summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdrian Likins <alikins@grimlock.devel.redhat.com>2008-02-29 14:27:43 -0500
committerAdrian Likins <alikins@grimlock.devel.redhat.com>2008-02-29 14:27:43 -0500
commit9fd0d907c5893780f2baab0e9733e4a00ce75e98 (patch)
treebcd72d1ff053968897e95f71d7a22be7951af260
parentdd4a2266e476410084556ea7bce9dfa47e651690 (diff)
parentbdc3f700d2ddee513173cd3ae6a82de11011bf84 (diff)
downloadthird_party-func-9fd0d907c5893780f2baab0e9733e4a00ce75e98.zip
third_party-func-9fd0d907c5893780f2baab0e9733e4a00ce75e98.tar.gz
third_party-func-9fd0d907c5893780f2baab0e9733e4a00ce75e98.tar.xz
Merge commit 'origin/devel' into devel
-rw-r--r--certs/master-keys.py44
-rw-r--r--certs/slave-keys.py92
-rw-r--r--docs/certmaster-ca.pod41
-rw-r--r--docs/certmaster.pod29
-rw-r--r--etc/minion.conf2
-rwxr-xr-xfunc/certmaster.py247
-rwxr-xr-xinit-scripts/certmaster112
-rwxr-xr-xscripts/update-func146
8 files changed, 146 insertions, 567 deletions
diff --git a/certs/master-keys.py b/certs/master-keys.py
deleted file mode 100644
index 2c3f6e5..0000000
--- a/certs/master-keys.py
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/usr/bin/python -tt
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Library General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-# Copyright (c) 2007 Red Hat, inc
-#- Written by Seth Vidal skvidal @ fedoraproject.org
-
-import sys
-import os
-import os.path
-import func.certs
-
-
-cadir = '/etc/pki/func/ca'
-ca_key_file = '%s/funcmaster.key' % cadir
-ca_cert_file = '%s/funcmaster.crt' % cadir
-
-
-def main():
- keypair = None
- try:
- if not os.path.exists(cadir):
- os.makedirs(cadir)
- if not os.path.exists(ca_key_file):
- func.certs.create_ca(ca_key_file=ca_key_file, ca_cert_file=ca_cert_file)
- except:
- return 1
-
- return 0
-
-
-if __name__ == "__main__":
- sys.exit(main())
-
diff --git a/certs/slave-keys.py b/certs/slave-keys.py
deleted file mode 100644
index 8ddae81..0000000
--- a/certs/slave-keys.py
+++ /dev/null
@@ -1,92 +0,0 @@
-#!/usr/bin/python -tt
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Library General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-# Copyright (c) 2007 Red Hat, inc
-#- Written by Seth Vidal skvidal @ fedoraproject.org
-
-import sys
-import os
-import os.path
-import xmlrpclib
-import time
-
-from exceptions import Exception
-
-import func.certs
-
-
-def submit_csr_to_master(csr_file, master_uri):
- # get csr_file
- # submit buffer of file content to master_uri.wait_for_cert()
- # wait for response and return
- fo = open(csr_file)
- csr = fo.read()
- s = xmlrpclib.ServerProxy(master_uri)
-
- return s.wait_for_cert(csr)
-
-
-
-def main(cert_dir, master_uri):
- keypair = None
- key_file = '%s/slave.pem' % cert_dir
- csr_file = '%s/slave.csr' % cert_dir
- cert_file = '%s/slave.cert' % cert_dir
- ca_cert_file = '%s/ca.cert' % cert_dir
-
- try:
- if not os.path.exists(cert_dir):
- os.makedirs(cert_dir)
- if not os.path.exists(key_file):
- keypair = func.certs.make_keypair(dest=key_file)
- if not os.path.exists(csr_file):
- if not keypair:
- keypair = func.certs.retrieve_key_from_file(key_file)
- csr = func.certs.make_csr(keypair, dest=csr_file)
- except Exception, e: # need a little more specificity here
- print e
- return 1
-
- result = False
- while not result:
- result, cert_string, ca_cert_string = submit_csr_to_master(csr_file, master_uri)
- print 'looping'
- time.sleep(10)
-
-
- if result:
- cert_fo = open(cert_file, 'w')
- cert_fo.write(cert_string)
- cert_fo.close()
-
- ca_cert_fo = open(ca_cert_file, 'w')
- ca_cert_fo.write(ca_cert_string)
- ca_cert_fo.close()
-
- return 0
-
-
-if __name__ == "__main__":
- if len(sys.argv[1:]) > 0:
- cert_dir = sys.argv[1]
- else:
- cert_dir = '/etc/pki/func'
-
- if len(sys.argv[1:]) > 1:
- master_uri = sys.argv[2]
- else:
- master_uri = 'http://localhost:51235/'
-
- sys.exit(main(cert_dir, master_uri))
-
diff --git a/docs/certmaster-ca.pod b/docs/certmaster-ca.pod
deleted file mode 100644
index fce3f73..0000000
--- a/docs/certmaster-ca.pod
+++ /dev/null
@@ -1,41 +0,0 @@
-=head1 NAME
-
-certmaster-ca -- signs certificate requests gathered by certmaster.
-
-=head1 SYNOPSIS
-
-certmaster-ca --list
-
-certmaster-ca --sign machine.example.org
-
-=head1 DESCRIPTION
-
-"certmaster-ca --list"
-
-The list command prints all certificates that have been requested from certmaster by a remote
-service (such as funcd) but are not yet signed.
-
-func commands can't be sent to a remote machine until the certificates have been signed.
-
-"certmaster-ca --sign [hostname]"
-
-This command is used to sign a certificate and send it back to the requester.
-
-=head1 AUTO-SIGNING
-
-The certmaster can be configured to make this command unneccessary; all incoming
-requests can be signed automatically by certmaster.
-
-To configure this, edit /etc/func/certmaster.conf.
-
-=head1 ADDITONAL RESOURCES
-
-See https://hosted.fedoraproject.org/projects/func/. It's a Wiki.
-
-See also the manpages for "func", "func-inventory", "funcd", and "certmaster".
-
-=head1 AUTHOR
-
-Various. See https://hosted.fedoraproject.org/projects/func
-
-
diff --git a/docs/certmaster.pod b/docs/certmaster.pod
deleted file mode 100644
index 92f5074..0000000
--- a/docs/certmaster.pod
+++ /dev/null
@@ -1,29 +0,0 @@
-=head1 NAME
-
-certmaster -- hands out certificates to funcd and other components.
-
-=head1 SYNOPSIS
-
-certmaster (it's a daemon and takes no arguments)
-
-=head1 DESCRIPTION
-
-See https://hosted.fedoraproject.org/projects/func/
-
-Certmaster is run on the master-control machine on a network being
-controlled by func. It hands out certificates to machines running
-funcd.
-
-Certmaster is configured by /etc/func/certmaster.conf
-
-=head1 ADDITONAL RESOURCES
-
-See https://hosted.fedoraproject.org/projects/func/. It's a Wiki.
-
-See also the manpages for "func", "func-inventory", "funcd", "certmaster-ca".
