Merge branch 'devel' of ssh://git.fedoraproject.org/git/hosted/func into my-devel

8 files changed, 11 insertions, 123 deletions

diff --git a/Makefile b/Makefile
index 55d5227..187e7c9 100755
--- a/Makefile
+++ b/Makefile
@@ -17,6 +17,8 @@ manpage:
 	pod2man --center="funcd" --release="" ./docs/funcd.pod | gzip -c > ./docs/funcd.1.gz
 	pod2man --center="func" --release="" ./docs/func.pod | gzip -c > ./docs/func.1.gz
 	pod2man --center="func-inventory" --release="" ./docs/func-inventory.pod | gzip -c > ./docs/func-inventory.1.gz
+	pod2man --center="certmaster" --release="" ./docs/certmaster.pod | gzip -c > ./docs/certmaster.1.gz
+	pod2man --center="certmaster-ca" --release="" ./docs/certmaster-ca.pod | gzip -c > ./docs/certmaster-ca.1.gz
 
 messages: func/minion/*.py
 	xgettext -k_ -kN_ -o $(MESSAGESPOT) func/minion/*.py
@@ -64,7 +66,6 @@ install_rpm:
 	-rpm -Uvh rpm-build/func-$(VERSION)-$(RELEASE)$(shell rpm -E "%{?dist}").noarch.rpm
 
 restart:
-	# not in this package anymore, but since this target is for devel testing, leave it anyway
 	-/etc/init.d/certmaster restart
 	-/etc/init.d/funcd restart
 
diff --git a/docs/funcd.pod b/docs/funcd.pod
index da4ec75..231caef 100644
--- a/docs/funcd.pod
+++ b/docs/funcd.pod
@@ -8,7 +8,7 @@ funcd (it's a daemon and takes no arguments)
 
 =head1 DESCRIPTION
 
-funcd registers itself to a certificate server (certmaster) listed in /etc/func/minion.conf and takes orders from the command line func when that program is run from that certificate server.  See /etc/func/minion.conf for other configuration options.
+funcd registers itself to a certificate server (certmaster) listed in /etc/certmaster/minion.conf and takes orders from the command line func when that program is run from that certificate server.  See /etc/certmaster/minion.conf for other configuration options.
 
 Modules and capabilities provided by funcd are specified at https://hosted.fedoraproject.org/projects/func/
 
diff --git a/etc/certmaster.conf b/etc/certmaster.conf
deleted file mode 100644
index 71b2068..0000000
--- a/etc/certmaster.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-[main]
-listen_addr = 
-cadir = /etc/pki/func/ca
-certroot = /var/lib/func/certmaster/certs
-csrroot = /var/lib/func/certmaster/csrs
-autosign = no
-
diff --git a/func/config.py b/func/config.py
index 8202457..e859f4a 100644
--- a/func/config.py
+++ b/func/config.py
@@ -24,7 +24,7 @@ from ConfigParser import NoSectionError, NoOptionError, ConfigParser
 from ConfigParser import ParsingError
 import exceptions
 
-CONFIG_FILE = "/etc/func/certmaster.conf"
+CONFIG_FILE = "/etc/certmaster/certmaster.conf"
 
 class ConfigError(exceptions.Exception):
     def __init__(self, value=None):
diff --git a/func/overlord/cmd_modules/check.py b/func/overlord/cmd_modules/check.py
index cf1badb..ce84792 100644
--- a/func/overlord/cmd_modules/check.py
+++ b/func/overlord/cmd_modules/check.py
@@ -122,12 +122,12 @@ class CheckAction(client.command.Command):
               print "* iptables may be running, ensure 51234 is unblocked"
 
     def check_talk_to_certmaster(self):
-        config_file = '/etc/func/minion.conf'
+        config_file = '/etc/certmaster/minion.conf'
         config = read_config(config_file, FuncdConfig)
         cert_dir = config.cert_dir
         # FIXME: don't hardcode port
         master_uri = "http://%s:51235/" % config.certmaster
-        print "* this minion is configured in /etc/func/minion.conf to talk to host '%s' for certs, verify that is correct" % config.certmaster
+        print "* this minion is configured in /etc/certmaster/minion.conf to talk to host '%s' for certs, verify that is correct" % config.certmaster
         # this will be a 501, unsupported GET, but we should be
         # able to tell if we can make contact
         connect_ok = True
diff --git a/scripts/certmaster b/scripts/certmaster
deleted file mode 100755
index d5f677d..0000000
--- a/scripts/certmaster
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/python
-
-from func import certmaster
-
-import sys
-
-if __name__ == "__main__":
-    certmaster.main(sys.argv)
-    
-
-
diff --git a/scripts/certmaster-ca b/scripts/certmaster-ca
deleted file mode 100755
index 0a73e6c..0000000
--- a/scripts/certmaster-ca
+++ /dev/null
@@ -1,92 +0,0 @@
-#!/usr/bin/python -tt
-# sign/list keys
-# --sign hostname hostname hostname
-# --list # lists all csrs needing to be signed
-# --list-all ?
-# --clean? not sure what it will do
-
-import sys
-import glob
-import os
-
-import func
-import func.certs
-import func.certmaster
-
-
-
-from optparse import OptionParser
-
-def errorprint(stuff):
-    print >> sys.stderr, stuff
-
-
-def parseargs(args):
-    usage = 'certmaster-ca <option> [args]'
-    parser = OptionParser(usage=usage)
-    
-    parser.add_option('-l', '--list', default=False, action="store_true",
-          help='list signing requests remaining')
-    parser.add_option('-s', '--sign', default=False, action="store_true",
-          help='sign requests of hosts specified')
-    parser.add_option('-c', '--clean', default=False, action="store_true",
-          help="clean out all certs or csrs for the hosts specified")
-          
-    (opts, args) = parser.parse_args()
-    
-    
-    if not opts.list and not opts.sign and not opts.clean:
-        parser.print_help()
-        sys.exit(1)
-            
-    return (opts, args)
-
-def main(args):
-    if os.geteuid() != 0:
-        errorprint('Must be root to run certmaster-ca')
-        return 1
-        
-    cm = func.certmaster.CertMaster()
-    
-    (opts, args) = parseargs(args)
-
-        
-    if opts.list:
-        hns = cm.get_csrs_waiting()
-        if hns:
-            for hn in cm.get_csrs_waiting():
-                print hn
-        else:
-           print 'No certificates to sign'
-
-        return 0
-    
-    if opts.sign:
-        if not args:
-            errorprint('Need hostnames to sign')
-            return 1
-            
-        for hn in args:
-            csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn)
-            csrs = glob.glob(csrglob)
-            if not csrs:
-                errorprint('No match for %s to sign' % hn)
-                return 1
-            
-            for fn in csrs:
-                certfile = cm.sign_this_csr(fn)
-                print '%s signed - cert located at %s' % (fn, certfile)
-        return 0
-    
-    if opts.clean:
-        if not args:
-            errorprint('Need hostname(s) to clean up')
-            return 1
-        
-        for hn in args:
-            cm.remove_this_cert(hn)
-        
-        return 0
-
-if __name__ == "__main__":
-    sys.exit(main(sys.argv[1:]))
diff --git a/setup.py b/setup.py
index 12c66d1..a36f348 100644
--- a/setup.py
+++ b/setup.py
@@ -18,9 +18,8 @@ if __name__ == "__main__":
         etcmodpath = "/etc/%s/modules" % NAME
         initpath   = "/etc/init.d/"
         logpath    = "/var/log/%s/" % NAME
-	certdir    = "/var/lib/certmaster/"
-	pkidir     = "/etc/pki/%s" % NAME
-	libdir     = "/var/lib/%s" % NAME
+	varpath    = "/var/lib/%s/" % NAME
+        pkipath    = "/etc/pki/%s" % NAME
         rotpath    = "/etc/logrotate.d"
         aclpath    = "%s/minion-acl.d" % etcpath
         setup(
@@ -54,16 +53,14 @@ if __name__ == "__main__":
                 ],
                 data_files = [(initpath, ["init-scripts/funcd"]),
                               (etcpath,  ["etc/minion.conf"]),
-                              (etcmodpath, []),
                               (manpath,  ["docs/func.1.gz"]),
                               (manpath,  ["docs/func-inventory.1.gz"]),
                               (manpath,  ["docs/funcd.1.gz"]),
 			      (rotpath,  ['etc/func_rotate']),
                               (logpath,  []),
-			      (libdir,   []),
-			      (certdir,  []),
-			      (pkidir,   []),
-			      (etcpath,  []),
+			      (etcmodpath,  []),
+			      (pkipath,  []),
+			      (varpath,  []),
 			      (aclpath,  [])
                 ],
                 description = SHORT_DESC,