def client_cert_request_to_pk12(runner, cert_request):
"""
transform signed certificate request to pk12 certificate which can be
imported to nodes
cert_request signed certificate request
"""
if not client_initialized():
raise LibraryError(reports.qdevice_not_initialized(__model))
# save the signed certificate request, corosync tool only works with files
tmpfile = _store_to_tmpfile(
cert_request,
reports.qdevice_certificate_import_error
)
# transform it
output, retval = runner.run([
__qdevice_certutil, "-M", "-c", tmpfile.name
])
tmpfile.close() # temp file is deleted on close
if retval != 0:
raise LibraryError(
reports.qdevice_certificate_import_error(output)
)
# get resulting pk12, corosync tool only works with files
return _get_output_certificate(
output,
reports.qdevice_certificate_import_error
)
def qdevice_sign_certificate_request(runner, cert_request, cluster_name):
"""
sign client certificate request
cert_request certificate request data
string cluster_name name of the cluster to which qdevice is being added
"""
if not qdevice_initialized():
raise LibraryError(reports.qdevice_not_initialized(__model))
# save the certificate request, corosync tool only works with files
tmpfile = _store_to_tmpfile(
cert_request,
reports.qdevice_certificate_sign_error
)
# sign the request
output, retval = runner.run([
__qnetd_certutil, "-s", "-c", tmpfile.name, "-n", cluster_name
])
tmpfile.close() # temp file is deleted on close
if retval != 0:
raise LibraryError(
reports.qdevice_certificate_sign_error(output.strip())
)
# get signed certificate, corosync tool only works with files
return _get_output_certificate(
output,
reports.qdevice_certificate_sign_error
)
def client_cert_request_to_pk12(runner, cert_request):
"""
transform signed certificate request to pk12 certificate which can be
imported to nodes
cert_request signed certificate request
"""
if not client_initialized():
raise LibraryError(reports.qdevice_not_initialized(__model))
# save the signed certificate request, corosync tool only works with files
tmpfile = _store_to_tmpfile(
cert_request,
reports.qdevice_certificate_import_error
)
# transform it
stdout, stderr, retval = runner.run([
__qdevice_certutil, "-M", "-c", tmpfile.name
])
tmpfile.close() # temp file is deleted on close
if retval != 0:
raise LibraryError(
reports.qdevice_certificate_import_error(
join_multilines([stderr, stdout])
)
)
# get resulting pk12, corosync tool only works with files
return _get_output_certificate(
stdout,
reports.qdevice_certificate_import_error
)
def qdevice_sign_certificate_request(runner, cert_request, cluster_name):
"""
sign client certificate request
cert_request certificate request data
string cluster_name name of the cluster to which qdevice is being added
"""
if not qdevice_initialized():
raise LibraryError(reports.qdevice_not_initialized(__model))
# save the certificate request, corosync tool only works with files
tmpfile = _store_to_tmpfile(
cert_request,
reports.qdevice_certificate_sign_error
)
# sign the request
stdout, stderr, retval = runner.run([
__qnetd_certutil, "-s", "-c", tmpfile.name, "-n", cluster_name
])
tmpfile.close() # temp file is deleted on close
if retval != 0:
raise LibraryError(
reports.qdevice_certificate_sign_error(
join_multilines([stderr, stdout])
)
)
# get signed certificate, corosync tool only works with files
return _get_output_certificate(
stdout,
reports.qdevice_certificate_sign_error
)
def qdevice_start(lib_env, model):
"""
start qdevice now on local host
"""
_check_model(model)
if not qdevice_net.qdevice_initialized():
raise LibraryError(reports.qdevice_not_initialized(model))
_service_start(lib_env, qdevice_net.qdevice_start)
def client_import_certificate_and_key(runner, pk12_certificate):
"""
import qdevice client certificate to the local node certificate storage
"""
if not client_initialized():
raise LibraryError(reports.qdevice_not_initialized(__model))
# save the certificate, corosync tool only works with files
tmpfile = _store_to_tmpfile(pk12_certificate,
reports.qdevice_certificate_import_error)
stdout, stderr, retval = runner.run(
[__qdevice_certutil, "-m", "-c", tmpfile.name])
tmpfile.close() # temp file is deleted on close
if retval != 0:
raise LibraryError(
reports.qdevice_certificate_import_error(
join_multilines([stderr, stdout])))
def client_generate_certificate_request(runner, cluster_name):
"""
create a certificate request which can be signed by qnetd server
string cluster_name name of the cluster to which qdevice is being added
"""
if not client_initialized():
raise LibraryError(reports.qdevice_not_initialized(__model))
stdout, stderr, retval = runner.run(
[__qdevice_certutil, "-r", "-n", cluster_name])
if retval != 0:
raise LibraryError(
reports.qdevice_initialization_error(
__model, join_multilines([stderr, stdout])))
return _get_output_certificate(
stdout, functools.partial(reports.qdevice_initialization_error,
__model))
def client_generate_certificate_request(runner, cluster_name):
"""
create a certificate request which can be signed by qnetd server
string cluster_name name of the cluster to which qdevice is being added
"""
if not client_initialized():
raise LibraryError(reports.qdevice_not_initialized(__model))
output, retval = runner.run([
__qdevice_certutil, "-r", "-n", cluster_name
])
if retval != 0:
raise LibraryError(
reports.qdevice_initialization_error(__model, output.rstrip())
)
return _get_output_certificate(
output,
functools.partial(reports.qdevice_initialization_error, __model)
)
def client_import_certificate_and_key(runner, pk12_certificate):
"""
import qdevice client certificate to the local node certificate storage
"""
if not client_initialized():
raise LibraryError(reports.qdevice_not_initialized(__model))
# save the certificate, corosync tool only works with files
tmpfile = _store_to_tmpfile(
pk12_certificate,
reports.qdevice_certificate_import_error
)
output, retval = runner.run([
__qdevice_certutil, "-m", "-c", tmpfile.name
])
tmpfile.close() # temp file is deleted on close
if retval != 0:
raise LibraryError(
reports.qdevice_certificate_import_error(output)
)