diff options
author | Adrian Likins <alikins@grimlock.devel.redhat.com> | 2008-02-29 14:40:00 -0500 |
---|---|---|
committer | Adrian Likins <alikins@grimlock.devel.redhat.com> | 2008-02-29 14:40:00 -0500 |
commit | 0315a64e2ea2c377e71e88224c051780b5aba6f9 (patch) | |
tree | afc9489c069838b8089e4f9e41678c09ea232c30 | |
parent | 0161fd41bb61a9b8d54f7eec3be4941eeb31e563 (diff) | |
parent | ec7d7181700b0b394a1c22b508a57f76085fa916 (diff) | |
download | third_party-func-0315a64e2ea2c377e71e88224c051780b5aba6f9.tar.gz third_party-func-0315a64e2ea2c377e71e88224c051780b5aba6f9.tar.xz third_party-func-0315a64e2ea2c377e71e88224c051780b5aba6f9.zip |
Merge commit 'origin/devel'
-rw-r--r-- | docs/funcd.pod | 2 | ||||
-rw-r--r-- | etc/certmaster.conf | 7 | ||||
-rw-r--r-- | func/config.py | 2 | ||||
-rw-r--r-- | func/overlord/cmd_modules/check.py | 4 | ||||
-rwxr-xr-x | scripts/certmaster | 11 | ||||
-rwxr-xr-x | scripts/certmaster-ca | 92 | ||||
-rw-r--r-- | setup.py | 12 |
7 files changed, 7 insertions, 123 deletions
diff --git a/docs/funcd.pod b/docs/funcd.pod index da4ec75..231caef 100644 --- a/docs/funcd.pod +++ b/docs/funcd.pod @@ -8,7 +8,7 @@ funcd (it's a daemon and takes no arguments) =head1 DESCRIPTION -funcd registers itself to a certificate server (certmaster) listed in /etc/func/minion.conf and takes orders from the command line func when that program is run from that certificate server. See /etc/func/minion.conf for other configuration options. +funcd registers itself to a certificate server (certmaster) listed in /etc/certmaster/minion.conf and takes orders from the command line func when that program is run from that certificate server. See /etc/certmaster/minion.conf for other configuration options. Modules and capabilities provided by funcd are specified at https://hosted.fedoraproject.org/projects/func/ diff --git a/etc/certmaster.conf b/etc/certmaster.conf deleted file mode 100644 index 71b2068..0000000 --- a/etc/certmaster.conf +++ /dev/null @@ -1,7 +0,0 @@ -[main] -listen_addr = -cadir = /etc/pki/func/ca -certroot = /var/lib/func/certmaster/certs -csrroot = /var/lib/func/certmaster/csrs -autosign = no - diff --git a/func/config.py b/func/config.py index 8202457..e859f4a 100644 --- a/func/config.py +++ b/func/config.py @@ -24,7 +24,7 @@ from ConfigParser import NoSectionError, NoOptionError, ConfigParser from ConfigParser import ParsingError import exceptions -CONFIG_FILE = "/etc/func/certmaster.conf" +CONFIG_FILE = "/etc/certmaster/certmaster.conf" class ConfigError(exceptions.Exception): def __init__(self, value=None): diff --git a/func/overlord/cmd_modules/check.py b/func/overlord/cmd_modules/check.py index cf1badb..ce84792 100644 --- a/func/overlord/cmd_modules/check.py +++ b/func/overlord/cmd_modules/check.py @@ -122,12 +122,12 @@ class CheckAction(client.command.Command): print "* iptables may be running, ensure 51234 is unblocked" def check_talk_to_certmaster(self): - config_file = '/etc/func/minion.conf' + config_file = '/etc/certmaster/minion.conf' config = read_config(config_file, FuncdConfig) cert_dir = config.cert_dir # FIXME: don't hardcode port master_uri = "http://%s:51235/" % config.certmaster - print "* this minion is configured in /etc/func/minion.conf to talk to host '%s' for certs, verify that is correct" % config.certmaster + print "* this minion is configured in /etc/certmaster/minion.conf to talk to host '%s' for certs, verify that is correct" % config.certmaster # this will be a 501, unsupported GET, but we should be # able to tell if we can make contact connect_ok = True diff --git a/scripts/certmaster b/scripts/certmaster deleted file mode 100755 index d5f677d..0000000 --- a/scripts/certmaster +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/python - -from func import certmaster - -import sys - -if __name__ == "__main__": - certmaster.main(sys.argv) - - - diff --git a/scripts/certmaster-ca b/scripts/certmaster-ca deleted file mode 100755 index 0a73e6c..0000000 --- a/scripts/certmaster-ca +++ /dev/null @@ -1,92 +0,0 @@ -#!/usr/bin/python -tt -# sign/list keys -# --sign hostname hostname hostname -# --list # lists all csrs needing to be signed -# --list-all ? -# --clean? not sure what it will do - -import sys -import glob -import os - -import func -import func.certs -import func.certmaster - - - -from optparse import OptionParser - -def errorprint(stuff): - print >> sys.stderr, stuff - - -def parseargs(args): - usage = 'certmaster-ca <option> [args]' - parser = OptionParser(usage=usage) - - parser.add_option('-l', '--list', default=False, action="store_true", - help='list signing requests remaining') - parser.add_option('-s', '--sign', default=False, action="store_true", - help='sign requests of hosts specified') - parser.add_option('-c', '--clean', default=False, action="store_true", - help="clean out all certs or csrs for the hosts specified") - - (opts, args) = parser.parse_args() - - - if not opts.list and not opts.sign and not opts.clean: - parser.print_help() - sys.exit(1) - - return (opts, args) - -def main(args): - if os.geteuid() != 0: - errorprint('Must be root to run certmaster-ca') - return 1 - - cm = func.certmaster.CertMaster() - - (opts, args) = parseargs(args) - - - if opts.list: - hns = cm.get_csrs_waiting() - if hns: - for hn in cm.get_csrs_waiting(): - print hn - else: - print 'No certificates to sign' - - return 0 - - if opts.sign: - if not args: - errorprint('Need hostnames to sign') - return 1 - - for hn in args: - csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn) - csrs = glob.glob(csrglob) - if not csrs: - errorprint('No match for %s to sign' % hn) - return 1 - - for fn in csrs: - certfile = cm.sign_this_csr(fn) - print '%s signed - cert located at %s' % (fn, certfile) - return 0 - - if opts.clean: - if not args: - errorprint('Need hostname(s) to clean up') - return 1 - - for hn in args: - cm.remove_this_cert(hn) - - return 0 - -if __name__ == "__main__": - sys.exit(main(sys.argv[1:])) @@ -18,7 +18,7 @@ if __name__ == "__main__": etcmodpath = "/etc/%s/modules" % NAME initpath = "/etc/init.d/" logpath = "/var/log/%s/" % NAME - certdir = "/var/lib/%s/certmaster" % NAME + varpath = "/var/lib/%s/" % NAME pkipath = "/etc/pki/%s" % NAME rotpath = "/etc/logrotate.d" aclpath = "%s/minion-acl.d" % etcpath @@ -31,7 +31,6 @@ if __name__ == "__main__": license = "GPL", scripts = [ "scripts/funcd", "scripts/func", - "scripts/certmaster", "scripts/certmaster-ca", "scripts/func-inventory", "scripts/func-create-module", ], @@ -51,20 +50,15 @@ if __name__ == "__main__": "%s/minion/modules.netapp.vol" % NAME ], data_files = [(initpath, ["init-scripts/funcd"]), - (initpath, ["init-scripts/certmaster"]), (etcpath, ["etc/minion.conf"]), - (etcpath, ["etc/certmaster.conf"]), - (etcmodpath, []), (manpath, ["docs/func.1.gz"]), (manpath, ["docs/func-inventory.1.gz"]), (manpath, ["docs/funcd.1.gz"]), - (manpath, ["docs/certmaster.1.gz"]), - (manpath, ["docs/certmaster-ca.1.gz"]), (rotpath, ['etc/func_rotate']), (logpath, []), - (certdir, []), - (etcpath, []), + (etcmodpath, []), (pkipath, []), + (varpath, []), (aclpath, []) ], description = SHORT_DESC, |