X-Git-Url: https://pwan.org/git/?a=blobdiff_plain;f=certmaster%2Fminion%2Futils.py;fp=certmaster%2Fminion%2Futils.py;h=0000000000000000000000000000000000000000;hb=af4f09f155f4a4f1c5a9e3e29b4c8736f892dce4;hp=a7ea788391964a02670128a76a498b32d3eda762;hpb=6146feb4b676ba7e10f5f175bb50149c20c53b18;p=certmaster.git diff --git a/certmaster/minion/utils.py b/certmaster/minion/utils.py deleted file mode 100755 index a7ea788..0000000 --- a/certmaster/minion/utils.py +++ /dev/null @@ -1,207 +0,0 @@ -""" -Copyright 2007, Red Hat, Inc -see AUTHORS - -This software may be freely redistributed under the terms of the GNU -general public license. - -You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -""" - -import os -import socket -import string -import sys -import time -import traceback -import xmlrpclib -import glob -import traceback - -import codes -from func import certs -from func.config import read_config -from func.commonconfig import FuncdConfig -from func import logger - -# "localhost" is a lame hostname to use for a key, so try to get -# a more meaningful hostname. We do this by connecting to the certmaster -# and seeing what interface/ip it uses to make that connection, and looking -# up the hostname for that. -def get_hostname(): - - # FIXME: this code ignores http proxies (which granted, we don't - # support elsewhere either. It also hardcodes the port number - # for the certmaster for now - hostname = None - hostname = socket.gethostname() - try: - ip = socket.gethostbyname(hostname) - except: - return hostname - if ip != "127.0.0.1": - return hostname - - - config_file = '/etc/func/minion.conf' - config = read_config(config_file, FuncdConfig) - - server = config.certmaster - port = 51235 - - try: - s = socket.socket() - s.settimeout(5) - s.connect((server, port)) - (intf, port) = s.getsockname() - hostname = socket.gethostbyaddr(intf)[0] - s.close() - except: - s.close() - raise - - return hostname - - - -def create_minion_keys(): - config_file = '/etc/func/minion.conf' - config = read_config(config_file, FuncdConfig) - cert_dir = config.cert_dir - master_uri = 'http://%s:51235/' % config.certmaster - hn = get_hostname() - - if hn is None: - raise codes.FuncException("Could not determine a hostname other than localhost") - - key_file = '%s/%s.pem' % (cert_dir, hn) - csr_file = '%s/%s.csr' % (cert_dir, hn) - cert_file = '%s/%s.cert' % (cert_dir, hn) - ca_cert_file = '%s/ca.cert' % cert_dir - - - if os.path.exists(cert_file) and os.path.exists(ca_cert_file): - return - - keypair = None - try: - if not os.path.exists(cert_dir): - os.makedirs(cert_dir) - if not os.path.exists(key_file): - keypair = certs.make_keypair(dest=key_file) - if not os.path.exists(csr_file): - if not keypair: - keypair = certs.retrieve_key_from_file(key_file) - csr = certs.make_csr(keypair, dest=csr_file) - except Exception, e: - traceback.print_exc() - raise codes.FuncException, "Could not create local keypair or csr for minion funcd session" - - result = False - log = logger.Logger().logger - while not result: - try: - log.debug("submitting CSR to certmaster %s" % master_uri) - result, cert_string, ca_cert_string = submit_csr_to_master(csr_file, master_uri) - except socket.gaierror, e: - raise codes.FuncException, "Could not locate certmaster at %s" % master_uri - - # logging here would be nice - if not result: - log.warning("no response from certmaster %s, sleeping 10 seconds" % master_uri) - time.sleep(10) - - - if result: - log.debug("received certificate from certmaster %s, storing" % master_uri) - cert_fd = os.open(cert_file, os.O_RDWR|os.O_CREAT, 0644) - os.write(cert_fd, cert_string) - os.close(cert_fd) - - ca_cert_fd = os.open(ca_cert_file, os.O_RDWR|os.O_CREAT, 0644) - os.write(ca_cert_fd, ca_cert_string) - os.close(ca_cert_fd) - -def submit_csr_to_master(csr_file, master_uri): - """" - gets us our cert back from the certmaster.wait_for_cert() method - takes csr_file as path location and master_uri - returns Bool, str(cert), str(ca_cert) - """ - - fo = open(csr_file) - csr = fo.read() - s = xmlrpclib.ServerProxy(master_uri) - - return s.wait_for_cert(csr) - - -# this is kind of handy, so keep it around for now -# but we really need to fix out server side logging and error -# reporting so we don't need it -def trace_me(): - x = traceback.extract_stack() - bar = string.join(traceback.format_list(x)) - return bar - - -def daemonize(pidfile=None): - """ - Daemonize this process with the UNIX double-fork trick. - Writes the new PID to the provided file name if not None. - """ - - print pidfile - pid = os.fork() - if pid > 0: - sys.exit(0) - os.setsid() - os.umask(0) - pid = os.fork() - - - if pid > 0: - if pidfile is not None: - open(pidfile, "w").write(str(pid)) - sys.exit(0) - -def get_acls_from_config(acldir='/etc/func/minion-acl.d'): - """ - takes a dir of .acl files - returns a dict of hostname+hash = [methods, to, run] - - """ - - acls = {} - if not os.path.exists(acldir): - print 'acl dir does not exist: %s' % acldir - return acls - - # get the set of files - acl_glob = '%s/*.acl' % acldir - files = glob.glob(acl_glob) - - for acl_file in files: - - try: - fo = open(acl_file, 'r') - except (IOError, OSError), e: - print 'cannot open acl config file: %s - %s' % (acl_file, e) - continue - - for line in fo.readlines(): - if line.startswith('#'): continue - if line.strip() == '': continue - line = line.replace('\n', '') - (host, methods) = line.split('=') - host = host.strip().lower() - methods = methods.strip() - methods = methods.replace(',',' ') - methods = methods.split() - if not acls.has_key(host): - acls[host] = [] - acls[host].extend(methods) - - return acls