X-Git-Url: https://pwan.org/git/?a=blobdiff_plain;f=certmaster%2Futils.py;h=b135e7d45c33c48edfd29ba6312b6d100f896452;hb=5cfab995e99a58c2fcb2369eeda0635dfb59b24e;hp=773b0ebfc5270a83baf2a40f350b669b4d6731d1;hpb=4575d4c9942579a235eb7b46a726ddcd557a2edd;p=certmaster.git diff --git a/certmaster/utils.py b/certmaster/utils.py index 773b0eb..b135e7d 100644 --- a/certmaster/utils.py +++ b/certmaster/utils.py @@ -57,7 +57,7 @@ def daemonize(pidfile=None): sys.exit(0) os.chdir("/") os.setsid() - os.umask(0) + os.umask(077) pid = os.fork() os.close(0) @@ -65,10 +65,10 @@ def daemonize(pidfile=None): os.close(2) # based on http://code.activestate.com/recipes/278731/ - os.open(REDIRECT_TO, os.O_RDWR) # standard input (0) + os.open(REDIRECT_TO, os.O_RDWR) # standard input (0) - os.dup2(0, 1) # standard output (1) - os.dup2(0, 2) # standard error (2) + os.dup2(0, 1) # standard output (1) + os.dup2(0, 2) # standard error (2) @@ -87,7 +87,7 @@ def nice_exception(etype, evalue, etb): except: nicetype = etype nicestack = string.join(traceback.format_list(traceback.extract_tb(etb))) - return [ REMOTE_ERROR, nicetype, str(evalue), nicestack ] + return [ REMOTE_ERROR, nicetype, str(evalue), nicestack ] def is_error(result): # FIXME: I believe we can remove this function @@ -104,10 +104,10 @@ def get_hostname(talk_to_certmaster=True): "localhost" is a lame hostname to use for a key, so try to get a more meaningful hostname. We do this by connecting to the certmaster and seeing what interface/ip it uses to make that connection, and looking - up the hostname for that. + up the hostname for that. """ # FIXME: this code ignores http proxies (which granted, we don't - # support elsewhere either. + # support elsewhere either. hostname = None hostname = socket.gethostname() # print "DEBUG: HOSTNAME TRY1: %s" % hostname @@ -122,18 +122,24 @@ def get_hostname(talk_to_certmaster=True): # FIXME: move to requestor module and also create a verbose mode # prints to the screen for usage by /usr/bin/certmaster-request -def create_minion_keys(): +def create_minion_keys(hostname=None): + log = logger.Logger().logger + # FIXME: paths should not be hard coded here, move to settings universally config_file = '/etc/certmaster/minion.conf' config = read_config(config_file, MinionConfig) cert_dir = config.cert_dir master_uri = 'http://%s:%s/' % (config.certmaster, config.certmaster_port) - # print "DEBUG: acquiring hostname" - hn = get_hostname() - # print "DEBUG: hostname = %s\n" % hn + + hn = hostname + if hn is None: + hn = get_hostname() if hn is None: raise codes.CMException("Could not determine a hostname other than localhost") + else: + # use lowercase letters for hostnames + hn = hn.lower() key_file = '%s/%s.pem' % (cert_dir, hn) csr_file = '%s/%s.csr' % (cert_dir, hn) @@ -154,20 +160,20 @@ def create_minion_keys(): if not os.path.exists(csr_file): if not keypair: keypair = certs.retrieve_key_from_file(key_file) - csr = certs.make_csr(keypair, dest=csr_file) + csr = certs.make_csr(keypair, dest=csr_file, hostname=hn) except Exception, e: traceback.print_exc() raise codes.CMException, "Could not create local keypair or csr for session" result = False - log = logger.Logger().logger + while not result: try: # print "DEBUG: submitting CSR to certmaster: %s" % master_uri - log.debug("submitting CSR to certmaster %s" % master_uri) + log.debug("submitting CSR: %s to certmaster %s" % (csr_file, master_uri)) result, cert_string, ca_cert_string = submit_csr_to_master(csr_file, master_uri) - except socket.gaierror, e: - raise codes.CMException, "Could not locate certmaster at %s" % master_uri + except socket.error, e: + log.warning("Could not locate certmaster at %s" % master_uri) # logging here would be nice if not result: @@ -238,4 +244,3 @@ def submit_csr_to_master(csr_file, master_uri): # print "DEBUG: waiting for cert" return s.wait_for_cert(csr) -