示例#1
0
文件: infra.py 项目: sipb/homeworld 
def admit(server_principal: str) -> str:
    config = configuration.get_config()
    principal_hostname = config.get_fqdn(server_principal)

    errs = []

    try:
        if config.is_kerberos_enabled():
            return access.call_keyreq("bootstrap-token",
                                      principal_hostname).decode().strip()
    except Exception as e:
        print('[keyreq failed, set SPIRE_DEBUG for traceback]')
        if os.environ.get('SPIRE_DEBUG'):
            traceback.print_exc()
        errs.append(e)

    try:
        return ssh.check_ssh_output(config.keyserver, "keyinitadmit",
                                    principal_hostname).decode().strip()
    except Exception as e:
        print('[keyinitadmit failed, set SPIRE_DEBUG for traceback]')
        if os.environ.get('SPIRE_DEBUG'):
            traceback.print_exc()
        errs.append(e)

    if len(errs) > 1:
        raise command.MultipleExceptions('admit failed', errs)
    raise Exception('admit failed') from errs[0]
示例#2
0
def infra_admit(server_principal: str) -> None:
    config = configuration.get_config()
    principal_hostname = config.get_fqdn(server_principal)
    token = access.call_keyreq("bootstrap-token",
                               principal_hostname,
                               collect=True)
    print("Token granted for %s: '%s'" %
          (server_principal, token.decode().strip()))
示例#3
0
def admit(server_principal: str) -> str:
    config = configuration.get_config()
    principal_hostname = config.get_fqdn(server_principal)
    if config.is_kerberos_enabled():
        return access.call_keyreq("bootstrap-token", principal_hostname).decode().strip()
    else:
        keyserver_hostname = config.keyserver.hostname + "." + config.external_domain
        return ssh.check_ssh_output(config.keyserver, "keyinitadmit", setup.CONFIG_DIR + "/keyserver.yaml", keyserver_hostname, principal_hostname, "bootstrap-keyinit").decode().strip()
示例#4
0
def infra_admit_all() -> None:
    config = configuration.get_config()
    tokens = {}
    for node in config.nodes:
        if node.kind == "supervisor":
            continue
        principal = node.hostname + "." + config.external_domain
        token = access.call_keyreq("bootstrap-token", principal,
                                   collect=True).decode().strip()
        tokens[node.hostname] = (node.kind, node.ip, token)
    print("host".center(16, "="), "kind".center(8, "="), "ip".center(14, "="),
          "token".center(23, "="))
    for key, (kind, ip, token) in sorted(tokens.items()):
        print(key.rjust(16), kind.center(8),
              str(ip).center(14), token.ljust(23))
    print("host".center(16, "="), "kind".center(8, "="), "ip".center(14, "="),
          "token".center(23, "="))
示例#5
0
def check_keygateway():
    try:
        access.call_keyreq("check")
    except subprocess.CalledProcessError as e:
        command.fail("keygateway check failed: %s" % e)
    print("keygateway access confirmed.")
示例#6
0
def check_keygateway():
    access.call_keyreq("check")
    print("keygateway access confirmed.")
示例#7
0
文件: verify.py 项目: sipb/homeworld 
def check_keygateway():
    "verify that the keygateway has been properly started"
    access.call_keyreq("check")
    print("keygateway access confirmed.")
示例#8
0
def infra_admit(server_principal: str) -> None:
    token = access.call_keyreq("bootstrap-token", server_principal, collect=True)
    print("Token granted for %s: '%s'" % (server_principal, token.decode().strip()))