sys.exit(1)
return r.content
def deploy_apt_key(self, keyurl):
self.logger.info('Installing PGP key for apt from %s', keyurl)
keystr = self.__get_url_content(keyurl)
try:
p = subprocess.Popen(self.command_base + ['apt-key', 'add', '-'], stdin=subprocess.PIPE)
p.communicate(input=keystr)
except OSError as e:
self.logger.error('Failed to install PGP key for apt from %s. Error: %s.', keyurl, e.strerror)
sys.exit(1)
def deploy_repository(self, repoconf):
urlkey = self.pm + '-url'
strkey = self.pm + '-conf'
if urlkey in repoconf:
url = repoconf[urlkey]
fname = url.split('/')[-1]
fcontent = self.__get_url_content(url)
elif strkey in repoconf:
fcontent = repoconf[strkey]
fname = repoconf[self.pm + '-name']
else:
self.logger.error('No repository source provided in the argument. Failed to deploy repofiles.')
sys.exit(1)
if self.pm == 'apt' and 'apt-key-url' in repoconf:
self.deploy_apt_key(repoconf['apt-key-url'])
fpath = self.pm_repodir + fname
self.logger.info('Saving repository configuration to %s', fpath)
try:
with open(fpath, 'wb') as f:
f.write(fcontent)
except (IOError, OSError) as e:
self.logger.error('Failed to save repository configuration to %s. Error: %s', fpath, e.strerror)
sys.exit(1)
def update_cache(self):
if self.pm == 'yum':
command = self.command_base + ['yum', 'makecache']
elif self.pm == 'apt':
command = self.command_base + ['apt-get', 'update']
self.logger.info('Updating packages metadata from repositories')
return subprocess.call(command)
def install(self, packages):
# no underscores according to Debian naming policy: https://www.debian.org/doc/debian-policy/
if self.pm == 'apt':
packages = list(map(lambda p: p.replace('_', '-'), packages))
# install
command = self.command_base + [self.pm_cmd, '-y', 'install'] + packages
self.logger.info('Running the following command to install packages: %s', ' '.join(command))
return subprocess.call(command)
......@@ -149,22 +149,61 @@ class ThirdPartyControl(ComponentControl):
self.logger.info('Creating LSC file: %s', lsc_file)
lsc_f.write('{dn}\n{ca}'.format(**creds))
def enable_cacerts_repo(self, repotype):
# Detect apt vs yum
# TODO: http://repository.egi.eu/sw/production/cas/1/current/repo-files/
# TODO: https://dist.igtf.net/distribution/igtf/
# TODO: Nordugrid-Repo (suggest to follow URL, thus there is to much versioning)
pass
def install_cacerts_repo(self, pmobj, repo):
if repo == 'igtf':
# https:/dist.igtf.net/distribution/igtf/
repoconf = {
'yum-conf': '''[eugridpma]
name=EUGridPMA
baseurl=http://dist.eugridpma.info/distribution/igtf/current/
gpgcheck=1
gpgkey=https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3
''',
'yum-name': 'eugridpma.repo',
'apt-conf': '''#### IGTF Trust Anchor Distribution ####
deb http://dist.eugridpma.info/distribution/igtf/current igtf accredited
''',
'apt-key-url': 'https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3',
'apt-name': 'eugridpma.list'
}
pmobj.deploy_repository(repoconf)
elif repo == 'egi-trustanchors':
# https://wiki.egi.eu/wiki/EGI_IGTF_Release
repoconf = {
'apt-url': 'http://repository.egi.eu/sw/production/cas/1/current/repo-files/egi-trustanchors.list',
'apt-key-url': 'https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3',
'yum-url': 'http://repository.egi.eu/sw/production/cas/1/current/repo-files/egi-trustanchors.repo'
}
pmobj.deploy_repository(repoconf)
elif repo == 'nordugrid':
print 'Nordugrid repository is the general purpose repo that contains binary packages of Nordugid ARC ' \
'and as a bonus includes third-party packages like IGTF CA certitificates.\n' \
'Repositories installation depends on which version of Nordugrid ARC you want to use.\n' \
'Please follow the http://download.nordugrid.org/repos.html and install \'nordugrid-release\' ' \
'package for chosen version.\n' \
'If you do not want to install Nordugrid ARC packages from the nordugrid repos ' \
'consider the other sources of IGTF CA certificates.'
sys.exit(0)
else:
self.logger.error('Unsupported CA certificates repository %s', repo)
sys.exit(1)
def igtf_deploy(self, bundle):
def igtf_deploy(self, bundle, installrepo):
pm = OSPackageManagement()
pm.version()
if installrepo:
self.install_cacerts_repo(pm, installrepo)
pm.update_cache()
exitcode = pm.install(list(map(lambda p: 'ca_policy_igtf-' + p, bundle)))
if exitcode:
self.logger.error('Can not install IGTF CA Certificate packages. '
'Make sure you have repositories installed (see --help for options).')
sys.exit(exitcode)
def control(self, args):
if args.action == 'voms-lsc':
self.lsc_deploy(args)
elif args.action == 'igtf-ca':
self.igtf_deploy(args.bundle)
self.igtf_deploy(args.bundle, args.installrepo)
else:
self.logger.critical('Unsupported third party deployment action %s', args.action)
sys.exit(1)
......@@ -187,7 +226,8 @@ class ThirdPartyControl(ComponentControl):
deploy_voms_lsc.add_argument('-o', '--openssl', action='store_true',
help='Use external OpenSSL command instead of native python SSL')
igtf_ca = deploy_actions.add_parser('igtf-ca', help='Deploy IGTF CA certificates')
igtf_ca.add_argument('bundle', help='IGTF CA bundle name', nargs='+',
choices=['classic', 'iota', 'mics', 'slcs'])
igtf_ca.add_argument('-i', '--installrepo', help='Add specified repository that contains IGTF CA certificates',
choices=['igtf', 'egi-trustanchors', 'nordugrid'])
......@@ -60,3 +60,5 @@ except IOError as e:
# handle SIGPIPE termination
if e.errno == errno.EPIPE:
pass
else:
raise
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment