fixup: certificate generation for instance

ffaf4491 · Alain Takoudjou · a30ef074 · ffaf4491 · ffaf4491 · ffaf4491
Commit ffaf4491 authored Jul 04, 2017 by Alain Takoudjou
Showing with 20 additions and 19 deletions

master/product/Vifib/Tool/SlapTool.py master/product/Vifib/Tool/SlapTool.py +1 -1

slapos/cli/register.py slapos/cli/register.py +1 -0

slapos/grid/SlapObject.py slapos/grid/SlapObject.py +18 -18

No files found.
--- a/master/product/Vifib/Tool/SlapTool.py
+++ b/master/product/Vifib/Tool/SlapTool.py
@@ -1216,7 +1216,7 @@ class SlapTool(BaseTool):
      for certificate_id in instance.contentValues(
          portal_type='Certificate Access ID', validation_state='validated'):
        if certificate_id.getValidationState() == 'validated':
-          instance.revokeCertificate(certificate_id.getReference())
+          instance.revokeCertificate(certificate_id)
      if instance.getValidationState() == 'validated':
        instance.invalidate()

--- a/slapos/cli/register.py
+++ b/slapos/cli/register.py
@@ -36,6 +36,7 @@ import sys
 import pkg_resources
 import requests
 import uuid
+import urllib
 from slapos.cli.command import Command, must_be_root
 from slapos.certificate import (parse_certificate_from_html,

--- a/slapos/grid/SlapObject.py
+++ b/slapos/grid/SlapObject.py
@@ -39,9 +39,11 @@ import tempfile
 import time
 import xmlrpclib
 import uuid
+import errno
 from supervisor import xmlrpc
 from slapos.grid.utils import (md5digest, getCleanEnvironment,
                               SlapPopen, dropPrivileges, updateFile)
 from slapos.grid import utils  # for methods that could be mocked, access them through the module
@@ -54,6 +56,7 @@ from slapos.human import bytes2human
 from slapos.certificate import (generateCertificateRequest,
                                generatePrivatekey,
                                validateCertAndKey)
+from OpenSSL import crypto
 WATCHDOG_MARK = '-on-watch'
@@ -417,18 +420,15 @@ class Partition(object):
      The node generate the private key and send
    """
-    try:
+    if os.path.exists(self.cert_file): 
-      cert_fd = os.open(self.cert_file,
+      if not os.stat(self.cert_file).st_size:
-                     os.O_CREAT|os.O_WRONLY|os.O_EXCL|os.O_TRUNC,
+        os.unlink(self.cert_file)
-                     0600)
+      else:
-    except OSError, e:
+        # the certificate exists, no need to download it
-      if e.errno != errno.EEXIST:
+        return
-        raise
-      # the certificate exists, no need to download it
-      return
    uid, gid = self.getUserGroupId()
-    key_string = generatePrivatekey(self.key_file, uid, gid)
+    key_string = generatePrivatekey(self.key_file, uid=uid, gid=gid)
    csr_string = generateCertificateRequest(key_string, cn=str(uuid.uuid4()))
    try:
      partition_certificate = self.computer_partition.getCertificate(
@@ -437,14 +437,14 @@ class Partition(object):
      raise NotFoundError('Partition %s is not known by SlapOS Master.' %
          self.partition_id)
-    os.write(cert_fd, partition_certificate)
+    cert_fd = os.open(self.cert_file, os.O_CREAT|os.O_WRONLY|os.O_TRUNC, 0600)
+    os.write(cert_fd, partition_certificate['certificate'])
    os.close(cert_fd)
    os.chown(self.cert_file, uid, gid)
-    self.logger.info('Certificate file saved at %r' % self.cert_file)
    # Check that certificate and key are OK
    try:
-      validateCertAndKey(self.key_file, self.cert_file)
+      validateCertAndKey(self.cert_file, self.key_file)
    except crypto.Error:
      # Invalid Certificate file
      if os.path.exists(self.cert_file):
@@ -452,7 +452,7 @@ class Partition(object):
      raise
    # except SSL.Error
    # Raise when certificate and key didn't match
+    self.logger.info('Certificate file saved at %r' % self.cert_file)
  def getUserGroupId(self):
    """Returns tuple of (uid, gid) of partition"""
@@ -711,10 +711,6 @@ class Partition(object):
        raise subprocess.CalledProcessError(message, process_handler.output)
    # Manually cleans what remains
    try:
-      for f in [self.key_file, self.cert_file]:
-        if f:
-          if os.path.exists(f):
-            os.unlink(f)
      # better to manually remove symlinks because rmtree might choke on them
      sr_symlink = os.path.join(self.instance_path, 'software_release')
@@ -739,6 +735,10 @@ class Partition(object):
      if os.path.exists(self.supervisord_partition_configuration_path):
        os.remove(self.supervisord_partition_configuration_path)
+      for f in [self.key_file, self.cert_file]:
+        if f:
+          if os.path.exists(f):
+            os.unlink(f)
      self.updateSupervisor()
    except IOError as exc:
      raise IOError("I/O error while freeing partition (%s): %s" % (self.instance_path, exc))