+ syslog(LOG_DEBUG, 'Init complete.')
+
+ def make_map(self):
+ m = Mapper()
+ m.connect('', controller='getroot')
+ m.connect('acl', controller='getmachines')
+ m.connect('acl/:machine', controller='getacl')
+ m.connect('conf', controller='getconf')
+ return m
+
+ def getroot(self, **kw):
+ return ['acl', 'conf']
+
+ def getacl(self, machine, **kw):
+ """Build the ACL file for a machine
+ """
+ s = sa.sql.select([database.machine_access_table.c.user], # Field to select from
+ sa.sql.and_( # where clause
+ database.machine_table.c.machine_id==database.machine_access_table.c.machine_id, # join field
+ database.machine_table.c.name == machine), # filter field
+ from_obj=[database.machine_access_table, database.machine_table]) # from tables
+ users = [self.userToPrinc(acl[0]) for acl in
+ database.session.execute(s)]
+ return "\n".join(users
+ + ['include /etc/remctl/acl/web',
+ ''])
+
+ def getconf(self, **kw):
+ """Build the master conf file, with all machines
+ """
+ return '\n'.join("control %s /usr/sbin/invirt-remote-proxy-control"
+ " /etc/remctl/remconffs/acl/%s"
+ % (machine_name, machine_name)
+ for machine_name in self.getmachines())+'\n'
+
+ def getmachines(self, **kw):
+ """Get the list of VMs in the database. Does not cache to prevent race conditions."""
+ return list(row[0] for row in database.session.execute(sa.sql.select([database.Machine.c.name])))
+
+ def userToPrinc(self, user):
+ """Convert Kerberos v4-style names to v5-style and append a default
+ realm if none is specified
+ """
+ if '@' in user:
+ (princ, realm) = user.split('@')
+ else:
+ princ = user
+ realm = config.authn[0].realm
projects / invirt/packages/invirt-remote.git / blobdiff