From 0b8c5785365793f7131d1385739958bbb3bab3a0 Mon Sep 17 00:00:00 2001 From: Yun Zheng Hu Date: Mon, 11 Sep 2023 16:51:33 +0000 Subject: [PATCH] T2405: add Git support to commit-archive --- debian/control | 1 + .../system-config-mgmt.xml.in | 2 +- python/vyos/config_mgmt.py | 16 +- python/vyos/remote.py | 142 +++++++++++++++++- python/vyos/utils/process.py | 2 + 5 files changed, 152 insertions(+), 11 deletions(-) diff --git a/debian/control b/debian/control index ee45a5fe34c..c7bbe8ecebf 100644 --- a/debian/control +++ b/debian/control @@ -62,6 +62,7 @@ Depends: frr-snmp, fuse-overlayfs, libpam-google-authenticator, + git, grc, haproxy, hostapd, diff --git a/interface-definitions/system-config-mgmt.xml.in b/interface-definitions/system-config-mgmt.xml.in index de5a8cc16f7..f40a0e4c3fd 100644 --- a/interface-definitions/system-config-mgmt.xml.in +++ b/interface-definitions/system-config-mgmt.xml.in @@ -21,7 +21,7 @@ Uniform Resource Identifier - + (http|https|ftp|ftps|sftp|ssh|scp|tftp|git|git\+(\w+)):\/\/.* diff --git a/python/vyos/config_mgmt.py b/python/vyos/config_mgmt.py index dbf17ade425..7e0b7de127f 100644 --- a/python/vyos/config_mgmt.py +++ b/python/vyos/config_mgmt.py @@ -22,7 +22,7 @@ from typing import Optional, Tuple, Union from filecmp import cmp from datetime import datetime -from textwrap import dedent +from textwrap import dedent, indent from pathlib import Path from tabulate import tabulate from shutil import copy @@ -367,9 +367,19 @@ def commit_archive(self): remote_file = f'config.boot-{hostname}.{timestamp}' source_address = self.source_address + if self.effective_locations: + print("Archiving config...") for location in self.effective_locations: - upload(archive_config_file, f'{location}/{remote_file}', - source_host=source_address) + print(f" {location}", end=" ", flush=True) + try: + upload(archive_config_file, f'{location}/{remote_file}', + source_host=source_address, raise_error=True) + print("OK") + except Exception as e: + print("FAILED!") + print() + print(indent(str(e), " > ")) + print() # op-mode functions # diff --git a/python/vyos/remote.py b/python/vyos/remote.py index cf731c8816d..fc09c3a588b 100644 --- a/python/vyos/remote.py +++ b/python/vyos/remote.py @@ -14,6 +14,7 @@ # License along with this library. If not, see . import os +import pwd import shutil import socket import ssl @@ -22,6 +23,9 @@ import tempfile import urllib.parse +from contextlib import contextmanager +from pathlib import Path + from ftplib import FTP from ftplib import FTP_TLS @@ -37,11 +41,22 @@ from vyos.utils.io import make_progressbar from vyos.utils.io import print_error from vyos.utils.misc import begin -from vyos.utils.process import cmd +from vyos.utils.process import cmd, rc_cmd from vyos.version import get_version CHUNK_SIZE = 8192 +@contextmanager +def umask(mask: int): + """ + Context manager that temporarily sets the process umask. + """ + oldmask = os.umask(mask) + try: + yield + finally: + os.umask(oldmask) + class InteractivePolicy(MissingHostKeyPolicy): """ Paramiko policy for interactively querying the user on whether to proceed @@ -308,29 +323,142 @@ def upload(self, location: str): with open(location, 'rb') as f: cmd(f'{self.command} -T - "{self.urlstring}"', input=f.read()) +class GitC: + def __init__(self, + url, + progressbar=False, + check_space=False, + source_host=None, + source_port=0, + timeout=10, + ): + self.command = 'git' + self.url = url + self.urlstring = urllib.parse.urlunsplit(url) + if self.urlstring.startswith("git+"): + self.urlstring = self.urlstring.replace("git+", "", 1) + + def download(self, location: str): + raise NotImplementedError("not supported") + + @umask(0o077) + def upload(self, location: str): + scheme = self.url.scheme + _, _, scheme = scheme.partition("+") + netloc = self.url.netloc + url = Path(self.url.path).parent + with tempfile.TemporaryDirectory(prefix="git-commit-archive-") as directory: + # Determine username, fullname, email for Git commit + pwd_entry = pwd.getpwuid(os.getuid()) + user = pwd_entry.pw_name + name = pwd_entry.pw_gecos.split(",")[0] or user + fqdn = socket.getfqdn() + email = f"{user}@{fqdn}" + + # environment vars for our git commands + env = { + "GIT_TERMINAL_PROMPT": "0", + "GIT_AUTHOR_NAME": name, + "GIT_AUTHOR_EMAIL": email, + "GIT_COMMITTER_NAME": name, + "GIT_COMMITTER_EMAIL": email, + } + + # build ssh command for git + ssh_command = ["ssh"] + + # Try to use /config/auth/commit-archive.key as SSH identity + # We copy over the key so we can control the permissions + try: + path_privatekey = Path(directory) / "private.key" + path_privatekey.write_bytes( + Path("/config/auth/commit-archive.key").read_bytes() + ) + ssh_command += ["-i", str(path_privatekey)] + except Exception: + pass + + # if we are not interactive, we use StrictHostKeyChecking=yes to avoid any prompts + if not sys.stdout.isatty(): + ssh_command += ["-o", "StrictHostKeyChecking=yes"] + + env["GIT_SSH_COMMAND"] = " ".join(ssh_command) + + # git clone + path_repository = Path(directory) / "repository" + scheme = f"{scheme}://" if scheme else "" + rc, out = rc_cmd( + [self.command, "clone", f"{scheme}{netloc}{url}", str(path_repository), "--depth=1"], + env=env, + shell=False, + ) + if rc: + raise Exception(out) + + # git add + filename = Path(Path(self.url.path).name).stem + dst = path_repository / filename + shutil.copy2(location, dst) + rc, out = rc_cmd( + [self.command, "-C", str(path_repository), "add", filename], + env=env, + shell=False, + ) + + # git commit -m + commit_message = os.environ.get("COMMIT_COMMENT", "commit") + rc, out = rc_cmd( + [self.command, "-C", str(path_repository), "commit", "-m", commit_message], + env=env, + shell=False, + ) + + # git push + rc, out = rc_cmd( + [self.command, "-C", str(path_repository), "push"], + env=env, + shell=False, + ) + if rc: + raise Exception(out) + def urlc(urlstring, *args, **kwargs): """ Dynamically dispatch the appropriate protocol class. """ - url_classes = {'http': HttpC, 'https': HttpC, 'ftp': FtpC, 'ftps': FtpC, \ - 'sftp': SshC, 'ssh': SshC, 'scp': SshC, 'tftp': TftpC} + url_classes = { + "http": HttpC, + "https": HttpC, + "ftp": FtpC, + "ftps": FtpC, + "sftp": SshC, + "ssh": SshC, + "scp": SshC, + "tftp": TftpC, + "git": GitC, + } url = urllib.parse.urlsplit(urlstring) + scheme, _, _ = url.scheme.partition("+") try: - return url_classes[url.scheme](url, *args, **kwargs) + return url_classes[scheme](url, *args, **kwargs) except KeyError: - raise ValueError(f'Unsupported URL scheme: "{url.scheme}"') + raise ValueError(f'Unsupported URL scheme: "{scheme}"') -def download(local_path, urlstring, *args, **kwargs): +def download(local_path, urlstring, raise_error=False, *args, **kwargs): try: urlc(urlstring, *args, **kwargs).download(local_path) except Exception as err: + if raise_error: + raise print_error(f'Unable to download "{urlstring}": {err}') -def upload(local_path, urlstring, *args, **kwargs): +def upload(local_path, urlstring, raise_error=False, *args, **kwargs): try: urlc(urlstring, *args, **kwargs).upload(local_path) except Exception as err: + if raise_error: + raise print_error(f'Unable to upload "{urlstring}": {err}') def get_remote_config(urlstring, source_host='', source_port=0): diff --git a/python/vyos/utils/process.py b/python/vyos/utils/process.py index e09c7d86d73..150d0eca74c 100644 --- a/python/vyos/utils/process.py +++ b/python/vyos/utils/process.py @@ -138,6 +138,7 @@ def cmd(command, flag='', shell=None, input=None, timeout=None, env=None, (default is OSError) with the error code expect: a list of error codes to consider as normal """ + command = command.lstrip() if isinstance(command, str) else command decoded, code = popen( command, flag, stdout=stdout, stderr=stderr, @@ -169,6 +170,7 @@ def rc_cmd(command, flag='', shell=None, input=None, timeout=None, env=None, % rc_cmd('ip link show dev eth99') (1, 'Device "eth99" does not exist.') """ + command = command.lstrip() if isinstance(command, str) else command out, code = popen( command, flag, stdout=stdout, stderr=stderr,