def perform_setup(self):
# first, set up CA and host cert/key
ca_name = self["ca.name"]
if not os.path.exists(self.cadir):
ca_name = self.ask_ca_name()
self['ca.name'] = ca_name
autoca.createCA(ca_name, self.basedir, self.cadir, log)
if not ca_name:
raise InvalidConfig("CA name is unknown")
ca_cert = os.path.join(self.cadir, 'ca-certs/%s.pem' % ca_name)
ca_key = os.path.join(self.cadir,
'ca-certs/private-key-%s.pem' % ca_name)
pathutil.ensure_file_exists(ca_cert, "CA certificate")
pathutil.ensure_file_exists(ca_key, "CA private key")
hostname = self.get_hostname_or_ask()
#TODO the hostcert/key creation should be extracted from here
# right now it just does a bunch of redundant checks first
checkssl.run(self.basedir,
self.hostcert_path,
self.hostkey_path,
log,
cadir=self.cadir,
hostname=hostname)
password = self['keystore.pass']
if not password:
raise InvalidConfig("Keystore password is unknown")
try:
autoca.ensureKeystore(self.hostcert_path, self.hostkey_path,
self.keystore_path, password, self.basedir,
log)
except autoca.KeystoreMismatchError:
raise IncompatibleEnvironment(
KEYSTORE_MISMATCH_MSG % {
'keystore': self.keystore_path,
'hostcert': self.hostcert_path,
'hostkey': self.hostkey_path
})
pathutil.make_path_rw_private(self.keystore_path)
# then setup GT container
gtcontainer.adjust_hostname(hostname, self.basedir, self.gtdir, log)
gtcontainer.adjust_secdesc_path(self.basedir, self.gtdir, log)
gtcontainer.adjust_host_cert(self.hostcert_path, self.hostkey_path,
self.basedir, self.gtdir, log)
gtcontainer.adjust_gridmap_file(self.gridmap_path, self.basedir,
self.gtdir, log)
# and context broker
gtcontainer.adjust_broker_config(ca_cert, ca_key, self.keystore_path,
password, self.basedir, self.gtdir,
log)
# write an enviroment file
self.write_env_file()
def perform_setup(self):
# first, set up CA and host cert/key
ca_name = self["ca.name"]
if not os.path.exists(self.cadir):
ca_name = self.ask_ca_name()
self['ca.name'] = ca_name
autoca.createCA(ca_name, self.basedir, self.cadir, log)
if not ca_name:
raise InvalidConfig("CA name is unknown")
ca_cert = os.path.join(self.cadir, 'ca-certs/%s.pem' % ca_name)
ca_key = os.path.join(self.cadir, 'ca-certs/private-key-%s.pem' % ca_name)
pathutil.ensure_file_exists(ca_cert, "CA certificate")
pathutil.ensure_file_exists(ca_key, "CA private key")
hostname = self.get_hostname_or_ask()
#TODO the hostcert/key creation should be extracted from here
# right now it just does a bunch of redundant checks first
checkssl.run(self.basedir, self.hostcert_path, self.hostkey_path, log,
cadir=self.cadir, hostname=hostname)
password = self['keystore.pass']
if not password:
raise InvalidConfig("Keystore password is unknown")
try:
autoca.ensureKeystore(self.hostcert_path, self.hostkey_path,
self.keystore_path, password, self.basedir, log)
except autoca.KeystoreMismatchError:
raise IncompatibleEnvironment(KEYSTORE_MISMATCH_MSG % {
'keystore' : self.keystore_path,
'hostcert' : self.hostcert_path,
'hostkey' : self.hostkey_path })
pathutil.make_path_rw_private(self.keystore_path)
# then setup GT container
gtcontainer.adjust_hostname(hostname, self.basedir, self.gtdir, log)
gtcontainer.adjust_secdesc_path(self.basedir, self.gtdir, log)
gtcontainer.adjust_host_cert(self.hostcert_path, self.hostkey_path,
self.basedir, self.gtdir, log)
gtcontainer.adjust_gridmap_file(self.gridmap_path, self.basedir,
self.gtdir, log)
# and context broker
gtcontainer.adjust_broker_config(ca_cert, ca_key, self.keystore_path,
password, self.basedir, self.gtdir, log)
# write an enviroment file
self.write_env_file()
def main(argv=None):
if os.name != 'posix':
print >>sys.stderr, "Only runs on POSIX systems."
return 3
parser = parsersetup()
if argv:
(opts, args) = parser.parse_args(argv[1:])
else:
(opts, args) = parser.parse_args()
global log
log = None
printdebugoutput = False
try:
# 1. Intake args and confs
validateargs(opts)
config = getconfig(filepath=opts.configpath)
# 2. Setup logging
confdebug = config.get("nimbusweb", "debug")
if confdebug == "on":
printdebugoutput = True
elif opts.debug:
printdebugoutput = True
if printdebugoutput:
configureLogging(logging.DEBUG)
else:
configureLogging(logging.INFO)
# 3. Dump settings
basedir = opts.basedir
log.debug("base directory: %s" % basedir)
insecuremode = opts.insecuremode
if insecuremode:
log.debug("**** This is insecure developer mode ****")
else:
log.debug("secure mode")
certconf = config_from_key(config, "ssl.cert")
keyconf = config_from_key(config, "ssl.key")
cadir = config_from_key(config, "ca.dir")
timezone = config_from_key(config, "timezone")
port = config_from_key(config, "webserver.port")
host = config_from_key(config, "webserver.host")
printurl = config_from_key(config, "print.url")
accountprompt = config_from_key(config, "account.prompt")
expire_hours = config_from_key(config, "token.expire_hours")
try:
expire_hours = int(expire_hours)
except:
raise InvalidConfig("invalid token.expire_hours setting, not an integer?")
