x-move/iconograph
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Untested autoimage HTTPS server/client cert support by copying into the image.

Browse Source
This commit is contained in:
Ian Gulliver
2016-04-05 21:55:44 -07:00
parent a49872f808
commit 8c8e9bd530
1 changed files with 40 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
server/modules/autoimage.py
View File

@@ -28,6 +28,18 @@ parser.add_argument(
dest='device', dest='device',
action='store', action='store',
required=True) required=True)
parser.add_argument(
'--https-ca-cert',
dest='https_ca_cert',
action='store')
parser.add_argument(
'--https-client-cert',
dest='https_client_cert',
action='store')
parser.add_argument(
'--https-client-key',
dest='https_client_key',
action='store')
parser.add_argument( parser.add_argument(
'--persistent-percent', '--persistent-percent',
dest='persistent_percent', dest='persistent_percent',
@@ -64,6 +76,32 @@ def main():
FLAGS.ca_cert, FLAGS.ca_cert,
os.path.join(FLAGS.chroot_path, 'autoimage', 'config', 'ca.cert.pem')) os.path.join(FLAGS.chroot_path, 'autoimage', 'config', 'ca.cert.pem'))
image_flags = []
if FLAGS.https_ca_cert:
https_ca_cert_path = os.path.join('autoimage', 'config', 'https-ca.cert.pem')
shutil.copyfile(
FLAGS.https_ca_cert,
os.path.join(FLAGS.chroot_path, https_ca_cert_path))
image_flags.extend([
'--https-ca-cert', os.path.join('/', https_ca_cert_path),
])
if FLAGS.https_client_cert and FLAGS.https_client_key:
https_client_cert_path = os.path.join('autoimage', 'config', 'https-client.cert.pem')
shutil.copyfile(
FLAGS.https_client_cert,
os.path.join(FLAGS.chroot_path, https_client_cert_path))
https_client_key_path = os.path.join('autoimage', 'config', 'https-client.key.pem')
shutil.copyfile(
FLAGS.https_client_key,
os.path.join(FLAGS.chroot_path, https_client_key_path))
os.chmod(os.path.join(FLAGS.chroot_path, https_client_key_path), 0o400)
image_flags.extend([
'--https-client-cert', os.path.join('/', https_client_cert_path),
'--https-client-key', os.path.join('/', https_client_key_path),
])
parsed = parse.urlparse(FLAGS.base_url) parsed = parse.urlparse(FLAGS.base_url)
init = os.path.join(FLAGS.chroot_path, 'etc', 'init', 'autoimage.conf') init = os.path.join(FLAGS.chroot_path, 'etc', 'init', 'autoimage.conf')
@@ -79,7 +117,7 @@ script
chvt 7 chvt 7
/autoimage/client/wait_for_service.py --host=%(host)s --service=%(service)s </dev/tty7 >/dev/tty7 2>&1 /autoimage/client/wait_for_service.py --host=%(host)s --service=%(service)s </dev/tty7 >/dev/tty7 2>&1
chvt 7 chvt 7
/autoimage/imager/image.py --device=%(device)s --persistent-percent=%(persistent_percent)d --ca-cert=/autoimage/config/ca.cert.pem --base-url=%(base_url)s </dev/tty7 >/dev/tty7 2>&1 /autoimage/imager/image.py --device=%(device)s --persistent-percent=%(persistent_percent)d --ca-cert=/autoimage/config/ca.cert.pem --base-url=%(base_url)s %(image_flags)s </dev/tty7 >/dev/tty7 2>&1
chvt 7 chvt 7
echo >/dev/tty7 echo >/dev/tty7
@@ -95,6 +133,7 @@ end script
'device': FLAGS.device, 'device': FLAGS.device,
'persistent_percent': FLAGS.persistent_percent, 'persistent_percent': FLAGS.persistent_percent,
'base_url': FLAGS.base_url, 'base_url': FLAGS.base_url,
'image_flags': ' '.join(image_flags),
}) })