def __init__(self, cn, requester, signer=None):
self.cn = common.is_shell_safe(cn)
SpokeCert.__init__(self, cn, requester, signer)
if not signer:
# We're dealing with self-signed CA cert
self.log.debug('No signer given, self-signing')
self.self_signed = True
else:
# We're dealing with a CA signed by another
signer = common.is_shell_safe(signer)
self.self_signed = False
self.log.debug('Issuer cn is %s' % self.signca.ca_cn)
self.req_file = self.reqca.ca_req_file
self.key_file = self.reqca.ca_key_file
self.cert_file = self.reqca.ca_cert_file
def __init__(self, cn, requester, signer=None):
self.cn = common.is_shell_safe(cn)
SpokeCert.__init__(self, cn, requester, signer)
if not signer:
# We're dealing with self-signed CA cert
self.log.debug('No signer given, self-signing')
self.self_signed = True
else:
# We're dealing with a CA signed by another
signer = common.is_shell_safe(signer)
self.self_signed = False
self.log.debug('Issuer cn is %s' % self.signca.ca_cn)
self.req_file = self.reqca.ca_req_file
self.key_file = self.reqca.ca_key_file
self.cert_file = self.reqca.ca_cert_file
def _get_ca(self, ca_name):
ca_name = common.is_shell_safe(ca_name)
ca = SpokeCA(ca_name)
if not ca.get()['data']:
msg = "Can't find CA %s" % ca_name
raise error.NotFound(msg)
return ca
def _get_ca(self, ca_name):
ca_name = common.is_shell_safe(ca_name)
ca = SpokeCA(ca_name)
if not ca.get()['data']:
msg = "Can't find CA %s" % ca_name
raise error.NotFound(msg)
return ca
def __init__(self, ca_name):
"""Get config, setup logging."""
self.config = config.setup()
self.log = logger.log_to_console()
self.ca_name = common.is_shell_safe(ca_name)
self.ca_base_dir = self.config.get('CA', 'ca_base_dir')
self.ca_dir = os.path.join(self.ca_base_dir, self.ca_name)
self.ca_key_rdir = self.config.get('CA', 'ca_key_dir', 'private')
self.ca_cert_rdir = self.config.get('CA', 'ca_cert_dir', 'certs')
self.ca_req_rdir = self.config.get('CA', 'ca_req_dir', 'reqs')
self.ca_cert_name = self.config.get('CA', 'ca_pub_cert', 'ca-cert.pem')
self.ca_bundle_name = self.config.get('CA', 'ca_bundle', 'ca-bundle.pem')
self.ca_req_name = self.config.get('CA', 'ca_req', 'ca-req.pem')
self.ca_key_name = self.config.get('CA', 'ca_priv_key', 'ca-key.pem')
self.ca_index_name = self.config.get('CA', 'ca_index', 'index')
self.ca_serial_name = self.config.get('CA', 'ca_serial', 'serial')
self.ca_cert_dir = os.path.join(self.ca_dir, self.ca_cert_rdir)
self.ca_key_dir = os.path.join(self.ca_dir, self.ca_key_rdir)
self.ca_req_dir = os.path.join(self.ca_dir, self.ca_req_rdir)
self.ca_cert_file = os.path.join(self.ca_cert_dir, self.ca_cert_name)
self.ca_bundle_file = os.path.join(self.ca_base_dir,
self.ca_bundle_name)
self.ca_key_file = os.path.join(self.ca_key_dir, self.ca_key_name)
self.ca_req_file = os.path.join(self.ca_req_dir, self.ca_req_name)
self.ca_index_file = os.path.join(self.ca_cert_dir, self.ca_index_name)
self.ca_serial_file = os.path.join(self.ca_dir, self.ca_serial_name)
self.ca_key = os.path.join(self.ca_key_dir, self.ca_key_file)
self.ca_cert = os.path.join(self.ca_cert_dir, self.ca_cert_file)
self.req_dirs = [ self.ca_base_dir, self.ca_dir, self.ca_key_dir,
self.ca_req_dir, self.ca_cert_dir ]
self.req_files = [ self.ca_index_file, self.ca_serial_file,
self.ca_key_file, self.ca_cert_file ]
try:
ca_cert = X509.load_cert(self.ca_cert_file, format=1)
self.ca_cn = ca_cert.get_subject().CN
self.ca_cert_as_pem = ca_cert.as_pem()
except:
msg = 'CA cert file %s does not exist' % self.ca_cert_file
self.log.debug(msg)
self.ca_country = self.config.get('CA', 'ca_country', 'GB')
try:
self.ca_state = self.config.get('CA', 'ca_state')
except:
self.ca_state = None
self.ca_locality = self.config.get('CA', 'ca_locality', 'London')
self.ca_org = self.config.get('CA', 'ca_org', 'Acme Ltd')
self.ca_ou = self.config.get('CA', 'ca_ou', 'Certificate Services')
self.ca_email = self.config.get('CA', 'ca_email', '*****@*****.**')
self.ca_def_duration = self.config.get('CA', 'ca_def_duration', 1095)
self.ca_keypass = self.config.get('CA', 'ca_keypass', '')
# Try to get some more info from req/cert files if they are present
self.ca_info = self._get_ca_info()
try:
self.ca_cn = self.ca_info['ca_cn']
except:pass
try:
self.ca_cert_as_pem = self.ca_info['ca_cert_as_pem']
except:pass
def create(self,
host_name,
host_uuid,
host_mem,
host_cpu,
host_family,
host_type,
host_storage_layout,
host_network_layout,
host_extra_opts=None):
"""Create a VM Host; return a VM Host search result."""
