if os.path.exists(certfile):
slavecert = certs.retrieve_cert_from_file(certfile)
cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, slavecert)
- cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
+ cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert[ca])
if with_triggers:
self._run_triggers(requesting_host,'/var/lib/certmaster/triggers/request/post/*')
return True, cert_buf, cacert_buf
# else write out the csr
if self.cfg.ca[ca]['autosign']:
- cert_fn = self.sign_this_csr(csrreq)
+ cert_fn = self.sign_this_csr(csrreq,ca=ca)
cert = certs.retrieve_cert_from_file(cert_fn)
cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
- cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
+ cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert[ca])
self.logger.info("cert for %s for ca %s was autosigned" % (requesting_host,ca))
if with_triggers:
self._run_triggers(None,'/var/lib/certmaster/triggers/request/post/*')
if with_triggers:
self._run_triggers(hn,'/var/lib/certmaster/triggers/remove/post/*')
- def sign_this_csr(self, csr, with_triggers=True,ca=''):
+ def sign_this_csr(self, csr, with_triggers=True, ca=''):
"""returns the path to the signed cert file"""
csr_unlink_file = None
certfile = '%s/%s.cert' % (self.cfg.ca[ca]['certroot'], requesting_host)
self.logger.info("Signing for csr %s requested" % certfile)
- thiscert = certs.create_slave_certificate(csrreq, self.cakey, self.cacert, self.cfg.ca[ca]['cadir'])
+ thiscert = certs.create_slave_certificate(csrreq, self.cakey[ca], self.cacert[ca], self.cfg.ca[ca]['cadir'])
destfo = open(certfile, 'w')
destfo.write(crypto.dump_certificate(crypto.FILETYPE_PEM, thiscert))
if opts.list:
- hns = cm.get_csrs_waiting(opts.ca)
+ hns = cm.get_csrs_waiting(ca=opts.ca)
if hns:
for hn in sorted(hns):
print hn
return 1
for fn in csrs:
- certfile = cm.sign_this_csr(opts.ca,fn)
+ certfile = cm.sign_this_csr(fn, ca=opts.ca)
print '%s signed - cert located at %s' % (fn, certfile)
return 0
return 1
for hn in args:
- cm.remove_this_cert(opts.ca,hn)
+ cm.remove_this_cert(hn, ca=opts.ca)
return 0
if args:
hostglobs = args
- signed_certs = cm.get_signed_certs(opts.ca, args)
+ signed_certs = cm.get_signed_certs(args, ca=opts.ca)
for i in sorted(signed_certs):
print i
if args:
hostglobs = args
- cert_hashes = cm.get_cert_hashes(opts.ca, hostglobs)
+ cert_hashes = cm.get_cert_hashes(hostglobs, ca=opts.ca)
for i in sorted(cert_hashes):
print i
from glob import glob
from time import sleep
from certmaster import certmaster as certmaster
-from func.overlord.client import Client
-from func.CommonErrors import Func_Client_Exception
-import func.jobthing as jobthing
+
+func_import_failure = None
+try:
+ from func.overlord.client import Client
+ from func.CommonErrors import Func_Client_Exception
+ import func.jobthing as jobthing
+except ImportError, e:
+ func_import_failure = str(e)
def syncable(cert_list):
"""
if not cm.cfg.sync_certs and not forced:
sys.exit(0)
+ # Don't complain about func not being available until you actually want it
+ if func_import_failure != None:
+ print >> sys.stderr, "errors importing func: %s" % func_import_failure
+ sys.exit(1)
+
certs = glob(os.path.join(cm.cfg.certroot,
'*.%s' % cm.cfg.cert_extension))
hosts = syncable(certs)
projects / certmaster.git / commitdiff