diff options
author | Jesus M. Rodriguez <jmrodri@firebird.home.net> | 2007-10-03 22:48:21 -0400 |
---|---|---|
committer | Jesus M. Rodriguez <jmrodri@firebird.home.net> | 2007-10-03 22:48:21 -0400 |
commit | 3ff3336d954160739fca807732ec217d2dabc572 (patch) | |
tree | 1194a6f5c13ef4625c17df22372c39e06bee75e8 | |
parent | ff3e3f38b174bee4b944d3851af55b296e407f13 (diff) | |
parent | 5dfdff8f110d8336b4812497428cd5dd1fae2db0 (diff) | |
download | func-3ff3336d954160739fca807732ec217d2dabc572.tar.gz func-3ff3336d954160739fca807732ec217d2dabc572.tar.xz func-3ff3336d954160739fca807732ec217d2dabc572.zip |
Merge branch 'master' of ssh://git.fedoraproject.org/git/hosted/func
-rw-r--r-- | COPYING | 339 | ||||
-rwxr-xr-x | Makefile | 8 | ||||
-rw-r--r-- | etc/certmaster.conf | 1 | ||||
-rwxr-xr-x | func/Makefile | 5 | ||||
-rwxr-xr-x | func/certmaster.py | 4 | ||||
-rw-r--r-- | func/commonconfig.py | 1 | ||||
-rw-r--r-- | func/minion/AuthedXMLRPCServer.py (renamed from minion/AuthedXMLRPCServer.py) | 9 | ||||
-rwxr-xr-x | func/minion/Makefile (renamed from modules/Makefile) | 11 | ||||
-rw-r--r-- | func/minion/__init__.py (renamed from minion/__init__.py) | 0 | ||||
-rwxr-xr-x | func/minion/codes.py (renamed from minion/codes.py) | 0 | ||||
-rwxr-xr-x | func/minion/module_loader.py (renamed from minion/module_loader.py) | 2 | ||||
-rwxr-xr-x | func/minion/modules/Makefile (renamed from minion/Makefile) | 7 | ||||
-rw-r--r-- | func/minion/modules/__init__.py (renamed from modules/__init__.py) | 0 | ||||
-rw-r--r-- | func/minion/modules/command.py (renamed from modules/command.py) | 2 | ||||
-rw-r--r-- | func/minion/modules/copyfile.py (renamed from modules/copyfile.py) | 14 | ||||
-rwxr-xr-x | func/minion/modules/func_module.py (renamed from modules/func_module.py) | 8 | ||||
-rwxr-xr-x | func/minion/modules/hardware.py (renamed from modules/hardware.py) | 25 | ||||
-rwxr-xr-x | func/minion/modules/process.py (renamed from modules/process.py) | 7 | ||||
-rwxr-xr-x | func/minion/modules/reboot.py (renamed from modules/reboot.py) | 0 | ||||
-rwxr-xr-x | func/minion/modules/service.py (renamed from modules/service.py) | 0 | ||||
-rwxr-xr-x | func/minion/modules/smart.py (renamed from modules/smart.py) | 7 | ||||
-rwxr-xr-x | func/minion/modules/test.py (renamed from modules/test.py) | 0 | ||||
-rwxr-xr-x | func/minion/modules/virt.py (renamed from modules/virt.py) | 42 | ||||
-rw-r--r-- | func/minion/modules/yum.py (renamed from modules/yum.py) | 0 | ||||
-rwxr-xr-x | func/minion/server.py (renamed from minion/server.py) | 32 | ||||
-rw-r--r-- | func/minion/sub_process.py (renamed from minion/sub_process.py) | 0 | ||||
-rwxr-xr-x | func/minion/utils.py (renamed from minion/utils.py) | 66 | ||||
-rwxr-xr-x | func/overlord/Makefile (renamed from overlord/Makefile) | 7 | ||||
-rw-r--r-- | func/overlord/__init__.py (renamed from overlord/__init__.py) | 0 | ||||
-rwxr-xr-x | func/overlord/client.py (renamed from overlord/client.py) | 24 | ||||
-rw-r--r-- | func/overlord/command.py (renamed from overlord/command.py) | 4 | ||||
-rw-r--r-- | func/overlord/sslclient.py (renamed from overlord/sslclient.py) | 8 | ||||
-rw-r--r-- | func/overlord/test_func.py (renamed from overlord/test_func.py) | 5 | ||||
-rwxr-xr-x | scripts/Makefile | 3 | ||||
-rwxr-xr-x | scripts/certmaster-ca | 39 | ||||
-rw-r--r-- | setup.py | 5 |
36 files changed, 540 insertions, 145 deletions
@@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 675 Mass Ave, Cambridge, MA 02139, USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + <one line to give the program's name and a brief idea of what it does.