2 Copyright 2007-2008, Red Hat, Inc
5 This software may be freely redistributed under the terms of the GNU
6 general public license.
8 You should have received a copy of the GNU General Public License
9 along with this program; if not, write to the Free Software
10 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 from config
import read_config
25 from commonconfig
import MinionConfig
28 # FIXME: module needs better pydoc
31 # FIXME: can remove this constant?
32 REMOTE_ERROR
= "REMOTE_ERROR"
36 x
= traceback
.extract_stack()
37 bar
= string
.join(traceback
.format_list(x
))
40 def daemonize(pidfile
=None):
42 Daemonize this process with the UNIX double-fork trick.
43 Writes the new PID to the provided file name if not None.
55 if pidfile
is not None:
56 open(pidfile
, "w").write(str(pid
))
59 def nice_exception(etype
, evalue
, etb
):
60 # FIXME: I believe we can remove this function
62 lefti
= etype
.index("'") + 1
63 righti
= etype
.rindex("'")
64 nicetype
= etype
[lefti
:righti
]
65 nicestack
= string
.join(traceback
.format_list(traceback
.extract_tb(etb
)))
66 return [ REMOTE_ERROR
, nicetype
, str(evalue
), nicestack
]
69 # FIXME: I believe we can remove this function
70 if type(result
) != list:
74 if result
[0] == REMOTE_ERROR
:
78 def get_hostname(talk_to_certmaster
=True):
80 "localhost" is a lame hostname to use for a key, so try to get
81 a more meaningful hostname. We do this by connecting to the certmaster
82 and seeing what interface/ip it uses to make that connection, and looking
83 up the hostname for that.
85 # FIXME: this code ignores http proxies (which granted, we don't
86 # support elsewhere either. It also hardcodes the port number
87 # for the certmaster for now
89 hostname
= socket
.gethostname()
90 # print "DEBUG: HOSTNAME TRY1: %s" % hostname
92 ip
= socket
.gethostbyname(hostname
)
93 # print "DEBUG: IP TRY2: %s" % ip
95 # print "DEBUG: ERROR: returning"
98 # print "DEBUG: ERROR: returning 2"
101 if talk_to_certmaster
:
102 config_file
= '/etc/certmaster/minion.conf'
103 config
= read_config(config_file
, MinionConfig
)
105 server
= config
.certmaster
111 s
.connect((server
, port
))
112 (intf
, port
) = s
.getsockname()
113 remote_hostname
= socket
.gethostbyaddr(intf
)[0]
114 if remote_hostname
!= "localhost":
115 hostname
= remote_hostname
116 # print "DEBUG: HOSTNAME FROM CERTMASTER == %s" % hostname
122 # print "DEBUG: final hostname=%s" % hostname
126 # FIXME: move to requestor module and also create a verbose mode
127 # prints to the screen for usage by /usr/bin/certmaster-request
129 def create_minion_keys():
130 # FIXME: paths should not be hard coded here, move to settings universally
131 config_file
= '/etc/certmaster/minion.conf'
132 config
= read_config(config_file
, MinionConfig
)
133 cert_dir
= config
.cert_dir
134 master_uri
= 'http://%s:51235/' % config
.certmaster
135 # print "DEBUG: acquiring hostname"
137 # print "DEBUG: hostname = %s\n" % hn
140 raise codes
.CMException("Could not determine a hostname other than localhost")
142 key_file
= '%s/%s.pem' % (cert_dir
, hn
)
143 csr_file
= '%s/%s.csr' % (cert_dir
, hn
)
144 cert_file
= '%s/%s.cert' % (cert_dir
, hn
)
145 ca_cert_file
= '%s/ca.cert' % cert_dir
148 if os
.path
.exists(cert_file
) and os
.path
.exists(ca_cert_file
):
149 # print "DEBUG: err, no cert_file"
154 if not os
.path
.exists(cert_dir
):
155 os
.makedirs(cert_dir
)
156 if not os
.path
.exists(key_file
):
157 keypair
= certs
.make_keypair(dest
=key_file
)
158 if not os
.path
.exists(csr_file
):
160 keypair
= certs
.retrieve_key_from_file(key_file
)
161 csr
= certs
.make_csr(keypair
, dest
=csr_file
)
163 traceback
.print_exc()
164 raise codes
.CMException
, "Could not create local keypair or csr for session"
167 log
= logger
.Logger().logger
170 # print "DEBUG: submitting CSR to certmaster: %s" % master_uri
171 log
.debug("submitting CSR to certmaster %s" % master_uri
)
172 result
, cert_string
, ca_cert_string
= submit_csr_to_master(csr_file
, master_uri
)
173 except socket
.gaierror
, e
:
174 raise codes
.CMException
, "Could not locate certmaster at %s" % master_uri
176 # logging here would be nice
178 # print "DEBUG: no response from certmaster, sleeping 10 seconds"
179 log
.warning("no response from certmaster %s, sleeping 10 seconds" % master_uri
)
184 # print "DEBUG: recieved certificate from certmaster"
185 log
.debug("received certificate from certmaster %s, storing" % master_uri
)
186 cert_fd
= os
.open(cert_file
, os
.O_RDWR|os
.O_CREAT
, 0644)
187 os
.write(cert_fd
, cert_string
)
190 ca_cert_fd
= os
.open(ca_cert_file
, os
.O_RDWR|os
.O_CREAT
, 0644)
191 os
.write(ca_cert_fd
, ca_cert_string
)
194 def submit_csr_to_master(csr_file
, master_uri
):
196 gets us our cert back from the certmaster.wait_for_cert() method
197 takes csr_file as path location and master_uri
198 returns Bool, str(cert), str(ca_cert)
203 s
= xmlrpclib
.ServerProxy(master_uri
)
205 # print "DEBUG: waiting for cert"
206 return s
.wait_for_cert(csr
)