diff options
author | Seth Vidal <skvidal@fedoraproject.org> | 2008-02-05 16:25:16 -0500 |
---|---|---|
committer | Seth Vidal <skvidal@fedoraproject.org> | 2008-02-05 16:25:16 -0500 |
commit | a9ecad95e33506b21c7b1a282b5c2fd4bfb693cf (patch) | |
tree | 28da6265ee34333f886ad2efe61d8000cd09db7e | |
parent | 6b9881532773f8e697437d8c6b92ce99477a0a43 (diff) | |
parent | 40ccbbf55e6fedf57629ba344dfee2e0b3ceda18 (diff) | |
download | third_party-func-a9ecad95e33506b21c7b1a282b5c2fd4bfb693cf.tar.gz third_party-func-a9ecad95e33506b21c7b1a282b5c2fd4bfb693cf.tar.xz third_party-func-a9ecad95e33506b21c7b1a282b5c2fd4bfb693cf.zip |
Merge branch 'master' of ssh://git.fedorahosted.org/git/hosted/func
* 'master' of ssh://git.fedorahosted.org/git/hosted/func:
Make hostname detection code shared.
seeing if this resultis 0 is dumb, just see if it executes
use socket.getfqdn instead of gethostname for sanity sake
Adding a module to allow func to control certmaster via func, this will be more useful once we have support for local connections.
-rwxr-xr-x | func/certmaster.py | 29 | ||||
-rw-r--r-- | func/certs.py | 8 | ||||
-rw-r--r-- | func/minion/modules/certmaster.py | 65 | ||||
-rwxr-xr-x | func/utils.py | 10 | ||||
-rwxr-xr-x | scripts/certmaster-ca | 14 | ||||
-rw-r--r-- | test/unittest/test_client.py | 4 |
6 files changed, 101 insertions, 29 deletions
diff --git a/func/certmaster.py b/func/certmaster.py index b74c8d2..fe5dcbc 100755 --- a/func/certmaster.py +++ b/func/certmaster.py @@ -23,6 +23,7 @@ from OpenSSL import crypto import sha import glob import socket +import exceptions #from func.server import codes import certs @@ -32,17 +33,13 @@ from config import read_config from commonconfig import CMConfig CERTMASTER_LISTEN_PORT = 51235 +CERTMASTER_CONFIG = "/etc/func/certmaster.conf" class CertMaster(object): - def __init__(self, conf_file): + def __init__(self, conf_file=CERTMASTER_CONFIG): self.cfg = read_config(conf_file, CMConfig) - fqdn = socket.getfqdn() - host = socket.gethostname() - if fqdn.find(host) != -1: - usename = fqdn - else: - usename = host + usename = utils.get_hostname() mycn = '%s-CA-KEY' % usename self.ca_key_file = '%s/funcmaster.key' % self.cfg.cadir @@ -157,7 +154,21 @@ class CertMaster(object): hn = hn[:-4] hosts.append(hn) return hosts - + + def remove_this_cert(self, hn): + """ removes cert for hostname using unlink """ + cm = self + csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn) + csrs = glob.glob(csrglob) + certglob = '%s/%s.cert' % (cm.cfg.certroot, hn) + certs = glob.glob(certglob) + if not csrs and not certs: + # FIXME: should be an exception? + print 'No match for %s to clean up' % hn + return + for fn in csrs + certs: + print 'Cleaning out %s for host matching %s' % (fn, hn) + os.unlink(fn) def sign_this_csr(self, csr): """returns the path to the signed cert file""" @@ -181,7 +192,7 @@ class CertMaster(object): try: csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, csr_buf) except crypto.Error, e: - print 'Bad CSR: %s' % csr + raise exceptions.Exception("Bad CSR: %s" % csr) else: # assume we got a bare csr req csrreq = csr diff --git a/func/certs.py b/func/certs.py index 413f9ce..4d6bf15 100644 --- a/func/certs.py +++ b/func/certs.py @@ -17,6 +17,7 @@ from OpenSSL import crypto import socket import os +import utils def_country = 'UN' def_state = 'FC' @@ -48,12 +49,7 @@ def make_csr(pkey, dest=None, cn=None): if cn: subj.CN = cn else: - fqdn = socket.getfqdn() - host = socket.gethostname() - if fqdn.find(host) != -1: - subj.CN = fqdn - else: - subj.CN = host + subj.CN = utils.get_hostname() subj.emailAddress = 'root@%s' % subj.CN req.set_pubkey(pkey) diff --git