def syncable(cert_list): """ Calls out to known hosts to find out who is configured for peering. Returns a list of hostnames who support peering. """ try: fc = Client('*', async=True, nforks=len(cert_list)) except Func_Client_Exception: # we are either: # - signing the first minion # - cleaning the only minion # so there's nothing to hit. This shouldn't happen # when we get called from the 'post-fetch' trigger # (future work) return None # Only wait for a few seconds. Assume anything that doesn't get # back by then is a lost cause. Don't want this trigger to spin # too long. ticks = 0 return_code = jobthing.JOB_ID_RUNNING results = None job_id = fc.certmastermod.peering_enabled() while return_code != jobthing.JOB_ID_FINISHED and ticks < 3: sleep(1) (return_code, results) = fc.job_status(job_id) ticks += 1 hosts = [] for host, result in results.iteritems(): if result == True: hosts.append(host) return hosts
def remove_stale_certs(local, remote): """ For each cert on each remote host, make sure it exists locally. If not then it has been cleaned locally and needs unlinked remotely. """ local = [foo[0] for foo in local] # don't care about checksums for host, peers in remote.iteritems(): fc = Client(host) die = [] for peer in peers: if peer[0] not in local: die.append(peer[0]) if die != []: fc.certifymod.remove_peer_certs(die)
def copy_updated_certs(local, remote): """ For each local cert, make sure it exists on the remote with the correct hash. If not, copy it over! """ for host, peers in remote.iteritems(): fc = Client(host) for cert in local: if cert not in peers: cert_name = '%s.%s' % (cert[0], cm.cfg.cert_extension) full_path = os.path.join(cm.cfg.certroot, cert_name) fd = open(full_path) certblob = fd.read() fd.close() fc.certifymod.copy_peer_cert(cert[0], xmlrpclib.Binary(certblob))
def __init__(self, filer, admin_host): Client.__init__(self, admin_host) self.filer = filer self.admin_host = admin_host
def remote_peers(hosts): """ Calls out to hosts to collect peer information """ fc = Client(';'.join(hosts)) return fc.certifymod.known_peers()