> + Copyright (C) 19yy <name of author> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + <signature of Ty Coon>, 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. @@ -5,8 +5,8 @@ NEWRELEASE = $(shell echo $$(($(RELEASE) + 1))) MESSAGESPOT=po/messages.pot TOPDIR = $(shell pwd) -DIRS = modules minion overlord func docs scripts -PYDIRS = modules minion overlord func scripts +DIRS = func docs scripts +PYDIRS = func scripts EXAMPLEDIR = examples INITDIR = init-scripts @@ -19,8 +19,8 @@ manpage: pod2man --center="certmaster" --release="" ./docs/certmaster.pod | gzip -c > ./docs/certmaster.1.gz pod2man --center="certmaster-ca" --release="" ./docs/certmaster-ca.pod | gzip -c > ./docs/certmaster-ca.1.gz -messages: minion/*.py - xgettext -k_ -kN_ -o $(MESSAGESPOT) minion/*.py +messages: func/minion/*.py + xgettext -k_ -kN_ -o $(MESSAGESPOT) func/minion/*.py sed -i'~' -e 's/SOME DESCRIPTIVE TITLE/func/g' -e 's/YEAR THE PACKAGE'"'"'S COPYRIGHT HOLDER/2007 Red Hat, inc. /g' -e 's/FIRST AUTHOR <EMAIL@ADDRESS>, YEAR/Adrian Likins <alikins@redhat.com>, 2007/g' -e 's/PACKAGE VERSION/func $(VERSION)-$(RELEASE)/g' -e 's/PACKAGE/func/g' $(MESSAGESPOT) diff --git a/etc/certmaster.conf b/etc/certmaster.conf index ded4de6..71b2068 100644 --- a/etc/certmaster.conf +++ b/etc/certmaster.conf @@ -1,6 +1,5 @@ [main] listen_addr = -listen_port = 51235 cadir = /etc/pki/func/ca certroot = /var/lib/func/certmaster/certs csrroot = /var/lib/func/certmaster/csrs diff --git a/func/Makefile b/func/Makefile index 86a3db8..99fd546 100755 --- a/func/Makefile +++ b/func/Makefile @@ -1,6 +1,7 @@ PYFILES = $(wildcard *.py) +PYDIRS = minion overlord PYCHECKER = /usr/bin/pychecker PYFLAKES = /usr/bin/pyflakes @@ -17,3 +18,7 @@ pychecker:: pyflakes:: @$(PYFLAKES) $(PYFILES) || exit 0 +pychecker:: + -for d in $(PYDIRS); do ($(MAKE) -C $$d pychecker ); done +pyflakes:: + -for d in $(PYDIRS); do ($(MAKE) -C $$d pyflakes ); done diff --git a/func/certmaster.py b/func/certmaster.py index e881b3e..e8c046d 100755 --- a/func/certmaster.py +++ b/func/certmaster.py @@ -33,6 +33,8 @@ import utils from config import read_config from commonconfig import CMConfig +CERTMASTER_LISTEN_PORT = 51235 + class CertMaster(object): def __init__(self, conf_file): self.cfg = read_config(conf_file, CMConfig) @@ -203,7 +205,7 @@ def serve(xmlrpcinstance): Code for starting the XMLRPC service. """ - server = CertmasterXMLRPCServer((xmlrpcinstance.cfg.listen_addr, xmlrpcinstance.cfg.listen_port)) + server = CertmasterXMLRPCServer((xmlrpcinstance.cfg.listen_addr, CERTMASTER_LISTEN_PORT)) server.logRequests = 0 # don't print stuff to console server.register_instance(xmlrpcinstance) server.serve_forever() diff --git a/func/commonconfig.py b/func/commonconfig.py index 559c290..cbf031e 100644 --- a/func/commonconfig.py +++ b/func/commonconfig.py @@ -4,7 +4,6 @@ from config import BaseConfig, BoolOption, IntOption, Option class CMConfig(BaseConfig): listen_addr = Option('') - listen_port = IntOption(51235) cadir = Option('/etc/pki/func/ca') certroot = Option('/var/lib/func/certmaster/certs') csrroot = Option('/var/lib/func/certmaster/csrs') diff --git a/minion/AuthedXMLRPCServer.py b/func/minion/AuthedXMLRPCServer.py index da6b18a..265d1b2 100644 --- a/minion/AuthedXMLRPCServer.py +++ b/func/minion/AuthedXMLRPCServer.py @@ -39,7 +39,7 @@ class AuthedSimpleXMLRPCRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHan self.connection = self.request # for doPOST self.rfile = socket._fileobject(self.request, "rb", self.rbufsize) self.wfile = socket._fileobject(self.request, "wb", self.wbufsize) - + def do_POST(self): self.server._this_request = (self.request, self.client_address) try: @@ -101,7 +101,7 @@ class TestServer(AuthedSSLXMLRPCServer): def __init__(self, address, pkey, cert, ca_cert): AuthedSSLXMLRPCServer.__init__(self, address, pkey, cert, ca_cert, self.auth_cb) - + def _dispatch(self, method, params): if method == 'trait_names' or method == '_getAttributeNames': return dir(self) @@ -115,10 +115,10 @@ class TestServer(AuthedSSLXMLRPCServer): print dir(p) print p.get_subject() else: - print 'no cert' + print 'no cert' return "your mom" - + def auth_cb(self, request, client_address): peer_cert = request.get_peer_certificate() return peer_cert.get_subject().CN @@ -138,4 +138,3 @@ if __name__ == '__main__': h = ReqHandler() server.register_instance(h) server.serve_forever() - diff --git a/modules/Makefile b/func/minion/Makefile index 86a3db8..d630382 100755 --- a/modules/Makefile +++ b/func/minion/Makefile @@ -1,19 +1,24 @@ PYFILES = $(wildcard *.py) +PYDIRS = modules PYCHECKER = /usr/bin/pychecker PYFLAKES = /usr/bin/pyflakes clean:: - @rm -fv *.pyc *~ .*~ *.pyo + @rm -fv *.pyc *~ .*~ *.pyo @find . -name .\#\* -exec rm -fv {} \; @rm -fv *.rpm - -pychecker:: + +pychecker:: @$(PYCHECKER) $(PYFILES) || exit 0 pyflakes:: @$(PYFLAKES) $(PYFILES) || exit 0 +pychecker:: + -for d in $(PYDIRS); do ($(MAKE) -C $$d pychecker ); done +pyflakes:: + -for d in $(PYDIRS); do ($(MAKE) -C $$d pyflakes ); done diff --git a/minion/__init__.py b/func/minion/__init__.py index e69de29..e69de29 100644 --- a/minion/__init__.py +++ b/func/minion/__init__.py diff --git a/minion/codes.py b/func/minion/codes.py index 058ca44..058ca44 100755 --- a/minion/codes.py +++ b/func/minion/codes.py diff --git a/minion/module_loader.py b/func/minion/module_loader.py index 4538fb2..1339359 100755 --- a/minion/module_loader.py +++ b/func/minion/module_loader.py @@ -36,7 +36,7 @@ def module_walker(topdir): # in the module name, and foo..bar doesnt work -akl module_files.append(os.path.normpath("%s/%s" % (root, filename))) - + return module_files def load_modules(blacklist=None): diff --git a/minion/Makefile b/func/minion/modules/Makefile index 86a3db8..f2bc6c4 100755 --- a/minion/Makefile +++ b/func/minion/modules/Makefile @@ -6,14 +6,13 @@ PYCHECKER = /usr/bin/pychecker PYFLAKES = /usr/bin/pyflakes clean:: - @rm -fv *.pyc *~ .*~ *.pyo + @rm -fv *.pyc *~ .*~ *.pyo @find . -name .\#\* -exec rm -fv {} \; @rm -fv *.rpm - -pychecker:: + +pychecker:: @$(PYCHECKER) $(PYFILES) || exit 0 pyflakes:: @$(PYFLAKES) $(PYFILES) || exit 0 - diff --git a/modules/__init__.py b/func/minion/modules/__init__.py index e69de29..e69de29 100644 --- a/modules/__init__.py +++ b/func/minion/modules/__init__.py diff --git a/modules/command.py b/func/minion/modules/command.py index 5dc0292..06adaaa 100644 --- a/modules/command.py +++ b/func/minion/modules/command.py @@ -36,5 +36,3 @@ class Command(func_module.FuncModule): methods = Command() register_rpc = methods.register_rpc - - diff --git a/modules/copyfile.py b/func/minion/modules/copyfile.py index 58b5ea4..a4f91f0 100644 --- a/modules/copyfile.py +++ b/func/minion/modules/copyfile.py @@ -27,7 +27,7 @@ class CopyFile(func_module.FuncModule): "checksum" : self.checksum } func_module.FuncModule.__init__(self) - + def checksum(self, thing): CHUNK=2**16 @@ -54,17 +54,17 @@ class CopyFile(func_module.FuncModule): # we should probably verify mode,uid,gid are valid as well - + dirpath = os.path.dirname(filepath) basepath = os.path.basename(filepath) if not os.path.exists(dirpath): os.makedirs(dirpath) - + remote_sum = self.checksum(filebuf) local_sum = 0 if os.path.exists(filepath): local_sum = self.checksum(filepath) - + if remote_sum != local_sum or force is not None: # back up the localone if os.path.exists(filepath): @@ -90,18 +90,18 @@ class CopyFile(func_module.FuncModule): os.chown(filepath, uid, gid) except (IOError, OSError), e: return -1 - + return 1 def _backuplocal(self, fn): """ - make a date-marked backup of the specified file, + make a date-marked backup of the specified file, return True or False on success or failure """ # backups named basename-YYYY-MM-DD@HH:MM~ ext = time.strftime("%Y-%m-%d@%H:%M~", time.localtime(time.time())) backupdest = '%s.%s' % (fn, ext) - + try: shutil.copy2(fn, backupdest) except shutil.Error, e: diff --git a/modules/func_module.py b/func/minion/modules/func_module.py index 32a235d..aa3c132 100755 --- a/modules/func_module.py +++ b/func/minion/modules/func_module.py @@ -24,11 +24,11 @@ class FuncModule(object): version = "0.0.0" api_version = "0.0.0" description = "No Description provided" - + def __init__(self): config_file = '/etc/func/minion.conf' - self.config = read_config(config_file, FuncdConfig) + self.config = read_config(config_file, FuncdConfig) self.__init_log() self.__base_methods = { # __'s so we don't clobber useful names @@ -37,11 +37,11 @@ class FuncModule(object): "module_description" : self.__module_description, "list_methods" : self.__list_methods } - + def __init_log(self): log = logger.Logger() self.logger = log.logger - + def register_rpc(self, handlers, module_name): # add the internal methods, note that this means they # can get clobbbered by subclass versions diff --git a/modules/hardware.py b/func/minion/modules/hardware.py index e2455d1..79faf4c 100755 --- a/modules/hardware.py +++ b/func/minion/modules/hardware.py @@ -1,6 +1,6 @@ #!/usr/bin/python -## +## ## Hardware profiler plugin ## requires the "smolt" client package be installed ## but also relies on lspci for some things @@ -30,7 +30,7 @@ class HardwareModule(func_module.FuncModule): def __init__(self): self.methods = { "info" : self.info, - "hal_info" : self.hal_info + "hal_info" : self.hal_info } func_module.FuncModule.__init__(self) @@ -41,10 +41,10 @@ class HardwareModule(func_module.FuncModule): """ cmd = sub_process.Popen(["/usr/bin/lshal"],shell=False,stdout=sub_process.PIPE) - data = cmd.communicate()[0] - + data = cmd.communicate()[0] + data = data.split("\n") - + results = {} current = "" label = data[0] @@ -56,7 +56,7 @@ class HardwareModule(func_module.FuncModule): else: if label == "": label = d - current = current + d + current = current + d return results @@ -75,7 +75,7 @@ def hw_info(with_devices=True): # this may fail if smolt is not installed. That's ok. hal_info will # still work. - + # hack: smolt is not installed in site-packages sys.path.append("/usr/share/smolt/client") import smolt @@ -92,14 +92,14 @@ def hw_info(with_devices=True): 'cpuModel' : str(host.cpuModel), 'numCpus' : str(host.numCpus), 'cpuSpeed' : str(host.cpuSpeed), - 'systemMemory' : str(host.systemMemory), + 'systemMemory' : str(host.systemMemory), 'systemSwap' : str(host.systemSwap), 'kernelVersion' : str(host.kernelVersion), 'language' : str(host.language), 'platform' : str(host.platform), 'systemVendor' : str(host.systemVendor), 'systemModel' : str(host.systemModel), - 'formfactor' : str(host.formfactor), + 'formfactor' : str(host.formfactor), 'selinux_enabled' : str(host.selinux_enabled), 'selinux_enforce' : str(host.selinux_enforce) } @@ -107,7 +107,7 @@ def hw_info(with_devices=True): # if no hardware info requested, just return the above bits if not with_devices: return data - + collection = data["devices"] = [] for item in hardware.deviceIter(): @@ -121,13 +121,10 @@ def hw_info(with_devices=True): "Bus" : str(Bus), "Driver" : str(Driver), "Type" : str(Type), - "Description" : str(Description) + "Description" : str(Description) }) return data methods = HardwareModule() register_rpc = methods.register_rpc - - - diff --git a/modules/process.py b/func/minion/modules/process.py index 94a0240..b48b910 100755 --- a/modules/process.py +++ b/func/minion/modules/process.py @@ -1,6 +1,6 @@ #!/usr/bin/python -## +## ## Process lister (control TBA) ## ## Copyright 2007, Red Hat, Inc @@ -46,7 +46,7 @@ class ProcessModule(func_module.FuncModule): cmd = sub_process.Popen(["/bin/ps", flags] ,executable="/bin/ps", stdout=sub_process.PIPE,shell=False) data = cmd.communicate()[0] - results = [] + results = [] for x in data.split("\n"): tokens = x.split() @@ -74,6 +74,3 @@ class ProcessModule(func_module.FuncModule): methods = ProcessModule() register_rpc = methods.register_rpc - - - diff --git a/modules/reboot.py b/func/minion/modules/reboot.py index 8772b8f..8772b8f 100755 --- a/modules/reboot.py +++ b/func/minion/modules/reboot.py diff --git a/modules/service.py b/func/minion/modules/service.py index 433d70b..433d70b 100755 --- a/modules/service.py +++ b/func/minion/modules/service.py diff --git a/modules/smart.py b/func/minion/modules/smart.py index 0a7be47..c65dfb1 100755 --- a/modules/smart.py +++ b/func/minion/modules/smart.py @@ -1,6 +1,6 @@ #!