Commit 94e667c5 authored by Max Beckett's avatar Max Beckett
Browse files

Add support for RHEL8.

- Fixes Python shebangs to work on systems without a default "python" version.
- Fixes watchdog process not being properly started on systemd systems.
parent dfa31185
......@@ -45,6 +45,10 @@ specfile: clean
.PHONY: sources
sources: tarball specfile
.PHONY: rhel8-support
rhel8-support:
./rhel8-support.sh
.PHONY: rpm-only
rpm-only:
mkdir -p $(BUILD_DIR)/{SPECS,COORD_SOURCES,DATA_SOURCES,BUILD,RPMS,SOURCES,SRPMS}
......@@ -54,7 +58,7 @@ rpm-only:
cp $(BUILD_DIR)/RPMS/*/*rpm build
.PHONY: rpm
rpm: sources rpm-only
rpm: rhel8-support sources rpm-only
.PHONY: deb
deb:
......
......@@ -10,6 +10,7 @@ The `efs-utils` package has been verified against the following Linux distributi
| Amazon Linux 2 | `rpm` | `systemd` |
| CentOS 7 | `rpm` | `systemd` |
| RHEL 7 | `rpm`| `systemd` |
| RHEL 8 | `rpm`| `systemd` |
| Debian 9 | `deb` | `systemd` |
| Ubuntu 16.04 | `deb` | `systemd` |
......
......@@ -11,7 +11,7 @@ set -ex
BASE_DIR=$(pwd)
BUILD_ROOT=${BASE_DIR}/build/debbuild
VERSION=1.10
VERSION=1.11
echo 'Cleaning deb build workspace'
rm -rf ${BUILD_ROOT}
......
Package: amazon-efs-utils
Architecture: all
Version: 1.10
Version: 1.11
Section: utils
Depends: python|python2, nfs-common, stunnel4 (>= 4.56)
Priority: optional
......
......@@ -20,7 +20,7 @@
%endif
Name : amazon-efs-utils
Version : 1.10
Version : 1.11
Release : 1%{?dist}
Summary : This package provides utilities for simplifying the use of EFS file systems
......
#!/bin/bash
SYSTEM_RELEASE_PATH=/etc/system-release
if [ -f $SYSTEM_RELEASE_PATH ] && [[ "$(cat $SYSTEM_RELEASE_PATH)" =~ "Red Hat Enterprise Linux release 8" ]]; then
# Replace the first line in .py to "#!/usr/bin/env python2" no matter what it was before
sed -i -e '1 s/^.*$/\#!\/usr\/bin\/env python2/' src/watchdog/__init__.py
sed -i -e '1 s/^.*$/\#!\/usr\/bin\/env python2/' src/mount_efs/__init__.py
fi
......@@ -54,7 +54,7 @@ except ImportError:
from urllib.error import URLError
from urllib.request import urlopen
VERSION = '1.10'
VERSION = '1.11'
CONFIG_FILE = '/etc/amazon/efs/efs-utils.conf'
CONFIG_SECTION = 'mount'
......@@ -102,11 +102,12 @@ STUNNEL_EFS_CONFIG = {
'renegotiation': 'no',
'TIMEOUTbusy': '20',
'TIMEOUTclose': '0',
'libwrap': 'no',
'delay': 'yes',
}
WATCHDOG_SERVICE = 'amazon-efs-mount-watchdog'
SYSTEM_RELEASE_PATH = '/etc/system-release'
RHEL8_RELEASE_NAME = 'Red Hat Enterprise Linux release 8'
def fatal_error(user_message, log_message=None, exit_code=1):
......@@ -270,6 +271,17 @@ def get_version_specific_stunnel_options(config):
return check_host_supported, ocsp_aia_supported
def get_system_release_version():
system_release_version = 'unknown'
try:
with open(SYSTEM_RELEASE_PATH) as f:
system_release_version = f.read().strip()
except IOError:
logging.debug('Unable to read %s', SYSTEM_RELEASE_PATH)
return system_release_version
def write_stunnel_config_file(config, state_file_dir, fs_id, mountpoint, tls_port, dns_name, verify_level, ocsp_enabled,
log_dir=LOG_DIR):
"""
......@@ -310,6 +322,9 @@ def write_stunnel_config_file(config, state_file_dir, fs_id, mountpoint, tls_por
else:
fatal_error(tls_controls_message % 'stunnel_check_cert_validity')
if RHEL8_RELEASE_NAME not in get_system_release_version():
efs_config['libwrap'] = 'no'
stunnel_config = '\n'.join(serialize_stunnel_config(global_config) + serialize_stunnel_config(efs_config, 'efs'))
logging.debug('Writing stunnel configuration:\n%s', stunnel_config)
......