-
-=head1 AUTHOR
-
-Various. See https://hosted.fedoraproject.org/projects/func
-
-
diff --git a/etc/minion.conf b/etc/minion.conf
index f2e2b34..00ff009 100644
--- a/etc/minion.conf
+++ b/etc/minion.conf
@@ -2,7 +2,5 @@
[main]
log_level = DEBUG
-certmaster = certmaster
-cert_dir = /etc/pki/func
acl_dir = /etc/func/minion-acl.d
diff --git a/func/certmaster.py b/func/certmaster.py
deleted file mode 100755
index fe5dcbc..0000000
--- a/func/certmaster.py
+++ /dev/null
@@ -1,247 +0,0 @@
-# FIXME: more intelligent fault raises
-
-"""
-cert master listener
-
-Copyright 2007, Red Hat, Inc
-see AUTHORS
-
-This software may be freely redistributed under the terms of the GNU
-general public license.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-"""
-
-# standard modules
-import SimpleXMLRPCServer
-import sys
-import os
-import os.path
-from OpenSSL import crypto
-import sha
-import glob
-import socket
-import exceptions
-
-#from func.server import codes
-import certs
-import codes
-import utils
-from config import read_config
-from commonconfig import CMConfig
-
-CERTMASTER_LISTEN_PORT = 51235
-CERTMASTER_CONFIG = "/etc/func/certmaster.conf"
-
-class CertMaster(object):
- def __init__(self, conf_file=CERTMASTER_CONFIG):
- self.cfg = read_config(conf_file, CMConfig)
-
- usename = utils.get_hostname()
-
- mycn = '%s-CA-KEY' % usename
- self.ca_key_file = '%s/funcmaster.key' % self.cfg.cadir
- self.ca_cert_file = '%s/funcmaster.crt' % self.cfg.cadir
- try:
- if not os.path.exists(self.cfg.cadir):
- os.makedirs(self.cfg.cadir)
- if not os.path.exists(self.ca_key_file) and not os.path.exists(self.ca_cert_file):
- certs.create_ca(CN=mycn, ca_key_file=self.ca_key_file, ca_cert_file=self.ca_cert_file)
- except (IOError, OSError), e:
- print 'Cannot make certmaster certificate authority keys/certs, aborting: %s' % e
- sys.exit(1)
-
-
- # open up the cakey and cacert so we have them available
- self.cakey = certs.retrieve_key_from_file(self.ca_key_file)
- self.cacert = certs.retrieve_cert_from_file(self.ca_cert_file)
-
- for dirpath in [self.cfg.cadir, self.cfg.certroot, self.cfg.csrroot]:
- if not os.path.exists(dirpath):
- os.makedirs(dirpath)
-
- # setup handlers
- self.handlers = {
- 'wait_for_cert': self.wait_for_cert,
- }
-
- def _dispatch(self, method, params):
- if method == 'trait_names' or method == '_getAttributeNames':
- return self.handlers.keys()
-
- if method in self.handlers.keys():
- return self.handlers[method](*params)
- else:
- raise codes.InvalidMethodException
-
- def _sanitize_cn(self, commonname):
- commonname = commonname.replace('/', '')
- commonname = commonname.replace('\\', '')
- return commonname
-
- def wait_for_cert(self, csrbuf):
- """
- takes csr as a string
- returns True, caller_cert, ca_cert
- returns False, '', ''
- """
-
- try:
- csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, csrbuf)
- except crypto.Error, e:
- #XXX need to raise a fault here and document it - but false is just as good
- return False, '', ''
-
- requesting_host = self._sanitize_cn(csrreq.get_subject().CN)
-
- # get rid of dodgy characters in the filename we're about to make
-
- certfile = '%s/%s.cert' % (self.cfg.certroot, requesting_host)
- csrfile = '%s/%s.csr' % (self.cfg.csrroot, requesting_host)
-
- # check for old csr on disk
- # if we have it - compare the two - if they are not the same - raise a fault
- if os.path.exists(csrfile):
- oldfo = open(csrfile)
- oldcsrbuf = oldfo.read()
- oldsha = sha.new()
- oldsha.update(oldcsrbuf)
- olddig = oldsha.hexdigest()
- newsha = sha.new()
- newsha.update(csrbuf)
- newdig = newsha.hexdigest()
- if not newdig == olddig:
- # XXX raise a proper fault
- return False, '', ''
-
- # look for a cert:
- # if we have it, then return True, etc, etc
- if os.path.exists(certfile):
- slavecert = certs.retrieve_cert_from_file(certfile)
- cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, slavecert)
- cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
- return True, cert_buf, cacert_buf
-
- # if we don't have a cert then:
- # if we're autosign then sign it, write out the cert and return True, etc, etc
- # else write out the csr
-
- if self.cfg.autosign:
- cert_fn = self.sign_this_csr(csrreq)
- cert = certs.retrieve_cert_from_file(cert_fn)
- cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
- cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
- return True, cert_buf, cacert_buf
-
- else:
- # write the csr out to a file to be dealt with by the admin
- destfo = open(csrfile, 'w')
- destfo.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, csrreq))
- destfo.close()
- del destfo
- return False, '', ''
-
- return False, '', ''
-
- def get_csrs_waiting(self):
- hosts = []
- csrglob = '%s/*.csr' % self.cfg.csrroot
- csr_list = glob.glob(csrglob)
- for f in csr_list:
- hn = os.path.basename(f)
- hn = hn[:-4]
- hosts.append(hn)
- return hosts
-
- def remove_this_cert(self, hn):
- """ removes cert for hostname using unlink """
- cm = self
- csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn)
- csrs = glob.glob(csrglob)
- certglob = '%s/%s.cert' % (cm.cfg.certroot, hn)
- certs = glob.glob(certglob)
- if not csrs and not certs:
- # FIXME: should be an exception?
- print 'No match for %s to clean up' % hn
- return
- for fn in csrs + certs:
- print 'Cleaning out %s for host matching %s' % (fn, hn)
- os.unlink(fn)
-
- def sign_this_csr(self, csr):
- """returns the path to the signed cert file"""
- csr_unlink_file = None
-
- if type(csr) is type(''):
- if csr.startswith('/') and os.path.exists(csr): # we have a full path to the file
- csrfo = open(csr)
- csr_buf = csrfo.read()
- csr_unlink_file = csr
-
- elif os.path.exists('%s/%s' % (self.cfg.csrroot, csr)): # we have a partial path?
- csrfo = open('%s/%s' % (self.cfg.csrroot, csr))
- csr_buf = csrfo.read()
- csr_unlink_file = '%s/%s' % (self.cfg.csrroot, csr)
-
- # we have a string of some kind
- else:
- csr_buf = csr
-
- try:
- csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, csr_buf)
- except crypto.Error, e:
- raise exceptions.Exception("Bad CSR: %s" % csr)
-
- else: # assume we got a bare csr req
- csrreq = csr
- requesting_host = self._sanitize_cn(csrreq.get_subject().CN)
-
- certfile = '%s/%s.cert' % (self.cfg.certroot, requesting_host)
- thiscert = certs.create_slave_certificate(csrreq, self.cakey, self.cacert, self.cfg.cadir)
- destfo = open(certfile, 'w')
- destfo.write(crypto.dump_certificate(crypto.FILETYPE_PEM, thiscert))
- destfo.close()
- del destfo
- if csr_unlink_file and os.path.exists(csr_unlink_file):
- os.unlink(csr_unlink_file)
-
- return certfile
-
-
-class CertmasterXMLRPCServer(SimpleXMLRPCServer.SimpleXMLRPCServer):
- def __init__(self, args):
- self.allow_reuse_address = True
- SimpleXMLRPCServer.SimpleXMLRPCServer.__init__(self, args)
-
-
-def serve(xmlrpcinstance):
-
- """
- Code for starting the XMLRPC service.
- """
-
- server = CertmasterXMLRPCServer((xmlrpcinstance.cfg.listen_addr, CERTMASTER_LISTEN_PORT))
- server.logRequests = 0 # don't print stuff to console
- server.register_instance(xmlrpcinstance)
- server.serve_forever()
-
-
-def main(argv):
-
- cm = CertMaster('/etc/func/certmaster.conf')
-
- if "daemon" in argv or "--daemon" in argv:
- utils.daemonize("/var/run/certmaster.pid")
- else:
- print "serving...\n"
-
-
- # just let exceptions bubble up for now
- serve(cm)
-
-
-if __name__ == "__main__":
- #textdomain(I18N_DOMAIN)
- main(sys.argv)
diff --git a/init-scripts/certmaster b/init-scripts/certmaster
deleted file mode 100755
index 819ba0d..0000000
--- a/init-scripts/certmaster
+++ /dev/null
@@ -1,112 +0,0 @@
-#!/bin/sh
-#
-# certmaster certmaster
-###################################
-
-# LSB header
-
-### BEGIN INIT INFO
-# Provides: certmaster
-# Required-Start: network
-# Default-Start: 3 4 5
-# Default-Stop: 0 1 2 6
-# Short-Description: certificate master for Fedora Unified Network Control 'master server only'
-# Description: certificate master to sign/manage ca/cert infrastructure for func
-### END INIT INFO
-
-# chkconfig header
-
-# chkconfig: - 98 99
-# description: certificate master to sign/manage ca/cert infrastructure for func
-#
-# processname: /usr/bin/certmaster
-
-# Sanity checks.
