diff options
Diffstat (limited to 'minion/utils.py')
-rwxr-xr-x | minion/utils.py | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/minion/utils.py b/minion/utils.py index 724c847..8b9069c 100755 --- a/minion/utils.py +++ b/minion/utils.py @@ -16,6 +16,78 @@ import os import string import sys import traceback +import xmlrpclib +from func import certs +import codes +import socket +import time + +#import config_data + + + +def create_minion_keys(): + #config_obj = config_data.Config() + cert_dir = '/etc/pki/func' # clearly needs to be a config + master_uri = 'http://certmaster:51235/' # clearly needs to be a config + hn = socket.getfqdn() + + key_file = '%s/%s.pem' % (cert_dir, hn) + csr_file = '%s/%s.csr' % (cert_dir, hn) + cert_file = '%s/%s.cert' % (cert_dir, hn) + ca_cert_file = '%s/ca.cert' % cert_dir + + + if os.path.exists(cert_file) and os.path.exists(ca_cert_file): + return + + keypair = None + try: + if not os.path.exists(cert_dir): + os.makedirs(cert_dir) + if not os.path.exists(key_file): + keypair = certs.make_keypair(dest=key_file) + if not os.path.exists(csr_file): + if not keypair: + keypair = certs.retrieve_key_from_file(key_file) + csr = certs.make_csr(keypair, dest=csr_file) + except Exception, e: # need a little more specificity here + raise codes.FuncException, "Could not create local keypair or csr for minion funcd session" + + result = False + while not result: + try: + result, cert_string, ca_cert_string = submit_csr_to_master(csr_file, master_uri) + except socket.gaierror, e: + raise codes.FuncException, "Could not locate certmaster at: http://certmaster:51235/" + + # logging here would be nice + if not result: + time.sleep(10) + + + if result: + cert_fo = open(cert_file, 'w') + cert_fo.write(cert_string) + cert_fo.close() + + ca_cert_fo = open(ca_cert_file, 'w') + ca_cert_fo.write(ca_cert_string) + ca_cert_fo.close() + +def submit_csr_to_master(csr_file, master_uri): + """" + gets us our cert back from the certmaster.wait_for_cert() method + takes csr_file as path location and master_uri + returns Bool, str(cert), str(ca_cert) + """ + + fo = open(csr_file) + csr = fo.read() + s = xmlrpclib.ServerProxy(master_uri) + + return s.wait_for_cert(csr) + # this is kind of handy, so keep it around for now # but we really need to fix out server side logging and error |