def pre_config(self):
info("PRE-config actions.")
self.pkgtool.install(pkgs=["ntp"])
info("<ntp> installed.")
runcmd("mount -o remount,acl,user_xattr /")
info("Enabled ACLs and Extended Attribute Support in /")
info("END of PRE-config actions.")
def pre_install(self):
info("PRE-install actions.")
try:
pwd.getpwnam("storm")
except KeyError:
runcmd("/usr/sbin/adduser -M storm")
info("users storm and gridhttps added")
info("END of PRE-install actions.")
def issue_cert(self,
hostname=system.fqdn,
hash="1024",
key_prv=None,
key_pub=None):
"""Issues a cert.
hostname: CN value.
key_prv: Alternate path to store the certificate's private key.
key_pub: Alternate path to store the certificate's public key.
"""
with lcd(self.workspace):
runcmd(
("openssl req -newkey rsa:%s -nodes -sha1 -keyout "
"cert.key -keyform PEM -out cert.req -outform PEM "
"-subj '/DC=%s/DC=%s/CN=%s'" %
(hash, self.domain_comp_country, self.domain_comp, hostname)))
runcmd(("openssl x509 -req -in cert.req -CA ca.pem -CAkey ca.key "
"-CAcreateserial -out cert.crt -days 1"))
if key_prv:
runcmd("cp cert.key %s" % key_prv)
info("Private key stored in '%s'." % key_prv)
if key_pub:
runcmd("cp cert.crt %s" % key_pub)
info("Public key stored in '%s'." % key_pub)
def runcmd(self, cmd, chdir=None, fail_check=True, log_to_file=True):
logfile = None
if log_to_file:
logfile = self.logfile
r = runcmd(cmd, chdir=chdir, fail_check=fail_check, logfile=logfile)
return r
def create(self, trusted_ca_dir=None):
"""Creates the CA public and private key.
trusted_ca_dir: if set, it will copy the CA public key and the
signing policy file under the trusted CA
directory.
"""
runcmd("mkdir -p %s" % self.workspace)
with lcd(self.workspace):
subject = "/DC=%s/DC=%s/CN=%s" % (
self.domain_comp_country, self.domain_comp, self.common_name)
runcmd(("openssl req -x509 -nodes -days 1 -newkey rsa:2048 "
"-out ca.pem -outform PEM -keyout ca.key -subj "
"'%s'" % subject))
if trusted_ca_dir:
hash = runcmd("openssl x509 -noout -hash -in ca.pem")
runcmd("cp ca.pem %s" %
os.path.join(trusted_ca_dir, '.'.join([hash, '0'])))
with open(
os.path.join(trusted_ca_dir,
'.'.join([hash, "signing_policy"])),
'w') as f:
f.writelines([
"access_id_CA\tX509\t'%s'\n" % subject,
"pos_rights\tglobus\tCA:sign\n",
"cond_subjects\tglobus\t'\"/DC=%s/DC=%s/*\"'\n" %
(self.domain_comp_country, self.domain_comp)
])
def yum(action, pkgs=None):
if pkgs:
r = runcmd("yum -y %s %s" % (action, " ".join(pkgs)))
else:
r = runcmd("yum -y %s" % action)
return r
def _enable_repo(self, repofile):
runcmd("wget %s -O %s" % (repofile,
os.path.join(self.REPOPATH[system.distname],
os.path.basename(repofile))))