From f52df58517d5601c689da1628a4b147514887ddb Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Fri, 12 Feb 2021 20:37:36 +0100 Subject: [PATCH] bundles: code style improvements --- bundles/dhcpd/items.py | 1 - bundles/dhcpd/metadata.py | 20 +++++++------- bundles/icinga2/files/icinga_statusmonitor.py | 7 ++--- bundles/icinga2/items.py | 8 +++--- bundles/icinga2/metadata.py | 1 - bundles/iptables/items.py | 2 +- bundles/netdata/metadata.py | 10 +++---- bundles/nginx/metadata.py | 14 +++++----- bundles/postfix/metadata.py | 3 +-- bundles/postgresql/metadata.py | 12 ++++----- bundles/powerdns/items.py | 3 --- bundles/powerdns/metadata.py | 8 +++--- bundles/radvd/items.py | 12 ++++----- bundles/rspamd/metadata.py | 2 +- bundles/smartd/metadata.py | 2 +- bundles/sshmon/items.py | 27 ++++++++----------- bundles/sshmon/metadata.py | 2 -- bundles/systemd-networkd/metadata.py | 2 +- bundles/transmission/metadata.py | 10 +++---- bundles/unbound/metadata.py | 9 +++---- bundles/vnstat/metadata.py | 2 +- bundles/wide-dhcp6c/items.py | 12 ++++----- bundles/zfs/items.py | 2 +- bundles/zfs/metadata.py | 4 +-- 24 files changed, 80 insertions(+), 95 deletions(-) diff --git a/bundles/dhcpd/items.py b/bundles/dhcpd/items.py index f6c09f4..6af1378 100644 --- a/bundles/dhcpd/items.py +++ b/bundles/dhcpd/items.py @@ -43,4 +43,3 @@ svc_systemd = { }, }, } - diff --git a/bundles/dhcpd/metadata.py b/bundles/dhcpd/metadata.py index 7847732..896d27d 100644 --- a/bundles/dhcpd/metadata.py +++ b/bundles/dhcpd/metadata.py @@ -19,12 +19,12 @@ def get_static_allocations(metadata): if rnode.metadata.get('location', '') != metadata.get('location', ''): continue - for identifier, interface in rnode.metadata.get('interfaces', {}).items(): - if interface.get('dhcp', False): + for iface_name, iface_config in rnode.metadata.get('interfaces', {}).items(): + if iface_config.get('dhcp', False): try: - allocations[rnode.name] = { - 'ipv4': sorted(interface['ips'])[0], - 'mac': interface['mac'], + allocations[f'{rnode.name}_{iface_name}'] = { + 'ipv4': sorted(iface_config['ips'])[0], + 'mac': iface_config['mac'], } except KeyError: pass @@ -41,7 +41,7 @@ def get_static_allocations(metadata): ) def get_listen_interfaces(metadata): listen_interfaces = [] - for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items(): + for _, subnet in node.metadata.get('dhcpd/subnets', {}).items(): listen_interfaces.append(subnet['interface']) return { @@ -55,15 +55,15 @@ def get_listen_interfaces(metadata): 'iptables/bundle_rules/dhcpd', ) def iptables(metadata): - iptables = set() - for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items(): - iptables.add('iptables -A INPUT -i {} -p udp --dport 67:68 -j ACCEPT'.format(subnet['interface'])) + rules = set() + for _, subnet in node.metadata.get('dhcpd/subnets', {}).items(): + rules.add('iptables -A INPUT -i {} -p udp --dport 67:68 -j ACCEPT'.format(subnet['interface'])) return { 'iptables': { 'bundle_rules': { # iptables bundle relies on this being a list. - 'dhcpd': sorted(list(iptables)), + 'dhcpd': sorted(list(rules)), }, } } diff --git a/bundles/icinga2/files/icinga_statusmonitor.py b/bundles/icinga2/files/icinga_statusmonitor.py index b5c326b..9088fb6 100644 --- a/bundles/icinga2/files/icinga_statusmonitor.py +++ b/bundles/icinga2/files/icinga_statusmonitor.py @@ -1,8 +1,9 @@ #!