Ejemplo n.º 1
0
def _generate_client(parent_path):
    prefix = os.path.join(parent_path, "client")
    os.makedirs(prefix)
    util.runlocal(
        ['openssl', 'genrsa', '-out',
         os.path.join(prefix, 'key.pem'), '4096'])
    try:
        util.runlocal([
            'openssl', 'req', '-subj', '/CN=client', '-new', '-key',
            os.path.join(prefix, 'key.pem'), '-out',
            os.path.join(prefix, 'client.csr')
        ])
        util.write_file(os.path.join(prefix, './extfile.cnf'),
                        'extendedKeyUsage = clientAuth')
        util.runlocal([
            'openssl', 'x509', '-req', '-sha256', '-days',
            "%d" % (CERTIFICATE_DAYSTOBEVALID), '-in',
            os.path.join(prefix, 'client.csr'), '-CA',
            os.path.join(parent_path, 'ca.pem'), '-CAkey',
            os.path.join(parent_path, 'ca-key.pem'), '-CAcreateserial', '-out',
            os.path.join(prefix, 'cert.pem'), '-extfile',
            os.path.join(prefix, 'extfile.cnf')
        ])
    finally:
        _delete_if_exists(prefix, ['extfile.cnf', 'client.csr'])
    shutil.copyfile(os.path.join(parent_path, 'ca.pem'),
                    os.path.join(prefix, 'ca.pem'))
Ejemplo n.º 2
0
def create_config_drive_iso(session, userdata_template, vmuuid):
    log.info("create_config_drive_iso for vm %s" % (vmuuid))
    umountrequired = False
    temptoolsisodir = None
    userdatafile = None
    latestfolder = None
    openstackfolder = None
    agentfilepaths = []
    agentpath = None
    tempisodir = None
    try:
        tempisodir = tempfile.mkdtemp()
        tempisofile = tempfile.mkstemp()[1]
        # add the userdata-file
        openstackfolder = os.path.join(tempisodir, 'openstack')
        latestfolder = os.path.join(openstackfolder, 'latest')
        os.makedirs(latestfolder)
        userdatafile = os.path.join(latestfolder, 'user_data')
        userdatatemplatefile = "%s.template" % userdatafile
        template_data = get_template_data(session, vmuuid)
        userdata = customize_userdata(userdata_template, template_data)
        util.write_file(userdatafile, userdata)
        util.write_file(userdatatemplatefile, userdata_template)
        log.debug("Userdata: %s" % (userdata))
        # Also add the Linux guest agent
        temptoolsisodir = tempfile.mkdtemp()
        tools_iso_path = find_latest_tools_iso_path()
        cmd = ['mount', '-o', 'loop', tools_iso_path, temptoolsisodir]
        util.runlocal(cmd)
        umountrequired = True
        agentpath = os.path.join(tempisodir, 'agent')
        os.makedirs(agentpath)
        agentfiles = [
            'xe-daemon', 'xe-linux-distribution',
            'xe-linux-distribution.service', 'xen-vcpu-hotplug.rules',
            'install.sh', 'versions.deb', 'versions.rpm', "versions.tgz"
        ]
        for filename in agentfiles:
            path = os.path.join(temptoolsisodir, 'Linux', filename)
            shutil.copy(path, agentpath)
            agentfilepaths.append(os.path.join(agentpath, filename))
        # Finally wrap up the iso
        util.make_iso('config-2', tempisodir, tempisofile)
    finally:
        # And tidy
        if umountrequired:
            cmd = ['umount', temptoolsisodir]
            util.runlocal(cmd)
        for path in [temptoolsisodir, userdatafile, userdatatemplatefile,
                     latestfolder, openstackfolder] + agentfilepaths + \
                [agentpath, tempisodir]:
            if path is not None:
                if os.path.isdir(path):
                    os.rmdir(path)
                elif os.path.isfile(path):
                    os.remove(path)
                else:
                    log.debug("create_config_drive_iso: Not tidying %s because"
                              " it could not be found" % (path))
    return tempisofile
Ejemplo n.º 3
0
def _generate_server(parent_path, ips):
    prefix = os.path.join(parent_path, "server")
    os.makedirs(prefix)
    util.runlocal(['openssl', 'genrsa',
                   '-out', os.path.join(prefix, 'server-key.pem'), '4096'])
    # hostname is ignored as XS will connect using the IPs
    hostname = "_ignored_"
    util.runlocal(['openssl', 'req', '-subj', '/CN=%s' % (hostname),
                   '-days', "%d" % (CERTIFICATE_DAYSTOBEVALID),
                   '-sha256', '-new', '-key', os.path.join(
                       prefix, 'server-key.pem'),
                   '-out', os.path.join(prefix, 'server.csr')])
    ipstring = ""
    for ip in ips:
        ipstring = ipstring + "IP:" + ip + ","
    # remove trailing comma
    ipstring = ipstring[:-1]
    try:
        util.write_file(
            os.path.join(prefix, './extfile.cnf'),
            'subjectAltName = ' + (ipstring))
        util.runlocal(['openssl', 'x509', '-req', '-sha256',
                       '-in', os.path.join(prefix, 'server.csr'),
                       '-CA', os.path.join(parent_path, 'ca.pem'),
                       '-CAkey', os.path.join(parent_path, 'ca-key.pem'),
                       '-CAcreateserial',
                       '-out', os.path.join(prefix, 'server-cert.pem'),
                       '-extfile', os.path.join(prefix, 'extfile.cnf')])
    finally:
        _delete_if_exists(prefix, ['extfile.cnf', 'server.csr'])
        _delete_if_exists(parent_path, ['ca.srl'])
    shutil.copyfile(
        os.path.join(parent_path, 'ca.pem'), os.path.join(prefix, 'ca.pem'))
Ejemplo n.º 4
0
def create_config_drive_iso(session, userdata_template, vmuuid):
    log.info("create_config_drive_iso for vm %s" % (vmuuid))
    umountrequired = False
    temptoolsisodir = None
    userdatafile = None
    latestfolder = None
    openstackfolder = None
    agentfilepaths = []
    agentpath = None
    tempisodir = None
    try:
        tempisodir = tempfile.mkdtemp()
        tempisofile = tempfile.mkstemp()[1]
        # add the userdata-file
        openstackfolder = os.path.join(tempisodir, 'openstack')
        latestfolder = os.path.join(openstackfolder, 'latest')
        os.makedirs(latestfolder)
        userdatafile = os.path.join(latestfolder, 'user_data')
        userdatatemplatefile = "%s.template" % userdatafile
        template_data = get_template_data(session, vmuuid)
        userdata = customize_userdata(userdata_template, template_data)
        util.write_file(userdatafile, userdata)
        util.write_file(userdatatemplatefile, userdata_template)
        log.debug("Userdata: %s" % (userdata))
        # Also add the Linux guest agent
        temptoolsisodir = tempfile.mkdtemp()
        tools_iso_path = find_latest_tools_iso_path()
        cmd = ['mount', '-o', 'loop',
               tools_iso_path,  temptoolsisodir]
        util.runlocal(cmd)
        umountrequired = True
        agentpath = os.path.join(tempisodir, 'agent')
        os.makedirs(agentpath)
        agentfiles = ['xe-daemon', 'xe-linux-distribution',
                      'xe-linux-distribution.service',
                      'xen-vcpu-hotplug.rules', 'install.sh',
                      'versions.deb', 'versions.rpm', "versions.tgz"]
        for filename in agentfiles:
            path = os.path.join(temptoolsisodir, 'Linux', filename)
            shutil.copy(path, agentpath)
            agentfilepaths.append(os.path.join(agentpath, filename))
        # Finally wrap up the iso
        util.make_iso('config-2', tempisodir, tempisofile)
    finally:
        # And tidy
        if umountrequired:
            cmd = ['umount', temptoolsisodir]
            util.runlocal(cmd)
        for path in [temptoolsisodir, userdatafile, userdatatemplatefile,
                     latestfolder, openstackfolder] + agentfilepaths + \
                [agentpath, tempisodir]:
            if path is not None:
                if os.path.isdir(path):
                    os.rmdir(path)
                elif os.path.isfile(path):
                    os.remove(path)
                else:
                    log.debug("create_config_drive_iso: Not tidying %s because"
                              " it could not be found" % (path))
    return tempisofile
Ejemplo n.º 5
0
def ensure_idrsa(session):
    neednewfile = False
    if os.path.exists(IDRSAFILENAME):
        mtime = os.path.getmtime(IDRSAFILENAME)
        if time.time() - mtime > 60:
            neednewfile = True
    else:
        neednewfile = True
    if neednewfile:
        util.write_file(IDRSAFILENAME,
                        api_helper.get_idrsa_secret_private(session))
Ejemplo n.º 6
0
def ensure_idrsa(session):
    neednewfile = False
    if os.path.exists(IDRSAFILENAME):
        mtime = os.path.getmtime(IDRSAFILENAME)
        if time.time() - mtime > 60:
            neednewfile = True
    else:
        neednewfile = True
    if neednewfile:
        util.write_file(IDRSAFILENAME,
                        api_helper.get_idrsa_secret_private(session))
Ejemplo n.º 7
0
def _generate_client(parent_path):
    prefix = os.path.join(parent_path, "client")
    os.makedirs(prefix)
    util.runlocal(['openssl', 'genrsa',
                   '-out', os.path.join(prefix, 'key.pem'), '4096'])
    try:
        util.runlocal(['openssl', 'req', '-subj', '/CN=client',
                       '-new', '-key', os.path.join(prefix, 'key.pem'),
                       '-out', os.path.join(prefix, 'client.csr')])
        util.write_file(os.path.join(prefix, './extfile.cnf'),
                        'extendedKeyUsage = clientAuth')
        util.runlocal(['openssl', 'x509', '-req', '-sha256',
                       '-days', "%d" % (CERTIFICATE_DAYSTOBEVALID),
                       '-in', os.path.join(prefix, 'client.csr'),
                       '-CA', os.path.join(parent_path, 'ca.pem'),
                       '-CAkey', os.path.join(parent_path, 'ca-key.pem'),
                       '-CAcreateserial',
                       '-out', os.path.join(prefix, 'cert.pem'),
                       '-extfile', os.path.join(prefix, 'extfile.cnf')])
    finally:
        _delete_if_exists(prefix, ['extfile.cnf', 'client.csr'])
    shutil.copyfile(
        os.path.join(parent_path, 'ca.pem'), os.path.join(prefix, 'ca.pem'))
Ejemplo n.º 8
0
def _generate_server(parent_path, ips):
    prefix = os.path.join(parent_path, "server")
    os.makedirs(prefix)
    util.runlocal([
        'openssl', 'genrsa', '-out',
        os.path.join(prefix, 'server-key.pem'), '4096'
    ])
    # hostname is ignored as XS will connect using the IPs
    hostname = "_ignored_"
    util.runlocal([
        'openssl', 'req', '-subj',
        '/CN=%s' % (hostname), '-days',
        "%d" % (CERTIFICATE_DAYSTOBEVALID), '-sha256', '-new', '-key',
        os.path.join(prefix, 'server-key.pem'), '-out',
        os.path.join(prefix, 'server.csr')
    ])
    ipstring = ""
    for ip in ips:
        ipstring = ipstring + "IP:" + ip + ","
    # remove trailing comma
    ipstring = ipstring[:-1]
    try:
        util.write_file(os.path.join(prefix, './extfile.cnf'),
                        'subjectAltName = ' + (ipstring))
        util.runlocal([
            'openssl', 'x509', '-req', '-sha256', '-in',
            os.path.join(prefix, 'server.csr'), '-CA',
            os.path.join(parent_path, 'ca.pem'), '-CAkey',
            os.path.join(parent_path, 'ca-key.pem'), '-CAcreateserial', '-out',
            os.path.join(prefix, 'server-cert.pem'), '-extfile',
            os.path.join(prefix, 'extfile.cnf')
        ])
    finally:
        _delete_if_exists(prefix, ['extfile.cnf', 'server.csr'])
        _delete_if_exists(parent_path, ['ca.srl'])
    shutil.copyfile(os.path.join(parent_path, 'ca.pem'),
                    os.path.join(prefix, 'ca.pem'))
Ejemplo n.º 9
0
def export_for_vm(session, vm_uuid):
    other_config = api_helper.get_vm_other_config(session, vm_uuid)
    secretdict = {}
    for key, value in other_config.items():
        if key in XSCONTAINER_TLS_KEYS:
            secret_uuid = value
            secret_ref = session.xenapi.secret.get_by_uuid(secret_uuid)
            secret_record = session.xenapi.secret.get_record(secret_ref)
            secretdict[key] = secret_record['value']
    temptlspaths = _get_temptlspaths(vm_uuid)
    if util.file_old_or_none_existent(temptlspaths['client_cert']):
        if not os.path.exists(temptlspaths['parent']):
            os.makedirs(temptlspaths['parent'])
        os.chmod(temptlspaths['parent'], 0o600)
        util.write_file(temptlspaths['client_cert'],
                        secretdict[XSCONTAINER_TLS_CLIENT_CERT])
        util.write_file(temptlspaths['client_key'],
                        secretdict[XSCONTAINER_TLS_CLIENT_KEY])
        util.write_file(temptlspaths['ca_cert'],
                        secretdict[XSCONTAINER_TLS_CA_CERT])
    return temptlspaths
Ejemplo n.º 10
0
def export_for_vm(session, vm_uuid):
    other_config = api_helper.get_vm_other_config(session, vm_uuid)
    secretdict = {}
    for key, value in other_config.items():
        if key in XSCONTAINER_TLS_KEYS:
            secret_uuid = value
            secret_ref = session.xenapi.secret.get_by_uuid(secret_uuid)
            secret_record = session.xenapi.secret.get_record(secret_ref)
            secretdict[key] = secret_record['value']
    temptlspaths = _get_temptlspaths(vm_uuid)
    if util.file_old_or_none_existent(temptlspaths['client_cert']):
        if not os.path.exists(temptlspaths['parent']):
            os.makedirs(temptlspaths['parent'])
        os.chmod(temptlspaths['parent'], 0600)
        util.write_file(
            temptlspaths['client_cert'],
            secretdict[XSCONTAINER_TLS_CLIENT_CERT])
        util.write_file(
            temptlspaths['client_key'],
            secretdict[XSCONTAINER_TLS_CLIENT_KEY])
        util.write_file(
            temptlspaths['ca_cert'],
            secretdict[XSCONTAINER_TLS_CA_CERT])
    return temptlspaths