def create_ip_cert_links(ssl_dir, custom_hostname_link=None):
"""Create symlinks for SAN records
:param ssl_dir: str Directory to create symlinks in
:param custom_hostname_link: str Additional link to be created
"""
hostname = get_hostname(unit_get('private-address'))
hostname_cert = os.path.join(
ssl_dir,
'cert_{}'.format(hostname))
hostname_key = os.path.join(
ssl_dir,
'key_{}'.format(hostname))
# Add links to hostname cert, used if os-hostname vars not set
for net_type in [INTERNAL, ADMIN, PUBLIC]:
try:
addr = resolve_address(endpoint_type=net_type)
cert = os.path.join(ssl_dir, 'cert_{}'.format(addr))
key = os.path.join(ssl_dir, 'key_{}'.format(addr))
if os.path.isfile(hostname_cert) and not os.path.isfile(cert):
os.symlink(hostname_cert, cert)
os.symlink(hostname_key, key)
except NoNetworkBinding:
log("Skipping creating cert symlink for ip in {} space, no "
"local address found".format(net_type), WARNING)
if custom_hostname_link:
custom_cert = os.path.join(
ssl_dir,
'cert_{}'.format(custom_hostname_link))
custom_key = os.path.join(
ssl_dir,
'key_{}'.format(custom_hostname_link))
if os.path.isfile(hostname_cert) and not os.path.isfile(custom_cert):
os.symlink(hostname_cert, custom_cert)
os.symlink(hostname_key, custom_key)
def get_hostname(ipaddr):
if not ipaddr:
return
h = ip.get_hostname(ipaddr)
if h:
fixMaybeLocalhost(hostname=h, IP=ipaddr)
return h
def create_ip_cert_links(ssl_dir, custom_hostname_link=None):
"""Create symlinks for SAN records
:param ssl_dir: str Directory to create symlinks in
:param custom_hostname_link: str Additional link to be created
"""
hostname = get_hostname(unit_get('private-address'))
hostname_cert = os.path.join(ssl_dir, 'cert_{}'.format(hostname))
hostname_key = os.path.join(ssl_dir, 'key_{}'.format(hostname))
# Add links to hostname cert, used if os-hostname vars not set
for net_type in [INTERNAL, ADMIN, PUBLIC]:
try:
addr = resolve_address(endpoint_type=net_type)
cert = os.path.join(ssl_dir, 'cert_{}'.format(addr))
key = os.path.join(ssl_dir, 'key_{}'.format(addr))
if os.path.isfile(hostname_cert) and not os.path.isfile(cert):
os.symlink(hostname_cert, cert)
os.symlink(hostname_key, key)
except NoNetworkBinding:
log(
"Skipping creating cert symlink for ip in {} space, no "
"local address found".format(net_type), WARNING)
if custom_hostname_link:
custom_cert = os.path.join(ssl_dir,
'cert_{}'.format(custom_hostname_link))
custom_key = os.path.join(ssl_dir,
'key_{}'.format(custom_hostname_link))
if os.path.isfile(hostname_cert) and not os.path.isfile(custom_cert):
os.symlink(hostname_cert, custom_cert)
os.symlink(hostname_key, custom_key)
def test_get_hostname_trigger_apt_install(self, apt_install):
fake_dns = FakeDNS('www.ubuntu.com')
with patch(builtin_import,
side_effect=[ImportError, fake_dns, fake_dns]):
hn = net_ip.get_hostname('4.2.2.1')
apt_install.assert_called_with('python-dnspython')
self.assertEquals(hn, 'www.ubuntu.com')
def create_ip_cert_links(ssl_dir, custom_hostname_link=None):
"""Create symlinks for SAN records
:param ssl_dir: str Directory to create symlinks in
:param custom_hostname_link: str Additional link to be created
"""
# This includes the hostname cert and any specific bindng certs:
# admin, internal, public
req = get_certificate_request(json_encode=False)["cert_requests"]
# Specific certs
for cert_req in req.keys():
requested_cert = os.path.join(ssl_dir, 'cert_{}'.format(cert_req))
requested_key = os.path.join(ssl_dir, 'key_{}'.format(cert_req))
for addr in req[cert_req]['sans']:
cert = os.path.join(ssl_dir, 'cert_{}'.format(addr))
key = os.path.join(ssl_dir, 'key_{}'.format(addr))
if os.path.isfile(requested_cert) and not os.path.isfile(cert):
os.symlink(requested_cert, cert)
os.symlink(requested_key, key)
# Handle custom hostnames
hostname = get_hostname(unit_get('private-address'))
hostname_cert = os.path.join(ssl_dir, 'cert_{}'.format(hostname))
hostname_key = os.path.join(ssl_dir, 'key_{}'.format(hostname))
if custom_hostname_link:
custom_cert = os.path.join(ssl_dir,
'cert_{}'.format(custom_hostname_link))
custom_key = os.path.join(ssl_dir,
'key_{}'.format(custom_hostname_link))
if os.path.isfile(hostname_cert) and not os.path.isfile(custom_cert):
os.symlink(hostname_cert, custom_cert)
os.symlink(hostname_key, custom_key)
def test_get_hostname_lookup_fail(self, apt_install, ns_query, socket):
fake_dns = FakeDNS('www.ubuntu.com')
ns_query.return_value = []
socket.return_value = ()
with patch(builtin_import, side_effect=[fake_dns, fake_dns]):
hn = net_ip.get_hostname('4.2.2.1')
self.assertEquals(hn, None)
def get_cluster_hostnames():
""" Return list of all hostnames in the cluster. Essential for
glaera resource agent used for percona clustering
"""
ip_list = get_cluster_hosts()
ip_list.append(get_cluster_host_ip())
return [get_hostname(ip).split('.')[0] for ip in ip_list]
def test_get_hostname_lookup_fail_gethostbyaddr_fallback(
self, apt_install, ns_query, socket):
fake_dns = FakeDNS('www.ubuntu.com')
ns_query.return_value = []
socket.return_value = ("www.ubuntu.com", "", "")
with patch('builtins.__import__', side_effect=[fake_dns]):
hn = net_ip.get_hostname('4.2.2.1')
self.assertEquals(hn, "www.ubuntu.com")
def get_unit_amqp_endpoint_data():
"""Get the hostname and ip address associated with amqp interface.
:returns: Tuple containing ip address and hostname.
:rtype: (str, str)
"""
ip = get_relation_ip(rabbit_net_utils.AMQP_INTERFACE,
cidr_network=config(
rabbit_net_utils.AMQP_OVERRIDE_CONFIG))
return ip, get_hostname(ip)
def get_unit_amqp_endpoint_data():
"""Get the hostname and ip address associated with amqp interface.
:returns: Tuple containing ip address and hostname.
:rtype: (str, str)
"""
ip = get_relation_ip(
rabbit_net_utils.AMQP_INTERFACE,
cidr_network=config(rabbit_net_utils.AMQP_OVERRIDE_CONFIG))
return ip, get_hostname(ip)
def add_hostname_cn(self):
"""Add a request for the hostname of the machine"""
ip = unit_get('private-address')
addresses = [ip]
# If a vip is being used without os-hostname config or
# network spaces then we need to ensure the local units
# cert has the approriate vip in the SAN list
vip = get_vip_in_network(resolve_network_cidr(ip))
if vip:
addresses.append(vip)
self.hostname_entry = {'cn': get_hostname(ip), 'addresses': addresses}
def create_ip_cert_links(ssl_dir, custom_hostname_link=None, bindings=None):
"""Create symlinks for SAN records
:param ssl_dir: str Directory to create symlinks in
:param custom_hostname_link: str Additional link to be created
:param bindings: List of bindings to check in addition to default api
bindings.
:type bindings: list of strings
"""
if bindings:
# Add default API bindings to bindings list
bindings = list(bindings + get_default_api_bindings())
else:
# Use default API bindings
bindings = get_default_api_bindings()
# This includes the hostname cert and any specific bindng certs:
# admin, internal, public
req = get_certificate_request(json_encode=False, bindings=bindings)["cert_requests"]
# Specific certs
for cert_req in req.keys():
requested_cert = os.path.join(
ssl_dir,
'cert_{}'.format(cert_req))
requested_key = os.path.join(
ssl_dir,
'key_{}'.format(cert_req))
for addr in req[cert_req]['sans']:
cert = os.path.join(ssl_dir, 'cert_{}'.format(addr))
key = os.path.join(ssl_dir, 'key_{}'.format(addr))
if os.path.isfile(requested_cert) and not os.path.isfile(cert):
os.symlink(requested_cert, cert)
os.symlink(requested_key, key)
# Handle custom hostnames
hostname = get_hostname(local_address(unit_get_fallback='private-address'))
hostname_cert = os.path.join(
ssl_dir,
'cert_{}'.format(hostname))
hostname_key = os.path.join(
ssl_dir,
'key_{}'.format(hostname))
if custom_hostname_link:
custom_cert = os.path.join(
ssl_dir,
'cert_{}'.format(custom_hostname_link))
custom_key = os.path.join(
ssl_dir,
'key_{}'.format(custom_hostname_link))
if os.path.isfile(hostname_cert) and not os.path.isfile(custom_cert):
os.symlink(hostname_cert, custom_cert)
os.symlink(hostname_key, custom_key)
def add_hostname_cn(self):
"""Add a request for the hostname of the machine"""
ip = unit_get('private-address')
addresses = [ip]
# If a vip is being used without os-hostname config or
# network spaces then we need to ensure the local units
# cert has the approriate vip in the SAN list
vip = get_vip_in_network(resolve_network_cidr(ip))
if vip:
addresses.append(vip)
self.hostname_entry = {
'cn': get_hostname(ip),
'addresses': addresses}
def test_get_hostname_with_ip(self, apt_install):
fake_dns = FakeDNS('www.ubuntu.com')
with patch(builtin_import, side_effect=[fake_dns, fake_dns]):
hn = net_ip.get_hostname('4.2.2.1')
self.assertEquals(hn, 'www.ubuntu.com')
def test_get_hostname_with_ip_not_fqdn(self, apt_install):
fake_dns = FakeDNS('packages.ubuntu.com')
with patch(builtin_import, side_effect=[fake_dns, fake_dns]):
hn = net_ip.get_hostname('4.2.2.1', fqdn=False)
self.assertEquals(hn, 'packages')
def test_get_hostname_with_hostname_not_fqdn(self, apt_install):
hn = net_ip.get_hostname('packages.ubuntu.com', fqdn=False)
self.assertEquals(hn, 'packages')
def test_get_hostname_with_hostname_trailingdot(self, apt_install):
hn = net_ip.get_hostname('www.ubuntu.com.')
self.assertEquals(hn, 'www.ubuntu.com')