/usr/bin/python -## +## ## Grabs status from SMART to see if your hard drives are ok ## Returns in the format of (return code, [line1, line2, line3,...]) ## @@ -42,7 +42,7 @@ class SmartModule(func_module.FuncModule): cmd = sub_process.Popen("/usr/sbin/smartd %s" % flags,stdout=sub_process.PIPE,shell=True) data = cmd.communicate()[0] - results = [] + results = [] for x in data.split("\n"): results.append(x) @@ -51,6 +51,3 @@ class SmartModule(func_module.FuncModule): methods = SmartModule() register_rpc = methods.register_rpc - - - diff --git a/modules/test.py b/func/minion/modules/test.py index 55265a3..55265a3 100755 --- a/modules/test.py +++ b/func/minion/modules/test.py diff --git a/modules/virt.py b/func/minion/modules/virt.py index 18ad718..07a9a87 100755 --- a/modules/virt.py +++ b/func/minion/modules/virt.py @@ -15,9 +15,9 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. """ # warning: virt management is rather complicated -# to see a simple example of func, look at the +# to see a simple example of func, look at the # service control module. API docs on how -# to use this to come. +# to use this to come. # other modules import os @@ -102,7 +102,7 @@ class FuncLibvirtConnection(object): def create(self, vmid): return self.find_vm(vmid).create() - + def destroy(self, vmid): return self.find_vm(vmid).destroy() @@ -112,8 +112,8 @@ class FuncLibvirtConnection(object): def get_status2(self, vm): state = vm.info()[0] # print "DEBUG: state: %s" % state - return VIRT_STATE_NAME_MAP.get(state,"unknown") - + return VIRT_STATE_NAME_MAP.get(state,"unknown") + def get_status(self, vmid): state = self.find_vm(vmid).info()[0] return VIRT_STATE_NAME_MAP.get(state,"unknown") @@ -121,10 +121,10 @@ class FuncLibvirtConnection(object): class Virt(func_module.FuncModule): - - + + def __init__(self): - + """ Constructor. Register methods and make them available. """ @@ -140,7 +140,7 @@ class Virt(func_module.FuncModule): "status" : self.get_status, "list_vms" : self.list_vms, } - + func_module.FuncModule.__init__(self) def get_conn(self): @@ -157,13 +157,13 @@ class Virt(func_module.FuncModule): except: pass return results - + def install(self, server_name, target_name, system=False): """ Install a new virt system by way of a named cobbler profile. """ - + # Example: # install("bootserver.example.org", "fc7webserver", True) @@ -192,8 +192,8 @@ class Virt(func_module.FuncModule): return 0 else: raise codes.FuncException("koan returned %d" % rc) - - + + def shutdown(self, vmid): """ Make the machine with the given vmid stop running. @@ -201,9 +201,9 @@ class Virt(func_module.FuncModule): """ self.get_conn() self.conn.shutdown(vmid) - return 0 + return 0 + - def pause(self, vmid): """ @@ -213,7 +213,7 @@ class Virt(func_module.FuncModule): self.conn.suspend(vmid) return 0 - + def unpause(self, vmid): """ @@ -228,12 +228,12 @@ class Virt(func_module.FuncModule): def create(self, vmid): """ - Start the machine via the given mac address. + Start the machine via the given mac address. """ self.get_conn() self.conn.create(vmid) return 0 - + def destroy(self, vmid): @@ -247,7 +247,7 @@ class Virt(func_module.FuncModule): def undefine(self, vmid): - + """ Stop a domain, and then wipe it from the face of the earth. by deleting the disk image and it's configuration file. @@ -263,12 +263,10 @@ class Virt(func_module.FuncModule): """ Return a state suitable for server consumption. Aka, codes.py values, not XM output. """ - + self.get_conn() return self.conn.get_status(vmid) methods = Virt() register_rpc = methods.register_rpc - - diff --git a/modules/yum.py b/func/minion/modules/yum.py index 6600d47..6600d47 100644 --- a/modules/yum.py +++ b/func/minion/modules/yum.py diff --git a/minion/server.py b/func/minion/server.py index 7a11ab8..f155dba 100755 --- a/minion/server.py +++ b/func/minion/server.py @@ -35,7 +35,7 @@ import codes import module_loader import utils - + class XmlRpcInterface(object): @@ -53,7 +53,7 @@ class XmlRpcInterface(object): # need a reference so we can log ip's, certs, etc # self.server = server - + def __setup_handlers(self): """ @@ -80,7 +80,7 @@ class XmlRpcInterface(object): def list_modules(self): return self.modules.keys() - + def list_methods(self): return self.handlers.keys() @@ -88,12 +88,12 @@ class XmlRpcInterface(object): if method in self.handlers: return FuncApiMethod(self.logger, method, self.handlers[method]) - + else: self.logger.info("Unhandled method call for method: %s " % method) raise codes.InvalidMethodException - + class FuncApiMethod: @@ -107,7 +107,7 @@ class FuncApiMethod: self.logger = logger self.