def _customization(self):
self._enabled = True
engine_wsp_pki_found = (
os.path.exists(
owspcons.FileLocations.OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_KEY
) and os.path.exists(
owspcons.FileLocations.OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_CERT
) and os.path.exists(
owspcons.FileLocations.OVIRT_ENGINE_PKI_ENGINE_CERT
)
)
if not engine_wsp_pki_found:
self._enrolldata = remote_engine.EnrollCert(
remote_engine=self.environment[
osetupcons.CoreEnv.REMOTE_ENGINE
],
engine_fqdn=self.environment[
owspcons.EngineConfigEnv.ENGINE_FQDN
],
base_name=owspcons.Const.WEBSOCKET_PROXY_CERT_NAME,
base_touser=_('WebSocket Proxy'),
key_file=owspcons.FileLocations.
OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_KEY,
cert_file=owspcons.FileLocations.
OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_CERT,
csr_fname_envkey=owspcons.ConfigEnv.
PKI_WSP_CSR_FILENAME,
engine_ca_cert_file=os.path.join(
owspcons.FileLocations.OVIRT_ENGINE_PKIDIR,
'ca.pem'
),
engine_pki_requests_dir=owspcons.FileLocations.
OVIRT_ENGINE_PKIREQUESTSDIR,
engine_pki_certs_dir=owspcons.FileLocations.
OVIRT_ENGINE_PKICERTSDIR,
key_size=self.environment[owspcons.ConfigEnv.KEY_SIZE],
url="http://http://www.ovirt.org/Features/"
"WebSocketProxy_on_a_separate_host",
)
self._enrolldata.enroll_cert()
self._need_eng_cert = not os.path.exists(
owspcons.FileLocations.
OVIRT_ENGINE_PKI_ENGINE_CERT
)
else:
self._enabled = False
tries_left = 30
while (
self._need_eng_cert and
self._engine_cert is None and
tries_left > 0
):
remote_engine_host = self.environment[
owspcons.EngineConfigEnv.ENGINE_FQDN
]
with contextlib.closing(
urllib2.urlopen(
'http://{engine_fqdn}/ovirt-engine/services/'
'pki-resource?resource=engine-certificate&'
'format=X509-PEM'.format(
engine_fqdn=remote_engine_host
)
)
) as urlObj:
engine_ca_cert = urlObj.read()
if engine_ca_cert:
self._engine_cert = engine_ca_cert
else:
self.logger.error(
_(
'Failed to get the engine certificate '
'from the engine host. '
'Please check access to the engine and its '
'status.'
)
)
time.sleep(10)
tries_left -= 1
if self._need_eng_cert and self._engine_cert is None:
raise RuntimeError(_('Failed to get the engine certificate from '
'the engine host'))
def _customization(self):
self._enabled = True
engine_oip_pki_found = (
os.path.exists(
oipcons.FileLocations.OVIRT_ENGINE_PKI_IMAGEIO_PROXY_KEY
) and os.path.exists(
oipcons.FileLocations.OVIRT_ENGINE_PKI_IMAGEIO_PROXY_CERT
) and os.path.exists(
oipcons.FileLocations.OVIRT_ENGINE_PKI_ENGINE_CERT
)
)
if not engine_oip_pki_found:
self._enrollment_data = remote_engine.EnrollCert(
remote_engine=self.environment[
osetupcons.CoreEnv.REMOTE_ENGINE
],
engine_fqdn=self.environment[
oenginecons.ConfigEnv.ENGINE_FQDN
],
base_name=oipcons.Const.IMAGEIO_PROXY_CERT_NAME,
base_touser=_('Image I/O Proxy'),
key_file=oipcons.FileLocations.
OVIRT_ENGINE_PKI_IMAGEIO_PROXY_KEY,
cert_file=oipcons.FileLocations.
OVIRT_ENGINE_PKI_IMAGEIO_PROXY_CERT,
csr_fname_envkey=oipcons.ConfigEnv.
PKI_OIP_CSR_FILENAME,
engine_ca_cert_file=os.path.join(
oipcons.FileLocations.OVIRT_ENGINE_PKIDIR,
'ca.pem'
),
engine_pki_requests_dir=oipcons.FileLocations.
OVIRT_ENGINE_PKIREQUESTSDIR,
engine_pki_certs_dir=oipcons.FileLocations.
OVIRT_ENGINE_PKICERTSDIR,
key_size=oipcons.Defaults.DEFAULT_KEY_SIZE,
url="http://www.ovirt.org/develop/release-management"
"/features/storage/image-upload/",
)
self._enrollment_data.enroll_cert()
self._need_eng_cert = not os.path.exists(
oipcons.FileLocations.
OVIRT_ENGINE_PKI_ENGINE_CERT
)
else:
self._enabled = False
tries_left = 30
while (
self._need_eng_cert and
self._engine_cert is None and
tries_left > 0
):
remote_engine_host = self.environment[
oenginecons.ConfigEnv.ENGINE_FQDN
]
# TODO format=X509-PEM-CA ?
with contextlib.closing(
urlopen(
'http://{engine_fqdn}/ovirt-engine/services/'
'pki-resource?resource=engine-certificate&'
'format=X509-PEM'.format(
engine_fqdn=remote_engine_host
)
)
) as urlObj:
engine_ca_cert = urlObj.read()
if engine_ca_cert:
self._engine_cert = engine_ca_cert
else:
self.logger.error(
_(
'Failed to get the engine certificate '
'from the engine host. '
'Please check access to the engine and its '
'status.'
)
)
time.sleep(10)
tries_left -= 1
if self._need_eng_cert and self._engine_cert is None:
raise RuntimeError(_('Failed to get the engine certificate from '
'the engine host'))