......@@ -25,7 +25,7 @@ try:
except ImportError:
from configparser import ConfigParser
VERSION = '1.10'
VERSION = '1.11'
CONFIG_FILE = '/etc/amazon/efs/efs-utils.conf'
CONFIG_SECTION = 'mount-watchdog'
......
......@@ -82,7 +82,8 @@ def _validate_config(stunnel_config_file, expected_global_config, expected_efs_c
def _get_expected_efs_config(port=PORT, dns_name=DNS_NAME, verify=mount_efs.DEFAULT_STUNNEL_VERIFY_LEVEL,
ocsp_override=True, check_cert_hostname=True, check_cert_validity=False):
ocsp_override=True, check_cert_hostname=True, check_cert_validity=False,
disable_libwrap=True):
expected_efs_config = dict(mount_efs.STUNNEL_EFS_CONFIG)
expected_efs_config['accept'] = expected_efs_config['accept'] % port
......@@ -95,6 +96,9 @@ def _get_expected_efs_config(port=PORT, dns_name=DNS_NAME, verify=mount_efs.DEFA
if check_cert_validity and ocsp_override:
expected_efs_config['OCSPaia'] = 'yes'
if disable_libwrap:
expected_efs_config['libwrap'] = 'no'
return expected_efs_config
......@@ -138,6 +142,17 @@ def _test_write_stunnel_config_file(mocker, tmpdir):
_validate_config(config_file, mount_efs.STUNNEL_GLOBAL_CONFIG, _get_expected_efs_config())
def _test_disable_libwrap(mocker, tmpdir, system_release='unknown', disable_libwrap=True):
mocker.patch('mount_efs.add_stunnel_ca_options')
ver_mocker = mocker.patch('mount_efs.get_system_release_version', return_value=system_release)
config_file = mount_efs.write_stunnel_config_file(_get_config(mocker), str(tmpdir), FS_ID, MOUNT_POINT, PORT, DNS_NAME,
VERIFY_LEVEL, OCSP_ENABLED)
ver_mocker.assert_called_once()
_validate_config(config_file, mount_efs.STUNNEL_GLOBAL_CONFIG, _get_expected_efs_config(disable_libwrap=disable_libwrap))
def test_write_stunnel_config_with_debug(mocker, tmpdir):
ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options')
state_file_dir = str(tmpdir)
......@@ -235,3 +250,15 @@ def test_write_stunnel_config_with_verify_level(mocker, tmpdir):
_validate_config(config_file, mount_efs.STUNNEL_GLOBAL_CONFIG,
_get_expected_efs_config(check_cert_validity=False, verify=verify))
def test_write_stunnel_config_for_rhel8_disable_libwrap(mocker, tmpdir):
_test_disable_libwrap(mocker, tmpdir, system_release='Red Hat Enterprise Linux release 8.0 (Ootpa)', disable_libwrap=False)
def test_write_stunnel_config_for_unknown_system_enable_libwrap(mocker, tmpdir):
_test_disable_libwrap(mocker, tmpdir, system_release='unknown', disable_libwrap=True)
def test_write_stunnel_config_for_non_rhel8_enable_libwrap(mocker, tmpdir):
_test_disable_libwrap(mocker, tmpdir, system_release='Amazon Linux release 2 (Karoo)', disable_libwrap=True)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment