From ff23dd2a3b86c816da04eddc903de0c8c3141954 Mon Sep 17 00:00:00 2001 From: Soren Hansen Date: Tue, 5 Apr 2011 11:42:14 +0200 Subject: [PATCH] Allow CA code and state to be separated, and make sure CA code gets installed by setup.py install. --- MANIFEST.in | 2 +- {CA => nova/CA}/.gitignore | 0 {CA => nova/CA}/geninter.sh | 0 {CA => nova/CA}/genrootca.sh | 0 {CA => nova/CA}/genvpn.sh | 0 {CA => nova/CA}/newcerts/.placeholder | 0 {CA => nova/CA}/openssl.cnf.tmpl | 0 {CA => nova/CA}/private/.placeholder | 0 {CA => nova/CA}/projects/.gitignore | 0 {CA => nova/CA}/projects/.placeholder | 0 {CA => nova/CA}/reqs/.gitignore | 0 {CA => nova/CA}/reqs/.placeholder | 0 nova/api/ec2/cloud.py | 8 +++++++- nova/crypto.py | 10 ++++++++-- 14 files changed, 16 insertions(+), 4 deletions(-) rename {CA => nova/CA}/.gitignore (100%) rename {CA => nova/CA}/geninter.sh (100%) rename {CA => nova/CA}/genrootca.sh (100%) rename {CA => nova/CA}/genvpn.sh (100%) rename {CA => nova/CA}/newcerts/.placeholder (100%) rename {CA => nova/CA}/openssl.cnf.tmpl (100%) rename {CA => nova/CA}/private/.placeholder (100%) rename {CA => nova/CA}/projects/.gitignore (100%) rename {CA => nova/CA}/projects/.placeholder (100%) rename {CA => nova/CA}/reqs/.gitignore (100%) rename {CA => nova/CA}/reqs/.placeholder (100%) diff --git a/MANIFEST.in b/MANIFEST.in index bf30d1546922..e7a6e7da4bea 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,7 +1,7 @@ include HACKING LICENSE run_tests.py run_tests.sh include README builddeb.sh exercise_rsapi.py include ChangeLog MANIFEST.in pylintrc Authors -graft CA +graft nova/CA graft doc graft smoketests graft tools diff --git a/CA/.gitignore b/nova/CA/.gitignore similarity index 100% rename from CA/.gitignore rename to nova/CA/.gitignore diff --git a/CA/geninter.sh b/nova/CA/geninter.sh similarity index 100% rename from CA/geninter.sh rename to nova/CA/geninter.sh diff --git a/CA/genrootca.sh b/nova/CA/genrootca.sh similarity index 100% rename from CA/genrootca.sh rename to nova/CA/genrootca.sh diff --git a/CA/genvpn.sh b/nova/CA/genvpn.sh similarity index 100% rename from CA/genvpn.sh rename to nova/CA/genvpn.sh diff --git a/CA/newcerts/.placeholder b/nova/CA/newcerts/.placeholder similarity index 100% rename from CA/newcerts/.placeholder rename to nova/CA/newcerts/.placeholder diff --git a/CA/openssl.cnf.tmpl b/nova/CA/openssl.cnf.tmpl similarity index 100% rename from CA/openssl.cnf.tmpl rename to nova/CA/openssl.cnf.tmpl diff --git a/CA/private/.placeholder b/nova/CA/private/.placeholder similarity index 100% rename from CA/private/.placeholder rename to nova/CA/private/.placeholder diff --git a/CA/projects/.gitignore b/nova/CA/projects/.gitignore similarity index 100% rename from CA/projects/.gitignore rename to nova/CA/projects/.gitignore diff --git a/CA/projects/.placeholder b/nova/CA/projects/.placeholder similarity index 100% rename from CA/projects/.placeholder rename to nova/CA/projects/.placeholder diff --git a/CA/reqs/.gitignore b/nova/CA/reqs/.gitignore similarity index 100% rename from CA/reqs/.gitignore rename to nova/CA/reqs/.gitignore diff --git a/CA/reqs/.placeholder b/nova/CA/reqs/.placeholder similarity index 100% rename from CA/reqs/.placeholder rename to nova/CA/reqs/.placeholder diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py index 425784e8a2ea..f119bd75cac0 100644 --- a/nova/api/ec2/cloud.py +++ b/nova/api/ec2/cloud.py @@ -103,10 +103,16 @@ class CloudController(object): # Gen root CA, if we don't have one root_ca_path = os.path.join(FLAGS.ca_path, FLAGS.ca_file) if not os.path.exists(root_ca_path): + genrootca_sh_path = os.path.join(os.path.dirname(__file__), + os.path.pardir, + os.path.pardir, + 'CA', + 'genrootca.sh') + start = os.getcwd() os.chdir(FLAGS.ca_path) # TODO(vish): Do this with M2Crypto instead - utils.runthis(_("Generating root CA: %s"), "sh", "genrootca.sh") + utils.runthis(_("Generating root CA: %s"), "sh", genrootca_sh_path) os.chdir(start) def _get_mpi_data(self, context, project_id): diff --git a/nova/crypto.py b/nova/crypto.py index b112e5b9247c..2b122e560b4d 100644 --- a/nova/crypto.py +++ b/nova/crypto.py @@ -215,9 +215,12 @@ def generate_x509_cert(user_id, project_id, bits=1024): def _ensure_project_folder(project_id): if not os.path.exists(ca_path(project_id)): + geninter_sh_path = os.path.join(os.path.dirname(__file__), + 'CA', + 'geninter.sh') start = os.getcwd() os.chdir(ca_folder()) - utils.execute('sh', 'geninter.sh', project_id, + utils.execute('sh', geninter_sh_path, project_id, _project_cert_subject(project_id)) os.chdir(start) @@ -227,13 +230,16 @@ def generate_vpn_files(project_id): csr_fn = os.path.join(project_folder, "server.csr") crt_fn = os.path.join(project_folder, "server.crt") + genvpn_sh_path = os.path.join(os.path.dirname(__file__), + 'CA', + 'geninter.sh') if os.path.exists(crt_fn): return _ensure_project_folder(project_id) start = os.getcwd() os.chdir(ca_folder()) # TODO(vish): the shell scripts could all be done in python - utils.execute('sh', 'genvpn.sh', + utils.execute('sh', genvpn_sh_path, project_id, _vpn_cert_subject(project_id)) with open(csr_fn, "r") as csrfile: csr_text = csrfile.read()