def invalidate_ca_server(self, env): import params ca_json = os.path.join(params.nifi_config_dir, 'nifi-certificate-authority.json') nifi_toolkit_util.move_store(nifi_toolkit_util.load(ca_json), 'keyStore') unlink(ca_json)
def configure(self, env): import params import status_params env.set_params(params) env.set_params(status_params) #create the log, pid, conf dirs if not already present Directory([ status_params.nifi_pid_dir, params.nifi_node_log_dir, params.nifi_config_dir ], owner=params.nifi_user, group=params.nifi_group, create_parents=True) ca_json = os.path.join(params.nifi_config_dir, 'nifi-certificate-authority.json') ca_dict = nifi_toolkit_util.load(ca_json) nifi_toolkit_util.overlay(ca_dict, params.nifi_ca_config) nifi_toolkit_util.dump(ca_json, ca_dict, params.nifi_user, params.nifi_group) Directory([params.nifi_config_dir], owner=params.nifi_user, group=params.nifi_group, create_parents=True, recursive_ownership=True)
def setup_keystore_truststore(self, is_starting, params, config_version_file): if is_starting: # check against last version to determine if key/trust has changed last_config_version = nifi_toolkit_util.get_config_version(config_version_file, 'ssl') last_config = nifi_toolkit_util.get_config_by_version('/var/lib/ambari-agent/data', 'nifi-ambari-ssl-config', last_config_version) ca_client_dict = nifi_toolkit_util.get_nifi_ca_client_dict(last_config, params) using_client_json = len(ca_client_dict) == 0 and sudo.path_isfile( params.nifi_config_dir + '/nifi-certificate-authority-client.json') if using_client_json: ca_client_dict = nifi_toolkit_util.load( params.nifi_config_dir + '/nifi-certificate-authority-client.json') changed_keystore_truststore = nifi_toolkit_util.changed_keystore_truststore(ca_client_dict, params.nifi_ca_client_config, using_client_json) if not len( ca_client_dict) == 0 else True if params.nifi_toolkit_tls_regenerate: nifi_toolkit_util.move_keystore_truststore(ca_client_dict) ca_client_dict = {} elif changed_keystore_truststore: nifi_toolkit_util.move_keystore_truststore(ca_client_dict) if changed_keystore_truststore or params.nifi_toolkit_tls_regenerate: nifi_toolkit_util.overlay(ca_client_dict, params.nifi_ca_client_config) updated_properties = self.run_toolkit_client(ca_client_dict, params.nifi_config_dir, params.jdk64_home, params.nifi_user, params.nifi_group, params.stack_support_toolkit_update) nifi_toolkit_util.update_nifi_properties(updated_properties, params.nifi_properties) nifi_toolkit_util.save_config_version(config_version_file, 'ssl', params.nifi_ambari_ssl_config_version, params.nifi_user, params.nifi_group) elif using_client_json: nifi_toolkit_util.save_config_version(config_version_file, 'ssl', params.nifi_ambari_ssl_config_version, params.nifi_user, params.nifi_group) old_nifi_properties = nifi_toolkit_util.convert_properties_to_dict( params.nifi_config_dir + '/nifi.properties') return nifi_toolkit_util.populate_ssl_properties(old_nifi_properties, params.nifi_properties, params) else: return params.nifi_properties
def run_toolkit_client(self, ca_client_dict, nifi_config_dir, jdk64_home, nifi_user, nifi_group, no_client_file=False): Logger.info("Generating NiFi Keystore and Truststore") ca_client_script = nifi_toolkit_util.get_toolkit_script('tls-toolkit.sh') File(ca_client_script, mode=0755) if no_client_file: cert_command = 'echo \'' + json.dumps( ca_client_dict) + '\' | ambari-sudo.sh JAVA_HOME=' + jdk64_home + ' ' + ca_client_script + ' client -f /dev/stdout --configJsonIn /dev/stdin' code, out = shell.call(cert_command, quiet=True, logoutput=False) if code > 0: raise Fail("Call to tls-toolkit encountered error: {0}".format(out)) else: json_out = out[out.index('{'):len(out)] updated_properties = json.loads(json_out) shell.call(['chown', nifi_user + ':' + nifi_group, updated_properties['keyStore']], sudo=True) shell.call(['chown', nifi_user + ':' + nifi_group, updated_properties['trustStore']], sudo=True) else: ca_client_json = os.path.realpath(os.path.join(nifi_config_dir, 'nifi-certificate-authority-client.json')) nifi_toolkit_util.dump(ca_client_json, ca_client_dict, nifi_user, nifi_group) Execute('JAVA_HOME=' + jdk64_home + ' ' + ca_client_script + ' client -F -f ' + ca_client_json, user=nifi_user) updated_properties = nifi_toolkit_util.load(ca_client_json) return updated_properties