From 1e64c312e159e604eb45a06036b5e2c9a0a149df Mon Sep 17 00:00:00 2001 From: Adrian Likins Date: Tue, 28 Apr 2009 13:03:36 -0400 Subject: [PATCH] Changes to allow us to specify the hostname we want to use for cert creation, instead of grabbing it deep down in the code. This change is mostly to allow us to use the get_hostname_by_route function from func in funcd. --- certmaster/certs.py | 7 +++++-- certmaster/requester.py | 4 ++-- certmaster/utils.py | 17 ++++++++++------- 3 files changed, 17 insertions(+), 11 deletions(-) diff --git a/certmaster/certs.py b/certmaster/certs.py index 8a1db3a..554822e 100644 --- a/certmaster/certs.py +++ b/certmaster/certs.py @@ -37,7 +37,7 @@ def make_keypair(dest=None): return pkey -def make_csr(pkey, dest=None, cn=None): +def make_csr(pkey, dest=None, cn=None, hostname=None): req = crypto.X509Req() req.get_subject() subj = req.get_subject() @@ -48,8 +48,11 @@ def make_csr(pkey, dest=None, cn=None): subj.OU = def_ou if cn: subj.CN = cn + elif hostname: + subj.CN = hostname else: - subj.CN = utils.get_hostname() + subj.CN = utils.gethostname() + subj.emailAddress = 'root@%s' % subj.CN req.set_pubkey(pkey) diff --git a/certmaster/requester.py b/certmaster/requester.py index a67bee6..04f1f8a 100644 --- a/certmaster/requester.py +++ b/certmaster/requester.py @@ -15,8 +15,8 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. import utils -def request_cert(): +def request_cert(hostname=None): # this should be enough, but do we want to allow parameters # for overriding the server and port from the config file? # maybe not. -- mpd - utils.create_minion_keys() + utils.create_minion_keys(hostname) diff --git a/certmaster/utils.py b/certmaster/utils.py index 58bf0db..6f73ccc 100644 --- a/certmaster/utils.py +++ b/certmaster/utils.py @@ -122,15 +122,18 @@ def get_hostname(talk_to_certmaster=True): # FIXME: move to requestor module and also create a verbose mode # prints to the screen for usage by /usr/bin/certmaster-request -def create_minion_keys(): +def create_minion_keys(hostname=None): + log = logger.Logger().logger + # FIXME: paths should not be hard coded here, move to settings universally config_file = '/etc/certmaster/minion.conf' config = read_config(config_file, MinionConfig) cert_dir = config.cert_dir master_uri = 'http://%s:%s/' % (config.certmaster, config.certmaster_port) - # print "DEBUG: acquiring hostname" - hn = get_hostname() - # print "DEBUG: hostname = %s\n" % hn + + hn = hostname + if hn is None: + hn = get_hostname() if hn is None: raise codes.CMException("Could not determine a hostname other than localhost") @@ -154,17 +157,17 @@ def create_minion_keys(): if not os.path.exists(csr_file): if not keypair: keypair = certs.retrieve_key_from_file(key_file) - csr = certs.make_csr(keypair, dest=csr_file) + csr = certs.make_csr(keypair, dest=csr_file, hostname=hn) except Exception, e: traceback.print_exc() raise codes.CMException, "Could not create local keypair or csr for session" result = False - log = logger.Logger().logger + while not result: try: # print "DEBUG: submitting CSR to certmaster: %s" % master_uri - log.debug("submitting CSR to certmaster %s" % master_uri) + log.debug("submitting CSR: %s to certmaster %s" % (csr_file, master_uri)) result, cert_string, ca_cert_string = submit_csr_to_master(csr_file, master_uri) except socket.gaierror, e: raise codes.CMException, "Could not locate certmaster at %s" % master_uri -- 2.39.5