diff options
-rw-r--r-- | certs/master-keys.py | 44 | ||||
-rw-r--r-- | certs/slave-keys.py | 92 | ||||
-rw-r--r-- | docs/certmaster-ca.pod | 41 | ||||
-rw-r--r-- | docs/certmaster.pod | 29 | ||||
-rwxr-xr-x | init-scripts/certmaster | 112 |
5 files changed, 0 insertions, 318 deletions
diff --git a/certs/master-keys.py b/certs/master-keys.py deleted file mode 100644 index 2c3f6e5..0000000 --- a/certs/master-keys.py +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/python -tt -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Library General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# Copyright (c) 2007 Red Hat, inc -#- Written by Seth Vidal skvidal @ fedoraproject.org - -import sys -import os -import os.path -import func.certs - - -cadir = '/etc/pki/func/ca' -ca_key_file = '%s/funcmaster.key' % cadir -ca_cert_file = '%s/funcmaster.crt' % cadir - - -def main(): - keypair = None - try: - if not os.path.exists(cadir): - os.makedirs(cadir) - if not os.path.exists(ca_key_file): - func.certs.create_ca(ca_key_file=ca_key_file, ca_cert_file=ca_cert_file) - except: - return 1 - - return 0 - - -if __name__ == "__main__": - sys.exit(main()) - diff --git a/certs/slave-keys.py b/certs/slave-keys.py deleted file mode 100644 index 8ddae81..0000000 --- a/certs/slave-keys.py +++ /dev/null @@ -1,92 +0,0 @@ -#!/usr/bin/python -tt -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Library General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# Copyright (c) 2007 Red Hat, inc -#- Written by Seth Vidal skvidal @ fedoraproject.org - -import sys -import os -import os.path -import xmlrpclib -import time - -from exceptions import Exception - -import func.certs - - -def submit_csr_to_master(csr_file, master_uri): - # get csr_file - # submit buffer of file content to master_uri.wait_for_cert() - # wait for response and return - fo = open(csr_file) - csr = fo.read() - s = xmlrpclib.ServerProxy(master_uri) - - return s.wait_for_cert(csr) - - - -def main(cert_dir, master_uri): - keypair = None - key_file = '%s/slave.pem' % cert_dir - csr_file = '%s/slave.csr' % cert_dir - cert_file = '%s/slave.cert' % cert_dir - ca_cert_file = '%s/ca.cert' % cert_dir - - try: - if not os.path.exists(cert_dir): - os.makedirs(cert_dir) - if not os.path.exists(key_file): - keypair = func.certs.make_keypair(dest=key_file) - if not os.path.exists(csr_file): - if not keypair: - keypair = func.certs.retrieve_key_from_file(key_file) - csr = func.certs.make_csr(keypair, dest=csr_file) - except Exception, e: # need a little more specificity here - print e - return 1 - - result = False - while not result: - result, cert_string, ca_cert_string = submit_csr_to_master(csr_file, master_uri) - print 'looping' - time.sleep(10) - - - if result: - cert_fo = open(cert_file, 'w') - cert_fo.write(cert_string) - cert_fo.close() - - ca_cert_fo = open(ca_cert_file, 'w') - ca_cert_fo.write(ca_cert_string) - ca_cert_fo.close() - - return 0 - - -if __name__ == "__main__": - if len(sys.argv[1:]) > 0: - cert_dir = sys.argv[1] - else: - cert_dir = '/etc/pki/func' - - if len(sys.argv[1:]) > 1: - master_uri = sys.argv[2] - else: - master_uri = 'http://localhost:51235/' - - sys.exit(main(cert_dir, master_uri)) - diff --git a/docs/certmaster-ca.pod b/docs/certmaster-ca.pod deleted file mode 100644 index fce3f73..0000000 --- a/docs/certmaster-ca.pod +++ /dev/null @@ -1,41 +0,0 @@ -=head1 NAME - -certmaster-ca -- signs certificate requests gathered by certmaster. - -=head1 SYNOPSIS - -certmaster-ca --list - -certmaster-ca --sign machine.example.org - -=head1 DESCRIPTION - -"certmaster-ca --list" - -The list command prints all certificates that have been requested from certmaster by a remote -service (such as funcd) but are not yet signed. - -func commands can't be sent to a remote machine until the certificates have been