-[ -x /usr/bin/certmaster ] || exit 0
-
-SERVICE=certmaster
-PROCESS=certmaster
-DAEMON=/usr/bin/certmaster
-CONFIG_ARGS="--daemon"
-
-CAStatus()
-{
- ps wt? | grep "$DAEMON" 2>&1 > /dev/null
- if [ "x$?" = "x0" ]; then
- RVAL=0
- echo "certmaster is running"
- else
- RVAL=3
- echo "certmaster is not running"
- fi
-}
-
-if [ -f /lib/lsb/init-functions ]; then
- . /lib/lsb/init-functions
- alias START_DAEMON=start_daemon
- alias STATUS=CAStatus
- alias LOG_SUCCESS=log_success_msg
- alias LOG_FAILURE=log_failure_msg
- alias LOG_WARNING=log_warning_msg
-elif [ -f /etc/init.d/functions ]; then
- . /etc/init.d/functions
- alias START_DAEMON=daemon
- alias STATUS=status
- alias LOG_SUCCESS=success
- alias LOG_FAILURE=failure
- alias LOG_WARNING=passed
-else
- echo "Error: your platform is not supported by $0" > /dev/stderr
- exit 1
-fi
-
-RETVAL=0
-
-start() {
- echo -n $"Starting certmaster daemon: "
- START_DAEMON $PROCESS $CONFIG_ARGS
- RETVAL=$?
- echo
- [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SERVICE
- return $RETVAL
-}
-
-stop() {
- echo -n $"Stopping certmaster daemon: "
- killproc $PROCESS
- RETVAL=$?
- echo
- if [ $RETVAL -eq 0 ]; then
- rm -f /var/lock/subsys/$SERVICE
- rm -f /var/run/$SERVICE.pid
- fi
-}
-
-restart() {
- stop
- start
-}
-
-# See how we were called.
-case "$1" in
- start|stop|restart)
- $1
- ;;
- status)
- STATUS $PROCESS
- RETVAL=$?
- ;;
- condrestart)
- [ -f /var/lock/subsys/$SERVICE ] && restart || :
- ;;
- reload)
- echo "can't reload configuration, you have to restart it"
- RETVAL=$?
- ;;
- *)
- echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}"
- exit 1
- ;;
-esac
-exit $RETVAL
-
diff --git a/scripts/update-func b/scripts/update-func
new file mode 100755
index 0000000..30fced5
--- /dev/null
+++ b/scripts/update-func
@@ -0,0 +1,146 @@
+#!/usr//bin/python
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Library General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+# 2008 Adrian Likins <alikins@redhat.com>
+
+# script to migrate pre func/certmaster 0.17 to the split func/certmaster
+# locations and formats from 0.17 and later versions
+
+
+import os
+import subprocess
+
+from func import commonconfig
+from func import config
+
+from certmaster import commonconfig as cm_commonconfig
+from certmaster import config as cm_config
+
+# files that have moved
+#
+# minion certs moved from /etc/pki/func to /etc/pki/certmaster
+# overlord certs moved /var/lib/func/certmaster to /var/lib/certmaster/certmaster
+#
+# /etc/func/minion.conf still exists, but parts of config moved to /etc/certmaster/minion.conf
+
+
+FUNC_MINION_CONF="/etc/func/minion.conf"
+CERTMASTER_MINION_CONF="/etc/certmaster/minion.conf"
+
+FUNC_MINION_CERT_DIR="/etc/pki/func/"
+CERTMASTER_MINION_CERT_DIR="/etc/pki/certmaster"
+
+CERTMASTER_CONF="/etc/certmaster/certmaster.conf"
+
+
+FUNC_CERTMASTER_CERT_DIR="/var/lib/func/certmaster/"
+CERTMASTER_CERT_DIR="/var/lib/certmaster/"
+
+
+def list_files(files):
+ for filename in files:
+ if os.access(filename, os.R_OK):
+ print filename, os.stat(filename)
+ else:
+ print "%s not found" % filename
+
+
+#list_files([FUNC_MINION_CONF, CERTMASTER_MINION_CONF, FUNC_MINION_CERT_DIR,
+# CERTMASTER_MINION_CERT_DIR, FUNC_CERTMASTER_CERT_DIR,CERTMASTER_CERT_DIR])
+
+
+def func_minion_has_cert_info(fmc_content):
+ for line in fmc_content:
+ match = line.find("cert_dir")
+ if match != -1 and match == 0:
+ return True
+ return False
+
+def certmaster_minion_has_cert_info(cmc_content):
+ for line in cmc_content:
+ match = line.find("cert_dir")
+ if match != -1 and match == 0:
+ return True
+ return False
+
+
+def migrate_minion_conf_settings():
+ # ugh, do I really want to parse these files?
