def _generate_key_file(self, password): """ Create key file """ key_file_path = os.path.join(self.module_path, Constant.PWF_PATH) CommonTools.mkdir_with_mode(key_file_path, Constant.AUTH_COMMON_DIR_STR) CommonTools.clean_dir(key_file_path) encrypt_path = os.path.join( os.path.dirname( os.path.dirname( os.path.dirname( os.path.dirname( os.path.dirname(os.path.realpath(__file__)))))), Constant.ENCRYPT_TOOL) lib_path = os.path.join( os.path.dirname( os.path.dirname( os.path.dirname( os.path.dirname( os.path.dirname( os.path.dirname( os.path.realpath(__file__))))))), 'lib') CommonTools.encrypt_with_path(password, key_file_path, encrypt_path, lib_path) g.logger.info('Successfully generate key files with path [%s].' % key_file_path) return key_file_path
def _mk_manager_dir(self): """ Create install path if the path is not exist. """ if not os.path.isdir(self.ai_manager_path): g.logger.info('Install path:%s is not exist, start creating.' % self.ai_manager_path) CommonTools.mkdir_with_mode(self.ai_manager_path, Constant.AUTH_COMMON_DIR_STR) else: g.logger.info('Install path:%s is already exist.' % self.ai_manager_path)
def restore_db_file(status, db_cabin, back_up_path): """ Restore db file. """ if status: CommonTools.mkdir_with_mode(os.path.dirname(db_cabin), Constant.AUTH_COMMON_DIR_STR) CommonTools.copy_file_to_dest_path(back_up_path, db_cabin) else: g.logger.info('No need Restore db file.')
def unpack_file_to_temp_dir(self): """ Unpack file to temp dir on remote node. """ # mk temp extract dir if not exist CommonTools.mkdir_with_mode(EXTRACT_DIR, Constant.AUTH_COMMON_DIR_STR) # clean extract dir CommonTools.clean_dir(EXTRACT_DIR) # extract package file to temp dir CommonTools.extract_file_to_dir(self.package_path, EXTRACT_DIR) g.logger.info('Success unpack files to temp dir.')
def prepare_param_file(self): """ Write params into file """ param_file_path = os.path.join(EXTRACT_DIR, Constant.TEMP_ANOMALY_PARAM_FILE) self.param_dict.pop(Constant.CA_INFO) CommonTools.mkdir_with_mode(os.path.dirname(param_file_path), Constant.AUTH_COMMON_DIR_STR) CommonTools.dict_to_json_file(self.param_dict, param_file_path) self._copy_param_file_to_remote_node(param_file_path, param_file_path)
def prepare_ca_certificates(self): """ Generate server ca certificates. """ ca_root_file_path, ca_root_key_path, server_cert_path, server_key_path, agent_cert_path, \ agent_key_path = self.read_ca_cert_path() self.ca_info = self.param_dict.pop(Constant.CA_INFO) if not self.ca_info: raise Exception(Errors.PARAMETER['gauss_0201'] % 'ca root cert information') get_ca_root_cert_path = self.ca_info.get(Constant.CA_CERT_PATH) get_ca_root_key_path = self.ca_info.get(Constant.CA_KEY_PATH) get_ca_root_password = self.ca_info.get(Constant.CA_PASSWORD) if not all([ get_ca_root_cert_path, get_ca_root_key_path, get_ca_root_password ]): raise Exception(Errors.PARAMETER['gauss_0201'] % 'items info of ca root cert') # copy ca root cert and key files to path of configured g.logger.info('Start deploy ca root files.') CommonTools.remove_files([ca_root_file_path, ca_root_key_path]) CommonTools.mkdir_with_mode(os.path.dirname(ca_root_file_path), Constant.AUTH_COMMON_DIR_STR) CommonTools.copy_file_to_dest_path(get_ca_root_cert_path, ca_root_file_path) CommonTools.mkdir_with_mode(os.path.dirname(ca_root_key_path), Constant.AUTH_COMMON_DIR_STR) CommonTools.copy_file_to_dest_path(get_ca_root_key_path, ca_root_key_path) # get ssl password ssl_password = CertGenerator.get_rand_str() ca_config_path = os.path.join( os.path.dirname(os.path.realpath(__file__)), Constant.CA_CONFIG) server_ip = CommonTools.get_local_ip(ignore=True) g.logger.info('Get server ip:[%s].' % server_ip) # create server cert CertGenerator.create_ca_certificate_with_script(get_ca_root_password, ssl_password, ca_root_file_path, ca_root_key_path, ca_config_path, server_cert_path, server_key_path, server_ip, crt_type='server') g.logger.info('Successfully generate server ca certificate.') return get_ca_root_password, ssl_password, ca_root_file_path, ca_root_key_path, \ ca_config_path, agent_cert_path, agent_key_path
def create_root_certificate(ca_password, ca_crt_path, ca_key_path, config_path): """ function : create root ca file input : rand pass, dir path of certificates, config path output : NA """ if not os.path.isfile(config_path): raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] % config_path) CommonTools.mkdir_with_mode(os.path.dirname(ca_crt_path), Constant.AUTH_COMMON_DIR_STR) CommonTools.mkdir_with_mode(os.path.dirname(ca_key_path), Constant.AUTH_COMMON_DIR_STR) ca_req_path = os.path.realpath( os.path.join(os.path.dirname(ca_crt_path), Constant.CA_ROOT_REQ)) # create ca key file cmd = "%s echo '%s' |openssl genrsa -aes256 -passout stdin -out %s 2048" % ( Constant.CMD_PREFIX, ca_password, ca_key_path) cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % ( Constant.AUTH_COMMON_FILE_STR, ca_key_path) status, output = CommonTools.get_status_output_error(cmd, mixed=True) if status != 0: raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] % 'ca root key file') # 2 create ca req file cmd = "%s echo '%s' | openssl req -new -out %s -key %s -config %s -passin stdin" % ( Constant.CMD_PREFIX, ca_password, ca_req_path, ca_key_path, config_path) cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % ( Constant.AUTH_COMMON_FILE_STR, ca_req_path) status, output = CommonTools.get_status_output_error(cmd, mixed=True) if status != 0: raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] % 'ca root req file') # 3 create ca crt file cmd = "%s echo '%s' | openssl x509 -req -in %s " \ "-signkey %s -days %s -out %s -passin stdin" % ( Constant.CMD_PREFIX, ca_password, ca_req_path, ca_key_path, Constant.CA_ROOT_VALID_DATE, ca_crt_path) cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % ( Constant.AUTH_COMMON_FILE_STR, ca_crt_path) status, output = CommonTools.get_status_output_error(cmd, mixed=True) if status != 0: raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] % 'ca root crt file') CommonTools.remove_files([ca_req_path]) g.logger.info( 'Successfully generate ca root certificate, file path[%s].' % ca_crt_path)
def __create_logfile(self): """ function: create log file input : N/A output: N/A """ try: if not os.path.isdir(os.path.dirname(self.log_file)): CommonTools.mkdir_with_mode(os.path.dirname(self.log_file), Constant.AUTH_COMMON_DIR_STR) CommonTools.create_file_if_not_exist(self.log_file) except Exception as error: raise Exception(Errors.EXECUTE_RESULT['gauss_0411'] % error)
def get_lock_file(self): """ Get lock file path for cron service. """ lock_file_dir = TMP_DIR CommonTools.mkdir_with_mode(lock_file_dir, Constant.AUTH_COMMON_DIR_STR) lock_file_name = '' for name in Constant.TASK_NAME_LIST: if name in self.cmd.split('role')[-1]: lock_file_name = 'ai_' + name + '.lock' if not lock_file_name: raise Exception(Errors.CONTENT_OR_VALUE['gauss_0502'] % self.cmd) else: return os.path.join(lock_file_dir, lock_file_name)
def deploy_agent_certs(self): """ Copy file from temp dir to config path. """ file_list = self.read_ca_cert_path(agent_only=True) file_list.append(os.path.join(self.module_path, Constant.PWF_PATH)) temp_cert_list = os.listdir(TMP_CA_FILE) for dest_path in file_list: CommonTools.mkdir_with_mode(os.path.dirname(dest_path), Constant.AUTH_COMMON_DIR_STR) CommonTools.remove_files(file_list) g.logger.info('Successfully prepare the path:%s' % str(file_list)) for file_name in temp_cert_list: for dest_file in file_list: if file_name in dest_file: from_path = os.path.join(TMP_CA_FILE, file_name) CommonTools.copy_file_to_dest_path(from_path, dest_file) CommonTools.clean_dir(TMP_CA_FILE)
def create_ca_certificate_with_script(ca_password, ssl_password, ca_crt_path, ca_key_path, config_path, out_crt_path, out_key_path, ip, crt_type='server'): """ function : create server ca file or client ca file with shell script. input : rand pass, dir path of certificates, config path """ if not os.path.isfile(config_path): raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] % 'config file:%s' % config_path) if not os.path.isfile(ca_crt_path): raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] % 'ca crt file:%s' % ca_crt_path) if not os.path.isfile(ca_key_path): raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] % 'ca key file:%s' % ca_key_path) CommonTools.mkdir_with_mode(os.path.dirname(out_key_path), Constant.AUTH_COMMON_DIR_STR) CommonTools.mkdir_with_mode(os.path.dirname(out_crt_path), Constant.AUTH_COMMON_DIR_STR) ca_req_path = os.path.realpath( os.path.join(os.path.dirname(ca_crt_path), Constant.CA_REQ)) pwd = "%s %s" % (ca_password, ssl_password) script_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'bin/gen_certificate.sh') cmd = "unset LD_LIBRARY_PATH && echo '%s' | sh %s %s %s %s %s %s %s %s" % ( pwd, script_path, ca_crt_path, ca_key_path, out_crt_path, out_key_path, ca_req_path, ip, crt_type) status, output = CommonTools.get_status_output_error(cmd, mixed=True) if status != 0: raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] % 'ca crt file' + output) g.logger.info("Successfully generate %s ssl cert for node[%s]." % (crt_type, ip))
def _get_install_path(self, pack_path): """ Extract version info and assembling install path. """ g.logger.info('Start getting install path.') # mk temp extract dir if not exist CommonTools.mkdir_with_mode(EXTRACT_DIR, Constant.AUTH_COMMON_DIR_STR) # clean extract dir CommonTools.clean_dir(EXTRACT_DIR) # extract package file to temp dir CommonTools.extract_file_to_dir(pack_path, EXTRACT_DIR) g.logger.info('Success extract files to temp dir.') # get version info from version file version_file = os.path.realpath(os.path.join(EXTRACT_DIR, Constant.VERSION_FILE)) version = CommonTools.get_version_info_from_file(version_file) g.logger.info('Got version info:%s' % version) base_dir = Constant.PACK_PATH_PREFIX + version install_path = os.path.join(self.project_path, base_dir) g.logger.info('Got install path:%s.' % install_path) CommonTools.check_path_valid(install_path) g.logger.info('Successfully to get install path.') return install_path, version
def create_ca_certificate(ca_password, ssl_password, ca_crt_path, ca_key_path, config_path, out_crt_path, out_key_path, ip, crt_type='server'): """ function : create server ca file or client ca file. input : rand pass, dir path of certificates, config path output : NA """ if not os.path.isfile(config_path): raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] % 'config file:%s' % config_path) if not os.path.isfile(ca_crt_path): raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] % 'ca crt file:%s' % ca_crt_path) if not os.path.isfile(ca_key_path): raise Exception(Errors.FILE_DIR_PATH['gauss_0102'] % 'ca key file:%s' % ca_key_path) CommonTools.mkdir_with_mode(os.path.dirname(out_key_path), Constant.AUTH_COMMON_DIR_STR) CommonTools.mkdir_with_mode(os.path.dirname(out_crt_path), Constant.AUTH_COMMON_DIR_STR) # create ca key file cmd = "%s echo '%s' | openssl genrsa -aes256 -passout stdin -out %s 2048" % ( Constant.CMD_PREFIX, ssl_password, out_key_path) cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % ( Constant.AUTH_COMMON_FILE_STR, out_key_path) status, output = CommonTools.get_status_output_error(cmd, mixed=True) if status != 0: raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] % 'ca key file' + output) ca_req_path = os.path.realpath( os.path.join(os.path.dirname(ca_crt_path), Constant.CA_REQ)) # create ca req file openssl_conf_env = "export OPENSSL_CONF=%s" % config_path cmd = '%s %s && echo "%s" | openssl req -new -out %s -key %s ' \ '-passin stdin -subj "/C=CN/ST=Some-State/O=%s/CN=%s"' % ( Constant.CMD_PREFIX, openssl_conf_env, ssl_password, ca_req_path, out_key_path, crt_type, ip) cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % ( Constant.AUTH_COMMON_FILE_STR, ca_req_path) status, output = CommonTools.get_status_output_error(cmd, mixed=True) if status != 0: raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] % 'ca req file' + output) # create server or client ca crt file cmd = '%s echo "%s" | openssl x509 -req -in %s -out %s -passin stdin ' \ '-sha256 -CAcreateserial -days %s -CA %s -CAkey %s' % ( Constant.CMD_PREFIX, ca_password, ca_req_path, out_crt_path, Constant.CA_VALID_DATE, ca_crt_path, ca_key_path) cmd += " && %s" % Constant.SHELL_CMD_DICT['changeMode'] % ( Constant.AUTH_COMMON_FILE_STR, out_crt_path) status, output = CommonTools.get_status_output_error(cmd, mixed=True) if status != 0: raise Exception(Errors.EXECUTE_RESULT['gauss_0414'] % 'ca crt file') CommonTools.remove_files([ca_req_path]) g.logger.info("Successfully generate %s ssl cert for node[%s]." % (crt_type, ip))