Looks like certmaster-request and certmaster-ca are working with the new --ca flag.

author Jude Nagurney <jude@pwan.org>

Fri, 6 Mar 2015 13:44:21 +0000 (08:44 -0500)

committer Jude Nagurney <jude@pwan.org>

Fri, 6 Mar 2015 13:44:21 +0000 (08:44 -0500)
author Jude Nagurney <jude@pwan.org>
Fri, 6 Mar 2015 13:44:21 +0000 (08:44 -0500)
committer Jude Nagurney <jude@pwan.org>
Fri, 6 Mar 2015 13:44:21 +0000 (08:44 -0500)
diff --git a/certmaster/certmaster.py b/certmaster/certmaster.py

index 3fcb78f..71db996 100644 (file)
--- a/certmaster/certmaster.py
+++ b/certmaster/certmaster.py
@@ -165,7 +165,7 @@ class CertMaster(object):
          if os.path.exists(certfile):
              slavecert = certs.retrieve_cert_from_file(certfile)
              cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, slavecert)
          if os.path.exists(certfile):
              slavecert = certs.retrieve_cert_from_file(certfile)
              cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, slavecert)
-            cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
+            cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert[ca])
              if with_triggers:
                  self._run_triggers(requesting_host,'/var/lib/certmaster/triggers/request/post/*')
              return True, cert_buf, cacert_buf
              if with_triggers:
                  self._run_triggers(requesting_host,'/var/lib/certmaster/triggers/request/post/*')
              return True, cert_buf, cacert_buf
@@ -175,10 +175,10 @@ class CertMaster(object):
          # else write out the csr
  
          if self.cfg.ca[ca]['autosign']:
          # else write out the csr
  
          if self.cfg.ca[ca]['autosign']:
-            cert_fn = self.sign_this_csr(csrreq)
+            cert_fn = self.sign_this_csr(csrreq,ca=ca)
              cert = certs.retrieve_cert_from_file(cert_fn)
              cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
              cert = certs.retrieve_cert_from_file(cert_fn)
              cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
-            cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
+            cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert[ca])
              self.logger.info("cert for %s for ca %s was autosigned" % (requesting_host,ca))
              if with_triggers:
                  self._run_triggers(None,'/var/lib/certmaster/triggers/request/post/*')
              self.logger.info("cert for %s for ca %s was autosigned" % (requesting_host,ca))
              if with_triggers:
                  self._run_triggers(None,'/var/lib/certmaster/triggers/request/post/*')
@@ -227,7 +227,7 @@ class CertMaster(object):
          if with_triggers:
              self._run_triggers(hn,'/var/lib/certmaster/triggers/remove/post/*')
  
          if with_triggers:
              self._run_triggers(hn,'/var/lib/certmaster/triggers/remove/post/*')
  
-    def sign_this_csr(self, csr, with_triggers=True,ca=''):
+    def sign_this_csr(self, csr, with_triggers=True, ca=''):
          """returns the path to the signed cert file"""
          csr_unlink_file = None
  
          """returns the path to the signed cert file"""
          csr_unlink_file = None
  
@@ -263,7 +263,7 @@ class CertMaster(object):
  
          certfile = '%s/%s.cert' % (self.cfg.ca[ca]['certroot'], requesting_host)
          self.logger.info("Signing for csr %s requested" % certfile)
  
          certfile = '%s/%s.cert' % (self.cfg.ca[ca]['certroot'], requesting_host)
          self.logger.info("Signing for csr %s requested" % certfile)
-        thiscert = certs.create_slave_certificate(csrreq, self.cakey, self.cacert, self.cfg.ca[ca]['cadir'])
+        thiscert = certs.create_slave_certificate(csrreq, self.cakey[ca], self.cacert[ca], self.cfg.ca[ca]['cadir'])
  
          destfo = open(certfile, 'w')
          destfo.write(crypto.dump_certificate(crypto.FILETYPE_PEM, thiscert))
  
          destfo = open(certfile, 'w')
          destfo.write(crypto.dump_certificate(crypto.FILETYPE_PEM, thiscert))
diff --git a/scripts/certmaster-ca b/scripts/certmaster-ca

