Compare commits

..

15 Commits

Author SHA1 Message Date
69b7b003de
Add UUID support for SYSLINUX
Some checks failed
buildbot/multibuild_parent Build done.
buildbot/travis_bionic Build done.
2022-06-21 09:21:13 +08:00
a2b36e7299
PEP8
Some checks failed
buildbot/travis_bionic Build done.
2021-12-02 15:50:34 +08:00
a51b499cb3
Add UUID syntax validation 2021-12-02 15:43:43 +08:00
95038a060c
Add v2 API with UUID support
Some checks failed
buildbot/travis_bionic Build done.
- refactoring
- code quality
2021-11-19 16:12:32 +08:00
12ee0ab3ec
Add forward DNS lookup check
Some checks failed
buildbot/travis_bionic Build done.
2021-07-31 20:45:50 +08:00
0ee0ac4936
Fix: reset hostname for each request
Some checks failed
buildbot/travis_bionic Build done.
2021-07-31 13:55:58 +08:00
e5b9d45a59
Allow meta-data to contain any yaml
Some checks failed
buildbot/travis_bionic Build done.
2021-06-09 19:13:23 +08:00
3430109353
Update data submodule url 2021-06-04 19:08:12 +08:00
2d1eb2826a
Add support for #include user-data format 2021-06-04 18:54:17 +08:00
67a2395db3
fix: code quality 2021-03-01 10:33:42 +01:00
ce70c7144c
sec: disallow global IPs from proxying 2021-03-01 10:33:19 +01:00
534b33fa52
fix: parse more than the first line of metadata 2021-03-01 10:32:07 +01:00
2913a8aa24
add: redirect and vendor-data
- add redirect and vendor-data (empty only, to speed up boot)
- some CQ too
- default file names standardized
2021-03-01 10:00:50 +01:00
360917be5d
Config directory fix
- locates config in the same directory as the main file
2021-02-23 16:12:28 +01:00
af931ae745
Add data submodule 2021-02-10 17:21:52 +01:00
3 changed files with 283 additions and 51 deletions

3
.gitmodules vendored Normal file
View File

@ -0,0 +1,3 @@
[submodule "data"]
path = data
url = git@git.bitmessage.org:Sysdeploy/cloud-init-cherrypy-data.git

