def _generate_key_file(self, password):
"""
Create key file
"""
key_file_path = os.path.join(self.module_path, Constant.PWF_PATH)
CommonTools.mkdir_with_mode(key_file_path,
Constant.AUTH_COMMON_DIR_STR)
CommonTools.clean_dir(key_file_path)
encrypt_path = os.path.join(
os.path.dirname(
os.path.dirname(
os.path.dirname(
os.path.dirname(
os.path.dirname(os.path.realpath(__file__)))))),
Constant.ENCRYPT_TOOL)
lib_path = os.path.join(
os.path.dirname(
os.path.dirname(
os.path.dirname(
os.path.dirname(
os.path.dirname(
os.path.dirname(
os.path.realpath(__file__))))))), 'lib')
CommonTools.encrypt_with_path(password, key_file_path, encrypt_path,
lib_path)
g.logger.info('Successfully generate key files with path [%s].' %
key_file_path)
return key_file_path
def _mk_manager_dir(self):
"""
Create install path if the path is not exist.
"""
if not os.path.isdir(self.ai_manager_path):
g.logger.info('Install path:%s is not exist, start creating.' % self.ai_manager_path)
CommonTools.mkdir_with_mode(self.ai_manager_path, Constant.AUTH_COMMON_DIR_STR)
else:
g.logger.info('Install path:%s is already exist.' % self.ai_manager_path)
def restore_db_file(status, db_cabin, back_up_path):
"""
Restore db file.
"""
if status:
CommonTools.mkdir_with_mode(os.path.dirname(db_cabin),
Constant.AUTH_COMMON_DIR_STR)
CommonTools.copy_file_to_dest_path(back_up_path, db_cabin)
else:
g.logger.info('No need Restore db file.')
def unpack_file_to_temp_dir(self):
"""
Unpack file to temp dir on remote node.
"""
# mk temp extract dir if not exist
CommonTools.mkdir_with_mode(EXTRACT_DIR, Constant.AUTH_COMMON_DIR_STR)
# clean extract dir
CommonTools.clean_dir(EXTRACT_DIR)
# extract package file to temp dir
CommonTools.extract_file_to_dir(self.package_path, EXTRACT_DIR)
g.logger.info('Success unpack files to temp dir.')
def prepare_param_file(self):
"""
Write params into file
"""
param_file_path = os.path.join(EXTRACT_DIR,
Constant.TEMP_ANOMALY_PARAM_FILE)
self.param_dict.pop(Constant.CA_INFO)
CommonTools.mkdir_with_mode(os.path.dirname(param_file_path),
Constant.AUTH_COMMON_DIR_STR)
CommonTools.dict_to_json_file(self.param_dict, param_file_path)
self._copy_param_file_to_remote_node(param_file_path, param_file_path)
def prepare_ca_certificates(self):
"""
Generate server ca certificates.
"""
ca_root_file_path, ca_root_key_path, server_cert_path, server_key_path, agent_cert_path, \
agent_key_path = self.read_ca_cert_path()
self.ca_info = self.param_dict.pop(Constant.CA_INFO)
if not self.ca_info:
raise Exception(Errors.PARAMETER['gauss_0201'] %
'ca root cert information')
get_ca_root_cert_path = self.ca_info.get(Constant.CA_CERT_PATH)
get_ca_root_key_path = self.ca_info.get(Constant.CA_KEY_PATH)
get_ca_root_password = self.ca_info.get(Constant.CA_PASSWORD)
if not all([
get_ca_root_cert_path, get_ca_root_key_path,
get_ca_root_password
]):
raise Exception(Errors.PARAMETER['gauss_0201'] %
'items info of ca root cert')
# copy ca root cert and key files to path of configured
g.logger.info('Start deploy ca root files.')
CommonTools.remove_files([ca_root_file_path, ca_root_key_path])
CommonTools.mkdir_with_mode(os.path.dirname(ca_root_file_path),
Constant.AUTH_COMMON_DIR_STR)
CommonTools.copy_file_to_dest_path(get_ca_root_cert_path,
ca_root_file_path)
CommonTools.mkdir_with_mode(os.path.dirname(ca_root_key_path),
Constant.AUTH_COMMON_DIR_STR)
CommonTools.copy_file_to_dest_path(get_ca_root_key_path,
ca_root_key_path)
# get ssl password
ssl_password = CertGenerator.get_rand_str()
ca_config_path = os.path.join(
os.path.dirname(os.path.realpath(__file__)), Constant.CA_CONFIG)
server_ip = CommonTools.get_local_ip(ignore=True)
g.logger.info('Get server ip:[%s].' % server_ip)
# create server cert
CertGenerator.create_ca_certificate_with_script(get_ca_root_password,
ssl_password,
ca_root_file_path,
ca_root_key_path,
ca_config_path,
server_cert_path,
server_key_path,
server_ip,
crt_type='server')
g.logger.info('Successfully generate server ca certificate.')
return get_ca_root_password, ssl_password, ca_root_file_path, ca_root_key_path, \
ca_config_path, agent_cert_path, agent_key_path
def create_root_certificate(ca_password, ca_crt_path, ca_key_path,
config_path):
"""
function : create root ca file
input : rand pass, dir path of certificates, config path
output : NA
"""
if not os.path.isfile(config_path):
raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] % config_path)
CommonTools.mkdir_with_mode(os.path.dirname(ca_crt_path),
Constant.AUTH_COMMON_DIR_STR)
CommonTools.mkdir_with_mode(os.path.dirname(ca_key_path),
Constant.AUTH_COMMON_DIR_STR)
ca_req_path = os.path.realpath(
os.path.join(os.path.dirname(ca_crt_path), Constant.CA_ROOT_REQ))
# create ca key file
cmd = "%s echo '%s' |openssl genrsa -aes256 -passout stdin -out %s 2048" % (
Constant.CMD_PREFIX, ca_password, ca_key_path)
cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % (
Constant.AUTH_COMMON_FILE_STR, ca_key_path)
status, output = CommonTools.get_status_output_error(cmd, mixed=True)
if status != 0:
raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] %
'ca root key file')
# 2 create ca req file
cmd = "%s echo '%s' | openssl req -new -out %s -key %s -config %s -passin stdin" % (
Constant.CMD_PREFIX, ca_password, ca_req_path, ca_key_path,
config_path)
cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % (
Constant.AUTH_COMMON_FILE_STR, ca_req_path)
status, output = CommonTools.get_status_output_error(cmd, mixed=True)
if status != 0:
raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] %
'ca root req file')
# 3 create ca crt file
cmd = "%s echo '%s' | openssl x509 -req -in %s " \
"-signkey %s -days %s -out %s -passin stdin" % (
Constant.CMD_PREFIX, ca_password, ca_req_path,
ca_key_path, Constant.CA_ROOT_VALID_DATE, ca_crt_path)
cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % (
Constant.AUTH_COMMON_FILE_STR, ca_crt_path)
status, output = CommonTools.get_status_output_error(cmd, mixed=True)
if status != 0:
raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] %
'ca root crt file')
CommonTools.remove_files([ca_req_path])
g.logger.info(
'Successfully generate ca root certificate, file path[%s].' %
ca_crt_path)
def __create_logfile(self):
"""
function: create log file
input : N/A
output: N/A
"""
try:
if not os.path.isdir(os.path.dirname(self.log_file)):
CommonTools.mkdir_with_mode(os.path.dirname(self.log_file),
Constant.AUTH_COMMON_DIR_STR)
CommonTools.create_file_if_not_exist(self.log_file)
except Exception as error:
raise Exception(Errors.EXECUTE_RESULT['gauss_0411'] % error)
def get_lock_file(self):
"""
Get lock file path for cron service.
"""
lock_file_dir = TMP_DIR
CommonTools.mkdir_with_mode(lock_file_dir,
Constant.AUTH_COMMON_DIR_STR)
lock_file_name = ''
for name in Constant.TASK_NAME_LIST:
if name in self.cmd.split('role')[-1]:
lock_file_name = 'ai_' + name + '.lock'
if not lock_file_name:
raise Exception(Errors.CONTENT_OR_VALUE['gauss_0502'] % self.cmd)
else:
return os.path.join(lock_file_dir, lock_file_name)
def deploy_agent_certs(self):
"""
Copy file from temp dir to config path.
"""
file_list = self.read_ca_cert_path(agent_only=True)
file_list.append(os.path.join(self.module_path, Constant.PWF_PATH))
temp_cert_list = os.listdir(TMP_CA_FILE)
for dest_path in file_list:
CommonTools.mkdir_with_mode(os.path.dirname(dest_path),
Constant.AUTH_COMMON_DIR_STR)
CommonTools.remove_files(file_list)
g.logger.info('Successfully prepare the path:%s' % str(file_list))
for file_name in temp_cert_list:
for dest_file in file_list:
if file_name in dest_file:
from_path = os.path.join(TMP_CA_FILE, file_name)
CommonTools.copy_file_to_dest_path(from_path, dest_file)
CommonTools.clean_dir(TMP_CA_FILE)
def create_ca_certificate_with_script(ca_password,
ssl_password,
ca_crt_path,
ca_key_path,
config_path,
out_crt_path,
out_key_path,
ip,
crt_type='server'):
"""
function : create server ca file or client ca file with shell script.
input : rand pass, dir path of certificates, config path
"""
if not os.path.isfile(config_path):
raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] %
'config file:%s' % config_path)
if not os.path.isfile(ca_crt_path):
raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] %
'ca crt file:%s' % ca_crt_path)
if not os.path.isfile(ca_key_path):
raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] %
'ca key file:%s' % ca_key_path)
CommonTools.mkdir_with_mode(os.path.dirname(out_key_path),
Constant.AUTH_COMMON_DIR_STR)
CommonTools.mkdir_with_mode(os.path.dirname(out_crt_path),
Constant.AUTH_COMMON_DIR_STR)
ca_req_path = os.path.realpath(
os.path.join(os.path.dirname(ca_crt_path), Constant.CA_REQ))
pwd = "%s %s" % (ca_password, ssl_password)
script_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),
'bin/gen_certificate.sh')
cmd = "unset LD_LIBRARY_PATH && echo '%s' | sh %s %s %s %s %s %s %s %s" % (
pwd, script_path, ca_crt_path, ca_key_path, out_crt_path,
out_key_path, ca_req_path, ip, crt_type)
status, output = CommonTools.get_status_output_error(cmd, mixed=True)
if status != 0:
raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] %
'ca crt file' + output)
g.logger.info("Successfully generate %s ssl cert for node[%s]." %
(crt_type, ip))
def _get_install_path(self, pack_path):
"""
Extract version info and assembling install path.
"""
g.logger.info('Start getting install path.')
# mk temp extract dir if not exist
CommonTools.mkdir_with_mode(EXTRACT_DIR, Constant.AUTH_COMMON_DIR_STR)
# clean extract dir
CommonTools.clean_dir(EXTRACT_DIR)
# extract package file to temp dir
CommonTools.extract_file_to_dir(pack_path, EXTRACT_DIR)
g.logger.info('Success extract files to temp dir.')
# get version info from version file
version_file = os.path.realpath(os.path.join(EXTRACT_DIR, Constant.VERSION_FILE))
version = CommonTools.get_version_info_from_file(version_file)
g.logger.info('Got version info:%s' % version)
base_dir = Constant.PACK_PATH_PREFIX + version
install_path = os.path.join(self.project_path, base_dir)
g.logger.info('Got install path:%s.' % install_path)
CommonTools.check_path_valid(install_path)
g.logger.info('Successfully to get install path.')
return install_path, version
def create_ca_certificate(ca_password,
ssl_password,
ca_crt_path,
ca_key_path,
config_path,
out_crt_path,
out_key_path,
ip,
crt_type='server'):
"""
function : create server ca file or client ca file.
input : rand pass, dir path of certificates, config path
output : NA
"""
if not os.path.isfile(config_path):
raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] %
'config file:%s' % config_path)
if not os.path.isfile(ca_crt_path):
raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] %
'ca crt file:%s' % ca_crt_path)
if not os.path.isfile(ca_key_path):
raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] %
'ca key file:%s' % ca_key_path)
CommonTools.mkdir_with_mode(os.path.dirname(out_key_path),
Constant.AUTH_COMMON_DIR_STR)
CommonTools.mkdir_with_mode(os.path.dirname(out_crt_path),
Constant.AUTH_COMMON_DIR_STR)
# create ca key file
cmd = "%s echo '%s' | openssl genrsa -aes256 -passout stdin -out %s 2048" % (
Constant.CMD_PREFIX, ssl_password, out_key_path)
cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % (
Constant.AUTH_COMMON_FILE_STR, out_key_path)
status, output = CommonTools.get_status_output_error(cmd, mixed=True)
if status != 0:
raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] %
'ca key file' + output)
ca_req_path = os.path.realpath(
os.path.join(os.path.dirname(ca_crt_path), Constant.CA_REQ))
# create ca req file
openssl_conf_env = "export OPENSSL_CONF=%s" % config_path
cmd = '%s %s && echo "%s" | openssl req -new -out %s -key %s ' \
'-passin stdin -subj "/C=CN/ST=Some-State/O=%s/CN=%s"' % (
Constant.CMD_PREFIX, openssl_conf_env, ssl_password,
ca_req_path, out_key_path, crt_type, ip)
cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % (
Constant.AUTH_COMMON_FILE_STR, ca_req_path)
status, output = CommonTools.get_status_output_error(cmd, mixed=True)
if status != 0:
raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] %
'ca req file' + output)
# create server or client ca crt file
cmd = '%s echo "%s" | openssl x509 -req -in %s -out %s -passin stdin ' \
'-sha256 -CAcreateserial -days %s -CA %s -CAkey %s' % (
Constant.CMD_PREFIX, ca_password, ca_req_path, out_crt_path,
Constant.CA_VALID_DATE, ca_crt_path, ca_key_path)
cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % (
Constant.AUTH_COMMON_FILE_STR, out_crt_path)
status, output = CommonTools.get_status_output_error(cmd, mixed=True)
if status != 0:
raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] %
'ca crt file')
CommonTools.remove_files([ca_req_path])
g.logger.info("Successfully generate %s ssl cert for node[%s]." %
(crt_type, ip))