diff options
author | Adrian Likins <alikins@grimlock.devel.redhat.com> | 2008-02-29 12:35:53 -0500 |
---|---|---|
committer | Adrian Likins <alikins@grimlock.devel.redhat.com> | 2008-02-29 12:35:53 -0500 |
commit | dd4a2266e476410084556ea7bce9dfa47e651690 (patch) | |
tree | 3c6604c925bcdd625cc452ef992aa2a11de0769c | |
parent | ede64dcf5c23fdb5a78f8f638ad2d94f315b3c00 (diff) | |
download | func-dd4a2266e476410084556ea7bce9dfa47e651690.tar.gz func-dd4a2266e476410084556ea7bce9dfa47e651690.tar.xz func-dd4a2266e476410084556ea7bce9dfa47e651690.zip |
mostly merges of stuff I thought I had already committed and pushed
various s/func/certmaster changes
-rw-r--r-- | func/commonconfig.py | 25 | ||||
-rw-r--r-- | func/config.py | 2 | ||||
-rwxr-xr-x | func/minion/server.py | 20 | ||||
-rwxr-xr-x | func/minion/utils.py | 72 | ||||
-rwxr-xr-x | func/overlord/client.py | 14 | ||||
-rw-r--r-- | func/overlord/command.py | 2 |
6 files changed, 39 insertions, 96 deletions
diff --git a/func/commonconfig.py b/func/commonconfig.py index 292eb45..66f4cfc 100644 --- a/func/commonconfig.py +++ b/func/commonconfig.py @@ -1,15 +1,22 @@ -from config import BaseConfig, BoolOption, Option +#!/usr/bin/python +""" +func + +Copyright 2007, Red Hat, Inc +see AUTHORS + +This software may be freely redistributed under the terms of the GNU +general public license. -class CMConfig(BaseConfig): - listen_addr = Option('') - cadir = Option('/etc/pki/func/ca') - certroot = Option('/var/lib/certmaster/certmaster/certs') - csrroot = Option('/var/lib/certmaster/certmaster/csrs') - autosign = BoolOption(False) +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +""" + + +from config import BaseConfig, BoolOption, Option class FuncdConfig(BaseConfig): log_level = Option('INFO') - certmaster = Option('certmaster') - cert_dir = Option('/etc/pki/func') acl_dir = Option('/etc/func/minion-acl.d') diff --git a/func/config.py b/func/config.py index 8202457..e859f4a 100644 --- a/func/config.py +++ b/func/config.py @@ -24,7 +24,7 @@ from ConfigParser import NoSectionError, NoOptionError, ConfigParser from ConfigParser import ParsingError import exceptions -CONFIG_FILE = "/etc/func/certmaster.conf" +CONFIG_FILE = "/etc/certmaster/certmaster.conf" class ConfigError(exceptions.Exception): def __init__(self, value=None): diff --git a/func/minion/server.py b/func/minion/server.py index 2fa175a..c511598 100755 --- a/func/minion/server.py +++ b/func/minion/server.py @@ -25,17 +25,20 @@ I18N_DOMAIN = "func" from func.config import read_config from func.commonconfig import FuncdConfig +from certmaster.commonconfig import CMConfig from func import logger from func import certs import func.jobthing as jobthing -import utils # our modules import AuthedXMLRPCServer import codes import module_loader import func.utils as futils +import func.minion.utils as fmutils +from certmaster import utils +from certmaster import requester class XmlRpcInterface(object): @@ -46,8 +49,11 @@ class XmlRpcInterface(object): Constructor. """ - config_file = '/etc/func/minion.conf' + cm_config_file = '/etc/certmaster/minion.conf' + self.cm_config = read_config(cm_config_file, CMConfig) + config_file = "/etc/func/minion.conf" self.config = read_config(config_file, FuncdConfig) + self.logger = logger.Logger().logger self.audit_logger = logger.AuditLogger() self.__setup_handlers() @@ -172,9 +178,9 @@ class FuncSSLXMLRPCServer(AuthedXMLRPCServer.AuthedSSLXMLRPCServer, XmlRpcInterface.__init__(self) hn = utils.get_hostname() - self.key = "%s/%s.pem" % (self.config.cert_dir, hn) - self.cert = "%s/%s.cert" % (self.config.cert_dir, hn) - self.ca = "%s/ca.cert" % self.config.cert_dir + self.key = "%s/%s.pem" % (self.cm_config.cert_dir, hn) + self.cert = "%s/%s.cert" % (self.cm_config.cert_dir, hn) + self.ca = "%s/ca.cert" % self.cm_config.cert_dir self._our_ca = certs.retrieve_cert_from_file(self.ca) @@ -234,7 +240,7 @@ class FuncSSLXMLRPCServer(AuthedXMLRPCServer.AuthedSSLXMLRPCServer, return peer_cert.get_subject().CN def _check_acl(self, cert, ip, method, params): - acls = utils.get_acls_from_config(acldir=self.config.acl_dir) + acls = fmutils.get_acls_from_config(acldir=self.config.acl_dir) # certmaster always gets to run things ca_cn = self._our_ca.get_subject().CN @@ -271,7 +277,7 @@ def main(argv): print "serving...