Merge branch 'master' of ssh://git.fedorahosted.org/git/hosted/func

* 'master' of ssh://git.fedorahosted.org/git/hosted/func:
  Make hostname detection code shared.
  seeing if this resultis 0 is dumb, just see if it executes
  use socket.getfqdn instead of gethostname for sanity sake
  Adding a module to allow func to control certmaster via func, this will be more useful once we have support for local connections.

4 files changed, 97 insertions, 15 deletions

diff --git a/func/certmaster.py b/func/certmaster.py
index b74c8d2..fe5dcbc 100755
--- a/func/certmaster.py
+++ b/func/certmaster.py
@@ -23,6 +23,7 @@ from OpenSSL import crypto
 import sha
 import glob
 import socket
+import exceptions
 
 #from func.server import codes
 import certs
@@ -32,17 +33,13 @@ from config import read_config
 from commonconfig import CMConfig
 
 CERTMASTER_LISTEN_PORT = 51235
+CERTMASTER_CONFIG = "/etc/func/certmaster.conf"
 
 class CertMaster(object):
-    def __init__(self, conf_file):
+    def __init__(self, conf_file=CERTMASTER_CONFIG):
         self.cfg = read_config(conf_file, CMConfig)
 
-        fqdn = socket.getfqdn()
-        host = socket.gethostname()
-        if fqdn.find(host) != -1:
-            usename = fqdn
-        else: 
-            usename = host
+        usename = utils.get_hostname()
 
         mycn = '%s-CA-KEY' % usename
         self.ca_key_file = '%s/funcmaster.key' % self.cfg.cadir
@@ -157,7 +154,21 @@ class CertMaster(object):
             hn = hn[:-4]
             hosts.append(hn)
         return hosts
-    
+   
+    def remove_this_cert(self, hn):
+        """ removes cert for hostname using unlink """
+        cm = self
+        csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn)
+        csrs = glob.glob(csrglob)
+        certglob = '%s/%s.cert' % (cm.cfg.certroot, hn)
+        certs = glob.glob(certglob)
+        if not csrs and not certs:
+            # FIXME: should be an exception?
+            print 'No match for %s to clean up' % hn
+            return
+        for fn in csrs + certs:
+            print 'Cleaning out %s for host matching %s' % (fn, hn)
+            os.unlink(fn)         
             
     def sign_this_csr(self, csr):
         """returns the path to the signed cert file"""
@@ -181,7 +192,7 @@ class CertMaster(object):
             try:
                 csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, csr_buf)                
             except crypto.Error, e:
-                print 'Bad CSR: %s' % csr
+                raise exceptions.Exception("Bad CSR: %s" % csr)
                 
         else: # assume we got a bare csr req
             csrreq = csr
diff --git a/func/certs.py b/func/certs.py
index 413f9ce..4d6bf15 100644
--- a/func/certs.py
+++ b/func/certs.py
@@ -17,6 +17,7 @@
 from OpenSSL import crypto
 import socket
 import os
+import utils
 
 def_country = 'UN'
 def_state = 'FC'
@@ -48,12 +49,7 @@ def make_csr(pkey, dest=None, cn=None):
     if cn:
         subj.CN = cn
     else:
-        fqdn = socket.getfqdn()
-        host = socket.gethostname()
-        if fqdn.find(host) != -1:        
-            subj.CN = fqdn
-        else: 
-            subj.CN = host
+        subj.CN = utils.get_hostname() 
     subj.emailAddress = 'root@%s' % subj.CN       
         
     req.set_pubkey(pkey)
diff --git a/func/minion/modules/certmaster.py b/func/minion/modules/certmaster.py
new file mode 100644
index 0000000..9ca484f
--- /dev/null
+++ b/func/minion/modules/certmaster.py
@@ -0,0 +1,65 @@
+## -*- coding: utf-8 -*-
+##
+## Process lister (control TBA)
+##
+## Copyright 2008, Red Hat, Inc
+## Michael DeHaan <mdehaan@redhat.com>
+##
+## This software may be freely redistributed under the terms of the GNU
+## general public license.
+##
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+##
+
+# other modules
+import sub_process
+import codes
+
+# our modules
+import func_module
+from func import certmaster as certmaster
+
+# =================================
+
+class CertMasterModule(func_module.FuncModule):
+
+    version = "0.0.1"
+    api_version = "0.0.1"
+    description = "Administers certs on an overlord."
+
+    def get_hosts_to_sign(self, list_of_hosts):
+        """
+        ...
+        """
+        list_of_hosts = self.__listify(list_of_hosts)
+        cm = certmaster.CertMaster()
+        return cm.get_csrs_waiting()
+
+    def sign_hosts(self, list_of_hosts):
+        """
+        ...
+        """
+        list_of_hosts = self.__listify(list_of_hosts)
+        cm = certmaster.CertMaster()
+        for x in list_of_hosts:
+           cm.sign_this_csr(x)
+        return True
+
+    def cleanup_hosts(self, list_of_hosts):
+        """
+        ...
+        """
+        list_of_hosts = self.__listify(list_of_hosts)
+        cm = certmaster.CertMaster()
+        for x in list_of_hosts:
+           cm.remove_this_cert(x)
+        return True
+
+    def __listify(self, list_of_hosts):
+        if type(list_of_hosts) is type([]):
+            return list_of_hosts
+        else:
+            return [ list_of_hosts ]    
+
diff --git a/func/utils.py b/func/utils.py
index 1a4abb7..54c9c39 100755
--- a/func/utils.py
+++ b/func/utils.py
@@ -15,6 +15,7 @@ import string
 import sys
 import traceback
 import xmlrpclib
+import socket
 
 REMOTE_ERROR = "REMOTE_ERROR"
 
@@ -50,6 +51,15 @@ def nice_exception(etype, evalue, etb):
     nicestack = string.join(traceback.format_list(traceback.extract_tb(etb)))
     return [ REMOTE_ERROR, nicetype, str(evalue), nicestack ] 
 
+def get_hostname():
+    fqdn = socket.getfqdn()
+    host = socket.gethostname()
+    if fqdn.find(host) != -1:
+        return fqdn
+    else:
+        return host
+
+
 def is_error(result):
     if type(result) != list:
         return False