o

�Ad��@s
UdZd
dl
Z
d
dlZd
dlmZ
d
dlmZ
d
dlmZ
d
dl	m
Z
d
dl	mZmZ
d
dl
mZ
d
d	lmZ
d
d
lmZmZ
d
dlmZ
dZd
ZdZe�e�
ZdZdg
Zdddeeed�
g
edg
d�Zeed<ee�
Zeeefdd�
Z de!dededede"ddfd d!�Z#dS)"z6 Mcollective: Install, configure and start mcollective�N)
�Logger)
�dedent)
�	ConfigObj)
�log)�subp�util)
�Cloud)
�Config)�
MetaSchema�get_meta_doc)
�PER_INSTANCEz&/etc/mcollective/ssl/server-public.pemz'/etc/mcollective/ssl/server-private.pemz/etc/mcollective/server.cfga�This module installs, configures and starts mcollective. If the ``mcollective``
key is present in config, then mcollective will be installed and started.

Configuration for ``mcollective`` can be specified in the ``conf`` key under
``mcollective``. Each config value consists of a key value pair and will be
written to ``/etc/mcollective/server.cfg``. The ``public-cert`` and
``private-cert`` keys, if present in conf may be used to specify the public and
private certificates for mcollective. Their values will be written to
``/etc/mcollective/ssl/server-public.pem`` and
``/etc/mcollective/ssl/server-private.pem``.

.. note::
    The ec2 metadata service is readable by non-root users.
    If security is a concern, use include-once and ssl urls.
�all�cc_mcollective�Mcollectivez(Install, configure and start mcollectivea�            # Provide server private and public key and provide the following
            # config settings in /etc/mcollective/server.cfg:
            # loglevel: debug
            # plugin.stomp.host: dbhost

            # WARNING WARNING WARNING
            # The ec2 metadata service is a network service, and thus is
            # readable by non-root users on the system
            # (ie: 'ec2metadata --user-data')
            # If you want security for this, please use include-once + SSL urls
            mcollective:
              conf:
                loglevel: debug
                plugin.stomp.host: dbhost
                public-cert: |
                    -------BEGIN CERTIFICATE--------
                    <cert data>
                    -------END CERTIFICATE--------
                private-cert: |
                    -------BEGIN CERTIFICATE--------
                    <cert data>
                    -------END CERTIFICATE--------
            �mcollective)�id�name�title�description�distros�examples�	frequency�activate_by_schema_keys�metac
Cs�
ztj
|
d
d
d�}tt�|�
�
}Wn"ty3
}
z|jtjkr �t�	d|
�
t�}WYd}~nd}~w
w|�
�D]\\}}|dkrQtj||dd�
||d<d|d	<q8|d
krftj||dd�
||d<d|d	<q8t|t
�rp|||<q8t|t�r�||jv
r~i||<|�
�D]
\}	}
|
|||	<q�q8t
|�
||<q8z
t�|
d
|
�
Wnty�
}
z|jtjkr�n
�WYd}~nd}~w
wt��}|�|�

tj|
|��dd�
dS)NF)�quiet�decodez4Did not find file %s (starting with an empty config)zpublic-certi�
)
�modezplugin.ssl_server_public�ssl�securityproviderzprivate-certi�
zplugin.ssl_server_privatez%s.old)r�	load_filer�io�BytesIO�IOError�errno�ENOENT�LOG�debug�items�
write_file�
isinstance�str�dict�sections�copy�write�getvalue)�config�
server_cfg�pubcert_file�pricert_file�old_contents�mcollective_config�
e�cfg_name�cfg�
o�
v�contents�r<�A/usr/lib/python3/dist-packages/cloudinit/config/cc_mcollective.py�	configure^sV






���	

















�

���


r>rr8�cloudr�args�returncCsXd
|
v
r|�d|�
dS|
d
}|j
�d�

d|vr!t|dd�

tjgd�
dd�
dS)	Nrz?Skipping module named %s, no 'mcollective' key in configuration)
r�conf)
r0)�servicer�restartF)
�capture)r&�distro�install_packagesr>r)rr8r?rr@�mcollective_cfgr<r<r=�handle�s


�
rI)$�__doc__r#r �loggingr�textwrapr�	configobjr�	cloudinitrrr�cloudinit.cloudr�cloudinit.configr	�cloudinit.config.schemar
r�cloudinit.settingsr�PUBCERT_FILE�PRICERT_FILE�
SERVER_CFG�	getLogger�__name__r%�MODULE_DESCRIPTIONrr�__annotations__r>r*�listrIr<r<r<r=�<module>
s`	















��
�&


�=
�
�
�
�
��