signed. - -"certmaster-ca --sign [hostname]" - -This command is used to sign a certificate and send it back to the requester. - -=head1 AUTO-SIGNING - -The certmaster can be configured to make this command unneccessary; all incoming -requests can be signed automatically by certmaster. - -To configure this, edit /etc/func/certmaster.conf. - -=head1 ADDITONAL RESOURCES - -See https://hosted.fedoraproject.org/projects/func/. It's a Wiki. - -See also the manpages for "func", "func-inventory", "funcd", and "certmaster". - -=head1 AUTHOR - -Various. See https://hosted.fedoraproject.org/projects/func - - diff --git a/docs/certmaster.pod b/docs/certmaster.pod deleted file mode 100644 index 92f5074..0000000 --- a/docs/certmaster.pod +++ /dev/null @@ -1,29 +0,0 @@ -=head1 NAME - -certmaster -- hands out certificates to funcd and other components. - -=head1 SYNOPSIS - -certmaster (it's a daemon and takes no arguments) - -=head1 DESCRIPTION - -See https://hosted.fedoraproject.org/projects/func/ - -Certmaster is run on the master-control machine on a network being -controlled by func. It hands out certificates to machines running -funcd. - -Certmaster is configured by /etc/func/certmaster.conf - -=head1 ADDITONAL RESOURCES - -See https://hosted.fedoraproject.org/projects/func/. It's a Wiki. - -See also the manpages for "func", "func-inventory", "funcd", "certmaster-ca". - -=head1 AUTHOR - -Various. See https://hosted.fedoraproject.org/projects/func - - diff --git a/init-scripts/certmaster b/init-scripts/certmaster deleted file mode 100755 index 819ba0d..0000000 --- a/init-scripts/certmaster +++ /dev/null @@ -1,112 +0,0 @@ -#!/bin/sh -# -# certmaster certmaster -################################### - -# LSB header - -### BEGIN INIT INFO -# Provides: certmaster -# Required-Start: network -# Default-Start: 3 4 5 -# Default-Stop: 0 1 2 6 -# Short-Description: certificate master for Fedora Unified Network Control 'master server only' -# Description: certificate master to sign/manage ca/cert infrastructure for func -### END INIT INFO - -# chkconfig header - -# chkconfig: - 98 99 -# description: certificate master to sign/manage ca/cert infrastructure for func -# -# processname: /usr/bin/certmaster - -# Sanity checks. -[ -x /usr/bin/certmaster ] || exit 0 - -SERVICE=certmaster -PROCESS=certmaster -DAEMON=/usr/bin/certmaster -CONFIG_ARGS="--daemon" - -CAStatus() -{ - ps wt? | grep "$DAEMON" 2>&1 > /dev/null - if [ "x$?" = "x0" ]; then - RVAL=0 - echo "certmaster is running" - else - RVAL=3 - echo "certmaster is not running" - fi -} - -if [ -f /lib/lsb/init-functions ]; then - . /lib/lsb/init-functions - alias START_DAEMON=start_daemon - alias STATUS=CAStatus - alias LOG_SUCCESS=log_success_msg - alias LOG_FAILURE=log_failure_msg - alias LOG_WARNING=log_warning_msg -elif [ -f /etc/init.d/functions ]; then - . /etc/init.d/functions - alias START_DAEMON=daemon - alias STATUS=status - alias LOG_SUCCESS=success - alias LOG_FAILURE=failure - alias LOG_WARNING=passed -else - echo "Error: your platform is not supported by $0" > /dev/stderr - exit 1 -fi - -RETVAL=0 - -start() { - echo -n $"Starting certmaster daemon: " - START_DAEMON $PROCESS $CONFIG_ARGS - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SERVICE - return $RETVAL -} - -stop() { - echo -n $"Stopping certmaster daemon: " - killproc $PROCESS - RETVAL=$? - echo - if [ $RETVAL -eq 0 ]; then - rm -f /var/lock/subsys/$SERVICE - rm -f /var/run/$SERVICE.pid - fi -} - -restart() { - stop - start -} - -# See how we were called. -case "$1" in - start|stop|restart) - $1 - ;; - status) - STATUS $PROCESS - RETVAL=$? - ;; - condrestart) - [ -f /var/lock/subsys/$SERVICE ] && restart || : - ;; - reload) - echo "can't reload configuration, you have to restart it" - RETVAL=$? - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}" - exit 1 - ;; -esac -exit $RETVAL - |