/usr/bin/env python3 -from flask import Flask, Response from subprocess import check_output +from flask import Flask + app = Flask(__name__) @app.route('/status') @@ -25,5 +26,5 @@ def statuspage(): if icinga_is_fine and postgres_is_fine: return 'OK', 200 - else: - return 'Something is wrong!', 500 + + return 'Something is wrong!', 500 diff --git a/bundles/icinga2/items.py b/bundles/icinga2/items.py index cae37d6..4ae02d9 100644 --- a/bundles/icinga2/items.py +++ b/bundles/icinga2/items.py @@ -264,13 +264,13 @@ icinga_run_deps = { 'pkg_apt:icinga2', 'pkg_apt:icinga2-ido-pgsql', } -for name in actions.keys(): +for name in actions: icinga_run_deps.add(f'action:{name}') -for name in directories.keys(): +for name in directories: icinga_run_deps.add(f'directory:{name}') -for name in files.keys(): +for name in files: icinga_run_deps.add(f'file:{name}') -for name in symlinks.keys(): +for name in symlinks: icinga_run_deps.add(f'symlink:{name}') svc_systemd = { diff --git a/bundles/icinga2/metadata.py b/bundles/icinga2/metadata.py index 196e6dc..bbe6fa7 100644 --- a/bundles/icinga2/metadata.py +++ b/bundles/icinga2/metadata.py @@ -19,7 +19,6 @@ defaults = { # needed for check_rbl 'libdata-validate-ip-perl': {}, - 'libdata-validate-ip-perl': {}, 'libmonitoring-plugin-perl': {}, 'libnet-dns-perl': {}, 'libreadonly-perl': {}, diff --git a/bundles/iptables/items.py b/bundles/iptables/items.py index 2ec42d9..d8c1eb3 100644 --- a/bundles/iptables/items.py +++ b/bundles/iptables/items.py @@ -38,7 +38,7 @@ for bundle, rules in node.metadata.get('iptables', {}).get('bundle_rules', {}).i } if 'custom_rules' in node.metadata.get('iptables', {}): - files[f'/etc/iptables-rules.d/40-custom'] = { + files['/etc/iptables-rules.d/40-custom'] = { 'content': '\n'.join(node.metadata['iptables']['custom_rules']) + '\n', 'triggers': { 'action:iptables_enforce', diff --git a/bundles/netdata/metadata.py b/bundles/netdata/metadata.py index f959a02..75feb0b 100644 --- a/bundles/netdata/metadata.py +++ b/bundles/netdata/metadata.py @@ -21,19 +21,19 @@ defaults = { ) def iptables(metadata): interfaces = metadata.get('netdata/restrict-to-interfaces', set()) - iptables = [] + rules = [] - if len(interfaces): + if interfaces: for iface in sorted(interfaces): - iptables.append(f'iptables_both -A INPUT -i {iface} -p tcp --dport 19999 -j ACCEPT') + rules.append(f'iptables_both -A INPUT -i {iface} -p tcp --dport 19999 -j ACCEPT') else: - iptables.append('iptables_both -A INPUT -p tcp --dport 19999 -j ACCEPT') + rules.append('iptables_both -A INPUT -p tcp --dport 19999 -j ACCEPT') return { 'iptables': { 'bundle_rules': { - 'netdata': iptables, + 'netdata': rules, }, }, } diff --git a/bundles/nginx/metadata.py b/bundles/nginx/metadata.py index f0f18b2..9304b64 100644 --- a/bundles/nginx/metadata.py +++ b/bundles/nginx/metadata.py @@ -147,21 +147,21 @@ def monitoring(metadata): ) def iptables(metadata): interfaces = metadata.get('nginx/restrict-to-interfaces', set()) - iptables = [] + rules = [] - if len(interfaces): + if interfaces: for iface in sorted(interfaces): - iptables.append(f'iptables_both -A INPUT -i {iface} -p tcp --dport 80 -j ACCEPT') - iptables.append(f'iptables_both -A INPUT -i {iface} -p tcp --dport 443 -j ACCEPT') + rules.append(f'iptables_both -A INPUT -i {iface} -p tcp --dport 80 -j ACCEPT') + rules.append(f'iptables_both -A INPUT -i {iface} -p tcp --dport 443 -j ACCEPT') else: - iptables.append('iptables_both -A INPUT -p tcp --dport 80 -j ACCEPT') - iptables.append('iptables_both -A INPUT -p tcp --dport 443 -j ACCEPT') + rules.append('iptables_both -A INPUT -p tcp --dport 80 -j ACCEPT') + rules.append('iptables_both -A INPUT -p tcp --dport 443 -j ACCEPT') return { 'iptables': { 'bundle_rules': { - 'nginx': iptables, + 'nginx': rules, }, }, } diff --git a/bundles/postfix/metadata.py b/bundles/postfix/metadata.py