- try:
- if not os.path.exists(self.cfg.cadir):
- os.makedirs(self.cfg.cadir)
- if not os.path.exists(self.ca_key_file) and not os.path.exists(self.ca_cert_file):
- certs.create_ca(CN=mycn, ca_key_file=self.ca_key_file, ca_cert_file=self.ca_cert_file)
- except (IOError, OSError), e:
- print 'Cannot make certmaster certificate authority keys/certs, aborting: %s' % e
- sys.exit(1)
-
-
- # open up the cakey and cacert so we have them available
- self.cakey = certs.retrieve_key_from_file(self.ca_key_file)
- self.cacert = certs.retrieve_cert_from_file(self.ca_cert_file)
-
- for dirpath in [self.cfg.cadir, self.cfg.certroot, self.cfg.csrroot]:
- if not os.path.exists(dirpath):
- os.makedirs(dirpath)
+ self.cakey = {}
+ self.cacert = {}
+
+ for (s_caname,a_ca) in self.cfg.ca.iteritems():
+ s_cadir = a_ca['cadir']
+
+ if s_caname == "":
+ mycn = '%s-CA-KEY' % usename
+ else:
+ mycn = '%s-%s-CA-KEY' % (s_caname.upper(),usename)
+
+ s_ca_key_file = '%s/certmaster.key' % s_cadir
+ s_ca_cert_file = '%s/certmaster.crt' % s_cadir
+
+ # if ca_key_file exists and ca_cert_file is missing == minion only setup
+ if os.path.exists(s_ca_key_file) and not os.path.exists(s_ca_cert_file):
+ continue
+
+ try:
+ if not os.path.exists(s_cadir):
+ os.makedirs(s_cadir)
+ if not os.path.exists(s_ca_key_file) and not os.path.exists(s_ca_cert_file):
+ certs.create_ca(CN=mycn, ca_key_file=s_ca_key_file, ca_cert_file=s_ca_cert_file)
+ except (IOError, OSError), e:
+ print 'Cannot make certmaster certificate authority keys/certs for CA %s, aborting: %s' % (s_caname, e)
+ sys.exit(1)
+
+ # open up the cakey and cacert so we have them available
+ self.cakey[s_caname] = certs.retrieve_key_from_file(s_ca_key_file)
+ self.cacert[s_caname] = certs.retrieve_cert_from_file(s_ca_cert_file)
+
+ for dirpath in [a_ca['cadir'], a_ca['certroot'], a_ca['csrroot'], a_ca['csrroot']]:
+ if not os.path.exists(dirpath):
+ os.makedirs(dirpath)