host_name = common.validate_hostname(host_name)
host_uuid = common.validate_uuid(host_uuid)
host_mem = common.validate_mem(host_mem)
host_cpu = common.validate_cpu(host_cpu)
host_family = common.validate_host_family(host_family)
# Verification that the objects referenced in the storage and network
# layout exist in the config file takes place in the vm module
host_storage_layout = common.is_shell_safe(host_storage_layout)
host_network_layout = common.is_shell_safe(host_network_layout)
host_type = common.validate_host_type(host_type)
host_extra_opts = common.is_shell_safe(host_extra_opts)
filter = '%s=%s' % (self.host_key, host_name)
dn = '%s=%s,%s' % (self.host_key, host_name, self.host_container_dn)
dn_attr = {
'objectClass': ['top', self.host_class],
self.host_key: [host_name],
self.host_cpu_attr: [str(host_cpu)],
self.host_mem_attr: [str(host_mem)],
self.host_family_attr: [host_family],
self.host_name_attr: [host_name],
self.host_network_layout_attr: [host_network_layout],
self.host_storage_layout_attr: [host_storage_layout],
self.host_type_attr: [host_type],
self.host_uuid_attr: [host_uuid],
}
if host_extra_opts is not None:
dn_attr[self.host_extra_opts_attr] = [host_extra_opts]
dn_info = [(k, v) for (k, v) in dn_attr.items()]
msg = 'Creating %s with attributes %s' % (dn, dn_info)
self.log.debug(msg)
result = self._create_object(dn, dn_info)
self.log.debug('Result: %s' % result)
return result
def __init__(self, vg_name=None):
"""Get config, setup logging."""
self.config = config.setup()
self.log = logging.getLogger(__name__)
if not vg_name:
vg_name = self.config.get('LVM', 'lv_def_vg_name')
self.vg_name = common.is_shell_safe(vg_name)
self.lv_units = self.config.get('LVM', 'lv_units', 'g')
def __init__(self, vg_name=None):
"""Get config, setup logging."""
self.config = config.setup()
self.log = logging.getLogger(__name__)
if not vg_name:
vg_name = self.config.get('LVM', 'lv_def_vg_name')
self.vg_name = common.is_shell_safe(vg_name)
self.lv_units = self.config.get('LVM', 'lv_units', 'g')
def __init__(self, cn, requester=None, ca=None):
"""Get config, setup logging."""
self.config = config.setup()
self.log = logger.log_to_console()
if not requester:
requester = self.config.get('CA', 'ca_default_ca')
requester = common.is_shell_safe(requester)
self.is_a_ca = ca
self.reqca = SpokeCA(requester)
if not self.reqca.get()['data']:
msg = 'CA %s does not exist; please create' % requester
raise error.NotFound(msg)
if self.is_a_ca:
self.cn = common.is_shell_safe(cn)
self.req_file = self.reqca.ca_req_file
self.key_file = self.reqca.ca_key_file
else: # We're dealing with a host CSR
self.cn = common.validate_domain(cn)
key_name = '%s.key.pem' % cn
req_name = '%s.req' % cn
self.key_file = os.path.join(self.reqca.ca_dir, key_name)
self.req_file = os.path.join(self.reqca.ca_dir, req_name)
def create(self, host_name, host_uuid, host_mem, host_cpu, host_family,
host_type, host_storage_layout, host_network_layout,
host_extra_opts=None):
"""Create a VM Host; return a VM Host search result."""