__method = method self.__name = name - + def __log_exc(self): """ @@ -141,7 +141,7 @@ class FuncApiMethod: def serve(): """ - Code for starting the XMLRPC service. + Code for starting the XMLRPC service. """ server =FuncSSLXMLRPCServer(('', 51234)) server.logRequests = 0 # don't print stuff to console @@ -165,13 +165,13 @@ class FuncSSLXMLRPCServer(AuthedXMLRPCServer.AuthedSSLXMLRPCServer, def __init__(self, args): self.allow_reuse_address = True self.modules = module_loader.load_modules() - + XmlRpcInterface.__init__(self) hn = socket.getfqdn() self.key = "%s/%s.pem" % (self.config.cert_dir, hn) self.cert = "%s/%s.cert" % (self.config.cert_dir, hn) self.ca = "%s/ca.cert" % self.config.cert_dir - + AuthedXMLRPCServer.AuthedSSLXMLRPCServer.__init__(self, ("", 51234), self.key, self.cert, self.ca) @@ -180,7 +180,7 @@ class FuncSSLXMLRPCServer(AuthedXMLRPCServer.AuthedSSLXMLRPCServer, """ the SimpleXMLRPCServer class will call _dispatch if it doesn't - find a handler method + find a handler method """ # Recognize ipython's tab completion calls @@ -194,19 +194,19 @@ class FuncSSLXMLRPCServer(AuthedXMLRPCServer.AuthedSSLXMLRPCServer, cn = p.get_subject().CN sub_hash = p.subject_name_hash() else: - print 'no cert' + print 'no cert' # XXX FIXME - need to figure out how to dig into the server base classes # so we can get client ip, and eventually cert id info -akl self.audit_logger.log_call(ip, cn, sub_hash, method, params) return self.get_dispatch_method(method)(*params) - + def auth_cb(self, request, client_address): peer_cert = request.get_peer_certificate() return peer_cert.get_subject().CN - + def main(argv): """ @@ -217,18 +217,16 @@ def main(argv): utils.daemonize("/var/run/funcd.pid") else: print "serving...\n" - + try: utils.create_minion_keys() serve() except codes.FuncException, e: print >> sys.stderr, 'error: %s' % e sys.exit(1) - + # ====================================================================================== if __name__ == "__main__": textdomain(I18N_DOMAIN) main(sys.argv) - - diff --git a/minion/sub_process.py b/func/minion/sub_process.py index 351a951..351a951 100644 --- a/minion/sub_process.py +++ b/func/minion/sub_process.py diff --git a/minion/utils.py b/func/minion/utils.py index 7a6180d..d13808e 100755 --- a/minion/utils.py +++ b/func/minion/utils.py @@ -25,23 +25,63 @@ from func import certs from func.config import read_config from func.commonconfig import FuncdConfig +# "localhost" is a lame hostname to use for a key, so try to get +# a more meaningful hostname. We do this by connecting to the certmaster +# and seeing what interface/ip it uses to make that connection, and looking +# up the hostname for that. +def get_hostname(): + + # FIXME: this code ignores http proxies (which granted, we don't + # support elsewhere either. It also hardcodes the port number + # for the certmaster for now + hostname = None + hostname = socket.gethostname() + ip = socket.gethostbyname(hostname) + if ip != "127.0.0.1": + return hostname + + + config_file = '/etc/func/minion.conf' + config = read_config(config_file, FuncdConfig) + + server = config.certmaster + port = 51235 + + try: + s = socket.socket() + s.settimeout(5) + s.connect((server, port)) + (intf, port) = s.getsockname() + hostname = socket.gethostbyaddr(intf)[0] + s.close() + except: + s.close() + raise + + return hostname + + + def create_minion_keys(): config_file = '/etc/func/minion.conf' - config = read_config(config_file, FuncdConfig) + config = read_config(config_file, FuncdConfig) cert_dir = config.cert_dir master_uri = 'http://%s:51235/' % config.certmaster - hn = socket.getfqdn() - + hn = get_hostname() + + if hn is None: + raise codes.FuncException("Could not determine a hostname other than localhost") + key_file = '%s/%s.pem' % (cert_dir, hn) csr_file = '%s/%s.csr' % (cert_dir, hn) cert_file = '%s/%s.cert' % (cert_dir, hn) ca_cert_file = '%s/ca.cert' % cert_dir - + if os.path.exists(cert_file) and os.path.exists(ca_cert_file): return - keypair = None + keypair = None try: if not os.path.exists(cert_dir): os.makedirs(cert_dir) @@ -53,19 +93,19 @@ def create_minion_keys(): csr = certs.make_csr(keypair, dest=csr_file) except Exception, e: # need a little more specificity here raise codes.FuncException, "Could not create local keypair or csr for minion funcd session" - + result = False while not result: try: result, cert_string, ca_cert_string = submit_csr_to_master(csr_file, master_uri) except socket.gaierror, e: raise codes.FuncException, "Could not locate certmaster at: http://certmaster:51235/" - + # logging here would be nice if not result: - time.sleep(10) - - + time.sleep(10) + + if result: cert_fo = open(cert_file, 'w') cert_fo.write(cert_string) @@ -74,18 +114,18 @@ def create_minion_keys(): ca_cert_fo = open(ca_cert_file, 'w') ca_cert_fo.write(ca_cert_string) ca_cert_fo.close() - + def submit_csr_to_master(csr_file, master_uri): """" gets us our cert back from the certmaster.wait_for_cert() method takes csr_file as path location and master_uri returns Bool, str(cert), str(ca_cert) """ - + fo = open(csr_file) csr = fo.read() s = xmlrpclib.ServerProxy(master_uri) - + return s.wait_for_cert(csr) diff --git a/overlord/Makefile b/func/overlord/Makefile index 86a3db8..f2bc6c4 100755 --- a/overlord/Makefile +++ b/func/overlord/Makefile @@ -6,14 +6,13 @@ PYCHECKER = /usr/bin/pychecker PYFLAKES = /usr/bin/pyflakes clean:: - @rm -fv *.pyc *~ .*~ *.pyo + @rm -fv *.pyc *~ .*~ *.pyo @find . -name .\#\* -exec rm -fv {} \; @rm -fv *.rpm - -pychecker:: + +pychecker:: @$(PYCHECKER) $(PYFILES) || exit 0 pyflakes:: @$(PYFLAKES) $(PYFILES) || exit 0 - diff --git a/overlord/__init__.py b/func/overlord/__init__.py index e69de29..e69de29 100644 --- a/overlord/__init__.py +++ b/func/overlord/__init__.py diff --git a/overlord/client.py b/func/overlord/client.py index 133aafa..3c60148 100755 --- a/overlord/client.py +++ b/func/overlord/client.py @@ -6,7 +6,7 @@ ## Copyright 2007, Red Hat, Inc ## Michael DeHaan <mdehaan@redhat.com> ## +AUTHORS -## +## ## This software may be freely redistributed under the terms of the GNU ## general public license. ## @@ -83,7 +83,7 @@ class Client(object): self.interactive = interactive self.noglobs = noglobs self.servers = self.expand_servers(self.server_spec) - + # default cert/ca/key is the same as the certmaster ca - need to # be able to change that on the cli self.key = '%s/funcmaster.key' % self.config.cadir @@ -131,13 +131,13 @@ class Client(object): to an unspecified number of machines. So, it enables stuff like this: - + Client("*.example.org").yum.install("foo") # WARNING: any missing values in Client's source will yield # strange errors with this engaged. Be aware of that. """ - + return CommandAutomagic(self, [name]) # ----------------------------------------------- @@ -170,13 +170,13 @@ class Client(object): try: # thats some pretty code right there aint it? -akl # we can't call "call" on s, since thats a rpc, so - # we call gettatr around it. + # we call gettatr around it. meth = "%s.%s" % (module, method) retval = getattr(conn, meth)(*args[:]) if self.interactive: - pprint.pprint(retval) + pprint.pprint(retval) except Exception, e: - retval = e + retval = e if self.interactive: sys.stderr.write("remote exception on %s: %s\n" % (server, str(e))) @@ -191,7 +191,7 @@ class Client(object): return results - # ----------------------------------------------- + # ----------------------------------------------- def cli_return(self,results): """ @@ -252,7 +252,7 @@ class Call(command.Command): client = Client(self.server_spec,port=self.port,interactive=True, verbose=self.verbose, config=self.config) results = client.run(self.module, self.method, self.method_args) - + # TO DO: add multiplexer support # probably as a higher level module. @@ -263,14 +263,14 @@ class FuncCommandLine(command.Command): useage = "func is the commandline interface to a func minion" subCommandClasses = [Call] - + def __init__(self): - + command.Command.__init__(self) def do(self, args): pass - + def addOptions(self): self.parser.add_option('', '--version', action="store_true", help="show version information") diff --git a/overlord/command.py b/func/overlord/command.py index 54da1ec..812ad8d 100644 --- a/overlord/command.py +++ b/func/overlord/command.py @@ -3,7 +3,7 @@ # This file is released under the standard PSF license. # -# from MOAP - https://thomas.apestaart.org/moap/trac +# from MOAP - https://thomas.apestaart.org/moap/trac # written by Thomas Vander Stichele (thomas at apestaart dot org) # @@ -197,7 +197,7 @@ class Command: # handle pleas for help if args and args[0] == 'help': self.debug('Asked for help, args %r' % args) - + # give help on current command if only 'help' is passed if len(args) == 1: self.outputHelp() diff --git a/overlord/sslclient.py b/func/overlord/sslclient.py index 0ddbf58..ccb2c9c 100644 --- a/overlord/sslclient.py +++ b/func/overlord/sslclient.py @@ -44,15 +44,9 @@ class FuncServer(SSLXMLRPCServerProxy): self.pem, self.crt, self.ca) - + if __name__ == "__main__": s = SSLXMLRPCServerProxy('https://localhost:51234/', '/etc/pki/func/slave.pem', '/etc/pki/func/slave.cert', '/etc/pki/func/ca/funcmaster.crt') f = s.ping(1, 2) print f - - - - - - diff --git a/overlord/test_func.py b/func/overlord/test_func.py index 4850675..2b3f041 100644 --- a/overlord/test_func.py +++ b/func/overlord/test_func.py @@ -38,7 +38,7 @@ if TEST_PROCESS: # here's the service module testing if TEST_SERVICES: print s.service.restart("httpd") - + if TEST_HARDWARE: print s.hardware.info() @@ -58,5 +58,4 @@ if TEST_VIRT: if status == "shutdown": s.virt.start(vm) -# add more tests here - +# add more tests here diff --git a/scripts/Makefile b/scripts/Makefile index 86a3db8..a4cc7e1 100755 --- a/scripts/Makefile +++ b/scripts/Makefile @@ -15,5 +15,6 @@ pychecker:: @$(PYCHECKER) $(PYFILES) || exit 0 pyflakes:: +ifneq ($(PYFILES)x, x) @$(PYFLAKES) $(PYFILES) || exit 0 - +endif diff --git a/scripts/certmaster-ca b/scripts/certmaster-ca index d103265..f7982ca 100755 --- a/scripts/certmaster-ca +++ b/scripts/certmaster-ca @@ -6,6 +6,8 @@ # --clean? not sure what it will do import sys +import glob +import os import func import func.certs @@ -20,23 +22,35 @@ def errorprint(stuff): def parseargs(args): - usage = 'certmaster-ca [options]' + usage = 'certmaster-ca <option> [args]' parser = OptionParser(usage=usage) parser.add_option('-l', '--list', default=False, action="store_true", help='list signing requests remaining') parser.add_option('-s', '--sign', default=False, action="store_true", help='sign requests of hosts specified') - + parser.add_option('-c', '--clean', default=False, action="store_true", + help="clean out all certs or csrs for the hosts specified") + (opts, args) = parser.parse_args() - # XXX FIXME check for obviously impossible things and exit, etc + + if not opts.list and not opts.sign and not opts.clean: + parser.print_help() + sys.exit(1) + return (opts, args) def main(args): + if os.geteuid() != 0: + errorprint('Must be root to run certmaster-ca') + return 1 + cm = func.certmaster.CertMaster('/etc/func/certmaster.conf') (opts, args) = parseargs(args) + + if opts.list: hns = cm.get_csrs_waiting() if hns: @@ -57,7 +71,26 @@ def main(args): certfile = cm.sign_this_csr(csrfile) print '%s signed - cert located at %s' % (hn, certfile) return 0 + + if opts.clean: + if not args: + errorprint('Need hostname(s) to clean up') + return 1 + + for hn in args: + csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn) + csrs = glob.glob(csrglob) + certglob = '%s/%s.cert' % (cm.cfg.certroot, hn) + certs = glob.glob(certglob) + if not csrs and not certs: + errorprint('No match for %s to clean up' % hn) + continue + + for fn in csrs + certs: + print 'Cleaning out %s for host matching %s' % (fn, hn) + os.unlink(fn) + return 0 if __name__ == "__main__": sys.exit(main(sys.argv[1:])) @@ -28,10 +28,7 @@ if __name__ == "__main__": license = "GPL", scripts = ["scripts/funcd", "scripts/func", "scripts/certmaster", "scripts/certmaster-ca"], # package_data = { '' : ['*.*'] }, - package_dir = {"%s" % NAME: "%s" % NAME, - "%s/minion" % NAME: "minion/", - "%s/minion/modules" % NAME: "modules/", - "%s/overlord" % NAME: "overlord/" + package_dir = {"%s" % NAME: "%s" % NAME }, packages = ["%s" % NAME, "%s/minion" % NAME, |