\n" try: - utils.create_minion_keys() + requester.request_cert() serve() except codes.FuncException, e: print >> sys.stderr, 'error: %s' % e diff --git a/func/minion/utils.py b/func/minion/utils.py index ea8854c..1133866 100755 --- a/func/minion/utils.py +++ b/func/minion/utils.py @@ -65,78 +65,6 @@ def get_hostname(): -def create_minion_keys(): - config_file = '/etc/func/minion.conf' - config = read_config(config_file, FuncdConfig) - cert_dir = config.cert_dir - master_uri = 'http://%s:51235/' % config.certmaster - hn = get_hostname() - - if hn is None: - raise codes.FuncException("Could not determine a hostname other than localhost") - - key_file = '%s/%s.pem' % (cert_dir, hn) - csr_file = '%s/%s.csr' % (cert_dir, hn) - cert_file = '%s/%s.cert' % (cert_dir, hn) - ca_cert_file = '%s/ca.cert' % cert_dir - - - if os.path.exists(cert_file) and os.path.exists(ca_cert_file): - return - - keypair = None - try: - if not os.path.exists(cert_dir): - os.makedirs(cert_dir) - if not os.path.exists(key_file): - keypair = certs.make_keypair(dest=key_file) - if not os.path.exists(csr_file): - if not keypair: - keypair = certs.retrieve_key_from_file(key_file) - csr = certs.make_csr(keypair, dest=csr_file) - except Exception, e: - traceback.print_exc() - raise codes.FuncException, "Could not create local keypair or csr for minion funcd session" - - result = False - log = logger.Logger().logger - while not result: - try: - log.debug("submitting CSR to certmaster %s" % master_uri) - result, cert_string, ca_cert_string = submit_csr_to_master(csr_file, master_uri) - except socket.gaierror, e: - raise codes.FuncException, "Could not locate certmaster at %s" % master_uri - - # logging here would be nice - if not result: - log.warning("no response from certmaster %s, sleeping 10 seconds" % master_uri) - time.sleep(10) - - - if result: - log.debug("received certificate from certmaster %s, storing" % master_uri) - cert_fd = os.open(cert_file, os.O_RDWR|os.O_CREAT, 0644) - os.write(cert_fd, cert_string) - os.close(cert_fd) - - ca_cert_fd = os.open(ca_cert_file, os.O_RDWR|os.O_CREAT, 0644) - os.write(ca_cert_fd, ca_cert_string) - os.close(ca_cert_fd) - -def submit_csr_to_master(csr_file, master_uri): - """" - gets us our cert back from the certmaster.wait_for_cert() method - takes csr_file as path location and master_uri - returns Bool, str(cert), str(ca_cert) - """ - - fo = open(csr_file) - csr = fo.read() - s = xmlrpclib.ServerProxy(master_uri) - - return s.wait_for_cert(csr) - - # this is kind of handy, so keep it around for now # but we really need to fix out server side logging and error # reporting so we don't need it diff --git a/func/overlord/client.py b/func/overlord/client.py index fdcf875..26b1cca 100755 --- a/func/overlord/client.py +++ b/func/overlord/client.py @@ -17,7 +17,7 @@ import sys import glob import os -from func.commonconfig import CMConfig +from certmaster.commonconfig import CMConfig from func.config import read_config, CONFIG_FILE import sslclient @@ -189,13 +189,15 @@ class Client(object): # certmaster key, cert, ca # funcd key, cert, ca # raise FuncClientError - ol_key = '%s/funcmaster.key' % self.config.cadir - ol_crt = '%s/funcmaster.crt' % self.config.cadir + ol_key = '%s/certmaster.key' % self.config.cadir + ol_crt = '%s/certmaster.crt' % self.config.cadir myname = utils.get_hostname() + + # FIXME: should be config -akl? # maybe /etc/pki/func is a variable somewhere? - fd_key = '/etc/pki/func/%s.pem' % myname - fd_crt = '/etc/pki/func/%s.cert' % myname - self.ca = '%s/funcmaster.crt' % self.config.cadir + fd_key = '/etc/pki/certmaster/%s.pem' % myname + fd_crt = '/etc/pki/certmaster/%s.cert' % myname + self.ca = '%s/certmaster.crt' % self.config.cadir if client_key and client_cert and ca: if (os.access(client_key, os.R_OK) and os.access(client_cert, os.R_OK) and os.access(ca, os.R_OK)): diff --git a/func/overlord/command.py b/func/overlord/command.py index 7fb7de4..7cf3623 100644 --- a/func/overlord/command.py +++ b/func/overlord/command.py @@ -15,7 +15,7 @@ import optparse import sys from func.config import read_config, CONFIG_FILE -from func.commonconfig import CMConfig +from certmaster.commonconfig import CMConfig class CommandHelpFormatter(optparse.IndentedHelpFormatter): """ |