os.close(2)
# based on http://code.activestate.com/recipes/278731/
- os.open(REDIRECT_TO, os.O_RDWR) # standard input (0)
+ os.open(REDIRECT_TO, os.O_RDWR) # standard input (0)
- os.dup2(0, 1) # standard output (1)
- os.dup2(0, 2) # standard error (2)
+ os.dup2(0, 1) # standard output (1)
+ os.dup2(0, 2) # standard error (2)
except:
nicetype = etype
nicestack = string.join(traceback.format_list(traceback.extract_tb(etb)))
- return [ REMOTE_ERROR, nicetype, str(evalue), nicestack ]
+ return [ REMOTE_ERROR, nicetype, str(evalue), nicestack ]
def is_error(result):
# FIXME: I believe we can remove this function
"localhost" is a lame hostname to use for a key, so try to get
a more meaningful hostname. We do this by connecting to the certmaster
and seeing what interface/ip it uses to make that connection, and looking
- up the hostname for that.
+ up the hostname for that.
"""
# FIXME: this code ignores http proxies (which granted, we don't
- # support elsewhere either.
+ # support elsewhere either.
hostname = None
hostname = socket.gethostname()
# print "DEBUG: HOSTNAME TRY1: %s" % hostname
# FIXME: move to requestor module and also create a verbose mode
# prints to the screen for usage by /usr/bin/certmaster-request
-def create_minion_keys(hostname=None):
+def create_minion_keys(hostname=None, ca=''):
log = logger.Logger().logger
# FIXME: paths should not be hard coded here, move to settings universally
config_file = '/etc/certmaster/minion.conf'
config = read_config(config_file, MinionConfig)
- cert_dir = config.cert_dir
+
+ cert_dir = config.ca[ca]['cert_dir']
+
master_uri = 'http://%s:%s/' % (config.certmaster, config.certmaster_port)
hn = hostname
raise codes.CMException("Could not determine a hostname other than localhost")
else:
# use lowercase letters for hostnames
- hostname = hostname.lower()
+ hn = hn.lower()
key_file = '%s/%s.pem' % (cert_dir, hn)
csr_file = '%s/%s.csr' % (cert_dir, hn)
cert_file = '%s/%s.cert' % (cert_dir, hn)
ca_cert_file = '%s/ca.cert' % cert_dir
-
if os.path.exists(cert_file) and os.path.exists(ca_cert_file):
# print "DEBUG: err, no cert_file"
return
raise codes.CMException, "Could not create local keypair or csr for session"
result = False
-
+
while not result:
try:
# print "DEBUG: submitting CSR to certmaster: %s" % master_uri
log.debug("submitting CSR: %s to certmaster %s" % (csr_file, master_uri))
- result, cert_string, ca_cert_string = submit_csr_to_master(csr_file, master_uri)
- except socket.gaierror, e:
- raise codes.CMException, "Could not locate certmaster at %s" % master_uri
+ result, cert_string, ca_cert_string = submit_csr_to_master(csr_file, master_uri, ca)
+ except socket.error, e:
+ log.warning("Could not locate certmaster at %s" % master_uri)
# logging here would be nice
if not result:
raise codes.CMException, "certmaster trigger failed: %(file)s returns %(code)d" % { "file" : file, "code" : rc }
-def submit_csr_to_master(csr_file, master_uri):
+def submit_csr_to_master(csr_file, master_uri, ca=''):
""""
gets us our cert back from the certmaster.wait_for_cert() method
takes csr_file as path location and master_uri
s = xmlrpclib.ServerProxy(master_uri)
# print "DEBUG: waiting for cert"
- return s.wait_for_cert(csr)
-
+ return s.wait_for_cert(csr,ca)
projects / certmaster.git / blobdiff