From a26202033a623df7e81fa47fa04b46be8180a6da Mon Sep 17 00:00:00 2001 From: Thomas Oulevey Date: Nov 11 2015 09:58:56 +0000 Subject: Merge branch 'master' of https://git.centos.org/git/sig-core/cbs-tools --- diff --git a/scripts/bsadmin.conf.example b/scripts/bsadmin.conf.example new file mode 100644 index 0000000..d47a3e1 --- /dev/null +++ b/scripts/bsadmin.conf.example @@ -0,0 +1,19 @@ +[fas] + +# The topurl of your FAS Install +topurl = https://your.tld/accounts + +# A user for reading group membership +username = admin + +# The admin users password +password = password + +# Sync all groups with this prefix +group_prefix = sig- + +# Store the group-user map in this file +group_file = /etc/bsadmin/groups + +# Ignore cert validation +ignore_selfsigned = yes diff --git a/scripts/common6.sh b/scripts/common6.sh old mode 100644 new mode 100755 diff --git a/scripts/common7.sh b/scripts/common7.sh old mode 100644 new mode 100755 diff --git a/scripts/fas_perms_to_koji.py b/scripts/fas_perms_to_koji.py index e4d693f..75b47a8 100755 --- a/scripts/fas_perms_to_koji.py +++ b/scripts/fas_perms_to_koji.py @@ -36,7 +36,7 @@ from collections import defaultdict KOJI_URL = 'http://localhost/kojihub' CLIENT_CERT = os.path.expanduser('/etc/pki/koji/koji-admin.pem') CLIENTCA_CERT = os.path.expanduser('/etc/pki/koji/koji_ca_cert.crt') -SERVERCA_CERT = os.path.expanduser('/etc/pki/koji/koji_ca_cert.crt') +SERVERCA_CERT = os.path.expanduser('/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt') USER = 'koji' FASDUMP = '/etc/bsadmin/groups' SYSTEM_USERS = ['koji', 'kojira'] diff --git a/scripts/koji-group-sync.py b/scripts/koji-group-sync.py old mode 100644 new mode 100755 index 334fe9f..5901d96 --- a/scripts/koji-group-sync.py +++ b/scripts/koji-group-sync.py @@ -1,12 +1,9 @@ #!/usr/bin/python -from centos import AccountSystem -from centos import defaults +import ConfigParser +import sys -FAS_USERNAME = '' -FAS_PASSWORD = '' -GROUP_INCLUDE_PREFIX = 'sig-' -GROUP_FILE = '/etc/bsadmin/groups' -IGNORE_CERT_VALIDATION = True +from centos import AccountSystem +from centos.client import AuthError def group_users(account_system_handle): @@ -22,7 +19,7 @@ def group_users(account_system_handle): return group_users -def write_file(group_membership, filename=GROUP_FILE): +def write_file(group_membership, filename): with open(filename, 'w') as groupfile: for groupname, users in group_membership.iteritems(): signame = groupname[len(GROUP_INCLUDE_PREFIX):] @@ -30,9 +27,27 @@ def write_file(group_membership, filename=GROUP_FILE): if __name__ == '__main__': - fas = AccountSystem(base_url=defaults.FAS_TOPURL, - username=FAS_USERNAME, - password=FAS_PASSWORD, - insecure=IGNORE_CERT_VALIDATION) - - write_file(group_users(fas)) + config = ConfigParser.SafeConfigParser() + config.read('/etc/bsadmin/bsadmin.conf') + + try: + FAS_TOPURL = config.get('fas', 'topurl') + FAS_USERNAME = config.get('fas', 'username') + FAS_PASSWORD = config.get('fas', 'password') + IGNORE_CERT_VALIDATION = config.getboolean('fas', 'ignore_selfsigned') + GROUP_INCLUDE_PREFIX = config.get('fas', 'group_prefix') + GROUP_FILE = config.get('fas', 'group_file') + except ConfigParser.NoOptionError as e: + print >> sys.stderr, e.msg + sys.exit(1) + + try: + fas = AccountSystem(base_url=FAS_TOPURL, + username=FAS_USERNAME, + password=FAS_PASSWORD, + insecure=IGNORE_CERT_VALIDATION) + except AuthError as e: + print >> sys.stderr, e.msg + sys.exit(1) + + write_file(group_users(fas), GROUP_FILE) diff --git a/scripts/sigs/sclo/sclo-inheritance.sh b/scripts/sigs/sclo/sclo-inheritance.sh old mode 100644 new mode 100755