diff options
author | khilman <khilman@users.noreply.github.com> | 2018-08-08 16:27:24 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-08-08 16:27:24 -0700 |
commit | cbfe5a606fa2999b3654d482910719032b39101d (patch) | |
tree | 8f28912198611e9a44d9000d1d11e0e819849458 | |
parent | 61a473fb56ef7418314385df7b72cd58e40a2ff2 (diff) | |
parent | 84b74ee04a2aa2ab686fbc8676f1923b52a420b3 (diff) |
Merge pull request #37 from montjoie/csrf_fix
Csrf fix
-rw-r--r-- | lava-master-base/scripts/lava-logs | 2 | ||||
-rw-r--r-- | lava-master-base/scripts/lava-server-gunicorn | 2 | ||||
-rwxr-xr-x | lava-slave/scripts/setup.sh | 29 | ||||
-rwxr-xr-x | lavalab-gen.py | 3 |
4 files changed, 30 insertions, 6 deletions
diff --git a/lava-master-base/scripts/lava-logs b/lava-master-base/scripts/lava-logs index 69b2f82..469679b 100644 --- a/lava-master-base/scripts/lava-logs +++ b/lava-master-base/scripts/lava-logs @@ -41,7 +41,7 @@ do_start() # 0 if daemon has been started # 1 if daemon was already running # other if daemon could not be started or a failure occured - start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- manage lava-logs --level $LOGLEVEL $SOCKET $MASTER_SOCKET $IPV6 $ENCRYPT $MASTER_CERT $SLAVES_CERTS + start-stop-daemon --start --quiet --background --make-pidfile --pidfile $PIDFILE --exec $DAEMON -- manage lava-logs --level $LOGLEVEL $SOCKET $MASTER_SOCKET $IPV6 $ENCRYPT $MASTER_CERT $SLAVES_CERTS } do_stop() diff --git a/lava-master-base/scripts/lava-server-gunicorn b/lava-master-base/scripts/lava-server-gunicorn index 217ad57..e8f1a52 100644 --- a/lava-master-base/scripts/lava-server-gunicorn +++ b/lava-master-base/scripts/lava-server-gunicorn @@ -43,7 +43,7 @@ do_start() # 0 if daemon has been started # 1 if daemon was already running # other if daemon could not be started or a failure occured - start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- lava_server.wsgi --log-level $LOGLEVEL --log-file $LOGFILE -u lavaserver -g lavaserver --workers $WORKERS $RELOAD + start-stop-daemon --start --quiet --background --make-pidfile --pidfile $PIDFILE --exec $DAEMON -- lava_server.wsgi --log-level $LOGLEVEL --log-file $LOGFILE -u lavaserver -g lavaserver --workers $WORKERS $RELOAD } do_stop() diff --git a/lava-slave/scripts/setup.sh b/lava-slave/scripts/setup.sh index e696e57..e7992c0 100755 --- a/lava-slave/scripts/setup.sh +++ b/lava-slave/scripts/setup.sh @@ -40,6 +40,14 @@ if [ -e /root/device-types ];then done fi +lavacli $LAVACLIOPTS device-types list > /tmp/device-types.list +if [ $? -ne 0 ];then + exit 1 +fi +lavacli $LAVACLIOPTS devices list -a > /tmp/devices.list +if [ $? -ne 0 ];then + exit 1 +fi for worker in $(ls /root/devices/) do lavacli $LAVACLIOPTS workers list |grep -q $worker @@ -63,7 +71,7 @@ do echo "Skip devicetype $devicetype" else echo "Add devicetype $devicetype" - lavacli $LAVACLIOPTS device-types list | grep -q "$devicetype[[:space:]]" + grep -q "$devicetype[[:space:]]" /tmp/device-types.list if [ $? -eq 0 ];then echo "Skip devicetype $devicetype" else @@ -72,7 +80,7 @@ do touch /root/.lavadocker/devicetype-$devicetype fi echo "Add device $devicename on $worker" - lavacli $LAVACLIOPTS devices list -a | grep -q $devicename + grep -q "$devicename[[:space:]]" /tmp/devices.list if [ $? -eq 0 ];then echo "$devicename already present" #verify if present on another worker @@ -82,7 +90,22 @@ do echo "ERROR: $devicename already present on another worker" exit 1 fi - lavacli $LAVACLIOPTS devices update --worker $worker --health UNKNOWN $devicename || exit $? + DEVICE_HEALTH=$(grep "$devicename[[:space:]]" /tmp/devices.list | sed 's/.*,//') + case "$DEVICE_HEALTH" in + Retired) + echo "DEBUG: Keep $devicename state: $DEVICE_HEALTH" + DEVICE_HEALTH='RETIRED' + ;; + Maintenance) + echo "DEBUG: Keep $devicename state: $DEVICE_HEALTH" + DEVICE_HEALTH='MAINTENANCE' + ;; + *) + echo "DEBUG: Set $devicename state to UNKNOWN (from $DEVICE_HEALTH)" + DEVICE_HEALTH='UNKNOWN' + ;; + esac + lavacli $LAVACLIOPTS devices update --worker $worker --health $DEVICE_HEALTH $devicename || exit $? # always reset the device dict in case of update of it lavacli $LAVACLIOPTS devices dict set $devicename /root/devices/$worker/$device || exit $? else diff --git a/lavalab-gen.py b/lavalab-gen.py index 2d21fe7..597bd1a 100755 --- a/lavalab-gen.py +++ b/lavalab-gen.py @@ -68,6 +68,7 @@ template_settings_conf = string.Template(""" "HTTPS_XML_RPC": false, "LOGIN_URL": "/accounts/login/", "LOGIN_REDIRECT_URL": "/", + "CSRF_TRUSTED_ORIGINS": ["$lava_http_fqdn"], "CSRF_COOKIE_SECURE": $cookie_secure, "SESSION_COOKIE_SECURE": $session_cookie_secure } @@ -146,7 +147,7 @@ def main(): f_fqdn.write(lava_http_fqdn) f_fqdn.close() fsettings = open("%s/settings.conf" % workerdir, 'w') - fsettings.write(template_settings_conf.substitute(cookie_secure=cookie_secure, session_cookie_secure=session_cookie_secure)) + fsettings.write(template_settings_conf.substitute(cookie_secure=cookie_secure, session_cookie_secure=session_cookie_secure, lava_http_fqdn=lava_http_fqdn)) fsettings.close() master_use_zmq_auth = False if "zmq_auth" in worker: |