# 4. Validate base directory
if not pathutil.is_absolute_path(basedir):
raise IncompatibleEnvironment("Base directory setting is not absolute, have you been altering the stanadalone launch code?")
pathutil.ensure_dir_exists(basedir, "base", ": have you been altering the stanadalone launch code?")
# 5. Run one subcommand
if opts.checkssl:
checkssl.run(basedir, certconf, keyconf, log)
if opts.newconf:
newconf.run(basedir, timezone, accountprompt, log,
printdebugoutput, insecuremode, printurl, expire_hours,
cadir)
if opts.printport:
if not port:
raise IncompatibleEnvironment("There is no 'webserver.port' configuration")
try:
port = int(port)
except:
raise IncompatibleEnvironment("'webserver.port' configuration is not an integer?")
print port
if opts.printhost:
if not host:
raise IncompatibleEnvironment("There is no 'webserver.host' configuration")
print host
if opts.printcertpath:
if not certconf:
raise IncompatibleEnvironment("There is no 'ssl.cert' configuration")
if not pathutil.is_absolute_path(certconf):
certconf = pathutil.pathjoin(basedir, certconf)
log.debug("ssl.cert was a relative path, converted to '%s'" % certconf)
print certconf
if opts.printkeypath:
if not keyconf:
raise IncompatibleEnvironment("There is no 'ssl.key' configuration")
if not pathutil.is_absolute_path(keyconf):
keyconf = pathutil.pathjoin(basedir, keyconf)
log.debug("ssl.key was a relative path, converted to '%s'" % keyconf)
print keyconf
if opts.forcenewssl:
forcessl.run(basedir, opts.forcecapath, opts.forcecertpath,
opts.forcekeypath, opts.forcehostname, log)
except InvalidInput, e:
msg = "\nProblem with input: %s" % e.msg
print >>sys.stderr, msg
return 1
def main(argv=None):
if os.name != 'posix':
print >> sys.stderr, "Only runs on POSIX systems."
return 3
parser = parsersetup()
if argv:
(opts, args) = parser.parse_args(argv[1:])
else:
(opts, args) = parser.parse_args()
global log
log = None
printdebugoutput = False
try:
# 1. Intake args and confs
validateargs(opts)
config = getconfig(filepath=opts.configpath)
# 2. Setup logging
confdebug = config.get("nimbusweb", "debug")
if confdebug == "on":
printdebugoutput = True
elif opts.debug:
printdebugoutput = True
if printdebugoutput:
configureLogging(logging.DEBUG)
else:
configureLogging(logging.INFO)
# 3. Dump settings
basedir = opts.basedir
log.debug("base directory: %s" % basedir)
insecuremode = opts.insecuremode
if insecuremode:
log.debug("**** This is insecure developer mode ****")
else:
log.debug("secure mode")
certconf = config_from_key(config, "ssl.cert")
keyconf = config_from_key(config, "ssl.key")
cadir = config_from_key(config, "ca.dir")
timezone = config_from_key(config, "timezone")
port = config_from_key(config, "webserver.port")
host = config_from_key(config, "webserver.host")
printurl = config_from_key(config, "print.url")
accountprompt = config_from_key(config, "account.prompt")
expire_hours = config_from_key(config, "token.expire_hours")
try:
expire_hours = int(expire_hours)
except:
raise InvalidConfig(
"invalid token.expire_hours setting, not an integer?")
# 4. Validate base directory
if not pathutil.is_absolute_path(basedir):
raise IncompatibleEnvironment(
"Base directory setting is not absolute, have you been altering the stanadalone launch code?"
)
pathutil.ensure_dir_exists(
basedir, "base",
": have you been altering the stanadalone launch code?")
# 5. Run one subcommand
if opts.checkssl:
checkssl.run(basedir, certconf, keyconf, log)
if opts.newconf:
newconf.run(basedir, timezone, accountprompt, log,
printdebugoutput, insecuremode, printurl, expire_hours,
cadir)
if opts.printport:
if not port:
raise IncompatibleEnvironment(
"There is no 'webserver.port' configuration")
try:
port = int(port)
except:
raise IncompatibleEnvironment(
"'webserver.port' configuration is not an integer?")
print port
if opts.printhost:
if not host:
raise IncompatibleEnvironment(
"There is no 'webserver.host' configuration")
print host
if opts.printcertpath:
if not certconf:
raise IncompatibleEnvironment(
"There is no 'ssl.cert' configuration")
if not pathutil.is_absolute_path(certconf):
certconf = pathutil.pathjoin(basedir, certconf)
log.debug("ssl.cert was a relative path, converted to '%s'" %
certconf)
print certconf
if opts.printkeypath:
if not keyconf:
raise IncompatibleEnvironment(
"There is no 'ssl.key' configuration")
if not pathutil.is_absolute_path(keyconf):
keyconf = pathutil.pathjoin(basedir, keyconf)
log.debug("ssl.key was a relative path, converted to '%s'" %
keyconf)
print keyconf
if opts.forcenewssl:
forcessl.run(basedir, opts.forcecapath, opts.forcecertpath,
opts.forcekeypath, opts.forcehostname, log)
except InvalidInput, e:
msg = "\nProblem with input: %s" % e.msg
print >> sys.stderr, msg
return 1
