Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.core
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Xiaowu Zhang
slapos.core
Commits
ffaf4491
Commit
ffaf4491
authored
Jul 04, 2017
by
Alain Takoudjou
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
fixup: certificate generation for instance
parent
a30ef074
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
20 additions
and
19 deletions
+20
-19
master/product/Vifib/Tool/SlapTool.py
master/product/Vifib/Tool/SlapTool.py
+1
-1
slapos/cli/register.py
slapos/cli/register.py
+1
-0
slapos/grid/SlapObject.py
slapos/grid/SlapObject.py
+18
-18
No files found.
master/product/Vifib/Tool/SlapTool.py
View file @
ffaf4491
...
@@ -1216,7 +1216,7 @@ class SlapTool(BaseTool):
...
@@ -1216,7 +1216,7 @@ class SlapTool(BaseTool):
for
certificate_id
in
instance
.
contentValues
(
for
certificate_id
in
instance
.
contentValues
(
portal_type
=
'Certificate Access ID'
,
validation_state
=
'validated'
):
portal_type
=
'Certificate Access ID'
,
validation_state
=
'validated'
):
if
certificate_id
.
getValidationState
()
==
'validated'
:
if
certificate_id
.
getValidationState
()
==
'validated'
:
instance
.
revokeCertificate
(
certificate_id
.
getReference
()
)
instance
.
revokeCertificate
(
certificate_id
)
if
instance
.
getValidationState
()
==
'validated'
:
if
instance
.
getValidationState
()
==
'validated'
:
instance
.
invalidate
()
instance
.
invalidate
()
...
...
slapos/cli/register.py
View file @
ffaf4491
...
@@ -36,6 +36,7 @@ import sys
...
@@ -36,6 +36,7 @@ import sys
import
pkg_resources
import
pkg_resources
import
requests
import
requests
import
uuid
import
uuid
import
urllib
from
slapos.cli.command
import
Command
,
must_be_root
from
slapos.cli.command
import
Command
,
must_be_root
from
slapos.certificate
import
(
parse_certificate_from_html
,
from
slapos.certificate
import
(
parse_certificate_from_html
,
...
...
slapos/grid/SlapObject.py
View file @
ffaf4491
...
@@ -39,9 +39,11 @@ import tempfile
...
@@ -39,9 +39,11 @@ import tempfile
import
time
import
time
import
xmlrpclib
import
xmlrpclib
import
uuid
import
uuid
import
errno
from
supervisor
import
xmlrpc
from
supervisor
import
xmlrpc
from
slapos.grid.utils
import
(
md5digest
,
getCleanEnvironment
,
from
slapos.grid.utils
import
(
md5digest
,
getCleanEnvironment
,
SlapPopen
,
dropPrivileges
,
updateFile
)
SlapPopen
,
dropPrivileges
,
updateFile
)
from
slapos.grid
import
utils
# for methods that could be mocked, access them through the module
from
slapos.grid
import
utils
# for methods that could be mocked, access them through the module
...
@@ -54,6 +56,7 @@ from slapos.human import bytes2human
...
@@ -54,6 +56,7 @@ from slapos.human import bytes2human
from
slapos.certificate
import
(
generateCertificateRequest
,
from
slapos.certificate
import
(
generateCertificateRequest
,
generatePrivatekey
,
generatePrivatekey
,
validateCertAndKey
)
validateCertAndKey
)
from
OpenSSL
import
crypto
WATCHDOG_MARK
=
'-on-watch'
WATCHDOG_MARK
=
'-on-watch'
...
@@ -417,18 +420,15 @@ class Partition(object):
...
@@ -417,18 +420,15 @@ class Partition(object):
The node generate the private key and send
The node generate the private key and send
"""
"""
try
:
if
os
.
path
.
exists
(
self
.
cert_file
):
cert_fd
=
os
.
open
(
self
.
cert_file
,
if
not
os
.
stat
(
self
.
cert_file
).
st_size
:
os
.
O_CREAT
|
os
.
O_WRONLY
|
os
.
O_EXCL
|
os
.
O_TRUNC
,
os
.
unlink
(
self
.
cert_file
)
0600
)
else
:
except
OSError
,
e
:
# the certificate exists, no need to download it
if
e
.
errno
!=
errno
.