index 9c47974..ac7cbc7 100644 --- a/bundles/postfix/metadata.py +++ b/bundles/postfix/metadata.py @@ -29,7 +29,6 @@ if node.has_bundle('postfixadmin'): 'SMTP CONNECT': { 'check_command': 'check_smtp', 'vars.notification.sms': True, - 'vars.notification.sms': True, }, 'SMTP SUBMISSION CONNECT': { 'check_command': 'check_smtp', @@ -52,7 +51,7 @@ else: def fill_icinga_spam_blocklist_check_with_hostname(metadata): checks = {} - for variant, ips in repo.libs.tools.resolve_identifier(repo, node.name).items(): + for _, ips in repo.libs.tools.resolve_identifier(repo, node.name).items(): for ip in ips: if not ip.is_private: checks[f'SPAM BLOCKLIST {ip}'] = { diff --git a/bundles/postgresql/metadata.py b/bundles/postgresql/metadata.py index a0212d3..70ebe7a 100644 --- a/bundles/postgresql/metadata.py +++ b/bundles/postgresql/metadata.py @@ -62,9 +62,9 @@ def default_postgresql_version_for_debian(metadata): 'version': version_to_be_installed, }, } - else: - return { - 'postgresql': { - 'version': version_to_be_installed, - }, - } + + return { + 'postgresql': { + 'version': version_to_be_installed, + }, + } diff --git a/bundles/powerdns/items.py b/bundles/powerdns/items.py index c856425..1849c61 100644 --- a/bundles/powerdns/items.py +++ b/bundles/powerdns/items.py @@ -171,7 +171,4 @@ if node.metadata['powerdns'].get('features', {}).get('pgsql', False): 'needed_by': { 'svc_systemd:pdns', }, - 'needed_by': { - 'svc_systemd:pdns', - }, } diff --git a/bundles/powerdns/metadata.py b/bundles/powerdns/metadata.py index ab3ca82..e37b762 100644 --- a/bundles/powerdns/metadata.py +++ b/bundles/powerdns/metadata.py @@ -1,5 +1,3 @@ -from bundlewrap.exceptions import NoSuchGroup - defaults = { 'apt': { 'packages': { @@ -68,7 +66,7 @@ def get_ips_of_secondary_nameservers(metadata): ips = set() for rnode in repo.nodes_in_group('dns'): if rnode.metadata.get('powerdns/is_secondary', False): - for identifier, found_ips in repo.libs.tools.resolve_identifier(repo, rnode.name).items(): + for _, found_ips in repo.libs.tools.resolve_identifier(repo, rnode.name).items(): ips.update({str(ip) for ip in found_ips}) return { @@ -87,7 +85,7 @@ def get_ips_of_primary_nameservers(metadata): ips = set() for rnode in repo.nodes_in_group('dns'): if not rnode.metadata.get('powerdns/is_secondary', False): - for identifier, found_ips in repo.libs.tools.resolve_identifier(repo, rnode.name).items(): + for _, found_ips in repo.libs.tools.resolve_identifier(repo, rnode.name).items(): ips.update({str(ip) for ip in found_ips}) return { @@ -121,7 +119,7 @@ def generate_dns_entries_for_nodes(metadata): # We're doing this once again to get the nodes which only have # private ips. - if not ip4 and len(found_ips['ipv4']): + if not ip4 and found_ips['ipv4']: ip4 = sorted(found_ips['ipv4'])[0] if ip4: diff --git a/bundles/radvd/items.py b/bundles/radvd/items.py index 4c221f7..ce80713 100644 --- a/bundles/radvd/items.py +++ b/bundles/radvd/items.py @@ -9,11 +9,11 @@ if node.has_bundle('pppd'): } # Will be started and stopped by pppd. - should_be_running = None - should_be_enabled = False + SHOULD_BE_RUNNING = None + SHOULD_BE_ENABLED = False else: - should_be_running = True - should_be_enabled = True + SHOULD_BE_RUNNING = True + SHOULD_BE_ENABLED = True files['/etc/radvd.conf'] = { 'content_type': 'mako', @@ -27,8 +27,8 @@ files['/etc/radvd.conf'] = { svc_systemd = { 'radvd': { - 'running': should_be_running, - 'enabled': should_be_enabled, + 'running': SHOULD_BE_RUNNING, + 'enabled': SHOULD_BE_ENABLED, 'needs': { 'file:/etc/radvd.conf', }, diff --git a/bundles/rspamd/metadata.py b/bundles/rspamd/metadata.py index 5a96464..7896390 100644 --- a/bundles/rspamd/metadata.py +++ b/bundles/rspamd/metadata.py @@ -64,7 +64,7 @@ def populate_permitted_ips_list_with_ips_from_repo(metadata): ips = set() for rnode in repo.nodes: - for identifier, found_ips in repo.libs.tools.resolve_identifier(repo, rnode.name).items(): + for _, found_ips in repo.libs.tools.resolve_identifier(repo, rnode.name).items(): for ip in found_ips: if not ip.is_private: ips.add(str(ip)) diff --git a/bundles/smartd/metadata.py b/bundles/smartd/metadata.py index f951a1b..644c649 100644 --- a/bundles/smartd/metadata.py +++ b/bundles/smartd/metadata.py @@ -22,7 +22,7 @@ defaults = { def zfs_disks_to_metadata(metadata): disks = set() - for pool, config in metadata.get('zfs/pools', {}).items(): + for _, config in metadata.get('zfs/pools', {}).items(): if 'device' in config: disks.add(config['device']) else: diff --git a/bundles/sshmon/items.py b/bundles/sshmon/items.py index a3ab4fe..fd2662d 100644 --- a/bundles/sshmon/items.py +++ b/bundles/sshmon/items.py @@ -1,20 +1,17 @@ from os.path import join -def collect_commands(): - check_commands = {} +check_commands = {} - for bundle, bundle_config in node.metadata.get('icinga2_api', {}).items(): - for service, service_config in bundle_config.get('services', {}).items(): - # The default for check_command is also set in metadata.py - # and in icinga2 bundle - if ( - service_config.get('check_command', 'sshmon') == 'sshmon' and - 'vars.sshmon_command' in service_config and - 'command_on_monitored_host' in service_config - ): - check_commands[service_config['vars.sshmon_command']] = service_config['command_on_monitored_host'] - - return check_commands +for _, bundle_config in node.metadata.get('icinga2_api', {}).items(): + for service, service_config in bundle_config.get('services', {}).items(): + # The default for check_command is also set in metadata.py + # and in icinga2 bundle + if ( + service_config.get('check_command', 'sshmon') == 'sshmon' and + 'vars.sshmon_command' in service_config and + 'command_on_monitored_host' in service_config + ): + check_commands[service_config['vars.sshmon_command']] = service_config['command_on_monitored_host'] users = { @@ -31,8 +28,6 @@ pkg_apt = { 'monitoring-plugins': {}, } -check_commands = collect_commands() - with open(join(repo.path, 'data', 'sshmon', 'sshmon.pub'), 'r') as fp: pubkey = fp.read().strip() diff --git a/bundles/sshmon/metadata.py b/bundles/sshmon/metadata.py index 89d528e..ec26919 100644 --- a/bundles/sshmon/metadata.py +++ b/bundles/sshmon/metadata.py @@ -1,5 +1,3 @@ -from bundlewrap.utils import Fault - from re import sub defaults = { diff --git a/bundles/systemd-networkd/metadata.py b/bundles/systemd-networkd/metadata.py index ba3cb37..54579e4 100644 --- a/bundles/systemd-networkd/metadata.py +++ b/bundles/systemd-networkd/metadata.py @@ -4,7 +4,7 @@ def add_vlan_infos_to_interface(metadata): interfaces = {} - for iface, config in metadata.get('interfaces', {}).items(): + for iface in metadata.get('interfaces', {}): if not '.' in iface: continue diff --git a/bundles/transmission/metadata.py b/bundles/transmission/metadata.py index aad93c5..dfaf206 100644 --- a/bundles/transmission/metadata.py +++ b/bundles/transmission/metadata.py @@ -38,17 +38,17 @@ defaults = { ) def iptables(metadata): interfaces = metadata.get('transmission/webinterface-on-interfaces', set()) - iptables = [] + rules = [] - iptables.append('iptables_both -A INPUT -p udp --dport {} -j ACCEPT'.format( + rules.append('iptables_both -A INPUT -p udp --dport {} -j