# FIXME: move to requestor module and also create a verbose mode
# prints to the screen for usage by /usr/bin/certmaster-request
# FIXME: move to requestor module and also create a verbose mode
# prints to the screen for usage by /usr/bin/certmaster-request
log = logger.Logger().logger
# FIXME: paths should not be hard coded here, move to settings universally
config_file = '/etc/certmaster/minion.conf'
config = read_config(config_file, MinionConfig)
log = logger.Logger().logger
# FIXME: paths should not be hard coded here, move to settings universally
config_file = '/etc/certmaster/minion.conf'
config = read_config(config_file, MinionConfig)
cert_file = '%s/%s.cert' % (cert_dir, hn)
ca_cert_file = '%s/ca.cert' % cert_dir
cert_file = '%s/%s.cert' % (cert_dir, hn)
ca_cert_file = '%s/ca.cert' % cert_dir
if os.path.exists(cert_file) and os.path.exists(ca_cert_file):
# print "DEBUG: err, no cert_file"
return
if os.path.exists(cert_file) and os.path.exists(ca_cert_file):
# print "DEBUG: err, no cert_file"
return
while not result:
try:
# print "DEBUG: submitting CSR to certmaster: %s" % master_uri
log.debug("submitting CSR: %s to certmaster %s" % (csr_file, master_uri))
while not result:
try:
# print "DEBUG: submitting CSR to certmaster: %s" % master_uri
log.debug("submitting CSR: %s to certmaster %s" % (csr_file, master_uri))
- result, cert_string, ca_cert_string = submit_csr_to_master(csr_file, master_uri)
+ result, cert_string, ca_cert_string, warning = submit_csr_to_master(csr_file, master_uri, ca_name)
keypair = certs.retrieve_key_from_file(key_file)
valid = certs.check_cert_key_match(cert_string, keypair)
if not valid:
keypair = certs.retrieve_key_from_file(key_file)
valid = certs.check_cert_key_match(cert_string, keypair)
if not valid:
- log.info("certificate does not match key (run certmaster-ca --clean first?)")
- sys.stderr.write("certificate does not match key (run certmaster-ca --clean first?)\n")
+ if ca_name != "":
+ ca_suffix = "--ca " + ca_name
+ else:
+ ca_suffix = ""
+ log.info("certificate does not match key (run certmaster-ca --clean %s first on the certmaster ?)" % ca_suffix )
+ sys.stderr.write("certificate does not match key (run certmaster-ca --clean %s first on the certmaster ?)\n" % ca_suffix)
return
cert_fd = os.open(cert_file, os.O_RDWR|os.O_CREAT, 0644)
os.write(cert_fd, cert_string)
return
cert_fd = os.open(cert_file, os.O_RDWR|os.O_CREAT, 0644)
os.write(cert_fd, cert_string)
raise codes.CMException, "certmaster trigger failed: %(file)s returns %(code)d" % { "file" : file, "code" : rc }
raise codes.CMException, "certmaster trigger failed: %(file)s returns %(code)d" % { "file" : file, "code" : rc }
""""
gets us our cert back from the certmaster.wait_for_cert() method
takes csr_file as path location and master_uri
""""
gets us our cert back from the certmaster.wait_for_cert() method
takes csr_file as path location and master_uri