def perform_setup(self): # first, set up CA and host cert/key ca_name = self["ca.name"] if not os.path.exists(self.cadir): ca_name = self.ask_ca_name() self['ca.name'] = ca_name autoca.createCA(ca_name, self.basedir, self.cadir, log) if not ca_name: raise InvalidConfig("CA name is unknown") ca_cert = os.path.join(self.cadir, 'ca-certs/%s.pem' % ca_name) ca_key = os.path.join(self.cadir, 'ca-certs/private-key-%s.pem' % ca_name) pathutil.ensure_file_exists(ca_cert, "CA certificate") pathutil.ensure_file_exists(ca_key, "CA private key") hostname = self.get_hostname_or_ask() #TODO the hostcert/key creation should be extracted from here # right now it just does a bunch of redundant checks first checkssl.run(self.basedir, self.hostcert_path, self.hostkey_path, log, cadir=self.cadir, hostname=hostname) password = self['keystore.pass'] if not password: raise InvalidConfig("Keystore password is unknown") try: autoca.ensureKeystore(self.hostcert_path, self.hostkey_path, self.keystore_path, password, self.basedir, log) except autoca.KeystoreMismatchError: raise IncompatibleEnvironment( KEYSTORE_MISMATCH_MSG % { 'keystore': self.keystore_path, 'hostcert': self.hostcert_path, 'hostkey': self.hostkey_path }) pathutil.make_path_rw_private(self.keystore_path) # then setup GT container gtcontainer.adjust_hostname(hostname, self.basedir, self.gtdir, log) gtcontainer.adjust_secdesc_path(self.basedir, self.gtdir, log) gtcontainer.adjust_host_cert(self.hostcert_path, self.hostkey_path, self.basedir, self.gtdir, log) gtcontainer.adjust_gridmap_file(self.gridmap_path, self.basedir, self.gtdir, log) # and context broker gtcontainer.adjust_broker_config(ca_cert, ca_key, self.keystore_path, password, self.basedir, self.gtdir, log) # write an enviroment file self.write_env_file()
def perform_setup(self): # first, set up CA and host cert/key ca_name = self["ca.name"] if not os.path.exists(self.cadir): ca_name = self.ask_ca_name() self['ca.name'] = ca_name autoca.createCA(ca_name, self.basedir, self.cadir, log) if not ca_name: raise InvalidConfig("CA name is unknown") ca_cert = os.path.join(self.cadir, 'ca-certs/%s.pem' % ca_name) ca_key = os.path.join(self.cadir, 'ca-certs/private-key-%s.pem' % ca_name) pathutil.ensure_file_exists(ca_cert, "CA certificate") pathutil.ensure_file_exists(ca_key, "CA private key") hostname = self.get_hostname_or_ask() #TODO the hostcert/key creation should be extracted from here # right now it just does a bunch of redundant checks first checkssl.run(self.basedir, self.hostcert_path, self.hostkey_path, log, cadir=self.cadir, hostname=hostname) password = self['keystore.pass'] if not password: raise InvalidConfig("Keystore password is unknown") try: autoca.ensureKeystore(self.hostcert_path, self.hostkey_path, self.keystore_path, password, self.basedir, log) except autoca.KeystoreMismatchError: raise IncompatibleEnvironment(KEYSTORE_MISMATCH_MSG % { 'keystore' : self.keystore_path, 'hostcert' : self.hostcert_path, 'hostkey' : self.hostkey_path }) pathutil.make_path_rw_private(self.keystore_path) # then setup GT container gtcontainer.adjust_hostname(hostname, self.basedir, self.gtdir, log) gtcontainer.adjust_secdesc_path(self.basedir, self.gtdir, log) gtcontainer.adjust_host_cert(self.hostcert_path, self.hostkey_path, self.basedir, self.gtdir, log) gtcontainer.adjust_gridmap_file(self.gridmap_path, self.basedir, self.gtdir, log) # and context broker gtcontainer.adjust_broker_config(ca_cert, ca_key, self.keystore_path, password, self.basedir, self.gtdir, log) # write an enviroment file self.write_env_file()
def main(argv=None): if os.name != 'posix': print >>sys.stderr, "Only runs on POSIX systems." return 3 parser = parsersetup() if argv: (opts, args) = parser.parse_args(argv[1:]) else: (opts, args) = parser.parse_args() global log log = None printdebugoutput = False try: # 1. Intake args and confs validateargs(opts) config = getconfig(filepath=opts.configpath) # 2. Setup logging confdebug = config.get("nimbusweb", "debug") if confdebug == "on": printdebugoutput = True elif opts.debug: printdebugoutput = True if printdebugoutput: configureLogging(logging.DEBUG) else: configureLogging(logging.INFO) # 3. Dump settings basedir = opts.basedir log.debug("base directory: %s" % basedir) insecuremode = opts.insecuremode if insecuremode: log.debug("**** This is insecure developer mode ****") else: log.debug("secure mode") certconf = config_from_key(config, "ssl.cert") keyconf = config_from_key(config, "ssl.key") cadir = config_from_key(config, "ca.dir") timezone = config_from_key(config, "timezone") port = config_from_key(config, "webserver.port") host = config_from_key(config, "webserver.host") printurl = config_from_key(config, "print.url") accountprompt = config_from_key(config, "account.prompt") expire_hours = config_from_key(config, "token.expire_hours") try: expire_hours = int(expire_hours) except: raise InvalidConfig("invalid token.expire_hours setting, not an integer?") # 4. Validate base directory if not pathutil.is_absolute_path(basedir): raise IncompatibleEnvironment("Base directory setting is not absolute, have you been altering the stanadalone launch code?") pathutil.ensure_dir_exists(basedir, "base", ": have you been altering the stanadalone launch code?") # 5. Run one subcommand if opts.checkssl: checkssl.run(basedir, certconf, keyconf, log) if opts.newconf: newconf.run(basedir, timezone, accountprompt, log, printdebugoutput, insecuremode, printurl, expire_hours, cadir) if opts.printport: if not port: raise IncompatibleEnvironment("There is no 'webserver.port' configuration") try: port = int(port) except: raise IncompatibleEnvironment("'webserver.port' configuration is not an integer?") print port if opts.printhost: if not host: raise IncompatibleEnvironment("There is no 'webserver.host' configuration") print host if opts.printcertpath: if not certconf: raise IncompatibleEnvironment("There is no 'ssl.cert' configuration") if not pathutil.is_absolute_path(certconf): certconf = pathutil.pathjoin(basedir, certconf) log.debug("ssl.cert was a relative path, converted to '%s'" % certconf) print certconf if opts.printkeypath: if not keyconf: raise IncompatibleEnvironment("There is no 'ssl.key' configuration") if not pathutil.is_absolute_path(keyconf): keyconf = pathutil.pathjoin(basedir, keyconf) log.debug("ssl.key was a relative path, converted to '%s'" % keyconf) print keyconf if opts.forcenewssl: forcessl.run(basedir, opts.forcecapath, opts.forcecertpath, opts.forcekeypath, opts.forcehostname, log) except InvalidInput, e: msg = "\nProblem with input: %s" % e.msg print >>sys.stderr, msg return 1
def main(argv=None): if os.name != 'posix': print >> sys.stderr, "Only runs on POSIX systems." return 3 parser = parsersetup() if argv: (opts, args) = parser.parse_args(argv[1:]) else: (opts, args) = parser.parse_args() global log log = None printdebugoutput = False try: # 1. Intake args and confs validateargs(opts) config = getconfig(filepath=opts.configpath) # 2. Setup logging confdebug = config.get("nimbusweb", "debug") if confdebug == "on": printdebugoutput = True elif opts.debug: printdebugoutput = True if printdebugoutput: configureLogging(logging.DEBUG) else: configureLogging(logging.INFO) # 3. Dump settings basedir = opts.basedir log.debug("base directory: %s" % basedir) insecuremode = opts.insecuremode if insecuremode: log.debug("**** This is insecure developer mode ****") else: log.debug("secure mode") certconf = config_from_key(config, "ssl.cert") keyconf = config_from_key(config, "ssl.key") cadir = config_from_key(config, "ca.dir") timezone = config_from_key(config, "timezone") port = config_from_key(config, "webserver.port") host = config_from_key(config, "webserver.host") printurl = config_from_key(config, "print.url") accountprompt = config_from_key(config, "account.prompt") expire_hours = config_from_key(config, "token.expire_hours") try: expire_hours = int(expire_hours) except: raise InvalidConfig( "invalid token.expire_hours setting, not an integer?") # 4. Validate base directory if not pathutil.is_absolute_path(basedir): raise IncompatibleEnvironment( "Base directory setting is not absolute, have you been altering the stanadalone launch code?" ) pathutil.ensure_dir_exists( basedir, "base", ": have you been altering the stanadalone launch code?") # 5. Run one subcommand if opts.checkssl: checkssl.run(basedir, certconf, keyconf, log) if opts.newconf: newconf.run(basedir, timezone, accountprompt, log, printdebugoutput, insecuremode, printurl, expire_hours, cadir) if opts.printport: if not port: raise IncompatibleEnvironment( "There is no 'webserver.port' configuration") try: port = int(port) except: raise IncompatibleEnvironment( "'webserver.port' configuration is not an integer?") print port if opts.printhost: if not host: raise IncompatibleEnvironment( "There is no 'webserver.host' configuration") print host if opts.printcertpath: if not certconf: raise IncompatibleEnvironment( "There is no 'ssl.cert' configuration") if not pathutil.is_absolute_path(certconf): certconf = pathutil.pathjoin(basedir, certconf) log.debug("ssl.cert was a relative path, converted to '%s'" % certconf) print certconf if opts.printkeypath: if not keyconf: raise IncompatibleEnvironment( "There is no 'ssl.key' configuration") if not pathutil.is_absolute_path(keyconf): keyconf = pathutil.pathjoin(basedir, keyconf) log.debug("ssl.key was a relative path, converted to '%s'" % keyconf) print keyconf if opts.forcenewssl: forcessl.run(basedir, opts.forcecapath, opts.forcecertpath, opts.forcekeypath, opts.forcehostname, log) except InvalidInput, e: msg = "\nProblem with input: %s" % e.msg print >> sys.stderr, msg return 1