From 0c5273c85ea72d60e5907acb22398584ded0a077 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Wed, 18 Jan 2012 21:04:47 -0800 Subject: Create nova cert worker for x509 support * Adds new worker for cert management * Makes decrypt use an rpc to the worker * Moves CA filesystem creation out of cloud.setup * Moves test for X509 into crypto * Adds test for encrypting and decrypting using cert * Cleans up extra code in cloudpipe * Fixes bug 918563 * Prepares for a future patch that will fix bug 903345 Change-Id: I4693c50c8f432706f97395af39e736f49d60e719 --- nova/api/ec2/cloud.py | 25 ------------------------- nova/api/openstack/compute/contrib/cloudpipe.py | 23 +++-------------------- 2 files changed, 3 insertions(+), 45 deletions(-) (limited to 'nova/api') diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py index eb115d8dc..5a3b952a9 100644 --- a/nova/api/ec2/cloud.py +++ b/nova/api/ec2/cloud.py @@ -205,35 +205,10 @@ class CloudController(object): self.volume_api = volume.API() self.compute_api = compute.API(network_api=self.network_api, volume_api=self.volume_api) - self.setup() def __str__(self): return 'CloudController' - def setup(self): - """ Ensure the keychains and folders exist. """ - # FIXME(ja): this should be moved to a nova-manage command, - # if not setup throw exceptions instead of running - # Create keys folder, if it doesn't exist - if not os.path.exists(FLAGS.keys_path): - os.makedirs(FLAGS.keys_path) - # Gen root CA, if we don't have one - root_ca_path = os.path.join(FLAGS.ca_path, FLAGS.ca_file) - if not os.path.exists(root_ca_path): - genrootca_sh_path = os.path.join(os.path.dirname(__file__), - os.path.pardir, - os.path.pardir, - 'CA', - 'genrootca.sh') - - start = os.getcwd() - if not os.path.exists(FLAGS.ca_path): - os.makedirs(FLAGS.ca_path) - os.chdir(FLAGS.ca_path) - # TODO(vish): Do this with M2Crypto instead - utils.runthis(_("Generating root CA: %s"), "sh", genrootca_sh_path) - os.chdir(start) - def _get_image_state(self, image): # NOTE(vish): fallback status if image_state isn't set state = image.get('status') diff --git a/nova/api/openstack/compute/contrib/cloudpipe.py b/nova/api/openstack/compute/contrib/cloudpipe.py index 1cf47a2a9..9d944366b 100644 --- a/nova/api/openstack/compute/contrib/cloudpipe.py +++ b/nova/api/openstack/compute/contrib/cloudpipe.py @@ -60,28 +60,11 @@ class CloudpipeController(object): def setup(self): """Ensure the keychains and folders exist.""" - # TODO(todd): this was copyed from api.ec2.cloud - # FIXME(ja): this should be moved to a nova-manage command, - # if not setup throw exceptions instead of running - # Create keys folder, if it doesn't exist + # NOTE(vish): One of the drawbacks of doing this in the api is + # the keys will only be on the api node that launched + # the cloudpipe. if not os.path.exists(FLAGS.keys_path): os.makedirs(FLAGS.keys_path) - # Gen root CA, if we don't have one - root_ca_path = os.path.join(FLAGS.ca_path, FLAGS.ca_file) - if not os.path.exists(root_ca_path): - genrootca_sh_path = os.path.join(os.path.dirname(__file__), - os.path.pardir, - os.path.pardir, - 'CA', - 'genrootca.sh') - - start = os.getcwd() - if not os.path.exists(FLAGS.ca_path): - os.makedirs(FLAGS.ca_path) - os.chdir(FLAGS.ca_path) - # TODO(vish): Do this with M2Crypto instead - utils.runthis(_("Generating root CA: %s"), "sh", genrootca_sh_path) - os.chdir(start) def _get_cloudpipe_for_project(self, context, project_id): """Get the cloudpipe instance for a project ID.""" -- cgit