a/func/minion/modules/certmaster.py b/func/minion/modules/certmaster.py new file mode 100644 index 0000000..9ca484f --- /dev/null +++ b/func/minion/modules/certmaster.py @@ -0,0 +1,65 @@ +## -*- coding: utf-8 -*- +## +## Process lister (control TBA) +## +## Copyright 2008, Red Hat, Inc +## Michael DeHaan <mdehaan@redhat.com> +## +## This software may be freely redistributed under the terms of the GNU +## general public license. +## +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +## + +# other modules +import sub_process +import codes + +# our modules +import func_module +from func import certmaster as certmaster + +# ================================= + +class CertMasterModule(func_module.FuncModule): + + version = "0.0.1" + api_version = "0.0.1" + description = "Administers certs on an overlord." + + def get_hosts_to_sign(self, list_of_hosts): + """ + ... + """ + list_of_hosts = self.__listify(list_of_hosts) + cm = certmaster.CertMaster() + return cm.get_csrs_waiting() + + def sign_hosts(self, list_of_hosts): + """ + ... + """ + list_of_hosts = self.__listify(list_of_hosts) + cm = certmaster.CertMaster() + for x in list_of_hosts: + cm.sign_this_csr(x) + return True + + def cleanup_hosts(self, list_of_hosts): + """ + ... + """ + list_of_hosts = self.__listify(list_of_hosts) + cm = certmaster.CertMaster() + for x in list_of_hosts: + cm.remove_this_cert(x) + return True + + def __listify(self, list_of_hosts): + if type(list_of_hosts) is type([]): + return list_of_hosts + else: + return [ list_of_hosts ] + diff --git a/func/utils.py b/func/utils.py index 1a4abb7..54c9c39 100755 --- a/func/utils.py +++ b/func/utils.py @@ -15,6 +15,7 @@ import string import sys import traceback import xmlrpclib +import socket REMOTE_ERROR = "REMOTE_ERROR" @@ -50,6 +51,15 @@ def nice_exception(etype, evalue, etb): nicestack = string.join(traceback.format_list(traceback.extract_tb(etb))) return [ REMOTE_ERROR, nicetype, str(evalue), nicestack ] +def get_hostname(): + fqdn = socket.getfqdn() + host = socket.gethostname() + if fqdn.find(host) != -1: + return fqdn + else: + return host + + def is_error(result): if type(result) != list: return False diff --git a/scripts/certmaster-ca b/scripts/certmaster-ca index 867bd04..b3e844a 100755 --- a/scripts/certmaster-ca +++ b/scripts/certmaster-ca @@ -46,7 +46,7 @@ def main(args): errorprint('Must be root to run certmaster-ca') return 1 - cm = func.certmaster.CertMaster('/etc/func/certmaster.conf') + cm = func.certmaster.CertMaster() (opts, args) = parseargs(args) @@ -84,17 +84,7 @@ def main(args): return 1 for hn in args: - csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn) - csrs = glob.glob(csrglob) - certglob = '%s/%s.cert' % (cm.cfg.certroot, hn) - certs = glob.glob(certglob) - if not csrs and not certs: - errorprint('No match for %s to clean up' % hn) - continue - - for fn in csrs + certs: - print 'Cleaning out %s for host matching %s' % (fn, hn) - os.unlink(fn) + cm.remove_this_host(hn) return 0 diff --git a/test/unittest/test_client.py b/test/unittest/test_client.py index 1d24753..302c101 100644 --- a/test/unittest/test_client.py +++ b/test/unittest/test_client.py @@ -13,7 +13,8 @@ import socket class BaseTest: # assume we are talking to localhost - th = socket.gethostname() +# th = socket.gethostname() + th = socket.getfqdn() nforks=1 async=False @@ -249,7 +250,6 @@ class TestService(BaseTest): running_data = self.client.service.get_running()[self.th] result = self.client.service.status(running_data[0][0]) self.assert_on_fault(result) - assert result[self.th] == 0 #FIXME: whats a good way to test starting/stoping services without # doing bad things? -akl |