-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Attached is the func half of the m2m patch. It is also available here:
git://fedorapeople.org/~jeckersb/func.git
branch: m2m-merge
hash: 38e50bc902132c2612feedf4cfa4d596d4ac5ba6
- --
John Eckersberg
IT Engineering Support
Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkm6uEYACgkQdxt4pd4ztYtRqgCdFiCJ1GTejtPcx6Hb0VJ+cqKs
nT8An3iDk0xyH48CPB/QWuQra19cO9M0
=UheA
-----END PGP SIGNATURE-----
>From 38e50bc902132c2612feedf4cfa4d596d4ac5ba6 Mon Sep 17 00:00:00 2001
From: John Eckersberg <jeckersb@xxxxxxxxxx>
Date: Fri, 13 Mar 2009 15:37:06 -0400
Subject: [PATCH] Minion-to-minion support, func half
---
func/minion/modules/certmastermod.py | 75 ++++++++++++++++++++++++++++++++++
func/overlord/client.py | 9 ++++
2 files changed, 84 insertions(+), 0 deletions(-)
diff --git a/func/minion/modules/certmastermod.py b/func/minion/modules/certmastermod.py
index a8a37e8..c4641d0 100644
--- a/func/minion/modules/certmastermod.py
+++ b/func/minion/modules/certmastermod.py
@@ -13,6 +13,8 @@
## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
##
+import os
+
# our modules
import func_module
from certmaster import certmaster as certmaster
@@ -59,6 +61,58 @@ class CertMasterModule(func_module.FuncModule):
cm.remove_this_cert(x)
return True
+ def peering_enabled(self):
+ """
+ Return config value for "peering"
+ """
+ return certmaster.CertMaster().cfg.peering
+
+ def known_peers(self):
+ """
+ Return a list of (host, sha) tuples for each known peer
+
+ Re-uses copyfile module for checksum.
+ """
+ import func.minion.modules.copyfile as copyfile
+ cm = certmaster.CertMaster()
+ files = cm.get_peer_certs()
+ cf = copyfile.CopyFile()
+
+ results = []
+ for f in files:
+ hostname = os.path.basename(f)
+ hostname = hostname.replace('.' + cm.cfg.cert_extension, "")
+ digest = cf.checksum(f)
+ results.append((hostname, digest))
+
+ return results
+
+ def remove_peer_certs(self, peers):
+ """
+ Remove the peer certificates for each host in 'peers'
+ """
+ cm = certmaster.CertMaster()
+ for p in peers:
+ certname = "%s.%s" % (p, cm.cfg.cert_extension)
+ certname = os.path.join(cm.cfg.peerroot, certname)
+# try:
+ os.unlink(certname)
+# except OSError:
+ # cert doesn't exist
+# pass
+ return True
+
+ def copy_peer_cert(self, peer, certblob):
+ """
+ Install certblob as the certificate for peer
+ """
+ import func.minion.modules.copyfile as copyfile
+ cm = certmaster.CertMaster()
+ certname = '%s.%s' % (peer, cm.cfg.cert_extension)
+ path = os.path.join(cm.cfg.peerroot, certname)
+ cf = copyfile.CopyFile()
+ return cf.copyfile(path, certblob)
+
def __listify(self, list_of_hosts):
if type(list_of_hosts) is type([]):
return list_of_hosts
@@ -96,5 +150,26 @@ class CertMasterModule(func_module.FuncModule):
'list_of_hosts':list_of_hosts
},
'description':"Clean the certs for specified hosts"
+ },
+ 'peering_enabled':{
+ 'args':{},
+ 'description':"Whether or not peering is enabled"
+ },
+ 'known_peers':{
+ 'args':{},
+ 'description':"What peers are known"
+ },
+ 'remove_peer_certs':{
+ 'args':{
+ 'peers':'List of peers to remove',
+ },
+ 'description':'Remove peer certificate for one or more peers'
+ },
+ 'copy_peer_cert':{
+ 'args':{
+ 'peer':'Name of the peer',
+ 'certblob':'Certificate data',
+ },
+ 'description':'Copy certblob for peer'
}
}
diff --git a/func/overlord/client.py b/func/overlord/client.py
index 196ea0e..19e2efe 100644
--- a/func/overlord/client.py
+++ b/func/overlord/client.py
@@ -109,6 +109,11 @@ class Minions(object):
continue
actual_gloob = "%s/%s.%s" % (self.config.certroot, each_gloob, self.config.cert_extension)
certs = glob.glob(actual_gloob)
+ # pull in peers if enabled for minion-to-minion
+ if self.config.peering:
+ peer_gloob = "%s/%s.%s" % (self.config.peerroot, each_gloob, self.config.cert_extension)
+ certs += glob.glob(peer_gloob)
+
for cert in certs:
#if the spec includes some groups and also it includes some *
#may cause some duplicates so should check that
@@ -118,6 +123,8 @@ class Minions(object):
# use basename to trim off any excess /'s, fix
# ticket #53 "Trailing slash in certmaster.conf confuses glob function
certname = os.path.basename(cert.replace(self.config.certroot, ""))
+ if self.config.peering:
+ certname = os.path.basename(certname.replace(self.config.peerroot, ""))
host = certname[:-(len(self.config.cert_extension) + 1)]
self.all_hosts.append(host)
@@ -230,6 +237,8 @@ class Overlord(object):
fd_key = '/etc/pki/certmaster/%s.pem' % myname
fd_crt = '/etc/pki/certmaster/%s.cert' % myname
self.ca = '%s/certmaster.crt' % self.config.cadir
+ if not os.access(self.ca, os.R_OK):
+ self.ca = '%s/ca.cert' % self.config.cert_dir
if client_key and client_cert and ca:
if (os.access(client_key, os.R_OK) and os.access(client_cert, os.R_OK)
and os.access(ca, os.R_OK)):
--
1.6.0.6
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
