def sync_fields(self, o, fields): pki_dir = OpenVPNService.get_pki_dir(o) if (not os.path.isdir(pki_dir)): OpenVPNService.execute_easyrsa_command(pki_dir, "init-pki") OpenVPNService.execute_easyrsa_command( pki_dir, "--req-cn=XOS build-ca nopass") # Very hacky way to handle VPNs that need to share CAs if (o.use_ca_from_id): tenant = OpenVPNTenant.get_tenant_objects().filter( pk=o.use_ca_from_id)[0] other_pki_dir = OpenVPNService.get_pki_dir(tenant) shutil.copy2(other_pki_dir + "/ca.crt", pki_dir) shutil.copy2(other_pki_dir + "/private/ca.key", pki_dir + "/private") # If the server has to be built then we need to build it if (not os.path.isfile(pki_dir + "/issued/server.crt")): OpenVPNService.execute_easyrsa_command( pki_dir, "build-server-full server nopass") OpenVPNService.execute_easyrsa_command(pki_dir, "gen-dh") # Get the most recent list of revoked clients OpenVPNService.execute_easyrsa_command(pki_dir, "gen-crl") # Super runs the playbook super(SyncOpenVPNTenant, self).sync_fields(o, fields)
def sync_fields(self, o, fields): pki_dir = OpenVPNService.get_pki_dir(o) if (not os.path.isdir(pki_dir)): OpenVPNService.execute_easyrsa_command(pki_dir, "init-pki") OpenVPNService.execute_easyrsa_command( pki_dir, "--req-cn=XOS build-ca nopass") # Very hacky way to handle VPNs that need to share CAs if (o.use_ca_from_id): tenant = OpenVPNTenant.get_tenant_objects().filter( pk=o.use_ca_from_id)[0] other_pki_dir = OpenVPNService.get_pki_dir(tenant) shutil.copy2(other_pki_dir + "/ca.crt", pki_dir) shutil.copy2(other_pki_dir + "/private/ca.key", pki_dir + "/private") # If the server has to be built then we need to build it if (not os.path.isfile(pki_dir + "/issued/server.crt")): OpenVPNService.execute_easyrsa_command( pki_dir, "build-server-full server nopass") OpenVPNService.execute_easyrsa_command(pki_dir, "gen-dh") # Get the most recent list of revoked clients OpenVPNService.execute_easyrsa_command(pki_dir, "gen-crl") # Super runs the playbook super(SyncOpenVPNTenant, self).sync_fields(o, fields)
def sync_record(self, record): if (not record.tenant.id): raise DeferredException("Privilege waiting on VPN Tenant ID") certificate = self.get_certificate_name(record) tenant = OpenVPNTenant.get_tenant_objects().filter(pk=record.tenant.id)[0] if (not tenant): raise DeferredException("Privilege waiting on VPN Tenant") # Only add a certificate if ones does not yet exist pki_dir = OpenVPNService.get_pki_dir(tenant) if (not os.path.isfile(pki_dir + "/issued/" + certificate + ".crt")): OpenVPNService.execute_easyrsa_command( pki_dir, "build-client-full " + certificate + " nopass") tenant.save() record.save()
def sync_record(self, record): if (not record.tenant.id): raise DeferredException("Privilege waiting on VPN Tenant ID") certificate = self.get_certificate_name(record) tenant = OpenVPNTenant.get_tenant_objects().filter( pk=record.tenant.id)[0] if (not tenant): raise DeferredException("Privilege waiting on VPN Tenant") # Only add a certificate if ones does not yet exist pki_dir = OpenVPNService.get_pki_dir(tenant) if (not os.path.isfile(pki_dir + "/issued/" + certificate + ".crt")): OpenVPNService.execute_easyrsa_command( pki_dir, "build-client-full " + certificate + " nopass") tenant.save() record.save()
def delete_record(self, record): if (not record.tenant.id): return certificate = self.get_certificate_name(record) tenant = OpenVPNTenant.get_tenant_objects().filter(pk=record.tenant.id)[0] if (not tenant): return # If the client has already been reovked don't do it again pki_dir = OpenVPNService.get_pki_dir(tenant) if (os.path.isfile(pki_dir + "/issued/" + certificate + ".crt")): OpenVPNService.execute_easyrsa_command( pki_dir, "revoke " + certificate) # Revoking a client cert does not delete any of the files # to make sure that we can add this user again we need to # delete all of the files created by easyrsa os.remove(pki_dir + "/issued/" + certificate + ".crt") os.remove(pki_dir + "/private/" + certificate + ".key") os.remove(pki_dir + "/reqs/" + certificate + ".req") tenant.save() record.delete()
def delete_record(self, record): if (not record.tenant.id): return certificate = self.get_certificate_name(record) tenant = OpenVPNTenant.get_tenant_objects().filter( pk=record.tenant.id)[0] if (not tenant): return # If the client has already been reovked don't do it again pki_dir = OpenVPNService.get_pki_dir(tenant) if (os.path.isfile(pki_dir + "/issued/" + certificate + ".crt")): OpenVPNService.execute_easyrsa_command(pki_dir, "revoke " + certificate) # Revoking a client cert does not delete any of the files # to make sure that we can add this user again we need to # delete all of the files created by easyrsa os.remove(pki_dir + "/issued/" + certificate + ".crt") os.remove(pki_dir + "/private/" + certificate + ".key") os.remove(pki_dir + "/reqs/" + certificate + ".req") tenant.save() record.delete()