EEXIST
:
return
raise
# the certificate exists, no need to download it
return
uid
,
gid
=
self
.
getUserGroupId
()
uid
,
gid
=
self
.
getUserGroupId
()
key_string
=
generatePrivatekey
(
self
.
key_file
,
uid
,
gid
)
key_string
=
generatePrivatekey
(
self
.
key_file
,
uid
=
uid
,
gid
=
gid
)
csr_string
=
generateCertificateRequest
(
key_string
,
cn
=
str
(
uuid
.
uuid4
()))
csr_string
=
generateCertificateRequest
(
key_string
,
cn
=
str
(
uuid
.
uuid4
()))
try
:
try
:
partition_certificate
=
self
.
computer_partition
.
getCertificate
(
partition_certificate
=
self
.
computer_partition
.
getCertificate
(
...
@@ -437,14 +437,14 @@ class Partition(object):
...
@@ -437,14 +437,14 @@ class Partition(object):
raise
NotFoundError
(
'Partition %s is not known by SlapOS Master.'
%
raise
NotFoundError
(
'Partition %s is not known by SlapOS Master.'
%
self
.
partition_id
)
self
.
partition_id
)
os
.
write
(
cert_fd
,
partition_certificate
)
cert_fd
=
os
.
open
(
self
.
cert_file
,
os
.
O_CREAT
|
os
.
O_WRONLY
|
os
.
O_TRUNC
,
0600
)
os
.
write
(
cert_fd
,
partition_certificate
[
'certificate'
])
os
.
close
(
cert_fd
)
os
.
close
(
cert_fd
)
os
.
chown
(
self
.
cert_file
,
uid
,
gid
)
os
.
chown
(
self
.
cert_file
,
uid
,
gid
)
self
.
logger
.
info
(
'Certificate file saved at %r'
%
self
.
cert_file
)
# Check that certificate and key are OK
# Check that certificate and key are OK
try
:
try
:
validateCertAndKey
(
self
.
key_file
,
self
.
cert
_file
)
validateCertAndKey
(
self
.
cert_file
,
self
.
key
_file
)
except
crypto
.
Error
:
except
crypto
.
Error
:
# Invalid Certificate file
# Invalid Certificate file
if
os
.
path
.
exists
(
self
.
cert_file
):
if
os
.
path
.
exists
(
self
.
cert_file
):
...
@@ -452,7 +452,7 @@ class Partition(object):
...
@@ -452,7 +452,7 @@ class Partition(object):
raise
raise
# except SSL.Error
# except SSL.Error
# Raise when certificate and key didn't match
# Raise when certificate and key didn't match
self
.
logger
.
info
(
'Certificate file saved at %r'
%
self
.
cert_file
)
def
getUserGroupId
(
self
):
def
getUserGroupId
(
self
):
"""Returns tuple of (uid, gid) of partition"""
"""Returns tuple of (uid, gid) of partition"""
...
@@ -711,10 +711,6 @@ class Partition(object):
...
@@ -711,10 +711,6 @@ class Partition(object):
raise
subprocess
.
CalledProcessError
(
message
,
process_handler
.
output
)
raise
subprocess
.
CalledProcessError
(
message
,
process_handler
.
output
)
# Manually cleans what remains
# Manually cleans what remains
try
:
try
:
for
f
in
[
self
.
key_file
,
self
.
cert_file
]:
if
f
:
if
os
.
path
.
exists
(
f
):
os
.
unlink
(
f
)
# better to manually remove symlinks because rmtree might choke on them
# better to manually remove symlinks because rmtree might choke on them
sr_symlink
=
os
.
path
.
join
(
self
.
instance_path
,
'software_release'
)
sr_symlink
=
os
.
path
.
join
(
self
.
instance_path
,
'software_release'
)
...
@@ -739,6 +735,10 @@ class Partition(object):
...
@@ -739,6 +735,10 @@ class Partition(object):
if
os
.
path
.
exists
(
self
.
supervisord_partition_configuration_path
):
if
os
.
path
.
exists
(
self
.
supervisord_partition_configuration_path
):
os
.
remove
(
self
.
supervisord_partition_configuration_path
)
os
.
remove
(
self
.
supervisord_partition_configuration_path
)
for
f
in
[
self
.
key_file
,
self
.
cert_file
]:
if
f
:
if
os
.
path
.
exists
(
f
):
os
.
unlink
(
f
)
self
.
updateSupervisor
()
self
.
updateSupervisor
()
except
IOError
as
exc
:
except
IOError
as
exc
:
raise
IOError
(
"I/O error while freeing partition (%s): %s"
%
(
self
.
instance_path
,
exc
))
raise
IOError
(
"I/O error while freeing partition (%s): %s"
%
(
self
.
instance_path
,
exc
))
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment