Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.core
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Eric Zheng
slapos.core
Commits
ffaf4491
Commit
ffaf4491
authored
Jul 04, 2017
by
Alain Takoudjou
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
fixup: certificate generation for instance
parent
a30ef074
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
20 additions
and
19 deletions
+20
-19
master/product/Vifib/Tool/SlapTool.py
master/product/Vifib/Tool/SlapTool.py
+1
-1
slapos/cli/register.py
slapos/cli/register.py
+1
-0
slapos/grid/SlapObject.py
slapos/grid/SlapObject.py
+18
-18
No files found.
master/product/Vifib/Tool/SlapTool.py
View file @
ffaf4491
...
...
@@ -1216,7 +1216,7 @@ class SlapTool(BaseTool):
for
certificate_id
in
instance
.
contentValues
(
portal_type
=
'Certificate Access ID'
,
validation_state
=
'validated'
):
if
certificate_id
.
getValidationState
()
==
'validated'
:
instance
.
revokeCertificate
(
certificate_id
.
getReference
()
)
instance
.
revokeCertificate
(
certificate_id
)
if
instance
.
getValidationState
()
==
'validated'
:
instance
.
invalidate
()
...
...
slapos/cli/register.py
View file @
ffaf4491
...
...
@@ -36,6 +36,7 @@ import sys
import
pkg_resources
import
requests
import
uuid
import
urllib
from
slapos.cli.command
import
Command
,
must_be_root
from
slapos.certificate
import
(
parse_certificate_from_html
,
...
...
slapos/grid/SlapObject.py
View file @
ffaf4491
...
...
@@ -39,9 +39,11 @@ import tempfile
import
time
import
xmlrpclib
import
uuid
import
errno
from
supervisor
import
xmlrpc
from
slapos.grid.utils
import
(
md5digest
,
getCleanEnvironment
,
SlapPopen
,
dropPrivileges
,
updateFile
)
from
slapos.grid
import
utils
# for methods that could be mocked, access them through the module
...
...
@@ -54,6 +56,7 @@ from slapos.human import bytes2human
from
slapos.certificate
import
(
generateCertificateRequest
,
generatePrivatekey
,
validateCertAndKey
)
from
OpenSSL
import
crypto
WATCHDOG_MARK
=
'-on-watch'
...
...
@@ -417,18 +420,15 @@ class Partition(object):
The node generate the private key and send
"""
try
:
cert_fd
=
os
.
open
(
self
.
cert_file
,
os
.
O_CREAT
|
os
.
O_WRONLY
|
os
.
O_EXCL
|
os
.
O_TRUNC
,
0600
)
except
OSError
,
e
:
if
e
.
errno
!=
errno
.
EEXIST
:
raise
# the certificate exists, no need to download it
return
if
os
.
path
.
exists
(
self
.
cert_file
):
if
not
os
.
stat
(
self
.
cert_file
).
st_size
:
os
.
unlink
(
self
.
cert_file
)
else
:
# the certificate exists, no need to download it
return
uid
,
gid
=
self
.
getUserGroupId
()
key_string
=
generatePrivatekey
(
self
.
key_file
,
uid
,
gid
)
key_string
=
generatePrivatekey
(
self
.
key_file
,
uid
=
uid
,
gid
=
gid
)
csr_string
=
generateCertificateRequest
(
key_string
,
cn
=
str
(
uuid
.
uuid4
()))
try
:
partition_certificate
=
self
.
computer_partition
.
getCertificate
(
...
...
@@ -437,14 +437,14 @@ class Partition(object):
raise
NotFoundError
(
'Partition %s is not known by SlapOS Master.'
%
self
.
partition_id
)
os
.
write
(
cert_fd
,
partition_certificate
)
cert_fd
=
os
.
open
(
self
.
cert_file
,
os
.
O_CREAT
|
os
.
O_WRONLY
|
os
.
O_TRUNC
,
0600
)
os
.
write
(
cert_fd
,
partition_certificate
[
'certificate'
])
os
.
close
(
cert_fd
)
os
.
chown
(
self
.
cert_file
,
uid
,
gid
)
self
.
logger
.
info
(
'Certificate file saved at %r'
%
self
.
cert_file
)
# Check that certificate and key are OK
try
:
validateCertAndKey
(
self
.
key_file
,
self
.
cert
_file
)
validateCertAndKey
(
self
.
cert_file
,
self
.
key
_file
)
except
crypto
.
Error
:
# Invalid Certificate file
if
os
.
path
.
exists
(
self
.
cert_file
):
...
...
@@ -452,7 +452,7 @@ class Partition(object):
raise
# except SSL.Error
# Raise when certificate and key didn't match
self
.
logger
.
info
(
'Certificate file saved at %r'
%
self
.
cert_file
)
def
getUserGroupId
(
self
):
"""Returns tuple of (uid, gid) of partition"""
...
...
@@ -711,10 +711,6 @@ class Partition(object):
raise
subprocess
.
CalledProcessError
(
message
,
process_handler
.
output
)
# Manually cleans what remains
try
:
for
f
in
[
self
.
key_file
,
self
.
cert_file
]:
if
f
:
if
os
.
path
.
exists
(
f
):
os
.
unlink
(
f
)
# better to manually remove symlinks because rmtree might choke on them
sr_symlink
=
os
.
path
.
join
(
self
.
instance_path
,
'software_release'
)
...
...
@@ -739,6 +735,10 @@ class Partition(object):
if
os
.
path
.
exists
(
self
.
supervisord_partition_configuration_path
):
os
.
remove
(
self
.
supervisord_partition_configuration_path
)
for
f
in
[
self
.
key_file
,
self
.
cert_file
]:
if
f
:
if
os
.
path
.
exists
(
f
):
os
.
unlink
(
f
)
self
.
updateSupervisor
()
except
IOError
as
exc
:
raise
IOError
(
"I/O error while freeing partition (%s): %s"
%
(
self
.
instance_path
,
exc
))
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment