Пример #1
0
    def _load_ip_pool(self):
        if cache_db.get(self.get_cache_key('ip_pool_cached')) == 't':
            return
        reset = False

        if os.path.exists(self.ip_pool_path):
            with open(self.ip_pool_path, 'r') as ip_pool_file:
                pool = json.loads(ip_pool_file.read())

            network = pool.pop('network', None)
            if network == self.network:
                cache_key = self.get_cache_key('ip_pool')
                set_cache_key = self.get_cache_key('ip_pool_set')
                for key, value in pool.iteritems():
                    cache_db.dict_set(cache_key, key, value)
                    local_ip_addr, remote_ip_addr = value.split('-')
                    cache_db.set_add(set_cache_key, local_ip_addr)
                    cache_db.set_add(set_cache_key, remote_ip_addr)
            else:
                reset = True

        cache_db.set(self.get_cache_key('ip_pool_cached'), 't')

        if reset:
            self.update_ip_pool()
Пример #2
0
 def _cache_orgs(cls):
     if cache_db.get('orgs_cached') != 't':
         cache_db.remove('orgs')
         path = os.path.join(app_server.data_path, ORGS_DIR)
         if os.path.isdir(path):
             for org_id in os.listdir(path):
                 cache_db.set_add('orgs', org_id)
         cls.sort_orgs_cache()
         cache_db.set('orgs_cached', 't')
Пример #3
0
 def _cache_orgs(cls):
     if cache_db.get("orgs_cached") != "t":
         cache_db.remove("orgs")
         path = os.path.join(app_server.data_path, ORGS_DIR)
         if os.path.isdir(path):
             for org_id in os.listdir(path):
                 cache_db.set_add("orgs", org_id)
         cls.sort_orgs_cache()
         cache_db.set("orgs_cached", "t")
Пример #4
0
 def add_key(self, key, value):
     name = self.name + '_'
     cur_key = self.key
     new_key = cur_key
     for char in key.lower():
         new_key += char
         cache_db.set_add(name + cur_key, new_key)
         cur_key = new_key
     cache_db.set_add(name + cur_key + '_values', value)
Пример #5
0
 def _initialize(self):
     self._make_dirs()
     try:
         self.ca_cert = User(self, type=CERT_CA)
         cache_db.set_add("orgs", self.id)
         self.commit()
         LogEntry(message='Created new organization "%s".' % self.name)
     except:
         logger.exception("Failed to create organization. %r" % {"org_id": self.id})
         self.clear_cache()
         utils.rmtree(self.path)
         raise
Пример #6
0
 def _cache_servers(cls):
     if cache_db.get('servers_cached') != 't':
         cache_db.remove('servers')
         path = os.path.join(app_server.data_path, SERVERS_DIR)
         if os.path.isdir(path):
             for server_id in os.listdir(path):
                 if os.path.isfile(os.path.join(path, server_id,
                         NODE_SERVER)):
                     server_id += '_' + NODE_SERVER
                 else:
                     server_id += '_' + SERVER
                 cache_db.set_add('servers', server_id)
         cls.sort_servers_cache()
         cache_db.set('servers_cached', 't')
Пример #7
0
 def _cache_users(self):
     if cache_db.get(self.get_cache_key('users_cached')) != 't':
         cache_db.remove(self.get_cache_key('users'))
         certs_path = os.path.join(self.path, CERTS_DIR)
         if os.path.isdir(certs_path):
             for cert in os.listdir(certs_path):
                 user_id = cert.replace('.crt', '')
                 if user_id == CA_CERT_ID:
                     continue
                 user = User.get_user(self, id=user_id)
                 if not user:
                     continue
                 user._add_cache_trie_key()
                 cache_db.set_add(self.get_cache_key('users'), user_id)
         self.sort_users_cache()
         cache_db.set(self.get_cache_key('users_cached'), 't')
Пример #8
0
 def _initialize(self):
     self._setup_openssl()
     self._cert_request()
     self._generate_otp_secret()
     self.commit()
     self._cert_create()
     self._clean_openssl()
     if self.type != CERT_CA:
         cache_db.set_add(self.org.get_cache_key('users'), self.id)
         self._add_cache_trie_key()
     self.org.sort_users_cache()
     if self.type == CERT_CLIENT:
         LogEntry(message='Created new user "%s".' % self.name)
     Event(type=ORGS_UPDATED)
     Event(type=USERS_UPDATED, resource_id=self.org.id)
     Event(type=SERVERS_UPDATED)
Пример #9
0
    def __init__(self):
        self._orgs_users_thread = None
        self._servers_thread = None

        self.dh_pool_path = os.path.join(app_server.data_path, DH_POOL_DIR)
        if not os.path.exists(self.dh_pool_path):
            os.makedirs(self.dh_pool_path)

        for dh_param in os.listdir(self.dh_pool_path):
            dh_param_path = os.path.join(self.dh_pool_path, dh_param)

            dh_param_split = dh_param.split('_')
            if len(dh_param_split) != 2:
                logger.warning(
                    'Invalid dh param name in pool, skipping... %r' % {
                        'path': dh_param_path
                    })
                continue

            dh_param_bits, dh_param_id = dh_param_split
            try:
                dh_param_bits = int(dh_param_bits)
            except ValueError:
                logger.warning(
                    'Invalid dh param size in pool, skipping... %r' % {
                        'path': dh_param_path
                    })
                continue

            if dh_param_bits not in VALID_DH_PARAM_BITS:
                logger.warning(
                    'Unknown dh param size in pool, skipping... %r' % {
                        'path': dh_param_path
                    })
                continue

            if len(dh_param_id) != 32 or not dh_param_id.isalnum() or \
                    not dh_param_id.islower():
                logger.warning(
                    'Invalid dh param id in pool, skipping... %r' % {
                        'path': dh_param_path
                    })
                continue

            cache_db.dict_set('dh_pool_state', dh_param_path, COMPLETE)
            cache_db.set_add('dh_pool_%s' % dh_param_bits, dh_param_path)
Пример #10
0
    def update_ip_pool(self):
        cache_key = self.get_cache_key('ip_pool')
        set_cache_key = self.get_cache_key('ip_pool_set')
        cache_db.lock_acquire(cache_key)
        try:
            ip_pool = ipaddress.IPv4Network(self.network).iterhosts()
            ip_pool.next()

            users = set()
            for org in self.iter_orgs():
                for user in org.iter_users():
                    if user.type == CERT_CLIENT:
                        users.add(org.id + '-' + user.id)

            for user_id in cache_db.dict_keys(cache_key) - users:
                ip_set = cache_db.dict_get(cache_key, user_id)
                local_ip_addr, remote_ip_addr = ip_set.split('-')
                cache_db.set_remove(set_cache_key, local_ip_addr)
                cache_db.set_remove(set_cache_key, remote_ip_addr)
                cache_db.dict_remove(cache_key, user_id)

            try:
                for user_id in users - cache_db.dict_keys(cache_key):
                    while True:
                        remote_ip_addr = str(ip_pool.next())
                        ip_addr_endpoint = remote_ip_addr.split('.')[-1]
                        if ip_addr_endpoint not in VALID_IP_ENDPOINTS:
                            continue
                        local_ip_addr = str(ip_pool.next())

                        if not cache_db.set_exists(set_cache_key,
                                local_ip_addr) and not cache_db.set_exists(
                                set_cache_key, remote_ip_addr):
                            cache_db.set_add(set_cache_key, local_ip_addr)
                            cache_db.set_add(set_cache_key, remote_ip_addr)
                            break
                    cache_db.dict_set(cache_key, user_id,
                        local_ip_addr + '-' + remote_ip_addr)
            except StopIteration:
                pass
            finally:
                self._commit_ip_pool()
                for org in self.iter_orgs():
                    Event(type=USERS_UPDATED, resource_id=org.id)
        finally:
            cache_db.lock_release(cache_key)
Пример #11
0
 def _initialize(self):
     logger.debug('Initialize new server. %r' % {
         'server_id': self.id,
     })
     os.makedirs(os.path.join(self.path, TEMP_DIR))
     try:
         self._generate_dh_param()
         cache_db.set_add('servers', '%s_%s' % (self.id, self.type))
         self.commit()
         LogEntry(message='Created new server "%s".' % self.name)
     except:
         logger.exception('Failed to create server. %r' % {
             'server_id': self.id,
         })
         self.clear_cache()
         utils.rmtree(self.path)
         raise
Пример #12
0
    def _gen_dh_params(self, dh_param_bits):
        exit_code = None
        cache_key = 'dh_pool_%s' % dh_param_bits
        dh_param_path = os.path.join(self.dh_pool_path,
            '%s_%s' % (dh_param_bits, uuid.uuid4().hex))
        try:
            cache_db.dict_set('dh_pool_state', dh_param_path, PENDING)
            cache_db.set_add(cache_key, dh_param_path)

            args = [
                'openssl', 'dhparam',
                '-out', dh_param_path,
                dh_param_bits,
            ]
            process = subprocess.Popen(args, stdout=subprocess.PIPE,
                stderr=subprocess.PIPE)

            listener_thread = threading.Thread(
                target=self._fill_servers_pool_listener,
                args=(cache_key, dh_param_path, process),
            )
            listener_thread.daemon = True
            listener_thread.start()

            exit_code = process.wait()
        finally:
            if exit_code == 0:
                cache_db.dict_set('dh_pool_state', dh_param_path, COMPLETE)
            else:
                cache_db.set_remove(cache_key, dh_param_path)
                cache_db.dict_remove('dh_pool_state', dh_param_path)

                try:
                    os.remove(dh_param_path)
                except:
                    pass

                logger.error('Openssl dhparam returned ' + \
                    'error exit code %r.' % exit_code)
            cache_db.publish('pooler', 'update')
Пример #13
0
 def add_value(self, value):
     cache_db.set_add(self.get_cache_key('values'), value)