index 0e43253..7f8f967 100755 (executable)
--- a/scripts/certmaster-ca
+++ b/scripts/certmaster-ca
@@ -64,7 +64,7 @@ def main(args):
  
          
      if opts.list:
  
          
      if opts.list:
-        hns = cm.get_csrs_waiting(opts.ca)
+        hns = cm.get_csrs_waiting(ca=opts.ca)
          if hns:
              for hn in sorted(hns):
                  print hn
          if hns:
              for hn in sorted(hns):
                  print hn
@@ -86,7 +86,7 @@ def main(args):
                  return 1
              
              for fn in csrs:
                  return 1
              
              for fn in csrs:
-                certfile = cm.sign_this_csr(opts.ca,fn)
+                certfile = cm.sign_this_csr(fn, ca=opts.ca)
                  print '%s signed - cert located at %s' % (fn, certfile)
          return 0
      
                  print '%s signed - cert located at %s' % (fn, certfile)
          return 0
      
@@ -96,7 +96,7 @@ def main(args):
              return 1
          
          for hn in args:
              return 1
          
          for hn in args:
-            cm.remove_this_cert(opts.ca,hn)
+            cm.remove_this_cert(hn, ca=opts.ca)
          
          return 0
  
          
          return 0
  
@@ -105,7 +105,7 @@ def main(args):
          if args:
              hostglobs = args
  
          if args:
              hostglobs = args
  
-        signed_certs = cm.get_signed_certs(opts.ca, args)
+        signed_certs = cm.get_signed_certs(args, ca=opts.ca)
  
          for i in sorted(signed_certs):
              print i
  
          for i in sorted(signed_certs):
              print i
@@ -117,7 +117,7 @@ def main(args):
          if args:
              hostglobs = args
              
          if args:
              hostglobs = args
              
-        cert_hashes = cm.get_cert_hashes(opts.ca, hostglobs)
+        cert_hashes = cm.get_cert_hashes(hostglobs, ca=opts.ca)
  
          for i in sorted(cert_hashes):
              print i
  
          for i in sorted(cert_hashes):
              print i
diff --git a/scripts/certmaster-sync b/scripts/certmaster-sync

index 4d9559f..ca7710e 100644 (file)
--- a/scripts/certmaster-sync
+++ b/scripts/certmaster-sync
@@ -24,9 +24,14 @@ import xmlrpclib
  from glob import glob
  from time import sleep
  from certmaster import certmaster as certmaster
  from glob import glob
  from time import sleep
  from certmaster import certmaster as certmaster
-from func.overlord.client import Client
-from func.CommonErrors import Func_Client_Exception
-import func.jobthing as jobthing
+
+func_import_failure = None
+try:
+    from func.overlord.client import Client
+    from func.CommonErrors import Func_Client_Exception
+    import func.jobthing as jobthing
+except ImportError, e:
+    func_import_failure = str(e)
  
  def syncable(cert_list):
      """
  
  def syncable(cert_list):
      """
@@ -137,6 +142,11 @@ def main():
      if not cm.cfg.sync_certs and not forced:
          sys.exit(0)
  
      if not cm.cfg.sync_certs and not forced:
          sys.exit(0)
  
+    # Don't complain about func not being available until you actually want it
+    if func_import_failure != None:
+        print >> sys.stderr,  "errors importing func: %s" % func_import_failure
+        sys.exit(1)
+
      certs = glob(os.path.join(cm.cfg.certroot,
                                '*.%s' % cm.cfg.cert_extension))
      hosts = syncable(certs)
      certs = glob(os.path.join(cm.cfg.certroot,
                                '*.%s' % cm.cfg.cert_extension))
      hosts = syncable(certs)
author	Jude Nagurney <jude@pwan.org>
	Fri, 6 Mar 2015 13:44:21 +0000 (08:44 -0500)
committer	Jude Nagurney <jude@pwan.org>
	Fri, 6 Mar 2015 13:44:21 +0000 (08:44 -0500)
certmaster/certmaster.py		patch \| blob \| history
scripts/certmaster-ca		patch \| blob \| history
scripts/certmaster-sync		patch \| blob \| history