1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
#!/usr/bin/python
"""
Copyright 2007, Red Hat, Inc
see AUTHORS
This software may be freely redistributed under the terms of the GNU
general public license.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
"""
import os
import string
import sys
import traceback
import xmlrpclib
from func import certs
import codes
import socket
import time
import config_data
def create_minion_keys():
config_obj = config_data.Config()
config = config_obj.get()
cert_dir = config['cert_dir']
master_uri = config['certmaster']
hn = socket.getfqdn()
key_file = '%s/%s.pem' % (cert_dir, hn)
csr_file = '%s/%s.csr' % (cert_dir, hn)
cert_file = '%s/%s.cert' % (cert_dir, hn)
ca_cert_file = '%s/ca.cert' % cert_dir
if os.path.exists(cert_file) and os.path.exists(ca_cert_file):
return
keypair = None
try:
if not os.path.exists(cert_dir):
os.makedirs(cert_dir)
if not os.path.exists(key_file):
keypair = certs.make_keypair(dest=key_file)
if not os.path.exists(csr_file):
if not keypair:
keypair = certs.retrieve_key_from_file(key_file)
csr = certs.make_csr(keypair, dest=csr_file)
except Exception, e: # need a little more specificity here
raise codes.FuncException, "Could not create local keypair or csr for minion funcd session"
result = False
while not result:
try:
result, cert_string, ca_cert_string = submit_csr_to_master(csr_file, master_uri)
except socket.gaierror, e:
raise codes.FuncException, "Could not locate certmaster at: http://certmaster:51235/"
# logging here would be nice
if not result:
time.sleep(10)
if result:
cert_fo = open(cert_file, 'w')
cert_fo.write(cert_string)
cert_fo.close()
ca_cert_fo = open(ca_cert_file, 'w')
ca_cert_fo.write(ca_cert_string)
ca_cert_fo.close()
def submit_csr_to_master(csr_file, master_uri):
""""
gets us our cert back from the certmaster.wait_for_cert() method
takes csr_file as path location and master_uri
returns Bool, str(cert), str(ca_cert)
"""
fo = open(csr_file)
csr = fo.read()
s = xmlrpclib.ServerProxy(master_uri)
return s.wait_for_cert(csr)
# this is kind of handy, so keep it around for now
# but we really need to fix out server side logging and error
# reporting so we don't need it
def trace_me():
x = traceback.extract_stack()
bar = string.join(traceback.format_list(x))
return bar
def daemonize(pidfile=None):
"""
Daemonize this process with the UNIX double-fork trick.
Writes the new PID to the provided file name if not None.
"""
print pidfile
pid = os.fork()
if pid > 0:
sys.exit(0)
os.setsid()
os.umask(0)
pid = os.fork()
if pid > 0:
if pidfile is not None:
open(pidfile, "w").write(str(pid))
sys.exit(0)
|