1
data Submodule

@ -0,0 +1 @@
Subproject commit 9b424a478883ccac83e2a1f95cd8a674f5b083e9

324
main.py
View File

@ -1,101 +1,329 @@
import os #!/usr/bin/env python3
import sys """
Serve cloud init files
import cherrypy """
from cherrypy.lib.static import serve_file
import yaml
import socket
import configparser import configparser
import os
import socket
import sys
import uuid as uuid_module
from ipaddress import AddressValueError, IPv4Address, IPv6Address
from os import access, R_OK
import cherrypy
# from cherrypy.lib.static import serve_file
from jinja2 import Template
import yaml
PATH = os.path.dirname(os.path.abspath(__file__)) PATH = os.path.dirname(os.path.abspath(__file__))
config = configparser.ConfigParser() CONFIG = configparser.ConfigParser()
config.read("config.ini") CONFIG.read(os.path.join(PATH, "config.ini"))
user_data_filename = config["app"].get("user_data", "sample_file.txt") USER_DATA_FILENAME = CONFIG["app"].get("user_data", "user-data")
meta_data_filename = config["app"].get("meta_data", "meta_data_extra.txt") META_DATA_FILENAME = CONFIG["app"].get("meta_data", "meta-data")
REDIRECT_FILENAME = CONFIG["app"].get("redirect", "redirect")
class MainApp: class CloudInitRequest:
"""
Request data for persistence across methods
"""
def __init__(self, request, uuid=None):
self.remoteip = None
self.hostinfo = ('localhost', )
self.request = request
self.meta_data = None
self.meta_data_loaded = False
self.user_data = None
try:
self.uuid = str(uuid_module.UUID('{' + uuid + '}'))
# ValueError is wrong UUID syntax
# TypeError is None
except (ValueError, TypeError):
self.uuid = None
self._init_ip()
self._generate_default_meta_data()
def _can_ip_be_proxy(self):
"""
Assuming the connection is through a proxy, is this proxy permitted?
Can't proxy from a publicly reachable IP.
"""
self.remoteip = self.request.remote.ip
try:
ipobj = IPv4Address(self.remoteip)
except AddressValueError:
try:
ipobj = IPv6Address(self.remoteip)
except AddressValueError:
return False
return not ipobj.is_global
def _init_ip(self): def _init_ip(self):
""" """
Get remote IP Get remote IP
""" """
if self._can_ip_be_proxy():
try: try:
self.remoteip = cherrypy.request.headers.get( self.remoteip = self.request.headers.get(
'X-Real-Ip', 'X-Real-Ip',
cherrypy.request.remote.ip self.request.remote.ip
) )
except: except KeyError:
self.remoteip = cherrypy.request.remote.ip pass
try: try:
self.hostinfo = socket.gethostbyaddr(self.remoteip) self.hostinfo = socket.gethostbyaddr(self.remoteip)
forward_lookup = socket.gethostbyname(self.hostinfo[0])
if forward_lookup != self.remoteip:
self.hostinfo = ('localhost', )
except socket.herror: except socket.herror:
self.hostinfo = ('localhost', ) self.hostinfo = ('localhost', )
except socket.gaierror:
self.hostinfo = (self.remoteip, )
def _generate_default_meta_data(self):
"""
Build default meta-data based on the requesting IP
"""
hostname = self.hostinfo[0]
base = self.request.base
self.meta_data = {
"instance-id": hostname.split(".")[0],
"local-hostname": hostname,
"baseurl": base
}
def _update_meta_data_from_file(self, filename):
"""
Load meta-data from a file
"""
with open(filename, "r") as metadata:
self.meta_data.update(yaml.safe_load(metadata))
def _get_filename(self, filetype):
"""
Get the best available filename for a given type
"""
check_dirs = ['localhost', ]
if self.uuid:
check_dirs.insert(0, self.uuid)
if self.meta_data['local-hostname'] != 'localhost':
check_dirs.insert(0, self.meta_data['local-hostname'])
for subdir in check_dirs:
filepath = os.path.join(PATH, "data",
subdir,
filetype)
if not os.path.isfile(filepath) \
or not access(filepath, R_OK):
continue
return filepath
return None
def get_meta_data(self):
"""
Return the appropriate meta-data for this request
"""
if self.meta_data_loaded:
return self.meta_data
self._generate_default_meta_data()
filename = self._get_filename(META_DATA_FILENAME)
if filename:
self._update_meta_data_from_file(
filename
)
self.meta_data_loaded = True
return self.meta_data
def save_meta_data(self, data):
"""
Save metadata
"""
filename = self._get_filename(META_DATA_FILENAME)
with open(filename, "wt") as filehandle:
filehandle.write(data)
def get_user_data(self):
"""
Return the appropriate meta-data for this request
"""
if self.user_data:
return self.user_data
filename = self._get_filename(USER_DATA_FILENAME)
if not filename:
return None
with open(filename, "r") as userdata:
self.user_data = userdata.read()
return self.user_data
return None
def optional_redirect(self):
"""
Return optional redirect, or None
"""
filename = self._get_filename(REDIRECT_FILENAME)
if not (filename and os.path.exists(filename)):
return None
try:
with open(filename) as redirect:
content = redirect.read().splitlines()
return content[0]
