Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos
Commits
2eee45d9
Commit
2eee45d9
authored
Jun 05, 2015
by
Rafael Monnerat
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 're6st-master'
parents
8fe2ce40
eac6c832
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
45 additions
and
9 deletions
+45
-9
slapos/recipe/re6stnet/__init__.py
slapos/recipe/re6stnet/__init__.py
+5
-1
slapos/recipe/re6stnet/re6stnet.py
slapos/recipe/re6stnet/re6stnet.py
+37
-5
software/re6stnet/instance-re6stnet.cfg.in
software/re6stnet/instance-re6stnet.cfg.in
+3
-3
No files found.
slapos/recipe/re6stnet/__init__.py
View file @
2eee45d9
...
@@ -253,8 +253,12 @@ class Recipe(GenericBaseRecipe):
...
@@ -253,8 +253,12 @@ class Recipe(GenericBaseRecipe):
msg
=
'Token is ready for use'
msg
=
'Token is ready for use'
elif
status
==
'TOKEN_USED'
:
elif
status
==
'TOKEN_USED'
:
msg
=
'Token not available, it has been used to generate re6stnet certificate.'
msg
=
'Token not available, it has been used to generate re6stnet certificate.'
ipv6_file
=
os
.
path
.
join
(
token_list_path
,
'%s.ipv6'
%
slave_reference
)
ipv6
=
self
.
readFile
(
ipv6_file
)
or
'::'
computer_partition
.
setConnectionDict
(
computer_partition
.
setConnectionDict
(
{
'token'
:
token
,
'1_info'
:
msg
},
{
'token'
:
token
,
'1_info'
:
msg
,
'ipv6'
:
ipv6
},
slave_reference
)
slave_reference
)
except
Exception
:
except
Exception
:
self
.
logger
.
fatal
(
"Error while sending slave %s informations: %s"
,
self
.
logger
.
fatal
(
"Error while sending slave %s informations: %s"
,
...
...
slapos/recipe/re6stnet/re6stnet.py
View file @
2eee45d9
...
@@ -7,9 +7,10 @@ import sqlite3
...
@@ -7,9 +7,10 @@ import sqlite3
import
slapos
import
slapos
import
traceback
import
traceback
from
re6st
import
registry
,
x509
from
re6st
import
registry
,
utils
,
x509
from
OpenSSL
import
crypto
from
OpenSSL
import
crypto
log
=
logging
.
getLogger
(
'SLAPOS-RE6STNET'
)
log
=
logging
.
getLogger
(
'SLAPOS-RE6STNET'
)
logging
.
basicConfig
(
level
=
logging
.
DEBUG
)
logging
.
basicConfig
(
level
=
logging
.
DEBUG
)
...
@@ -36,7 +37,7 @@ def getDb(db_path):
...
@@ -36,7 +37,7 @@ def getDb(db_path):
db
=
sqlite3
.
connect
(
db_path
,
isolation_level
=
None
,
db
=
sqlite3
.
connect
(
db_path
,
isolation_level
=
None
,
check_same_thread
=
False
)
check_same_thread
=
False
)
db
.
text_factory
=
str
db
.
text_factory
=
str
return
db
.
cursor
()
return
db
.
cursor
()
def
bang
(
args
):
def
bang
(
args
):
...
@@ -90,14 +91,14 @@ def requestAddToken(args, can_bang=True):
...
@@ -90,14 +91,14 @@ def requestAddToken(args, can_bang=True):
call_bang
=
True
call_bang
=
True
else
:
else
:
log
.
debug
(
'Bad token. Request add token fail for %s...'
%
request_file
)
log
.
debug
(
'Bad token. Request add token fail for %s...'
