def deploy_ca_certs(file_path_list,
                        remote_ip,
                        user,
                        password,
                        dest_dir,
                        no_delete=None):
        """
        Copy files to remote node and remove local files
        """
        CommonTools.remote_mkdir_with_mode(dest_dir,
                                           Constant.AUTH_COMMON_DIR_STR,
                                           remote_ip, user, password)

        for file_path in file_path_list:
            dest_file_path = os.path.join(dest_dir,
                                          os.path.basename(file_path))
            status, output = CommonTools.remote_copy_files(
                remote_ip, user, password, file_path, dest_file_path)
            if status != 0:
                raise Exception(Errors.EXECUTE_RESULT['gauss_0406'] %
                                (remote_ip, output))
            g.logger.debug('Successfully copy [%s] to remote node[%s]' %
                           (file_path, remote_ip))
        if no_delete:
            file_path_list = [
                file for file in file_path_list if file not in no_delete
            ]
        CommonTools.remove_files(file_path_list)
Beispiel #2
0
    def prepare_ca_certificates(self):
        """
        Generate server ca certificates.
        """
        ca_root_file_path, ca_root_key_path, server_cert_path, server_key_path, agent_cert_path, \
            agent_key_path = self.read_ca_cert_path()
        self.ca_info = self.param_dict.pop(Constant.CA_INFO)
        if not self.ca_info:
            raise Exception(Errors.PARAMETER['gauss_0201'] %
                            'ca root cert information')
        get_ca_root_cert_path = self.ca_info.get(Constant.CA_CERT_PATH)
        get_ca_root_key_path = self.ca_info.get(Constant.CA_KEY_PATH)
        get_ca_root_password = self.ca_info.get(Constant.CA_PASSWORD)
        if not all([
                get_ca_root_cert_path, get_ca_root_key_path,
                get_ca_root_password
        ]):
            raise Exception(Errors.PARAMETER['gauss_0201'] %
                            'items info of ca root cert')

        # copy ca root cert and key files to path of configured
        g.logger.info('Start deploy ca root files.')
        CommonTools.remove_files([ca_root_file_path, ca_root_key_path])
        CommonTools.mkdir_with_mode(os.path.dirname(ca_root_file_path),
                                    Constant.AUTH_COMMON_DIR_STR)
        CommonTools.copy_file_to_dest_path(get_ca_root_cert_path,
                                           ca_root_file_path)
        CommonTools.mkdir_with_mode(os.path.dirname(ca_root_key_path),
                                    Constant.AUTH_COMMON_DIR_STR)
        CommonTools.copy_file_to_dest_path(get_ca_root_key_path,
                                           ca_root_key_path)

        # get ssl password
        ssl_password = CertGenerator.get_rand_str()
        ca_config_path = os.path.join(
            os.path.dirname(os.path.realpath(__file__)), Constant.CA_CONFIG)
        server_ip = CommonTools.get_local_ip(ignore=True)
        g.logger.info('Get server ip:[%s].' % server_ip)

        # create server cert
        CertGenerator.create_ca_certificate_with_script(get_ca_root_password,
                                                        ssl_password,
                                                        ca_root_file_path,
                                                        ca_root_key_path,
                                                        ca_config_path,
                                                        server_cert_path,
                                                        server_key_path,
                                                        server_ip,
                                                        crt_type='server')
        g.logger.info('Successfully generate server ca certificate.')
        return get_ca_root_password, ssl_password, ca_root_file_path, ca_root_key_path, \
            ca_config_path, agent_cert_path, agent_key_path
    def create_root_certificate(ca_password, ca_crt_path, ca_key_path,
                                config_path):
        """
        function : create root ca file
        input : rand pass, dir path of certificates, config path
        output : NA
        """
        if not os.path.isfile(config_path):
            raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] % config_path)
        CommonTools.mkdir_with_mode(os.path.dirname(ca_crt_path),
                                    Constant.AUTH_COMMON_DIR_STR)
        CommonTools.mkdir_with_mode(os.path.dirname(ca_key_path),
                                    Constant.AUTH_COMMON_DIR_STR)
        ca_req_path = os.path.realpath(
            os.path.join(os.path.dirname(ca_crt_path), Constant.CA_ROOT_REQ))
        # create ca key file
        cmd = "%s echo '%s' |openssl genrsa -aes256  -passout stdin -out %s 2048" % (
            Constant.CMD_PREFIX, ca_password, ca_key_path)
        cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % (
            Constant.AUTH_COMMON_FILE_STR, ca_key_path)
        status, output = CommonTools.get_status_output_error(cmd, mixed=True)
        if status != 0:
            raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] %
                            'ca root key file')

        # 2 create ca req file
        cmd = "%s echo '%s' | openssl req -new -out %s -key %s -config %s -passin stdin" % (
            Constant.CMD_PREFIX, ca_password, ca_req_path, ca_key_path,
            config_path)
        cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % (
            Constant.AUTH_COMMON_FILE_STR, ca_req_path)
        status, output = CommonTools.get_status_output_error(cmd, mixed=True)
        if status != 0:
            raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] %
                            'ca root req file')

        # 3 create ca crt file
        cmd = "%s echo '%s' | openssl x509 -req -in %s " \
              "-signkey %s -days %s -out %s -passin stdin" % (
                Constant.CMD_PREFIX, ca_password, ca_req_path,
                ca_key_path, Constant.CA_ROOT_VALID_DATE, ca_crt_path)
        cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % (
            Constant.AUTH_COMMON_FILE_STR, ca_crt_path)
        status, output = CommonTools.get_status_output_error(cmd, mixed=True)
        if status != 0:
            raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] %
                            'ca root crt file')

        CommonTools.remove_files([ca_req_path])
        g.logger.info(
            'Successfully generate ca root certificate, file path[%s].' %
            ca_crt_path)
Beispiel #4
0
 def deploy_agent_certs(self):
     """
     Copy file from temp dir to config path.
     """
     file_list = self.read_ca_cert_path(agent_only=True)
     file_list.append(os.path.join(self.module_path, Constant.PWF_PATH))
     temp_cert_list = os.listdir(TMP_CA_FILE)
     for dest_path in file_list:
         CommonTools.mkdir_with_mode(os.path.dirname(dest_path),
                                     Constant.AUTH_COMMON_DIR_STR)
     CommonTools.remove_files(file_list)
     g.logger.info('Successfully prepare the path:%s' % str(file_list))
     for file_name in temp_cert_list:
         for dest_file in file_list:
             if file_name in dest_file:
                 from_path = os.path.join(TMP_CA_FILE, file_name)
                 CommonTools.copy_file_to_dest_path(from_path, dest_file)
     CommonTools.clean_dir(TMP_CA_FILE)
    def create_ca_certificate(ca_password,
                              ssl_password,
                              ca_crt_path,
                              ca_key_path,
                              config_path,
                              out_crt_path,
                              out_key_path,
                              ip,
                              crt_type='server'):
        """
        function : create server ca file or client ca file.
        input : rand pass, dir path of certificates, config path
        output : NA
        """
        if not os.path.isfile(config_path):
            raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] %
                            'config file:%s' % config_path)
        if not os.path.isfile(ca_crt_path):
            raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] %
                            'ca crt file:%s' % ca_crt_path)
        if not os.path.isfile(ca_key_path):
            raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] %
                            'ca key file:%s' % ca_key_path)
        CommonTools.mkdir_with_mode(os.path.dirname(out_key_path),
                                    Constant.AUTH_COMMON_DIR_STR)
        CommonTools.mkdir_with_mode(os.path.dirname(out_crt_path),
                                    Constant.AUTH_COMMON_DIR_STR)
        # create ca key file
        cmd = "%s echo '%s' | openssl genrsa -aes256 -passout stdin -out %s 2048" % (
            Constant.CMD_PREFIX, ssl_password, out_key_path)
        cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % (
            Constant.AUTH_COMMON_FILE_STR, out_key_path)

        status, output = CommonTools.get_status_output_error(cmd, mixed=True)
        if status != 0:
            raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] %
                            'ca key file' + output)

        ca_req_path = os.path.realpath(
            os.path.join(os.path.dirname(ca_crt_path), Constant.CA_REQ))

        # create ca req file
        openssl_conf_env = "export OPENSSL_CONF=%s" % config_path
        cmd = '%s %s && echo "%s" | openssl req -new -out %s -key %s ' \
              '-passin stdin -subj "/C=CN/ST=Some-State/O=%s/CN=%s"' % (
                Constant.CMD_PREFIX, openssl_conf_env, ssl_password,
                ca_req_path, out_key_path, crt_type, ip)
        cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % (
            Constant.AUTH_COMMON_FILE_STR, ca_req_path)

        status, output = CommonTools.get_status_output_error(cmd, mixed=True)
        if status != 0:
            raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] %
                            'ca req file' + output)

        # create server or client ca crt file
        cmd = '%s echo "%s" | openssl x509 -req -in %s -out %s -passin stdin ' \
              '-sha256 -CAcreateserial -days %s -CA %s -CAkey %s' % (
                Constant.CMD_PREFIX, ca_password, ca_req_path, out_crt_path,
                Constant.CA_VALID_DATE, ca_crt_path, ca_key_path)
        cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % (
            Constant.AUTH_COMMON_FILE_STR, out_crt_path)

        status, output = CommonTools.get_status_output_error(cmd, mixed=True)
        if status != 0:
            raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] %
                            'ca crt file')
        CommonTools.remove_files([ca_req_path])
        g.logger.info("Successfully generate %s ssl cert for node[%s]." %
                      (crt_type, ip))