def requestRevoqueCertificate(args): base_token_path = args['token_base_path'] db = getDb(args['db']) path_list = [x for x in os.listdir(base_token_path) if x.endswith('.revoke')] client = registry.RegistryClient(args['registry_url']) for reference_key in path_list: reference = reference_key.split('.')[0] # XXX - email is always unique email = '%s@slapos' % reference.lower() cert_string = '' try: cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?", (email,)).next() except StopIteration: # Certificate was not generated yet !!! pass try: if cert_string: cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_string) cn = x509.subnetFromCert(cert) result = client.revoke(str(cn)) time.sleep(2) except Exception: log.debug('Request revoke certificate fail for %s... \n %s' % (reference, traceback.format_exc())) continue else: os.unlink(os.path.join(base_token_path, reference_key)) log.info("Certificate revoked for slave instance %s." % reference)
def requestRevoqueCertificate(args): base_token_path = args['token_base_path'] db = getDb(args['db']) path_list = [ x for x in os.listdir(base_token_path) if x.endswith('.revoke') ] client = registry.RegistryClient(args['registry_url']) for reference_key in path_list: reference = reference_key.split('.')[0] # XXX - email is always unique email = '%s@slapos' % reference.lower() cert_string = '' try: cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?", (email, )).next() except StopIteration: # Certificate was not generated yet !!! pass try: if cert_string: cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_string) cn = x509.subnetFromCert(cert) result = client.revoke(str(cn)) time.sleep(2) except Exception: log.debug('Request revoke certificate fail for %s... \n %s' % (reference, traceback.format_exc())) continue else: os.unlink(os.path.join(base_token_path, reference_key)) log.info("Certificate revoked for slave instance %s." % reference)
def dumpIPv6Network(slave_reference, db, network, ipv6_file): email = '%s@slapos' % slave_reference.lower() try: cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?", (email,)).next() except StopIteration: # Certificate was not generated yet !!! pass try: if cert_string: cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_string) cn = x509.subnetFromCert(cert) subnet = network + utils.binFromSubnet(cn) ipv6 = utils.ipFromBin(subnet) writeFile(ipv6_file, ipv6) except Exception: log.debug('XXX for %s... \n %s' % (slave_reference, traceback.format_exc()))
def dumpIPv6Network(slave_reference, db, network, ipv6_file): email = '%s@slapos' % slave_reference.lower() try: cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?", (email, )).next() except StopIteration: # Certificate was not generated yet !!! pass try: if cert_string: cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_string) cn = x509.subnetFromCert(cert) subnet = network + utils.binFromSubnet(cn) ipv6 = utils.ipFromBin(subnet) changed = readFile(ipv6_file) != ipv6 writeFile(ipv6_file, ipv6) return ipv6, utils.binFromSubnet(cn), changed except Exception: log.debug('XXX for %s... \n %s' % (slave_reference, traceback.format_exc()))
" and will be automatically renewed after %s UTC.\n" "Do not forget to backup to your private key (%s) or" " you will lose your assigned subnet." % ( time.asctime(time.gmtime(not_after)), time.asctime(time.gmtime(not_after - registry.RENEW_PERIOD)), key_path)) if not os.path.lexists(conf_path): create(conf_path, """\ registry %s ca %s cert %s key %s # increase re6stnet verbosity: #verbose 3 # enable OpenVPN logging: #ovpnlog # uncomment the following 2 lines to increase OpenVPN verbosity: #O--verb #O3 """ % (config.registry, ca_path, cert_path, key_path)) print "Sample configuration file created." cn = x509.subnetFromCert(cert) subnet = network + utils.binFromSubnet(cn) print "Your subnet: %s/%u (CN=%s)" \ % (utils.ipFromBin(subnet), len(subnet), cn) if __name__ == "__main__": main()
" and will be automatically renewed after %s UTC.\n" "Do not forget to backup to your private key (%s) or" " you will lose your assigned subnet." % ( time.asctime(time.gmtime(not_after)), time.asctime(time.gmtime(not_after - registry.RENEW_PERIOD)), key_path)) if not os.path.lexists(conf_path): create(conf_path, """\ registry %s ca %s cert %s key %s # increase re6stnet verbosity: #verbose 3 # enable OpenVPN logging: #ovpnlog # increase OpenVPN verbosity: #O--verb #O3 """ % (config.registry, ca_path, cert_path, key_path)) print "Sample configuration file created." cn = x509.subnetFromCert(cert) subnet = network + utils.binFromSubnet(cn) print "Your subnet: %s/%u (CN=%s)" \ % (utils.ipFromBin(subnet), len(subnet), cn) if __name__ == "__main__": main()