diff options
| author | xyrix <xyrixorg@gmail.com> | 2014-02-06 09:53:43 +0100 |
|---|---|---|
| committer | xyrix <xyrixorg@gmail.com> | 2014-02-06 09:53:43 +0100 |
| commit | 1de45bf687e83aadeda0b730b0ad0c7cd095fc97 (patch) | |
| tree | 6cfff593c7bcfd2ab888782553cbea0175f9c5cb | |
| parent | Make tmp paths in TestRunner dynamic based on pid (diff) | |
| download | ansible-1de45bf687e83aadeda0b730b0ad0c7cd095fc97.tar.xz ansible-1de45bf687e83aadeda0b730b0ad0c7cd095fc97.zip | |
made accelerate keys directory configurable, and permissions for the file and dir configurable, and gave them a safe default
| -rw-r--r-- | lib/ansible/constants.py | 3 | ||||
| -rw-r--r-- | lib/ansible/utils/__init__.py | 10 |
2 files changed, 10 insertions, 3 deletions
diff --git a/lib/ansible/constants.py b/lib/ansible/constants.py index 496345c29b..c055ccf3d0 100644 --- a/lib/ansible/constants.py +++ b/lib/ansible/constants.py @@ -157,6 +157,9 @@ ZEROMQ_PORT = get_config(p, 'fireball_connection', 'zeromq_po ACCELERATE_PORT = get_config(p, 'accelerate', 'accelerate_port', 'ACCELERATE_PORT', 5099, integer=True) ACCELERATE_TIMEOUT = get_config(p, 'accelerate', 'accelerate_timeout', 'ACCELERATE_TIMEOUT', 30, integer=True) ACCELERATE_CONNECT_TIMEOUT = get_config(p, 'accelerate', 'accelerate_connect_timeout', 'ACCELERATE_CONNECT_TIMEOUT', 1.0, floating=True) +ACCELERATE_KEYS_DIR = get_config(p, 'accelerate', 'accelerate_keys_dir', 'ACCELERATE_KEYS_DIR', '~/.fireball.keys') +ACCELERATE_KEYS_DIR_PERMS = get_config(p, 'accelerate', 'accelerate_keys_dir_perms', 'ACCELERATE_KEYS_DIR_PERMS', '700') +ACCELERATE_KEYS_FILE_PERMS = get_config(p, 'accelerate', 'accelerate_keys_file_perms', 'ACCELERATE_KEYS_FILE_PERMS', '600') PARAMIKO_PTY = get_config(p, 'paramiko_connection', 'pty', 'ANSIBLE_PARAMIKO_PTY', True, boolean=True) # characters included in auto-generated passwords diff --git a/lib/ansible/utils/__init__.py b/lib/ansible/utils/__init__.py index 1a065ccd39..c61f727de8 100644 --- a/lib/ansible/utils/__init__.py +++ b/lib/ansible/utils/__init__.py @@ -87,15 +87,19 @@ def key_for_hostname(hostname): if not KEYCZAR_AVAILABLE: raise errors.AnsibleError("python-keyczar must be installed on the control machine to use accelerated modes") - key_path = os.path.expanduser("~/.fireball.keys") + key_path = os.path.expanduser(C.ACCELERATE_KEYS_DIR) if not os.path.exists(key_path): os.makedirs(key_path) - key_path = os.path.expanduser("~/.fireball.keys/%s" % hostname) + elif not os.path.isdir(key_path): + raise errors.AnsibleError('ACCELERATE_KEYS_DIR is not a directory.') + os.chmod(key_path, int(C.ACCELERATE_KEYS_DIR_PERMS, 8)) + key_path = os.path.join(key_path, hostname) # use new AES keys every 2 hours, which means fireball must not allow running for longer either if not os.path.exists(key_path) or (time.time() - os.path.getmtime(key_path) > 60*60*2): key = AesKey.Generate() - fh = open(key_path, "w") + fd = os.open(key_path, os.O_WRONLY | os.O_CREAT, int(C.ACCELERATE_KEYS_FILE_PERMS, 8)) + fh = os.fdopen(fd, 'w') fh.write(str(key)) fh.close() return key |