2 files changed, 13 insertions, 79 deletions

diff --git a/func/minion/server.py b/func/minion/server.py
index 2fa175a..c511598 100755
--- a/func/minion/server.py
+++ b/func/minion/server.py
@@ -25,17 +25,20 @@ I18N_DOMAIN = "func"
 
 from func.config import read_config
 from func.commonconfig import FuncdConfig
+from certmaster.commonconfig import CMConfig
 from func import logger
 from func import certs
 import func.jobthing as jobthing
-import utils
 
 # our modules
 import AuthedXMLRPCServer
 import codes
 import module_loader
 import func.utils as futils
+import func.minion.utils as fmutils
 
+from certmaster import utils
+from certmaster import requester
 
 
 class XmlRpcInterface(object):
@@ -46,8 +49,11 @@ class XmlRpcInterface(object):
         Constructor.
         """
 
-        config_file = '/etc/func/minion.conf'
+        cm_config_file = '/etc/certmaster/minion.conf'
+        self.cm_config = read_config(cm_config_file, CMConfig)
+        config_file = "/etc/func/minion.conf"
         self.config = read_config(config_file, FuncdConfig)
+
         self.logger = logger.Logger().logger
         self.audit_logger = logger.AuditLogger()
         self.__setup_handlers()
@@ -172,9 +178,9 @@ class FuncSSLXMLRPCServer(AuthedXMLRPCServer.AuthedSSLXMLRPCServer,
 
         XmlRpcInterface.__init__(self)
         hn = utils.get_hostname()
-        self.key = "%s/%s.pem" % (self.config.cert_dir, hn)
-        self.cert = "%s/%s.cert" % (self.config.cert_dir, hn)
-        self.ca = "%s/ca.cert" % self.config.cert_dir
+        self.key = "%s/%s.pem" % (self.cm_config.cert_dir, hn)
+        self.cert = "%s/%s.cert" % (self.cm_config.cert_dir, hn)
+        self.ca = "%s/ca.cert" % self.cm_config.cert_dir
         
         self._our_ca = certs.retrieve_cert_from_file(self.ca)
         
@@ -234,7 +240,7 @@ class FuncSSLXMLRPCServer(AuthedXMLRPCServer.AuthedSSLXMLRPCServer,
         return peer_cert.get_subject().CN
     
     def _check_acl(self, cert, ip, method, params):
-        acls = utils.get_acls_from_config(acldir=self.config.acl_dir)
+        acls = fmutils.get_acls_from_config(acldir=self.config.acl_dir)
         
         # certmaster always gets to run things
         ca_cn = self._our_ca.get_subject().CN
@@ -271,7 +277,7 @@ def main(argv):
         print "serving...\n"
 
     try:
-        utils.create_minion_keys()
+        requester.request_cert()
         serve()
     except codes.FuncException, e:
         print >> sys.stderr, 'error: %s' % e
diff --git a/func/minion/utils.py b/func/minion/utils.py
index ea8854c..1133866 100755
--- a/func/minion/utils.py
+++ b/func/minion/utils.py
@@ -65,78 +65,6 @@ def get_hostname():
     
 
 
-def create_minion_keys():
-    config_file = '/etc/func/minion.conf'
-    config = read_config(config_file, FuncdConfig)
-    cert_dir = config.cert_dir
-    master_uri = 'http://%s:51235/' % config.certmaster
-    hn = get_hostname()
-
-    if hn is None:
-        raise codes.FuncException("Could not determine a hostname other than localhost")
-
-    key_file = '%s/%s.pem' % (cert_dir, hn)
-    csr_file = '%s/%s.csr' % (cert_dir, hn)
-    cert_file = '%s/%s.cert' % (cert_dir, hn)
-    ca_cert_file = '%s/ca.cert' % cert_dir
-
-
-    if os.path.exists(cert_file) and os.path.exists(ca_cert_file):
-        return
-
-    keypair = None
-    try:
-        if not os.path.exists(cert_dir):
-            os.makedirs(cert_dir)
-        if not os.path.exists(key_file):
-            keypair = certs.make_keypair(dest=key_file)
-        if not os.path.exists(csr_file):
-            if not keypair:
-                keypair = certs.retrieve_key_from_file(key_file)
-            csr = certs.make_csr(keypair, dest=csr_file)
-    except Exception, e:
-        traceback.print_exc()
-        raise codes.FuncException, "Could not create local keypair or csr for minion funcd session"
-
-    result = False
-    log = logger.Logger().logger
-    while not result:
-        try:
-            log.debug("submitting CSR to certmaster %s" % master_uri)
-            result, cert_string, ca_cert_string = submit_csr_to_master(csr_file, master_uri)
-        except socket.gaierror, e:
-            raise codes.FuncException, "Could not locate certmaster at %s" % master_uri
-
-        # logging here would be nice
-        if not result:
-            log.warning("no response from certmaster %s, sleeping 10 seconds" % master_uri)
-            time.sleep(10)
-
-
-    if result:
-        log.debug("received certificate from certmaster %s, storing" % master_uri)
-        cert_fd = os.open(cert_file, os.O_RDWR|os.O_CREAT, 0644)
-        os.write(cert_fd, cert_string)
-        os.close(cert_fd)
-
-        ca_cert_fd = os.open(ca_cert_file, os.O_RDWR|os.O_CREAT, 0644)
-        os.write(ca_cert_fd, ca_cert_string)
-        os.close(ca_cert_fd)
-
-def submit_csr_to_master(csr_file, master_uri):
-    """"
-    gets us our cert back from the certmaster.wait_for_cert() method
-    takes csr_file as path location and master_uri
-    returns Bool, str(cert), str(ca_cert)
-    """
-
-    fo = open(csr_file)
-    csr = fo.read()
-    s = xmlrpclib.ServerProxy(master_uri)
-
-    return s.wait_for_cert(csr)
-
-
 # this is kind of handy, so keep it around for now
 # but we really need to fix out server side logging and error
 # reporting so we don't need it