From d94c305fa837f0044f80ee269c30498337e1e996 Mon Sep 17 00:00:00 2001 From: Ian Gulliver Date: Tue, 9 Aug 2016 05:04:44 +0000 Subject: [PATCH] Xenial updates for autoimage and certclient --- client/alert.py | 43 ------------ server/modules/autoimage.py | 63 +++++++++++------- server/modules/certclient.py | 123 ++++++++++++++++++++--------------- 3 files changed, 109 insertions(+), 120 deletions(-) delete mode 100755 client/alert.py diff --git a/client/alert.py b/client/alert.py deleted file mode 100755 index b2190ed..0000000 --- a/client/alert.py +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/python3 - -import argparse -import sys -import time - - -parser = argparse.ArgumentParser(description='iconograph wait_for_service') -parser.add_argument( - '--type', - dest='type', - action='store', - choices={'happy', 'angry'}, - required=True) -FLAGS = parser.parse_args() - - -def Happy(): - yield '\a' - time.sleep(3.0) - - -def Angry(): - yield '\a' - time.sleep(0.2) - - -_TYPES = { - 'happy': Happy, - 'angry': Angry, -} - - -def main(): - handler = _TYPES[FLAGS.type] - while True: - for item in handler(): - sys.stdout.write(item) - sys.stdout.flush() - - -if __name__ == '__main__': - main() diff --git a/server/modules/autoimage.py b/server/modules/autoimage.py index 441f1af..7acf54c 100755 --- a/server/modules/autoimage.py +++ b/server/modules/autoimage.py @@ -99,35 +99,50 @@ def main(): '--https-client-key', os.path.join('/', https_client_key_path), ]) - init = os.path.join(FLAGS.chroot_path, 'etc', 'init', 'autoimage.conf') - with open(init, 'w') as fh: - fh.write(""" -description "AutoImage" - -start on runlevel [2345] - -script - exec /dev/tty8 2>&1 - chvt 8 - /icon/iconograph/client/wait_for_service.py --host=%(server)s --service=https - chvt 8 - /icon/iconograph/client/image.py --device=%(device)s --persistent-percent=%(persistent_percent)d --ca-cert=/icon/config/ca.image.cert.pem --server=%(server)s --image-type=%(image_type)s %(image_flags)s - chvt 8 - - echo - echo "==================" - echo "autoimage complete" - echo "==================" - - /icon/iconograph/client/alert.py --type=happy -end script -""" % { + tags = { 'device': FLAGS.device, 'persistent_percent': FLAGS.persistent_percent, 'server': FLAGS.server, 'image_type': FLAGS.image_type, 'image_flags': ' '.join(image_flags), - }) + } + + tool_path = os.path.join(FLAGS.chroot_path, 'icon', 'autoimage-%(image_type)s' % tags) + os.makedirs(tool_path, exist_ok=True) + + script = os.path.join(tool_path, 'startup.sh') + with open(script, 'w') as fh: + os.fchmod(fh.fileno(), 0o755) + fh.write("""\ +#!/bin/bash + +exec /dev/tty8 2>&1 +chvt 8 +/icon/iconograph/client/wait_for_service.py --host=%(server)s --service=https +chvt 8 +/icon/iconograph/client/image.py --device=%(device)s --persistent-percent=%(persistent_percent)d --ca-cert=/icon/config/ca.image.cert.pem --server=%(server)s --image-type=%(image_type)s %(image_flags)s +chvt 8 + +echo +echo "==================" +echo "autoimage complete" +echo "==================" +""" % tags) + + with module.ServiceFile('autoimage-%(image_type)s.service' % tags) as fh: + fh.write(""" +[Unit] +Description=AutoImage %(image_type)s + +[Service] +Type=simple +RemainAfterExit=yes +ExecStart=/icon/autoimage-%(image_type)s/startup.sh + +[Install] +WantedBy=multi-user.target +""" % tags) + module.EnableService('autoimage-%(image_type)s.service' % tags) if __name__ == '__main__': diff --git a/server/modules/certclient.py b/server/modules/certclient.py index cdd0577..4566704 100755 --- a/server/modules/certclient.py +++ b/server/modules/certclient.py @@ -8,7 +8,7 @@ import subprocess import icon_lib -parser = argparse.ArgumentParser(description='iconograph autoimage') +parser = argparse.ArgumentParser(description='iconograph certclient') parser.add_argument( '--chroot-path', dest='chroot_path', @@ -87,62 +87,79 @@ def main(): os.path.join(FLAGS.chroot_path, client_key_path)) os.chmod(os.path.join(FLAGS.chroot_path, client_key_path), 0o400) - init = os.path.join(FLAGS.chroot_path, 'etc', 'init', 'certclient.