except IOError:
return None
return None
class CloudInitApp:
"""
Serve cloud init files
"""
@staticmethod
def _redirect_if_needed(request):
redirect = request.optional_redirect()
if redirect:
raise cherrypy.HTTPRedirect(redirect, 301)
return False
@staticmethod
def _content_type(data):
if not data:
return "text/cloud-config"
if data.startswith("#include"):
return "text/x-include-url"
if data.startswith("## template: jinja"):
return "text/jinja2"
return "text/cloud-config"
@staticmethod
def _wrap_metadata(metadata):
return {'ds': {
'meta_data': metadata
}}
def _user_data(self, uuid=None, SYSUUID=None):
"""
Serves a static file
But can process a template if x-include-url
"""
if SYSUUID: # SYSLINUX support
uuid = SYSUUID
request = CloudInitRequest(cherrypy.request, uuid)
self._redirect_if_needed(request)
user_data = request.get_user_data()
c__ = self._content_type(user_data)
cherrypy.response.headers['Content-Type'] = c__
cherrypy.response.headers['Content-Disposition'] = \
'attachment; filename="user-data"'
if c__ == "text/x-include-url":
t__ = Template(user_data)
metadata = request.get_meta_data()
wrapped = CloudInitApp._wrap_metadata(metadata)
return t__.render(**wrapped)
return user_data
def _meta_data(self, uuid=None):
"""
Return meta-data in YAML
"""
request = CloudInitRequest(cherrypy.request, uuid)
self._redirect_if_needed(request)
cherrypy.response.headers['Content-Type'] = \
'text/yaml'
cherrypy.response.headers['Content-Disposition'] = \
'attachment; filename="meta-data"'
return yaml.dump(request.get_meta_data())
@staticmethod
def _vendor_data():
return ""
@cherrypy.expose @cherrypy.expose
def user_data(self): def user_data(self):
""" """
Serves a static file v1 api endpoint user-data
""" """
self._init_ip() return self._user_data()
filepath = os.path.join(PATH, "data", self.hostinfo[0],
user_data_filename)
if not os.path.exists(filepath):
filepath = os.path.join(PATH, "data", user_data_filename)
return serve_file(filepath, "application/x-download", "attachment")
@cherrypy.expose @cherrypy.expose
def meta_data(self): def meta_data(self):
""" """
Return meta-data in YAML v1 api endpoint meta-data
""" """
self._init_ip() return self._meta_data()
hostname =self.hostinfo[0]
data = {"instance-id": hostname.split(".")[0], "local-hostname": hostname}
filepath = os.path.join(PATH, "data", hostname, meta_data_filename)
if os.path.exists(filepath):
with open(filepath, "r") as f:
line = f.readlines()[0]
ls = list(map(lambda k: k.strip(), line.split(":")))
data[ls[0]] = ls[1]
return yaml.dump(data)
@cherrypy.expose @cherrypy.expose
def vendor_data(self):
"""
v1 api endpoint vendor-data
"""
return self._vendor_data()
@cherrypy.expose
def apiv2(self, uuid=None, filetype="user-data"):
"""
API endpoint v2
extract command from arguments
"""
if filetype == "user-data":
return self._user_data(uuid)
if filetype == "meta-data":
return self._meta_data(uuid)
if filetype == "vendor-data":
return self._vendor_data()
return ""
# unused
# @cherrypy.expose
def finished(self, data): def finished(self, data):
""" """
Saves additional meta-data Saves additional meta-data
:param data: meta-data to be added :param data: meta-data to be added
""" """
self._init_ip() request = CloudInitRequest(cherrypy.request)
folder = os.path.join(PATH, "data", self.hostinfo[0]) self._redirect_if_needed(request)
if not os.path.exists(folder): request.save_meta_data(data)
os.makedirs(folder)
with open(os.path.join(folder, meta_data_filename), "w") as f:
f.write(data)
ROOT = MainApp() ROOT = CloudInitApp()
if __name__ == "__main__": if __name__ == "__main__":
cherrypy.server.socket_host = config["server"].get("server_host", "127.0.0.1") cherrypy.server.socket_host = \
cherrypy.server.socket_port = config["server"].getint("server_port", 8081) CONFIG["server"].get("server_host", "127.0.0.1")
cherrypy.server.socket_port = \
CONFIG["server"].getint("server_port", 8081)
ENGINE = cherrypy.engine ENGINE = cherrypy.engine
cherrypy.tree.mount(ROOT) CURRENT_DIR = os.path.dirname(os.path.abspath(__file__))
CONFIG = {
'/include': {
'tools.staticdir.on': True,
'tools.staticdir.dir': os.path.join(CURRENT_DIR,
'data',
'include'),
'tools.staticdir.content_types': {
'yml': 'text/yaml'
}
}
}
cherrypy.tree.mount(ROOT, config=CONFIG)
if hasattr(ENGINE, "signal_handler"): if hasattr(ENGINE, "signal_handler"):
ENGINE.signal_handler.subscribe() ENGINE.signal_handler.subscribe()
if hasattr(ENGINE, "console_control_handler"): if hasattr(ENGINE, "console_control_handler"):
ENGINE.console_control_handler.subscribe() ENGINE.console_control_handler.subscribe()
try: try:
ENGINE.start() ENGINE.start()
except Exception: except Exception: # pylint: disable=broad-except
sys.exit(1) sys.exit(1)
else: else:
ENGINE.block() ENGINE.block()