+ # guess I kind of have to...
+ fc = config.read_config(FUNC_MINION_CONF, commonconfig.FuncdConfig)
+
+
+ # see if we have edited this file before
+ fc_f = open(FUNC_MINION_CONF, "r")
+ fc_c = fc_f.readlines()
+ obs = False
+ for line in fc_c:
+ match = line.find("obsolete =")
+ if match != -1 and match == 0:
+ obs = True
+
+ if obs == True:
+ return
+
+ cmc = cm_config.read_config(CERTMASTER_CONF, cm_commonconfig.CMConfig)
+ cm_mc = cm_config.read_config(CERTMASTER_MINION_CONF, cm_commonconfig.MinionConfig)
+
+
+ cmc.cert_dir = fc.cert_dir
+ cmc.certmaster = fc.certmaster
+
+ cm_mc.cert_dir = fc.cert_dir
+ cm_mc.certmaster = fc.certmaster
+
+ # there doesnt' seem to be an obvious way to
+ # add something to a config obj/file without
+ # changing the corresponding config class,
+ # so this is a kluge
+ fc_f = open(FUNC_MINION_CONF, "a+")
+ fc_f.write("obsolete = 1\n")
+ fc_f.close()
+
+
+# print "fc", fc
+# print "dir(fc)", dir(fc)
+
+ cmc.write(open(CERTMASTER_CONF, 'w'))
+ cm_mc.write(open(CERTMASTER_MINION_CONF, 'w'))
+
+
+if os.access(FUNC_MINION_CONF, os.R_OK):
+ if os.access(CERTMASTER_MINION_CONF, os.R_OK):
+ fmc_content = open(FUNC_MINION_CONF, 'r').readlines()
+ cmc_content = open(CERTMASTER_MINION_CONF, 'r').readlines()
+
+# if func_minion_has_cert_info(fmc_content) and not certmaster_minion_has_cert_info(cmc_content):
+ if func_minion_has_cert_info(fmc_content):
+ migrate_minion_conf_settings()
+
+
+if os.access(FUNC_MINION_CERT_DIR, os.R_OK):
+# print "copying files from %s to %s" % (FUNC_MINION_CERT_DIR, CERTMASTER_MINION_CERT_DIR)
+ output = subprocess.Popen(["cp", "-var", FUNC_MINION_CERT_DIR, CERTMASTER_MINION_CERT_DIR], stdout=subprocess.PIPE).communicate()[0]
+# print output
+
+if os.access(CERTMASTER_CERT_DIR, os.R_OK):
+# print "copyying files from %s to %s" % (FUNC_CERTMASTER_CERT_DIR, CERTMASTER_CERT_DIR)
+ output = subprocess.Popen(["cp", "-var", FUNC_CERTMASTER_CERT_DIR, CERTMASTER_CERT_DIR], stdout=subprocess.PIPE).communicate()[0]
+# print output
+
+
+
+
+