%s.conf' % FLAGS.tag) - with open(init, 'w') as fh: - fh.write(""" -description "CertClient %(tag)s" - -start on systemid-ready - -script - exec /dev/tty9 2>&1 - chvt 9 - - DH="/systemid/$(hostname).%(tag)s.dh.pem" - DH_LINK="/systemid/%(tag)s.dh.pem" - KEY="/systemid/$(hostname).%(tag)s.key.pem" - KEY_LINK="/systemid/%(tag)s.key.pem" - CERT="/systemid/$(hostname).%(tag)s.cert.pem" - CERT_LINK="/systemid/%(tag)s.cert.pem" - SUBJECT="$(echo '%(subject)s' | sed s/SYSTEMID/$(hostname)/g)" - - if test ! -s "${KEY}"; then - openssl ecparam -name secp384r1 -genkey | openssl ec -out "${KEY}" - chmod 0400 "${KEY}" - fi - - chvt 9 - /icon/iconograph/client/wait_for_service.py --host=%(server)s --service=https - chvt 9 - - if test ! -s "${CERT}"; then - openssl req -new -key "${KEY}" -subj "${SUBJECT}" | /icon/certserver/certclient.py --ca-cert=/icon/config/ca.%(tag)s.certserver.cert.pem --client-cert=/icon/config/client.%(tag)s.certserver.cert.pem --client-key=/icon/config/client.%(tag)s.certserver.key.pem --server=%(server)s > "${CERT}" - chmod 0444 "${CERT}" - fi - - if test "%(dh)s" = "y"; then - if test ! -s "${DH}"; then - openssl dhparam -out "${DH}" 2048 - fi - ln --symbolic --force $(basename "${DH}") "${DH_LINK}" - fi - - ln --symbolic --force $(basename "${KEY}") "${KEY_LINK}" - ln --symbolic --force $(basename "${CERT}") "${CERT_LINK}" - - chvt 9 - - echo - echo "==================" - echo "certclient %(tag)s complete" - echo "==================" -end script -""" % { + tags = { 'dh': 'y' if FLAGS.generate_dh else 'n', 'server': FLAGS.server, 'subject': FLAGS.subject, 'tag': FLAGS.tag, - }) + } + + tool_path = os.path.join(FLAGS.chroot_path, 'icon', 'certclient-%(tag)s' % tags) + os.makedirs(tool_path, exist_ok=True) + + script = os.path.join(tool_path, 'startup.sh') + with open(script, 'w') as fh: + os.chmod(fh.fileno(), 0o755) + fh.write("""\ +#!/bin/bash + +exec /dev/tty9 2>&1 +chvt 9 + +DH="/systemid/$(hostname).%(tag)s.dh.pem" +DH_LINK="/systemid/%(tag)s.dh.pem" +KEY="/systemid/$(hostname).%(tag)s.key.pem" +KEY_LINK="/systemid/%(tag)s.key.pem" +CERT="/systemid/$(hostname).%(tag)s.cert.pem" +CERT_LINK="/systemid/%(tag)s.cert.pem" +SUBJECT="$(echo '%(subject)s' | sed s/SYSTEMID/$(hostname)/g)" + +if test ! -s "${KEY}"; then + openssl ecparam -name secp384r1 -genkey | openssl ec -out "${KEY}" + chmod 0400 "${KEY}" +fi + +chvt 9 +/icon/iconograph/client/wait_for_service.py --host=%(server)s --service=https +chvt 9 + +if test ! -s "${CERT}"; then + openssl req -new -key "${KEY}" -subj "${SUBJECT}" | /icon/certserver/certclient.py --ca-cert=/icon/config/ca.%(tag)s.certserver.cert.pem --client-cert=/icon/config/client.%(tag)s.certserver.cert.pem --client-key=/icon/config/client.%(tag)s.certserver.key.pem --server=%(server)s > "${CERT}" + chmod 0444 "${CERT}" +fi + +if test "%(dh)s" = "y"; then + if test ! -s "${DH}"; then + openssl dhparam -out "${DH}" 2048 + fi + ln --symbolic --force $(basename "${DH}") "${DH_LINK}" +fi + +ln --symbolic --force $(basename "${KEY}") "${KEY_LINK}" +ln --symbolic --force $(basename "${CERT}") "${CERT_LINK}" + +chvt 9 + +echo +echo "==================" +echo "certclient %(tag)s complete" +echo "==================" +""" % tags) + + with module.ServiceFile('certclient-%(tag)s.service' % tags) as fh: + fh.write(""" +[Unit] +Description=CertClient %(tag)s + +[Service] +Type=simple +RemainAfterExit=yes +ExecStart=/icon/certclient-%(tag)s/startup.sh + +[Install] +WantedBy=multi-user.target +""" % tags) + module.EnableService('certclient-%(tag)s.service' % tags) if __name__ == '__main__':