%
request_file
)
if
can_bang
and
call_bang
:
if
can_bang
and
call_bang
:
bang
(
args
)
bang
(
args
)
def
requestRemoveToken
(
args
):
def
requestRemoveToken
(
args
):
base_token_path
=
args
[
'token_base_path'
]
base_token_path
=
args
[
'token_base_path'
]
path_list
=
[
x
for
x
in
os
.
listdir
(
base_token_path
)
if
x
.
endswith
(
'.remove'
)]
path_list
=
[
x
for
x
in
os
.
listdir
(
base_token_path
)
if
x
.
endswith
(
'.remove'
)]
if
not
path_list
:
if
not
path_list
:
log
.
info
(
"No token to delete. Exiting..."
)
log
.
info
(
"No token to delete. Exiting..."
)
return
return
...
@@ -126,6 +127,10 @@ def requestRemoveToken(args):
...
@@ -126,6 +127,10 @@ def requestRemoveToken(args):
status_file
=
os
.
path
.
join
(
base_token_path
,
'%s.status'
%
reference
)
status_file
=
os
.
path
.
join
(
base_token_path
,
'%s.status'
%
reference
)
if
os
.
path
.
exists
(
status_file
):
if
os
.
path
.
exists
(
status_file
):
os
.
unlink
(
status_file
)
os
.
unlink
(
status_file
)
ipv6_file
=
os
.
path
.
join
(
base_token_path
,
'%s.ipv6'
%
reference
)
if
os
.
path
.
exists
(
ipv6_file
):
os
.
unlink
(
ipv6_file
)
else
:
else
:
log
.
debug
(
'Bad token. Request add token fail for %s...'
%
request_file
)
log
.
debug
(
'Bad token. Request add token fail for %s...'
%
request_file
)
...
@@ -162,6 +167,28 @@ def requestRevoqueCertificate(args):
...
@@ -162,6 +167,28 @@ def requestRevoqueCertificate(args):
os
.
unlink
(
os
.
path
.
join
(
base_token_path
,
reference_key
))
os
.
unlink
(
os
.
path
.
join
(
base_token_path
,
reference_key
))
log
.
info
(
"Certificate revoked for slave instance %s."
%
reference
)
log
.
info
(
"Certificate revoked for slave instance %s."
%
reference
)
def
dumpIPv6Network
(
slave_reference
,
db
,
network
,
ipv6_file
):
email
=
'%s@slapos'
%
slave_reference
.
lower
()
try
:
cert_string
,
=
db
.
execute
(
"SELECT cert FROM cert WHERE email = ?"
,
(
email
,)).
next
()
except
StopIteration
:
# Certificate was not generated yet !!!
pass
try
:
if
cert_string
:
cert
=
crypto
.
load_certificate
(
crypto
.
FILETYPE_PEM
,
cert_string
)
cn
=
x509
.
subnetFromCert
(
cert
)
subnet
=
network
+
utils
.
binFromSubnet
(
cn
)
ipv6
=
utils
.
ipFromBin
(
subnet
)
writeFile
(
ipv6_file
,
ipv6
)
except
Exception
:
log
.
debug
(
'XXX for %s...
\
n
%s'
%
(
slave_reference
,
traceback
.
format_exc
()))
def
checkService
(
args
,
can_bang
=
True
):
def
checkService
(
args
,
can_bang
=
True
):
base_token_path
=
args
[
'token_base_path'
]
base_token_path
=
args
[
'token_base_path'
]
token_dict
=
loadJsonFile
(
args
[
'token_json'
])
token_dict
=
loadJsonFile
(
args
[
'token_json'
])
...
@@ -175,16 +202,21 @@ def checkService(args, can_bang=True):
...
@@ -175,16 +202,21 @@ def checkService(args, can_bang=True):
computer_guid
=
args
[
'computer_id'
]
computer_guid
=
args
[
'computer_id'
]
partition_id
=
args
[
'partition_id'
]
partition_id
=
args
[
'partition_id'
]
slap
=
slapos
.
slap
.
slap
()
slap
=
slapos
.
slap
.
slap
()
client
=
registry
.
RegistryClient
(
args
[
'registry_url'
])
ca
=
client
.
getCa
()
network
=
x509
.
networkFromCa
(
crypto
.
load_certificate
(
crypto
.
FILETYPE_PEM
,
ca
))
# Check token status
# Check token status
for
slave_reference
,
token
in
token_dict
.
iteritems
():
for
slave_reference
,
token
in
token_dict
.
iteritems
():
status_file
=
os
.
path
.
join
(
base_token_path
,
'%s.status'
%
slave_reference
)
status_file
=
os
.
path
.
join
(
base_token_path
,
'%s.status'
%
slave_reference
)
ipv6_file
=
os
.
path
.
join
(
base_token_path
,
'%s.ipv6'
%
slave_reference
)
if
not
os
.
path
.
exists
(
status_file
):
if
not
os
.
path
.
exists
(
status_file
):
# This token is not added yet!
# This token is not added yet!
continue
continue
msg
=
readFile
(
status_file
)
msg
=
readFile
(
status_file
)
if
msg
==
'TOKEN_USED'
:
if
msg
==
'TOKEN_USED'
:
dumpIPv6Network
(
slave_reference
,
db
,
network
,
ipv6_file
)
continue
continue
# Check if token is not in the database
# Check if token is not in the database
...
@@ -200,8 +232,8 @@ def checkService(args, can_bang=True):
...
@@ -200,8 +232,8 @@ def checkService(args, can_bang=True):
# Token is used to register client
# Token is used to register client
call_bang
=
True
call_bang
=
True
try
:
try
:
time
.
sleep
(
1
)
writeFile
(
status_file
,
'TOKEN_USED'
)
writeFile
(
status_file
,
'TOKEN_USED'
)
dumpIPv6Network
(
slave_reference
,
db
,
network
,
ipv6_file
)
log
.
info
(
"Token status of %s updated to 'used'."
%
slave_reference
)
log
.
info
(
"Token status of %s updated to 'used'."
%
slave_reference
)
except
IOError
:
except
IOError
:
# XXX- this file should always exists
# XXX- this file should always exists
...
...
software/re6stnet/instance-re6stnet.cfg.in
View file @
2eee45d9
...
@@ -176,21 +176,21 @@ command-line = "{{ python_bin }}" ${re6st-registry:manager-wrapper}
...
@@ -176,21 +176,21 @@ command-line = "{{ python_bin }}" ${re6st-registry:manager-wrapper}
recipe = slapos.cookbook:cron.d
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
cron-entries = ${cron:cron-entries}
name = re6stnet-check-token
name = re6stnet-check-token
frequency =
0 */1
* * *
frequency =
*/5 *
* * *
command = {{ python_bin }} ${re6st-registry:check-service-wrapper}
command = {{ python_bin }} ${re6st-registry:check-service-wrapper}
[cron-entry-re6st-revoke]
[cron-entry-re6st-revoke]
recipe = slapos.cookbook:cron.d
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
cron-entries = ${cron:cron-entries}
name = re6stnet-revoke-cert
name = re6stnet-revoke-cert
frequency = */
30
* * * *
frequency = */
5
* * * *
command = {{ python_bin }} ${re6st-registry:revoke-service-wrapper}
command = {{ python_bin }} ${re6st-registry:revoke-service-wrapper}
[cron-entry-re6st-drop]
[cron-entry-re6st-drop]
recipe = slapos.cookbook:cron.d
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
cron-entries = ${cron:cron-entries}
name = re6stnet-drop-token
name = re6stnet-drop-token
frequency = */
30
* * * *
frequency = */
5
* * * *
command = {{ python_bin }} ${re6st-registry:drop-service-wrapper}
command = {{ python_bin }} ${re6st-registry:drop-service-wrapper}
[logrotate-entry-re6stnet]
[logrotate-entry-re6stnet]
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment