Commit 2eee45d9 authored by Rafael Monnerat's avatar Rafael Monnerat

Merge branch 're6st-master'

parents 8fe2ce40 eac6c832
...@@ -253,8 +253,12 @@ class Recipe(GenericBaseRecipe): ...@@ -253,8 +253,12 @@ class Recipe(GenericBaseRecipe):
msg = 'Token is ready for use' msg = 'Token is ready for use'
elif status == 'TOKEN_USED': elif status == 'TOKEN_USED':
msg = 'Token not available, it has been used to generate re6stnet certificate.' msg = 'Token not available, it has been used to generate re6stnet certificate.'
ipv6_file = os.path.join(token_list_path, '%s.ipv6' % slave_reference)
ipv6 = self.readFile(ipv6_file) or '::'
computer_partition.setConnectionDict( computer_partition.setConnectionDict(
{'token':token, '1_info':msg}, {'token':token, '1_info':msg, 'ipv6': ipv6},
slave_reference) slave_reference)
except Exception: except Exception:
self.logger.fatal("Error while sending slave %s informations: %s", self.logger.fatal("Error while sending slave %s informations: %s",
......
...@@ -7,9 +7,10 @@ import sqlite3 ...@@ -7,9 +7,10 @@ import sqlite3
import slapos import slapos
import traceback import traceback
from re6st import registry, x509 from re6st import registry, utils, x509
from OpenSSL import crypto from OpenSSL import crypto
log = logging.getLogger('SLAPOS-RE6STNET') log = logging.getLogger('SLAPOS-RE6STNET')
logging.basicConfig(level=logging.DEBUG) logging.basicConfig(level=logging.DEBUG)
...@@ -36,7 +37,7 @@ def getDb(db_path): ...@@ -36,7 +37,7 @@ def getDb(db_path):
db = sqlite3.connect(db_path, isolation_level=None, db = sqlite3.connect(db_path, isolation_level=None,
check_same_thread=False) check_same_thread=False)
db.text_factory = str db.text_factory = str
return db.cursor() return db.cursor()
def bang(args): def bang(args):
...@@ -90,14 +91,14 @@ def requestAddToken(args, can_bang=True): ...@@ -90,14 +91,14 @@ def requestAddToken(args, can_bang=True):
call_bang = True call_bang = True
else: else:
log.debug('Bad token. Request add token fail for %s...' % request_file) log.debug('Bad token. Request add token fail for %s...' % request_file)
if can_bang and call_bang: if can_bang and call_bang:
bang(args) bang(args)
def requestRemoveToken(args): def requestRemoveToken(args):
base_token_path = args['token_base_path'] base_token_path = args['token_base_path']
path_list = [x for x in os.listdir(base_token_path) if x.endswith('.remove')] path_list = [x for x in os.listdir(base_token_path) if x.endswith('.remove')]
if not path_list: if not path_list:
log.info("No token to delete. Exiting...") log.info("No token to delete. Exiting...")
return return
...@@ -126,6 +127,10 @@ def requestRemoveToken(args): ...@@ -126,6 +127,10 @@ def requestRemoveToken(args):
status_file = os.path.join(base_token_path, '%s.status' % reference) status_file = os.path.join(base_token_path, '%s.status' % reference)
if os.path.exists(status_file): if os.path.exists(status_file):
os.unlink(status_file) os.unlink(status_file)
ipv6_file = os.path.join(base_token_path, '%s.ipv6' % reference)
if os.path.exists(ipv6_file):
os.unlink(ipv6_file)
else: else:
log.debug('Bad token. Request add token fail for %s...' % request_file) log.debug('Bad token. Request add token fail for %s...' % request_file)
...@@ -162,6 +167,28 @@ def requestRevoqueCertificate(args): ...@@ -162,6 +167,28 @@ def requestRevoqueCertificate(args):
os.unlink(os.path.join(base_token_path, reference_key)) os.unlink(os.path.join(base_token_path, reference_key))
log.info("Certificate revoked for slave instance %s." % reference) log.info("Certificate revoked for slave instance %s." % reference)
def dumpIPv6Network(slave_reference, db, network, ipv6_file):
email = '%s@slapos' % slave_reference.lower()
try:
cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?",
(email,)).next()
except StopIteration:
