Exemple #1
0
def requestRevoqueCertificate(args):

  base_token_path = args['token_base_path']
  db = getDb(args['db'])
  path_list = [x for x in os.listdir(base_token_path) if x.endswith('.revoke')]
  client = registry.RegistryClient(args['registry_url'])

  for reference_key in path_list:
    reference = reference_key.split('.')[0]
    # XXX - email is always unique
    email = '%s@slapos' % reference.lower()
    cert_string = ''
    try:
      cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?",
          (email,)).next()
    except StopIteration:
      # Certificate was not generated yet !!!
      pass

    try:
      if cert_string:
        cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_string)
        cn = x509.subnetFromCert(cert)
        result = client.revoke(str(cn))
        time.sleep(2)
    except Exception:
      log.debug('Request revoke certificate fail for %s... \n %s' % (reference,
                  traceback.format_exc()))
      continue
    else:
      os.unlink(os.path.join(base_token_path, reference_key))
      log.info("Certificate revoked for slave instance %s." % reference)
Exemple #2
0
def requestRevoqueCertificate(args):

    base_token_path = args['token_base_path']
    db = getDb(args['db'])
    path_list = [
        x for x in os.listdir(base_token_path) if x.endswith('.revoke')
    ]
    client = registry.RegistryClient(args['registry_url'])

    for reference_key in path_list:
        reference = reference_key.split('.')[0]
        # XXX - email is always unique
        email = '%s@slapos' % reference.lower()
        cert_string = ''
        try:
            cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?",
                                      (email, )).next()
        except StopIteration:
            # Certificate was not generated yet !!!
            pass

        try:
            if cert_string:
                cert = crypto.load_certificate(crypto.FILETYPE_PEM,
                                               cert_string)
                cn = x509.subnetFromCert(cert)
                result = client.revoke(str(cn))
                time.sleep(2)
        except Exception:
            log.debug('Request revoke certificate fail for %s... \n %s' %
                      (reference, traceback.format_exc()))
            continue
        else:
            os.unlink(os.path.join(base_token_path, reference_key))
            log.info("Certificate revoked for slave instance %s." % reference)
Exemple #3
0
def dumpIPv6Network(slave_reference, db, network, ipv6_file):
  email = '%s@slapos' % slave_reference.lower()

  try:
    cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?",
        (email,)).next()
  except StopIteration:
    # Certificate was not generated yet !!!
    pass

  try:
    if cert_string:
      cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_string)
      cn = x509.subnetFromCert(cert)
      subnet = network + utils.binFromSubnet(cn)
      ipv6 = utils.ipFromBin(subnet)
      writeFile(ipv6_file, ipv6)
  except Exception:
    log.debug('XXX for %s... \n %s' % (slave_reference,
              traceback.format_exc()))
Exemple #4
0
def dumpIPv6Network(slave_reference, db, network, ipv6_file):
    email = '%s@slapos' % slave_reference.lower()

    try:
        cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?",
                                  (email, )).next()
    except StopIteration:
        # Certificate was not generated yet !!!
        pass

    try:
        if cert_string:
            cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_string)
            cn = x509.subnetFromCert(cert)
            subnet = network + utils.binFromSubnet(cn)
            ipv6 = utils.ipFromBin(subnet)
            changed = readFile(ipv6_file) != ipv6
            writeFile(ipv6_file, ipv6)
            return ipv6, utils.binFromSubnet(cn), changed
    except Exception:
        log.debug('XXX for %s... \n %s' %
                  (slave_reference, traceback.format_exc()))
Exemple #5
0
          " and will be automatically renewed after %s UTC.\n"
          "Do not forget to backup to your private key (%s) or"
          " you will lose your assigned subnet." % (
        time.asctime(time.gmtime(not_after)),
        time.asctime(time.gmtime(not_after - registry.RENEW_PERIOD)),
        key_path))

    if not os.path.lexists(conf_path):
        create(conf_path, """\
registry %s
ca %s
cert %s
key %s
# increase re6stnet verbosity:
#verbose 3
# enable OpenVPN logging:
#ovpnlog
# uncomment the following 2 lines to increase OpenVPN verbosity:
#O--verb
#O3
""" % (config.registry, ca_path, cert_path, key_path))
        print "Sample configuration file created."

    cn = x509.subnetFromCert(cert)
    subnet = network + utils.binFromSubnet(cn)
    print "Your subnet: %s/%u (CN=%s)" \
        % (utils.ipFromBin(subnet), len(subnet), cn)

if __name__ == "__main__":
    main()
Exemple #6
0
          " and will be automatically renewed after %s UTC.\n"
          "Do not forget to backup to your private key (%s) or"
          " you will lose your assigned subnet." % (
        time.asctime(time.gmtime(not_after)),
        time.asctime(time.gmtime(not_after - registry.RENEW_PERIOD)),
        key_path))

    if not os.path.lexists(conf_path):
        create(conf_path, """\
registry %s
ca %s
cert %s
key %s
# increase re6stnet verbosity:
#verbose 3
# enable OpenVPN logging:
#ovpnlog
# increase OpenVPN verbosity:
#O--verb
#O3
""" % (config.registry, ca_path, cert_path, key_path))
        print "Sample configuration file created."

    cn = x509.subnetFromCert(cert)
    subnet = network + utils.binFromSubnet(cn)
    print "Your subnet: %s/%u (CN=%s)" \
        % (utils.ipFromBin(subnet), len(subnet), cn)

if __name__ == "__main__":
    main()