Skip to content
Permalink
Browse files

Add dedicated class for host tasks

example :

[task#backup]
type = host
command = /bin/true
schedule = @1
  • Loading branch information...
arnaudveron committed Jul 22, 2019
1 parent 4ec5141 commit 063d9d3fc4dfa25b874fc72d6fd788dcfbd34684
Showing with 66 additions and 52 deletions.
  1. +1 −46 lib/resTask.py
  2. +58 −0 lib/resTaskHost.py
  3. +5 −5 lib/svcBuilder.py
  4. +2 −1 lib/svcdict.py
@@ -10,34 +10,6 @@
from rcUtilities import lcall
from six.moves import input

def run_as_popen_kwargs(user):
if rcEnv.sysname == "Windows":
return {}
if user is None:
return {}
cwd = rcEnv.paths.pathtmp
import pwd
try:
pw_record = pwd.getpwnam(user)
except Exception as exc:
raise ex.excError("user lookup failure: %s" % str(exc))
user_name = pw_record.pw_name
user_home_dir = pw_record.pw_dir
user_uid = pw_record.pw_uid
user_gid = pw_record.pw_gid
env = os.environ.copy()
env['HOME'] = user_home_dir
env['LOGNAME'] = user_name
env['PWD'] = cwd
env['USER'] = user_name
return {'preexec_fn': demote(user_uid, user_gid), 'cwd': cwd, 'env': env}

def demote(user_uid, user_gid):
def result():
os.setgid(user_gid)
os.setuid(user_uid)
return result

class Task(Res.Resource):
default_optional = True
def __init__(self,
@@ -154,27 +126,10 @@ def _run(self):


def _run_call(self):
kwargs = {
'timeout': self.timeout,
'blocking': True,
}
kwargs.update(run_as_popen_kwargs(self.user))
if self.configs_environment or self.secrets_environment:
if "env" not in kwargs:
kwargs["env"] = {}
kwargs["env"].update(self.kind_environment_env("cfg", self.configs_environment))
kwargs["env"].update(self.kind_environment_env("sec", self.secrets_environment))
try:
self.action_triggers("", "command", **kwargs)
except ex.excError:
if self.on_error:
kwargs["blocking"] = False
self.action_triggers("", "on_error", **kwargs)
raise
pass

def _status(self, verbose=False):
return rcStatus.NA

def is_provisioned(self, refresh=False):
return True

@@ -0,0 +1,58 @@
import resTask
import rcExceptions as ex
import os

from rcGlobalEnv import rcEnv

def run_as_popen_kwargs(user):
if rcEnv.sysname == "Windows":
return {}
if user is None:
return {}
cwd = rcEnv.paths.pathtmp
import pwd
try:
pw_record = pwd.getpwnam(user)
except Exception as exc:
raise ex.excError("user lookup failure: %s" % str(exc))
user_name = pw_record.pw_name
user_home_dir = pw_record.pw_dir
user_uid = pw_record.pw_uid
user_gid = pw_record.pw_gid
env = os.environ.copy()
env['HOME'] = user_home_dir
env['LOGNAME'] = user_name
env['PWD'] = cwd
env['USER'] = user_name
return {'preexec_fn': demote(user_uid, user_gid), 'cwd': cwd, 'env': env}

def demote(user_uid, user_gid):
def result():
os.setgid(user_gid)
os.setuid(user_uid)
return result

class Task(resTask.Task):
def __init__(self, *args, **kwargs):
kwargs["type"] = "task.host"
resTask.Task.__init__(self, *args, **kwargs)


def _run_call(self):
kwargs = {
'timeout': self.timeout,
'blocking': True,
}
kwargs.update(run_as_popen_kwargs(self.user))
if self.configs_environment or self.secrets_environment:
if "env" not in kwargs:
kwargs["env"] = {}
kwargs["env"].update(self.kind_environment_env("cfg", self.configs_environment))
kwargs["env"].update(self.kind_environment_env("sec", self.secrets_environment))
try:
self.action_triggers("", "command", **kwargs)
except ex.excError:
if self.on_error:
kwargs["blocking"] = False
self.action_triggers("", "on_error", **kwargs)
raise
@@ -1490,8 +1490,8 @@ def add_task(svc, s):
add_task_docker(svc, s)
elif rtype == "podman":
add_task_podman(svc, s)
else:
add_task_default(svc, s)
elif rtype == "host":
add_task_host(svc, s)

def add_task_podman(svc, s):
kwargs = init_kwargs(svc, s)
@@ -1557,7 +1557,7 @@ def add_task_docker(svc, s):
r = resTaskDocker.Task(**kwargs)
svc += r

def add_task_default(svc, s):
def add_task_host(svc, s):
kwargs = init_kwargs(svc, s)
kwargs["command"] = svc.oget(s, "command")
kwargs["on_error"] = svc.oget(s, "on_error")
@@ -1568,8 +1568,8 @@ def add_task_default(svc, s):
kwargs["confirmation"] = svc.oget(s, "confirmation")
kwargs["secrets_environment"] = svc.oget(s, "secrets_environment")
kwargs["configs_environment"] = svc.oget(s, "configs_environment")
import resTask
r = resTask.Task(**kwargs)
import resTaskHost
r = resTaskHost.Task(**kwargs)
svc += r

def add_app_winservice(svc, s):
@@ -2934,7 +2934,8 @@
{
"section": "task",
"keyword": "type",
"candidates": [None, "docker", "podman"],
"candidates": ["host", "docker", "podman"],
"default": "host",
"text": "The type of task. Default tasks run on the host, their use is limited to the cluster admin population. Containerized tasks are safe for unprivileged population."
},
{

0 comments on commit 063d9d3

Please sign in to comment.
You can’t perform that action at this time.