def stopMN(minimal=False):
if Const.isWindows():
# ignore 2 error code, because in 5.4 pem cannot be stopped properly
uUtil.readCmd(['net', 'stop', 'pem'], valid_codes=[0, 2])
uUtil.readCmd(['net', 'stop', 'PAU'], valid_codes=[0, 1, 2])
else:
if not minimal:
# pem script actually returns 1 and 123 on valid stops
uUtil.execCommand('service pa-agent stop', [0, 1, 123])
uUtil.execCommand('service pau stop', [0, 1, 5])
# In some mysterious cases "service pa-agent stop" doesn't work
uUtil.readCmdExt(['killall', '-9', 'pa-agent'])
uUtil.readCmdExt(['killall', '-9', 'SoLoader'])
resetPIDs()
def generate_rsa_key():
env = os.environ.copy()
openssl_binary = _get_openssl_binary()
stdout, stderr, status = uUtil.readCmdExt(
[openssl_binary, 'genrsa', '1024'], env=env)
pempriv = stdout
b64der = ''.join([i for i in pempriv.split('\n') if '----' not in i])
stdout, stderr, status = uUtil.readCmdExt(
[openssl_binary, 'rsa', '-pubout'], input_data=pempriv, env=env)
pempub = stdout
b64derpub = ''.join([i for i in pempub.split('\n') if '----' not in i])
return b64der, b64derpub
def getHostCertificateDigest(host):
con = uSysDB.connect()
cur = con.cursor()
cur.execute("select sn_certificate from hosts where host_id = %s",
host.host_id)
row = cur.fetchone()
if not (row and row[0]):
raise Exception(
"Failed to get SN certificate for host %s from database. To fix, refer to https://kb.cloudblue.com/131620\n"
% (str(host.host_id)))
(keyfd, keyfile) = tempfile.mkstemp()
try:
os.write(keyfd, row[0])
finally:
os.close(keyfd)
cmd = "openssl x509 -in %s -pubkey -noout | grep -v '--' - | tr -d '\\n' | base64 -d | openssl dgst -sha256 -hex" % keyfile
(digest, err, status) = uUtil.readCmdExt(["/bin/sh", "-c", cmd])
os.remove(keyfile)
digest = digest.strip()
spaceidx = digest.find(" ")
if spaceidx <> -1:
digest = digest[spaceidx + 1:]
return digest
def createTMLOGSSite(rootpath, ip):
progress.do("creating tmlogs site")
appcmd = os.path.join(os.environ['SystemRoot'], 'System32', 'inetsrv', 'appcmd.exe')
tdir = os.path.join(rootpath.replace('/', '\\'), 'var', 'taskLogs')
if os.path.exists(appcmd):
out, err, status = uUtil.readCmdExt(
'%s add vdir "/app.name:%s/" "/physicalPath:%s" /path:/tmlogs' % (appcmd, site_name, tdir))
uLogging.debug("%s %s %s", out, err, status)
out, err, status = uUtil.readCmdExt(
'%s set config /section:staticContent /+\"[fileExtension=\'.\',mimeType=\'text/plain\']\"' % (appcmd))
uLogging.debug("%s %s %s", out, err, status)
else:
uLogging.info("IIS 7 appcmd not found, skipping tmlogs site setup")
try:
os.makedirs(tdir)
except:
pass
progress.done()
def __get_java_version():
if os.getenv('JAVA_HOME') == None:
java_path = 'java'
else:
java_path = os.path.join(os.getenv('JAVA_HOME'), 'bin', 'java')
todo = 'ensure JDK installed and java executable is in PATH or in JAVA_HOME/bin'
try:
out, err, ret = uUtil.readCmdExt([java_path, '-version'])
except Exception, e:
raise uPrecheck.PrecheckFailed(
'can not check java version! exception %s' % e, todo)
def createPPMSite(config):
progress.do("creating ppm site")
system_root = os.environ['SystemRoot']
appcmd = os.path.join(system_root, 'System32', 'inetsrv', 'appcmd.exe')
source_dir = config.source_dir
tarball_dir = os.path.join(config.rootpath.replace('/', '\\'), 'install', 'tarballs')
if not os.path.exists(appcmd):
uLogging.debug("IIS 6")
out, err, status = uUtil.readCmdExt(
[os.path.join(source_dir, 'os', Const.getDistribWinDir(), 'IISAdministrationTools', '_install.bat')])
uLogging.debug("%s %s %s", out, err, status)
iis_web = os.path.join(system_root, 'System32', 'iisweb.vbs')
out, err, status = uUtil.readCmdExt(['cscript', iis_web, '/delete', site_name])
uLogging.debug("%s %s %s", out, err, status)
out, err, status = uUtil.readCmdExt(
['cscript', iis_web, '/create', tarball_dir, site_name, '/i', config.communication_ip])
uLogging.debug("%s %s %s", out, err, status)
out, err, status = uUtil.readCmdExt(
['cscript', os.path.join(system_root, 'System32', 'iisvdir.vbs'), '/create', site_name, 'tarballs', tarball_dir])
uLogging.debug("%s %s %s", out, err, status)
else:
uLogging.debug("IIS 7")
out, err, status = uUtil.readCmdExt('%s delete site /site.name:"%s"' % (appcmd, site_name))
uLogging.debug("%s %s %s", out, err, status)
out, err, status = uUtil.readCmdExt(
'%s add site "/name:%s" /bindings:"http://%s:80" "/physicalPath:%s"' % (appcmd, site_name, config.communication_ip, tarball_dir))
uLogging.debug("%s %s %s", out, err, status)
out, err, status = uUtil.readCmdExt(
'%s add vdir "/app.name:%s/" "/physicalPath:%s" /path:/tarballs' % (appcmd, site_name, tarball_dir))
uLogging.debug("%s %s %s", out, err, status)
try:
os.makedirs(tarball_dir)
except:
pass
out, err, status = uUtil.readCmdExt(
["cscript", os.path.join(config.rootpath, 'install', 'tarball_storage_config.vbs'), site_name])
uLogging.debug("%s %s %s", out, err, status)
progress.done()
progress.do("copying tarballs")
os.path.walk(source_dir, uPackaging.copy_tarballs, tarball_dir)
progress.done()
def _get_key_fingerprint(key, data, host):
(keyfd, keyfile) = tempfile.mkstemp()
try:
os.write(keyfd, key)
finally:
os.close(keyfd)
(digest, err, status) = uUtil.readCmdExt(
["/bin/sh", "-c",
"openssl dgst -sha256 -hex -sign %s" % keyfile], data)
os.remove(keyfile)
if status != 0:
raise Exception("Failed to sign host %s JWT header. %s" %
(host.host_id, err))
digest = digest.strip()
spaceidx = digest.find(" ")
if spaceidx <> -1:
digest = digest[spaceidx + 1:]
return digest
def generate_self_signed_certificate(subj):
openssl_conf = """
#
# OpenSSL configuration file.
#
# Establish working directory.
dir = .
[ ca ]
default_ca = CA_default
[ CA_default ]
serial = $dir/serial
database = $dir/certindex.txt
new_certs_dir = $dir/certs
certificate = $dir/cacert.pem
private_key = $dir/private/cakey.pem
default_days = 36500
default_md = sha256
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 2048 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = sha256 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
# Variable name Prompt string
#------------------------- ----------------------------------
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64
[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
"""
platform, root = uPEM.getMNInfo()
privkey_path = os.path.join(root, 'priv_key.pem')
cert_path = os.path.join(root, 'cert.pem')
ssl_conf_path = os.path.join(root, 'pem_openssl.cnf')
uLogging.debug("creating SSL config file at '%s'" % ssl_conf_path)
ssl_cnf_file = open(ssl_conf_path, 'w+')
ssl_cnf_file.write(openssl_conf)
ssl_cnf_file.close()
openssl_binary = _get_openssl_binary()
out_text, err_text, status = uUtil.readCmdExt([
openssl_binary, "req", "-new", "-x509", "-newkey", "rsa:2048",
"-keyout", privkey_path, "-out", cert_path, "-days", "36500", "-subj",
subj, "-nodes", "-config", ssl_conf_path
],
env=os.environ.copy())
uLogging.debug("openssl exited with status: %s", status)
uLogging.debug("openssl executed with result:\nstderr:\n%s\nstdout:\n%s\n",
err_text, out_text)
# Read created private key
privkey_file = open(privkey_path, 'r')
b64privkey = privkey_file.read()
privkey_file.close()
# Read created certificate
cert_file = open(cert_path, 'r')
b64cert = cert_file.read()
cert_file.close()
# cleanup
os.remove(privkey_path)
os.remove(cert_path)
os.remove(ssl_conf_path)
return b64privkey, b64cert