From 7cafbde5b125c898758b7aa4a04dc922c1cc4fde Mon Sep 17 00:00:00 2001 From: yumaojun <719118794@qq.com> Date: Mon, 30 Nov 2015 22:55:40 +0800 Subject: [PATCH] update sudo --- jperm/ansible_api.py | 24 ++++++------------------ jperm/views.py | 5 ++--- templates/jperm/role_sudo.j2 | 27 +++++++++++++++++++++++---- 3 files changed, 31 insertions(+), 25 deletions(-) diff --git a/jperm/ansible_api.py b/jperm/ansible_api.py index 5ce5fe35f..e0585c9dc 100644 --- a/jperm/ansible_api.py +++ b/jperm/ansible_api.py @@ -248,6 +248,7 @@ class Tasks(Command): forks=10, group='default_group', pattern='*', + become=False, ): """ run command from andible ad-hoc. @@ -261,7 +262,7 @@ class Tasks(Command): subset=group, pattern=pattern, forks=forks, - become=False, + become=become, ) self.results = hoc.run() @@ -324,7 +325,7 @@ class Tasks(Command): """ encrypt_pass = sha512_crypt.encrypt(password) module_args = 'name=%s shell=/bin/bash password=%s' % (username, encrypt_pass) - self.__run(module_args, "user") + self.__run(module_args, "user", become=True) return {"status": "failed", "msg": self.msg} if self.msg else {"status": "ok"} @@ -402,7 +403,7 @@ class Tasks(Command): default_mac is string product_name is string """ - self.__run('', 'setup') + self.__run('', 'setup', become=True) result = {} all = self.results.get("contacted") @@ -439,21 +440,8 @@ class Tasks(Command): :return: """ module_args1 = file_path - ret1 = self.__run(module_args1, "script") - module_args2 = 'visudo -c | grep "parsed OK" &> /dev/null && echo "ok" || echo "failed"' - ret2 = self.__run(module_args2, "shell") - ret2_status = [host_value.get("stdout") for host_value in ret2["result"]["contacted"].values()] - - result = {} - if not ret1["msg"]: - result["step1"] = "ok" - else: - result["step1"] = "failed" - - if not ret2["msg"] and "failed" not in ret2_status: - result["step2"] = "ok" - else: - result["step2"] = "failed" + result = self.__run(module_args1, "script") + print result return result diff --git a/jperm/views.py b/jperm/views.py index 689515d7d..62d1c1ad0 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -463,9 +463,8 @@ def perm_role_push(request): add_sudo_script = get_add_sudo_script(role_chosen_aliase, sudo_alias) ret_sudo = task.push_sudo_file(add_sudo_script) - if ret_sudo["step1"] != "ok" or ret_sudo["step2"] != "ok": - ret_failed["step3"] = "failed" - os.remove(add_sudo_script) + print add_sudo_script + # os.remove(add_sudo_script) print ret diff --git a/templates/jperm/role_sudo.j2 b/templates/jperm/role_sudo.j2 index 1304cb690..79e31226e 100644 --- a/templates/jperm/role_sudo.j2 +++ b/templates/jperm/role_sudo.j2 @@ -2,8 +2,12 @@ sudo_file=/etc/sudoers +sudo_file_bak=/etc/sudoers.bak +# Backup sudoers file +cp ${sudo_file} ${sudo_file_bak} + # Add Command Aliases add_cmd_alias() { {% for sudo in sudo_alias %} @@ -16,18 +20,33 @@ add_cmd_alias() { } +# Add Command Aliases to role add_role_chosen() { {% for role, sudos in role_chosen_aliase.items %} {% for sudo in sudos %} - if $(grep '^{{ role }}.*sudo.name' ${sudo_file} &> /dev/null); then - sed -i 's@^{{ role }}.*sudo.name@{{ role }} ALL = ({{ sudo.runas }}) NOPASSWD: {{ sudo.name }}@g' ${sudo_file} + if $(grep '^{{ role }}.*{{ sudo.name }}' ${sudo_file} &> /dev/null); then + sed -i 's@^{{ role }}.*{{ sudo.name }}@{{ role }} ALL = NOPASSWD: {{ sudo.name }}@g' ${sudo_file} else - echo "{{ role }} ALL = ({{ sudo.runas }}) NOPASSWD: {{ sudo.name }}" >> ${sudo_file} + echo "{{ role }} ALL = NOPASSWD: {{ sudo.name }}" >> ${sudo_file} fi {% endfor %} {% endfor %} } +# Check sudoers file configured correctly +check_sudo_file() { + status=$(visudo -c &> /dev/null && echo "ok" || echo "failed") + if [ ${status} == "failed" ]; then + mv ${sudo_file_bak} ${sudo_file} + ret="failed" + else + ret="ok" + fi +} + add_cmd_alias -add_role_chosen \ No newline at end of file +add_role_chosen +check_sudo_file + +echo ${ret} \ No newline at end of file