ACCEPT'.format( metadata.get('transmission/config/peer-port'), )) - iptables.append('iptables_both -A INPUT -p tcp --dport {} -j ACCEPT'.format( + rules.append('iptables_both -A INPUT -p tcp --dport {} -j ACCEPT'.format( metadata.get('transmission/config/peer-port'), )) for iface in sorted(interfaces): - iptables.append('iptables_both -A INPUT -i {} -p tcp --dport {} -j ACCEPT'.format( + rules.append('iptables_both -A INPUT -i {} -p tcp --dport {} -j ACCEPT'.format( iface, metadata.get('transmission/config/rpc-port'), )) @@ -56,7 +56,7 @@ def iptables(metadata): return { 'iptables': { 'bundle_rules': { - 'transmission': iptables, + 'transmission': rules, }, }, } diff --git a/bundles/unbound/metadata.py b/bundles/unbound/metadata.py index 399ab6d..1a83459 100644 --- a/bundles/unbound/metadata.py +++ b/bundles/unbound/metadata.py @@ -42,17 +42,16 @@ def cpu_cores_to_config_values(metadata): ) def iptables(metadata): interfaces = metadata.get('unbound/restrict-to-interfaces', set()) - iptables = [] + rules = [] for iface in sorted(interfaces): - iptables.append(f'iptables_both -A INPUT -i {iface} -p tcp --dport 53 -j ACCEPT') - iptables.append(f'iptables_both -A INPUT -i {iface} -p udp --dport 53 -j ACCEPT') + rules.append(f'iptables_both -A INPUT -i {iface} -p tcp --dport 53 -j ACCEPT') + rules.append(f'iptables_both -A INPUT -i {iface} -p udp --dport 53 -j ACCEPT') return { 'iptables': { 'bundle_rules': { - 'unbound': iptables, + 'unbound': rules, }, }, } - diff --git a/bundles/vnstat/metadata.py b/bundles/vnstat/metadata.py index 69b8d0e..0b3699c 100644 --- a/bundles/vnstat/metadata.py +++ b/bundles/vnstat/metadata.py @@ -26,7 +26,7 @@ defaults = { def get_default_interface(metadata): interfaces = sorted(metadata.get('interfaces', {}).keys()) - if len(interfaces): + if interfaces: return { 'vnstat': { 'interface': interfaces[0], diff --git a/bundles/wide-dhcp6c/items.py b/bundles/wide-dhcp6c/items.py index 7645aba..fb04b49 100644 --- a/bundles/wide-dhcp6c/items.py +++ b/bundles/wide-dhcp6c/items.py @@ -17,11 +17,11 @@ if node.has_bundle('pppd'): } # Will be started and stopped by pppd. - should_be_running = None - should_be_enabled = False + SHOULD_BE_RUNNING = None + SHOULD_BE_ENABLED = False else: - should_be_running = True - should_be_enabled = True + SHOULD_BE_RUNNING = True + SHOULD_BE_ENABLED = True files['/etc/wide-dhcpv6/dhcp6c.conf'] = { 'content_type': 'mako', @@ -48,8 +48,8 @@ files['/etc/systemd/system/wide-dhcpv6-client.service'] = { svc_systemd = { 'wide-dhcpv6-client': { - 'running': should_be_running, - 'enabled': should_be_enabled, + 'running': SHOULD_BE_RUNNING, + 'enabled': SHOULD_BE_ENABLED, 'needs': { 'file:/etc/systemd/system/wide-dhcpv6-client.service', 'file:/etc/wide-dhcpv6/dhcp6c.conf', diff --git a/bundles/zfs/items.py b/bundles/zfs/items.py index c419d70..8ce2345 100644 --- a/bundles/zfs/items.py +++ b/bundles/zfs/items.py @@ -1,5 +1,5 @@ from json import dumps -from os.path import join +#from os.path import join from bundlewrap.metadata import MetadataJSONEncoder diff --git a/bundles/zfs/metadata.py b/bundles/zfs/metadata.py index 06d171a..71495e1 100644 --- a/bundles/zfs/metadata.py +++ b/bundles/zfs/metadata.py @@ -1,4 +1,4 @@ -import re +#import re defaults = { 'apt': { @@ -147,7 +147,7 @@ def monitoring(metadata): services = {} - for poolname, pool_options in metadata.get('zfs/pools').items(): + for poolname, _ in metadata.get('zfs/pools').items(): services['ZFS ZPOOL ONLINE {}'.format(poolname)] = { 'command_on_monitored_host': 'sudo /usr/local/share/icinga/plugins/check_zpool_online {}'.format(poolname), 'vars.notification.mail': True,