host_name = common.validate_hostname(host_name)
host_uuid = common.validate_uuid(host_uuid)
host_mem = common.validate_mem(host_mem)
host_cpu = common.validate_cpu(host_cpu)
host_family = common.validate_host_family(host_family)
# Verification that the objects referenced in the storage and network
# layout exist in the config file takes place in the vm module
host_storage_layout = common.is_shell_safe(host_storage_layout)
host_network_layout = common.is_shell_safe(host_network_layout)
host_type = common.validate_host_type(host_type)
host_extra_opts = common.is_shell_safe(host_extra_opts)
filter = '%s=%s' % (self.host_key, host_name)
dn = '%s=%s,%s' % (self.host_key, host_name, self.host_container_dn)
dn_attr = {'objectClass': ['top', self.host_class],
self.host_key: [host_name],
self.host_cpu_attr: [str(host_cpu)],
self.host_mem_attr: [str(host_mem)],
self.host_family_attr: [host_family],
self.host_name_attr: [host_name],
self.host_network_layout_attr: [host_network_layout],
self.host_storage_layout_attr: [host_storage_layout],
self.host_type_attr: [host_type],
self.host_uuid_attr: [host_uuid],
}
if host_extra_opts is not None:
dn_attr[self.host_extra_opts_attr] = [host_extra_opts]
dn_info = [(k, v) for (k, v) in dn_attr.items()]
msg = 'Creating %s with attributes %s' % (dn, dn_info)
self.log.debug(msg)
result = self._create_object(dn, dn_info)
self.log.debug('Result: %s' % result)
return result
def __init__(self, cn, requester=None, ca=None):
"""Get config, setup logging."""
self.config = config.setup()
self.log = logger.setup(self.__module__)
if not requester:
requester = self.config.get('CA', 'ca_default_ca')
requester = common.is_shell_safe(requester)
self.is_a_ca = ca
self.reqca = SpokeCA(requester)
if not self.reqca.get()['data']:
msg = 'CA %s does not exist; please create' % requester
raise error.NotFound(msg)
if self.is_a_ca:
self.cn = common.is_shell_safe(cn)
self.req_file = self.reqca.ca_req_file
self.key_file = self.reqca.ca_key_file
else: # We're dealing with a host CSR
self.cn = common.validate_domain(cn)
key_name = '%s.key.pem' % cn
req_name = '%s.req' % cn
self.key_file = os.path.join(self.reqca.ca_dir, key_name)
self.req_file = os.path.join(self.reqca.ca_dir, req_name)
def create(self, cn, signer=None):
"""Create a CA with default file structure and configuration files."""
# If signer is set, this CA cert will be signed by the signer,
# otherwise a self-signed certificate will be produced.
self.ca_cn = common.is_shell_safe(cn)
if signer:
signer = common.is_shell_safe(signer)
if os.path.exists(self.ca_key_file) or \
os.path.exists(self.ca_cert_file):
msg = 'CA %s exists, delete first to continue' % self.ca_name
raise error.AlreadyExists(msg)
self.req_dirs.sort()
for directory in self.req_dirs:
if not (os.path.exists(directory)):
try:
self.log.debug('Creating directory %s' % directory)
os.makedirs(directory)
except Exception as e:
raise e
msg = 'Creating CSR with cn=%s and requester=%s' % (cn,self.ca_name)
self.log.debug(msg)
csr = SpokeCSR(cn, self.ca_name, ca=True)
csr.create()
msg = 'Creating Cert with cn=%s, requester=%s and signer=%s' % \
(cn, self.ca_name, signer)
self.log.debug(msg)
cert = SpokeCACert(cn, self.ca_name, signer)
cert.create()
result = self.get()
if result['exit_code'] == 0 and result['count'] == 1:
result['msg'] = "Created %s:" % result['type']
return result
else:
msg = 'Create operation returned OK, but unable to find object'
raise error.ValidationError(msg)
return result
def create(self, cn, signer=None):
"""Create a CA with default file structure and configuration files."""
# If signer is set, this CA cert will be signed by the signer,
# otherwise a self-signed certificate will be produced.
self.ca_cn = common.is_shell_safe(cn)
if signer:
signer = common.is_shell_safe(signer)
if os.path.exists(self.ca_key_file) or \
os.path.exists(self.ca_cert_file):
msg = 'CA %s exists, delete first to continue' % self.ca_name
raise error.AlreadyExists(msg)
self.req_dirs.sort()
for directory in self.req_dirs:
if not (os.path.exists(directory)):
try:
self.log.debug('Creating directory %s' % directory)
os.makedirs(directory)
except Exception as e:
raise e
msg = 'Creating CSR with cn=%s and requester=%s' % (cn, self.ca_name)
self.log.debug(msg)
csr = SpokeCSR(cn, self.ca_name, ca=True)
csr.create()
msg = 'Creating Cert with cn=%s, requester=%s and signer=%s' % \
(cn, self.ca_name, signer)
self.log.debug(msg)
cert = SpokeCACert(cn, self.ca_name, signer)
cert.create()
result = self.get()
if result['exit_code'] == 0 and result['count'] == 1:
result['msg'] = "Created %s:" % result['type']
return result
else:
msg = 'Create operation returned OK, but unable to find object'
raise error.ValidationError(msg)
return result
def create(self, mac, template, run_id=None):
"""Creates a config at mac using template"""
mac = common.validate_mac(mac)
if run_id is not None:
run_id = common.is_shell_safe(run_id)
mac = string.replace(mac, ":", "-") #Format for use on tftp filesystem
template = self._validate_template(template)
template_path = self.tftp_dir + template
template_file = open(template_path)
dst = self.tftp_dir + self.tftp_prefix + mac
#Check that at least one line has kernel arguments
kernel_arg_lines = 0
for line in template_file:
if 'append' in line:
kernel_arg_lines += 1
if kernel_arg_lines < 1 and run_id is not None:
msg = "No kernel arguments in specified template. Should be more than one line starting append."
raise error.InputError, msg
template_file.close
template_file = open(template_path)
#Check that nothing exists at that mac location before trying to make a file
if not os.path.lexists(dst):
mac_file = open(dst, 'w')
#Loop file adding run_id at correct line
for line in template_file:
if 'append' in line and run_id:
#remove the line break and add run_id at end of kernel args
line = line.rstrip('\n')
mac_file.write(line + " run_id=" + str(run_id) + "\n")
else:
mac_file.write(line)
mac_file.close
else:
msg = "Config for mac %s already exists, can't create" % mac
raise error.AlreadyExists, msg
result = self.search(mac)
if result['exit_code'] == 0 and result['count'] == 1:
result['msg'] = "Created %s:" % result['type']
return result
else:
msg = 'Create operation returned OK, but unable to find object'
raise error.NotFound(msg)
return result
def create(self, mac, template, run_id=None):
"""Creates a config at mac using template"""
mac = common.validate_mac(mac)
if run_id is not None:
run_id = common.is_shell_safe(run_id)
mac = string.replace(mac, ":", "-") #Format for use on tftp filesystem
template = self._validate_template(template)
template_path = self.tftp_dir + template
template_file = open(template_path)
dst = self.tftp_dir + self.tftp_prefix + mac
#Check that at least one line has kernel arguments
kernel_arg_lines = 0
for line in template_file:
if 'append' in line:
kernel_arg_lines += 1
if kernel_arg_lines < 1 and run_id is not None:
msg = "No kernel arguments in specified template. Should be more than one line starting append."
raise error.InputError, msg
template_file.close
template_file = open(template_path)
#Check that nothing exists at that mac location before trying to make a file
if not os.path.lexists(dst):
mac_file = open(dst, 'w')
#Loop file adding run_id at correct line
for line in template_file:
if 'append' in line and run_id:
#remove the line break and add run_id at end of kernel args
line = line.rstrip('\n')
mac_file.write( line + " run_id=" + str(run_id) + "\n")
else:
mac_file.write(line)
mac_file.close
else:
msg = "Config for mac %s already exists, can't create" % mac
raise error.AlreadyExists, msg
result = self.search(mac)
if result['exit_code'] == 0 and result['count'] == 1:
result['msg'] = "Created %s:" % result['type']
return result
else:
msg = 'Create operation returned OK, but unable to find object'
raise error.NotFound(msg)
return result
def _process_results(self, data, name=None):
'''Take result data; return full result object.'''
result = {}
result['data'] = data
if not name:
thing = 'object'
else:
thing = common.is_shell_safe(name)
result['type'] = name
count = len(data)
result['count'] = count
if count == 0:
result['exit_code'] = 3
result['msg'] = 'No ' + thing + '(s) found'
else:
result['exit_code'] = 0
if count == 1:
result['msg'] = "Found %s:" % thing
else:
result['msg'] = 'Found ' + str(count) + ' ' + thing + 's:'
return result
def __init__(self, ca_name):
"""Get config, setup logging."""
self.config = config.setup()
self.log = logger.setup(__name__)
self.ca_name = common.is_shell_safe(ca_name)
self.ca_base_dir = self.config.get('CA', 'ca_base_dir')
self.ca_dir = os.path.join(self.ca_base_dir, self.ca_name)
self.ca_key_rdir = self.config.get('CA', 'ca_key_dir', 'private')
self.ca_cert_rdir = self.config.get('CA', 'ca_cert_dir', 'certs')
self.ca_req_rdir = self.config.get('CA', 'ca_req_dir', 'reqs')
self.ca_cert_name = self.config.get('CA', 'ca_pub_cert', 'ca-cert.pem')
self.ca_bundle_name = self.config.get('CA', 'ca_bundle',
'ca-bundle.pem')
self.ca_req_name = self.config.get('CA', 'ca_req', 'ca-req.pem')
self.ca_key_name = self.config.get('CA', 'ca_priv_key', 'ca-key.pem')
self.ca_index_name = self.config.get('CA', 'ca_index', 'index')
self.ca_serial_name = self.config.get('CA', 'ca_serial', 'serial')
self.ca_cert_dir = os.path.join(self.ca_dir, self.ca_cert_rdir)
self.ca_key_dir = os.path.join(self.ca_dir, self.ca_key_rdir)
self.ca_req_dir = os.path.join(self.ca_dir, self.ca_req_rdir)
self.ca_cert_file = os.path.join(self.ca_cert_dir, self.ca_cert_name)
self.ca_bundle_file = os.path.join(self.ca_base_dir,
self.ca_bundle_name)
self.ca_key_file = os.path.join(self.ca_key_dir, self.ca_key_name)
self.ca_req_file = os.path.join(self.ca_req_dir, self.ca_req_name)
self.ca_index_file = os.path.join(self.ca_cert_dir, self.ca_index_name)
self.ca_serial_file = os.path.join(self.ca_dir, self.ca_serial_name)
self.ca_key = os.path.join(self.ca_key_dir, self.ca_key_file)
self.ca_cert = os.path.join(self.ca_cert_dir, self.ca_cert_file)
self.req_dirs = [
self.ca_base_dir, self.ca_dir, self.ca_key_dir, self.ca_req_dir,
self.ca_cert_dir
]
self.req_files = [
self.ca_index_file, self.ca_serial_file, self.ca_key_file,
self.ca_cert_file
]
try:
ca_cert = X509.load_cert(self.ca_cert_file, format=1)
self.ca_cn = ca_cert.get_subject().CN
self.ca_cert_as_pem = ca_cert.as_pem()
except:
msg = 'CA cert file %s does not exist' % self.ca_cert_file
self.log.debug(msg)
self.ca_country = self.config.get('CA', 'ca_country', 'GB')
try:
self.ca_state = self.config.get('CA', 'ca_state')
except:
self.ca_state = None
self.ca_locality = self.config.get('CA', 'ca_locality', 'London')
self.ca_org = self.config.get('CA', 'ca_org', 'Acme Ltd')
self.ca_ou = self.config.get('CA', 'ca_ou', 'Certificate Services')
self.ca_email = self.config.get('CA', 'ca_email', '*****@*****.**')
self.ca_def_duration = self.config.get('CA', 'ca_def_duration', 1095)
self.ca_keypass = self.config.get('CA', 'ca_keypass', '')
# Try to get some more info from req/cert files if they are present
self.ca_info = self._get_ca_info()
try:
self.ca_cn = self.ca_info['ca_cn']
except:
pass
try:
self.ca_cert_as_pem = self.ca_info['ca_cert_as_pem']
except:
pass