← Back to branch summary

~openstack-charmers-next/charms/xenial/ceph-mon/trunk

« back to all changes in this revision

Viewing changes to hooks/ceph_hooks.py

  • Committer: Gerrit Code Review
  • Author(s): Jenkins
  • Date: 2016-07-06 18:13:24 UTC
  • mfrom: (172.1.1 trunk)
  • Revision ID: review@openstack.org-20160706181324-gw8yk1nv2pigz1q8
MergeĀ "AppArmorĀ Profile"

Show diffs side-by-side

added added

removed removed

Lines of Context:
hooks/ceph_hooks.py
13
13
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
14
# See the License for the specific language governing permissions and
15
15
# limitations under the License.
 
16
import glob
16
17
 
17
18
import os
18
19
import random
21
22
import sys
22
23
import uuid
23
24
import time
 
25
import shutil
24
26
 
25
27
import ceph
26
28
from charmhelpers.core import host
82
84
 
83
85
hooks = Hooks()
84
86
 
 
87
app_armor_modes = {
 
88
    'complain': 'aa-complain',
 
89
    'disabled': 'aa-disable',
 
90
    'enforce': 'aa-enforce',
 
91
}
 
92
 
85
93
NAGIOS_PLUGINS = '/usr/local/lib/nagios/plugins'
86
94
SCRIPTS_DIR = '/usr/local/bin'
87
95
STATUS_FILE = '/var/lib/nagios/cat-ceph-status.txt'
268
276
        sys.exit(1)
269
277
 
270
278
 
 
279
def install_apparmor_profile():
 
280
    log('Installing app-armor-profiles')
 
281
    aa_mode = config('aa-profile-mode')
 
282
    if aa_mode not in app_armor_modes:
 
283
        log('Invalid apparmor mode: {}.  Defaulting to complain'.format(
 
284
            aa_mode), level='error')
 
285
    aa_mode = 'complain'
 
286
    apparmor_dir = os.path.join(os.sep,
 
287
                                'etc',
 
288
                                'apparmor.d',
 
289
                                'local')
 
290
 
 
291
    for x in glob.glob('files/apparmor/*'):
 
292
        shutil.copy(x, apparmor_dir)
 
293
        try:
 
294
            cmd = [
 
295
                app_armor_modes[aa_mode],
 
296
                os.path.join(apparmor_dir, os.path.split(x)[-1])
 
297
            ]
 
298
            subprocess.check_output(cmd)
 
299
        except subprocess.CalledProcessError as err:
 
300
            log('{} failed with error {}'.format(
 
301
                app_armor_modes[aa_mode], err.output), level='error')
 
302
 
 
303
 
271
304
@hooks.hook('install.real')
272
305
@harden()
273
306
def install():
374
407
        status_set('maintenance', 'Bootstrapping single Ceph MON')
375
408
        ceph.bootstrap_monitor_cluster(config('monitor-secret'))
376
409
        ceph.wait_for_bootstrap()
 
410
    install_apparmor_profile()
377
411
 
378
412
 
379
413
def get_mon_hosts():