From 783ba8a69cebb109049b5457472c3b2c3e15b81b Mon Sep 17 00:00:00 2001 From: Seth Vidal Date: Wed, 26 Sep 2007 19:17:02 -0400 Subject: make minion create its keys and get the cert from the certmaster on startup --- minion/server.py | 11 +++++---- minion/utils.py | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+), 4 deletions(-) (limited to 'minion') diff --git a/minion/server.py b/minion/server.py index da771b9..302bf43 100755 --- a/minion/server.py +++ b/minion/server.py @@ -19,6 +19,7 @@ import SimpleXMLRPCServer import string import sys import traceback +import socket from rhpl.translate import _, N_, textdomain, utf8 I18N_DOMAIN = "func" @@ -155,9 +156,10 @@ class FuncSSLXMLRPCServer(AuthedXMLRPCServer.AuthedSSLXMLRPCServer, def __init__(self, args): self.allow_reuse_address = True # is this right? - self.key = "/etc/pki/func/slave.pem" - self.cert = "/etc/pki/func/slave.cert" - self.ca = "/etc/pki/func/ca/funcmaster.crt" + hn = socket.getfqdn() + self.key = "/etc/pki/func/%s.pem" % hn + self.cert = "/etc/pki/func/%s.cert" % hn + self.ca = "/etc/pki/func/ca.cert" self.modules = module_loader.load_modules() @@ -207,8 +209,9 @@ def main(argv): utils.daemonize("/var/run/funcd.pid") else: print "serving...\n" - + try: + utils.create_minion_keys() serve() except codes.FuncException, e: print >> sys.stderr, 'error: %s' % e diff --git a/minion/utils.py b/minion/utils.py index 724c847..8b9069c 100755 --- a/minion/utils.py +++ b/minion/utils.py @@ -16,6 +16,78 @@ import os import string import sys import traceback +import xmlrpclib +from func import certs +import codes +import socket +import time + +#import config_data + + + +def create_minion_keys(): + #config_obj = config_data.Config() + cert_dir = '/etc/pki/func' # clearly needs to be a config + master_uri = 'http://certmaster:51235/' # clearly needs to be a config + hn = socket.getfqdn() + + key_file = '%s/%s.pem' % (cert_dir, hn) + csr_file = '%s/%s.csr' % (cert_dir, hn) + cert_file = '%s/%s.cert' % (cert_dir, hn) + ca_cert_file = '%s/ca.cert' % cert_dir + + + if os.path.exists(cert_file) and os.path.exists(ca_cert_file): + return + + keypair = None + try: + if not os.path.exists(cert_dir): + os.makedirs(cert_dir) + if not os.path.exists(key_file): + keypair = certs.make_keypair(dest=key_file) + if not os.path.exists(csr_file): + if not keypair: + keypair = certs.retrieve_key_from_file(key_file) + csr = certs.make_csr(keypair, dest=csr_file) + except Exception, e: # need a little more specificity here + raise codes.FuncException, "Could not create local keypair or csr for minion funcd session" + + result = False + while not result: + try: + result, cert_string, ca_cert_string = submit_csr_to_master(csr_file, master_uri) + except socket.gaierror, e: + raise codes.FuncException, "Could not locate certmaster at: http://certmaster:51235/" + + # logging here would be nice + if not result: + time.sleep(10) + + + if result: + cert_fo = open(cert_file, 'w') + cert_fo.write(cert_string) + cert_fo.close() + + ca_cert_fo = open(ca_cert_file, 'w') + ca_cert_fo.write(ca_cert_string) + ca_cert_fo.close() + +def submit_csr_to_master(csr_file, master_uri): + """" + gets us our cert back from the certmaster.wait_for_cert() method + takes csr_file as path location and master_uri + returns Bool, str(cert), str(ca_cert) + """ + + fo = open(csr_file) + csr = fo.read() + s = xmlrpclib.ServerProxy(master_uri) + + return s.wait_for_cert(csr) + # this is kind of handy, so keep it around for now # but we really need to fix out server side logging and error -- cgit