# Certificate was not generated yet !!!
pass
try:
if cert_string:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_string)
cn = x509.subnetFromCert(cert)
subnet = network + utils.binFromSubnet(cn)
ipv6 = utils.ipFromBin(subnet)
writeFile(ipv6_file, ipv6)
except Exception:
log.debug('XXX for %s... \n %s' % (slave_reference,
traceback.format_exc()))
def checkService(args, can_bang=True): def checkService(args, can_bang=True):
base_token_path = args['token_base_path'] base_token_path = args['token_base_path']
token_dict = loadJsonFile(args['token_json']) token_dict = loadJsonFile(args['token_json'])
...@@ -175,16 +202,21 @@ def checkService(args, can_bang=True): ...@@ -175,16 +202,21 @@ def checkService(args, can_bang=True):
computer_guid = args['computer_id'] computer_guid = args['computer_id']
partition_id = args['partition_id'] partition_id = args['partition_id']
slap = slapos.slap.slap() slap = slapos.slap.slap()
client = registry.RegistryClient(args['registry_url'])
ca = client.getCa()
network = x509.networkFromCa(crypto.load_certificate(crypto.FILETYPE_PEM, ca))
# Check token status # Check token status
for slave_reference, token in token_dict.iteritems(): for slave_reference, token in token_dict.iteritems():
status_file = os.path.join(base_token_path, '%s.status' % slave_reference) status_file = os.path.join(base_token_path, '%s.status' % slave_reference)
ipv6_file = os.path.join(base_token_path, '%s.ipv6' % slave_reference)
if not os.path.exists(status_file): if not os.path.exists(status_file):
# This token is not added yet! # This token is not added yet!
continue continue
msg = readFile(status_file) msg = readFile(status_file)
if msg == 'TOKEN_USED': if msg == 'TOKEN_USED':
dumpIPv6Network(slave_reference, db, network, ipv6_file)
continue continue
# Check if token is not in the database # Check if token is not in the database
...@@ -200,8 +232,8 @@ def checkService(args, can_bang=True): ...@@ -200,8 +232,8 @@ def checkService(args, can_bang=True):
# Token is used to register client # Token is used to register client
call_bang = True call_bang = True
try: try:
time.sleep(1)
writeFile(status_file, 'TOKEN_USED') writeFile(status_file, 'TOKEN_USED')
dumpIPv6Network(slave_reference, db, network, ipv6_file)
log.info("Token status of %s updated to 'used'." % slave_reference) log.info("Token status of %s updated to 'used'." % slave_reference)
except IOError: except IOError:
# XXX- this file should always exists # XXX- this file should always exists
......
...@@ -176,21 +176,21 @@ command-line = "{{ python_bin }}" ${re6st-registry:manager-wrapper} ...@@ -176,21 +176,21 @@ command-line = "{{ python_bin }}" ${re6st-registry:manager-wrapper}
recipe = slapos.cookbook:cron.d recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries} cron-entries = ${cron:cron-entries}
name = re6stnet-check-token name = re6stnet-check-token
frequency = 0 */1 * * * frequency = */5 * * * *
command = {{ python_bin }} ${re6st-registry:check-service-wrapper} command = {{ python_bin }} ${re6st-registry:check-service-wrapper}
[cron-entry-re6st-revoke] [cron-entry-re6st-revoke]
recipe = slapos.cookbook:cron.d recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries} cron-entries = ${cron:cron-entries}
name = re6stnet-revoke-cert name = re6stnet-revoke-cert
frequency = */30 * * * * frequency = */5 * * * *
command = {{ python_bin }} ${re6st-registry:revoke-service-wrapper} command = {{ python_bin }} ${re6st-registry:revoke-service-wrapper}
[cron-entry-re6st-drop] [cron-entry-re6st-drop]
recipe = slapos.cookbook:cron.d recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries} cron-entries = ${cron:cron-entries}
name = re6stnet-drop-token name = re6stnet-drop-token
frequency = */30 * * * * frequency = */5 * * * *
command = {{ python_bin }} ${re6st-registry:drop-service-wrapper} command = {{ python_bin }} ${re6st-registry:drop-service-wrapper}
[logrotate-entry-re6stnet] [logrotate-entry-re6stnet]
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment