diff options
author | Michael DeHaan <mdehaan@redhat.com> | 2008-02-05 15:02:21 -0500 |
---|---|---|
committer | Michael DeHaan <mdehaan@redhat.com> | 2008-02-05 15:02:21 -0500 |
commit | ae7c1200337c480744dca711baf4f4c00127f652 (patch) | |
tree | 60c572a0f1ac47e81171b3baddd9a85b740e5dd0 /func | |
parent | 0c0db84caeb46f4e10ad8126f0a77e5d54a8e3a3 (diff) | |
download | func-ae7c1200337c480744dca711baf4f4c00127f652.tar.gz func-ae7c1200337c480744dca711baf4f4c00127f652.tar.xz func-ae7c1200337c480744dca711baf4f4c00127f652.zip |
Adding a module to allow func to control certmaster via func, this will be more useful once we have support for local connections.
Diffstat (limited to 'func')
-rwxr-xr-x | func/certmaster.py | 22 | ||||
-rw-r--r-- | func/minion/modules/certmaster.py | 65 |
2 files changed, 84 insertions, 3 deletions
diff --git a/func/certmaster.py b/func/certmaster.py index b74c8d2..ee9c5f0 100755 --- a/func/certmaster.py +++ b/func/certmaster.py @@ -23,6 +23,7 @@ from OpenSSL import crypto import sha import glob import socket +import exceptions #from func.server import codes import certs @@ -32,9 +33,10 @@ from config import read_config from commonconfig import CMConfig CERTMASTER_LISTEN_PORT = 51235 +CERTMASTER_CONFIG = "/etc/func/certmaster.conf" class CertMaster(object): - def __init__(self, conf_file): + def __init__(self, conf_file=CERTMASTER_CONFIG): self.cfg = read_config(conf_file, CMConfig) fqdn = socket.getfqdn() @@ -157,7 +159,21 @@ class CertMaster(object): hn = hn[:-4] hosts.append(hn) return hosts - + + def remove_this_cert(self, hn): + """ removes cert for hostname using unlink """ + cm = self + csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn) + csrs = glob.glob(csrglob) + certglob = '%s/%s.cert' % (cm.cfg.certroot, hn) + certs = glob.glob(certglob) + if not csrs and not certs: + # FIXME: should be an exception? + print 'No match for %s to clean up' % hn + return + for fn in csrs + certs: + print 'Cleaning out %s for host matching %s' % (fn, hn) + os.unlink(fn) def sign_this_csr(self, csr): """returns the path to the signed cert file""" @@ -181,7 +197,7 @@ class CertMaster(object): try: csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, csr_buf) except crypto.Error, e: - print 'Bad CSR: %s' % csr + raise exceptions.Exception("Bad CSR: %s" % csr) else: # assume we got a bare csr req csrreq = csr diff --git a/func/minion/modules/certmaster.py b/func/minion/modules/certmaster.py new file mode 100644 index 0000000..9ca484f --- /dev/null +++ b/func/minion/modules/certmaster.py @@ -0,0 +1,65 @@ +## -*- coding: utf-8 -*- +## +## Process lister (control TBA) +## +## Copyright 2008, Red Hat, Inc +## Michael DeHaan <mdehaan@redhat.com> +## +## This software may be freely redistributed under the terms of the GNU +## general public license. +## +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +## + +# other modules +import sub_process +import codes + +# our modules +import func_module +from func import certmaster as certmaster + +# ================================= + +class CertMasterModule(func_module.FuncModule): + + version = "0.0.1" + api_version = "0.0.1" + description = "Administers certs on an overlord." + + def get_hosts_to_sign(self, list_of_hosts): + """ + ... + """ + list_of_hosts = self.__listify(list_of_hosts) + cm = certmaster.CertMaster() + return cm.get_csrs_waiting() + + def sign_hosts(self, list_of_hosts): + """ + ... + """ + list_of_hosts = self.__listify(list_of_hosts) + cm = certmaster.CertMaster() + for x in list_of_hosts: + cm.sign_this_csr(x) + return True + + def cleanup_hosts(self, list_of_hosts): + """ + ... + """ + list_of_hosts = self.__listify(list_of_hosts) + cm = certmaster.CertMaster() + for x in list_of_hosts: + cm.remove_this_cert(x) + return True + + def __listify(self, list_of_hosts): + if type(list_of_hosts) is type([]): + return list_of_hosts + else: + return [ list_of_hosts ] + |