def _gen_and_copy_cert(args): """ Generate certs if they don't exist or if cert regen was requested with "force-new-certs" """ crt_dir = "/etc/pki/rsyslog/" x("mkdir -p {0}".format(crt_dir)) fqdn = "{0}.{1}".format(net.get_hostname(), config.general.get_resolv_domain()) srv = config.general.get_log_server_hostname1() cert_files = [ "{0}{1}.crt".format(crt_dir, fqdn), "{0}{1}.key".format(crt_dir, fqdn), "{0}/ca.crt".format(crt_dir) ] # Determine whether to generate and copy rsyslog certificates if 'force-new-certs' in args or not _all_files_exist(cert_files): # Generate the certs on the remote machine general.wait_for_server_root_login(srv) general.run_remote_command(srv, "/etc/pki/rsyslog/syco-gen-rsyslog-client-keys.sh {0}".format(fqdn)) # Retrieve the certs general.retrieve_from_server(srv, "/etc/pki/rsyslog/ca.crt", crt_dir) general.retrieve_from_server(srv, "/etc/pki/rsyslog/{0}*".format(net.get_hostname()), crt_dir, verify_local=cert_files, remove_remote_files=True) x("restorecon -r /etc/pki/rsyslog") x("chmod 600 /etc/pki/rsyslog/*") x("chown root:root /etc/pki/rsyslog/*") else: app.print_verbose("Found all certs and force-new-certs was not specified so not updating certificates")
def _copy_certificate_files(env): copyfrom = "root@{0}".format(cert_server) copyremotefile = "{0}/{1}.pem".format(cert_server_path, env) copylocalfile = "{0}/{1}.pem".format(cert_copy_to_path, env) retrieve_from_server(copyfrom, copyremotefile, copylocalfile, verify_local=[copylocalfile])
def download_cert(filename): """ Get certificate from ldap server. This is not needed to be done on the server. """ # Creating certs folder x("mkdir -p /etc/openldap/cacerts") general.retrieve_from_server(config.general.get_ldap_server_ip(), '/etc/openldap/cacerts/client.pem', '/etc/openldap/cacerts/', verify_local=['/etc/openldap/cacerts/']) general.retrieve_from_server(config.general.get_ldap_server_ip(), '/etc/openldap/cacerts/ca.crt', '/etc/openldap/cacerts/', verify_local=['/etc/openldap/cacerts/'])
def _gen_and_copy_cert(args): """ Generate certs if they don't exist or if cert regen was requested with "force-new-certs" """ crt_dir = "/etc/pki/rsyslog/" x("mkdir -p {0}".format(crt_dir)) fqdn = "{0}.{1}".format(net.get_hostname(), config.general.get_resolv_domain()) srv = config.general.get_log_server_hostname1() cert_files = [ "{0}{1}.crt".format(crt_dir, fqdn), "{0}{1}.key".format(crt_dir, fqdn), "{0}/ca.crt".format(crt_dir) ] # Determine whether to generate and copy rsyslog certificates if 'force-new-certs' in args or not _all_files_exist(cert_files): # Generate the certs on the remote machine general.wait_for_server_root_login(srv) general.run_remote_command( srv, "/etc/pki/rsyslog/syco-gen-rsyslog-client-keys.sh {0}".format( fqdn)) # Retrieve the certs general.retrieve_from_server(srv, "/etc/pki/rsyslog/ca.crt", crt_dir) general.retrieve_from_server(srv, "/etc/pki/rsyslog/{0}*".format( net.get_hostname()), crt_dir, verify_local=cert_files, remove_remote_files=True) x("restorecon -r /etc/pki/rsyslog") x("chmod 600 /etc/pki/rsyslog/*") x("chown root:root /etc/pki/rsyslog/*") else: app.print_verbose( "Found all certs and force-new-certs was not specified so not updating certificates" )
def download_cert(filename): """ Get certificate from ldap server. This is not needed to be done on the server. """ # Creating certs folder x("mkdir -p /etc/openldap/cacerts") general.retrieve_from_server( config.general.get_ldap_server_ip(), '/etc/openldap/cacerts/client.pem', '/etc/openldap/cacerts/', verify_local = ['/etc/openldap/cacerts/'] ) general.retrieve_from_server( config.general.get_ldap_server_ip(), '/etc/openldap/cacerts/ca.crt', '/etc/openldap/cacerts/', verify_local = ['/etc/openldap/cacerts/'] )