Commit 04fc48c8 authored by Philip ABBET's avatar Philip ABBET
Browse files

Allows to use a directory with restricted access for the datasets

parent 15c07e86
Pipeline #8657 failed with stage
in 1 minute and 31 seconds
......@@ -227,17 +227,18 @@ class Agent(object):
database_paths = {}
for db_name in configuration.databases.keys():
json_path = os.path.join(root_folder, db_name + '.json')
if not configuration.data.has_key('datasets_root_path'):
for db_name in configuration.databases.keys():
json_path = os.path.join(root_folder, db_name + '.json')
with open(json_path, 'r') as f:
db_data = simplejson.load(f)
with open(json_path, 'r') as f:
db_data = simplejson.load(f)
database_paths[db_name] = db_data['root_folder']
db_data['root_folder'] = os.path.join('/databases', db_name)
database_paths[db_name] = db_data['root_folder']
db_data['root_folder'] = os.path.join('/databases', db_name)
with open(json_path, 'w') as f:
simplejson.dump(db_data, f, indent=4)
with open(json_path, 'w') as f:
simplejson.dump(db_data, f, indent=4)
# Server for our single client
self.server = Server(configuration.input_list, configuration.output_list,
......@@ -277,12 +278,20 @@ class Agent(object):
volumes = {}
for db_name, db_path in database_paths.items():
volumes[db_path] = {
'bind': os.path.join('/databases', db_name),
if not configuration.data.has_key('datasets_root_path'):
for db_name, db_path in database_paths.items():
volumes[db_path] = {
'bind': os.path.join('/databases', db_name),
'mode': 'ro',
}
else:
volumes[configuration.data['datasets_root_path']] = {
'bind': configuration.data['datasets_root_path'],
'mode': 'ro',
}
print volumes
# Note: we only support one databases image loaded at the same time
self.db_process = dock.Popen(
host,
......
......@@ -51,6 +51,7 @@ import logging
import os
import sys
import docopt
import simplejson
import zmq
......@@ -104,6 +105,7 @@ def main():
args = docopt.docopt(__doc__ % dict(prog=prog, version=version),
version=version)
# Sets up the logging system
if args['--debug']:
logging.basicConfig(format='[remote|%(name)s] %(levelname)s: %(message)s',
......@@ -114,6 +116,44 @@ def main():
logger = logging.getLogger(__name__)
# If necessary, change to another user (with less privileges, but has access
# to the databases)
with open(os.path.join(args['<dir>'], 'configuration.json'), 'r') as f:
cfg = simplejson.load(f)
if cfg.has_key('datasets_uid'):
# First create the user (if it doesn't exists)
try:
user = pwd.getpwuid(cfg['datasets_uid'])
except:
import subprocess
retcode = subprocess.call(['adduser', '--uid', str(cfg['datasets_uid']),
'--no-create-home', '--disabled-password',
'--disabled-login', '--gecos', '""', '-q',
'beat-nobody'])
if retcode != 0:
send_error(logger, socket, 'sys', 'Failed to create an user with the UID %s' % args['uid'])
return 1
# Next, ensure that the needed files are readable by this user
access = stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR | stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH
os.chmod(args['<dir>'], access)
for root, dirs, files in os.walk(args['<dir>']):
for d in dirs:
os.chmod(os.path.join(root, d), access)
for f in files:
os.chmod(os.path.join(root, f), access)
# Change the current user
try:
os.setuid(cfg['datasets_uid'])
except:
import traceback
send_error(logger, socket, 'sys', traceback.format_exc())
return 1
# Creates the 0MQ socket for communication with BEAT
context = zmq.Context()
socket = context.socket(zmq.PAIR)
......@@ -121,6 +161,7 @@ def main():
socket.connect(address)
logger.debug("zmq client connected to `%s'", address)
try:
# Check the dir
......@@ -188,5 +229,6 @@ def main():
return 0
if __name__ == '__main__':
sys.exit(main())
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment