def updateProductVersion():
"""
Update product version in vdc options
table from rpm version
"""
try:
# Get rpm version
rpmVersion = utils.getRpmVersion(basedefs.ENGINE_RPM_NAME)
# Update new version in vdc_option
utils.updateVDCOption("ProductRPMVersion", rpmVersion)
except:
logging.error(traceback.format_exc())
logging.error(MSG_ERR_UPDATE_PRODUCT_VERSION)
def updateProductVersion():
"""
Update product version in vdc options
table from rpm version
"""
try:
# Get rpm version
rpmVersion = utils.getRpmVersion('ovirt-engine')
# Update new version in vdc_option
utils.updateVDCOption("ProductRPMVersion", rpmVersion)
except:
logging.error(traceback.format_exc())
logging.error(MSG_ERR_UPDATE_PRODUCT_VERSION)
def prepare(self):
if os.path.exists(self.JKSKEYSTORE):
logging.debug("PKI: convert JKS to PKCS#12")
cmd = [
basedefs.EXEC_KEYTOOL,
"-importkeystore",
"-noprompt",
"-srckeystore", self.JKSKEYSTORE,
"-srcstoretype", "JKS",
"-srcstorepass", basedefs.CONST_KEY_PASS,
"-srcalias", "engine",
"-srckeypass", basedefs.CONST_KEY_PASS,
"-destkeystore", basedefs.FILE_ENGINE_KEYSTORE,
"-deststoretype", "PKCS12",
"-deststorepass", basedefs.CONST_KEY_PASS,
"-destalias", "1",
"-destkeypass", basedefs.CONST_KEY_PASS
]
output, rc = utils. execCmd(cmdList=cmd, failOnError=True, msg=MSG_ERROR_FAILED_CONVERT_ENGINE_KEY)
utils.chownToEngine(basedefs.FILE_ENGINE_KEYSTORE)
os.chmod(basedefs.FILE_ENGINE_KEYSTORE, 0640)
for src, dst in (
(basedefs.FILE_ENGINE_KEYSTORE, basedefs.FILE_APACHE_KEYSTORE),
(basedefs.FILE_ENGINE_CERT, basedefs.FILE_APACHE_CERT),
(basedefs.FILE_SSH_PRIVATE_KEY, basedefs.FILE_APACHE_PRIVATE_KEY)
):
logging.debug("PKI: dup cert for apache")
try:
utils.copyFile(
src,
dst,
utils.getUsernameId("apache"),
utils.getGroupId("apache"),
0640
)
except OSError:
logging.error("PKI: Cannot dup cert for apache")
raise
if not os.path.exists(basedefs.FILE_APACHE_CA_CRT_SRC):
logging.debug("PKI: dup ca for apache")
try:
os.symlink(
os.path.basename(basedefs.FILE_CA_CRT_SRC),
basedefs.FILE_APACHE_CA_CRT_SRC
)
except OSError:
logging.error("PKI: Cannot dup ca for apache")
raise
shutil.copyfile(
basedefs.FILE_HTTPD_SSL_CONFIG,
self.TMPAPACHECONF
)
handler = utils.TextConfigFileHandler(self.TMPAPACHECONF, " ")
handler.open()
if handler.getParam("SSLCertificateFile") == '/etc/pki/ovirt-engine/certs/engine.cer':
handler.editParam("SSLCertificateFile", basedefs.FILE_APACHE_CERT)
if handler.getParam("SSLCertificateKeyFile") == '/etc/pki/ovirt-engine/keys/engine_id_rsa':
handler.editParam("SSLCertificateKeyFile", basedefs.FILE_APACHE_PRIVATE_KEY)
if handler.getParam("SSLCertificateChainFile") == '/etc/pki/ovirt-engine/ca.pem':
handler.editParam("SSLCertificateChainFile", basedefs.FILE_APACHE_CA_CRT_SRC)
handler.close()
utils.updateVDCOption("keystoreUrl", basedefs.FILE_ENGINE_KEYSTORE, (), "text")
utils.updateVDCOption("TruststoreUrl", basedefs.FILE_TRUSTSTORE, (), "text")
utils.updateVDCOption("CertAlias", "1", (), "text")
def prepare(self):
if os.path.exists(self.JKSKEYSTORE):
logging.debug("PKI: convert JKS to PKCS#12")
cmd = [
basedefs.EXEC_KEYTOOL, "-importkeystore", "-noprompt",
"-srckeystore", self.JKSKEYSTORE, "-srcstoretype", "JKS",
"-srcstorepass", basedefs.CONST_KEY_PASS, "-srcalias",
"engine", "-srckeypass", basedefs.CONST_KEY_PASS,
"-destkeystore", basedefs.FILE_ENGINE_KEYSTORE,
"-deststoretype", "PKCS12", "-deststorepass",
basedefs.CONST_KEY_PASS, "-destalias", "1", "-destkeypass",
basedefs.CONST_KEY_PASS
]
output, rc = utils.execCmd(cmdList=cmd,
failOnError=True,
msg=MSG_ERROR_FAILED_CONVERT_ENGINE_KEY)
utils.chownToEngine(basedefs.FILE_ENGINE_KEYSTORE)
os.chmod(basedefs.FILE_ENGINE_KEYSTORE, 0640)
for src, dst in ((basedefs.FILE_ENGINE_KEYSTORE,
basedefs.FILE_APACHE_KEYSTORE),
(basedefs.FILE_ENGINE_CERT,
basedefs.FILE_APACHE_CERT),
(basedefs.FILE_SSH_PRIVATE_KEY,
basedefs.FILE_APACHE_PRIVATE_KEY)):
logging.debug("PKI: dup cert for apache")
try:
utils.copyFile(src, dst, utils.getUsernameId("apache"),
utils.getGroupId("apache"), 0640)
except OSError:
logging.error("PKI: Cannot dup cert for apache")
raise
if not os.path.exists(basedefs.FILE_APACHE_CA_CRT_SRC):
logging.debug("PKI: dup ca for apache")
try:
os.symlink(os.path.basename(basedefs.FILE_CA_CRT_SRC),
basedefs.FILE_APACHE_CA_CRT_SRC)
except OSError:
logging.error("PKI: Cannot dup ca for apache")
raise
shutil.copyfile(basedefs.FILE_HTTPD_SSL_CONFIG, self.TMPAPACHECONF)
handler = utils.TextConfigFileHandler(self.TMPAPACHECONF, " ")
handler.open()
if handler.getParam("SSLCertificateFile"
) == '/etc/pki/ovirt-engine/certs/engine.cer':
handler.editParam("SSLCertificateFile", basedefs.FILE_APACHE_CERT)
if handler.getParam("SSLCertificateKeyFile"
) == '/etc/pki/ovirt-engine/keys/engine_id_rsa':
handler.editParam("SSLCertificateKeyFile",
basedefs.FILE_APACHE_PRIVATE_KEY)
if handler.getParam(
"SSLCertificateChainFile") == '/etc/pki/ovirt-engine/ca.pem':
handler.editParam("SSLCertificateChainFile",
basedefs.FILE_APACHE_CA_CRT_SRC)
handler.close()
utils.updateVDCOption("keystoreUrl", basedefs.FILE_ENGINE_KEYSTORE, (),
"text")
utils.updateVDCOption("TruststoreUrl", basedefs.FILE_TRUSTSTORE, (),
"text")
utils.updateVDCOption("CertAlias", "1", (), "text")
