[Fwd: Func-list post from bleanhar@xxxxxxxxxx requires approval]

Michael DeHaan <mdehaan@xxxxxxxxxx> · Tue, 29 Jan 2008 16:57:29 -0500

Forwarding this since it appeared to bounce.

--Michael

--- Begin Message ---

Subject: Func-list post from bleanhar@xxxxxxxxxx requires approval
From: func-list-owner@xxxxxxxxxx
Date: Tue, 29 Jan 2008 16:51:15 -0500

As list administrator, your authorization is requested for the
following mailing list posting:

    List:    Func-list@xxxxxxxxxx
    From:    bleanhar@xxxxxxxxxx
    Subject: [PATCH] Using gethostname() instead of getfqdn() to set the CN on the minion and ca certs
    Reason:  Message has implicit destination

At your convenience, visit:

    https://www.redhat.com/mailman/admindb/func-list
        
to approve or deny the request.
--- Begin Message ---

Subject: [PATCH] Using gethostname() instead of getfqdn() to set the CN on the	minion and ca certs
From: Brenton Leanhardt <bleanhar@xxxxxxxxxx>
Date: Tue, 29 Jan 2008 15:17:49 -0500

If reverse dns lookups for certain domains are not possible on a network
you can hit a scenario where certs will get created with undesirable names. For
example I have a host called foo.usersys.redhat.com (which does resolve from the
certmaster) yet when the csr comes in it will have a CN like
dhcp227-165.rdu.redhat.com.

This is really confusing when it comes time to use func and I'm forced to refer to
my minions with names that change frequently (outside of my control).

getfqdn() will sometimes result in a reverse lookup which
fqdn is triggering a reverse dns lookup which in my case leads to
misleading cert names.
---
 func/certmaster.py |    2 +-
 func/certs.py      |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/func/certmaster.py b/func/certmaster.py
index 1cde806..cb6b774 100755
--- a/func/certmaster.py
+++ b/func/certmaster.py
@@ -36,7 +36,7 @@ CERTMASTER_LISTEN_PORT = 51235
 class CertMaster(object):
     def __init__(self, conf_file):
         self.cfg = read_config(conf_file, CMConfig)
-        mycn = '%s-CA-KEY' % socket.getfqdn()
+        mycn = '%s-CA-KEY' % socket.gethostname()
         self.ca_key_file = '%s/funcmaster.key' % self.cfg.cadir
         self.ca_cert_file = '%s/funcmaster.crt' % self.cfg.cadir
         try:
diff --git a/func/certs.py b/func/certs.py
index 22af866..633845a 100644
--- a/func/certs.py
+++ b/func/certs.py
@@ -48,7 +48,7 @@ def make_csr(pkey, dest=None, cn=None):
     if cn:
         subj.CN = cn
     else:
-        subj.CN = socket.getfqdn()
+        subj.CN = socket.gethostname()
     subj.emailAddress = 'root@%s' % subj.CN       
         
     req.set_pubkey(pkey)
-- 
1.5.3.6


--/9DWx/yDrRhgMJTb--


--- End Message ---
--- Begin Message ---

Subject: confirm 7e13db55a36073802e2628c3914f95b0b83948aa
From: func-list-request@xxxxxxxxxx

If you reply to this message, keeping the Subject: header intact,
Mailman will discard the held message.  Do this if the message is
spam.  If you reply to this message and include an Approved: header
with the list password in it, the message will be approved for posting
to the list.  The Approved: header can also appear in the first line
of the body of the reply.

--- End Message ---

--- End Message ---
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list



