x-move/iconograph
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Xenial updates for autoimage and certclient

Browse Source
This commit is contained in:
Ian Gulliver
2016-08-09 05:04:44 +00:00
parent 5defa222d6
commit d94c305fa8
3 changed files with 109 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
client/alert.py
View File

@@ -1,43 +0,0 @@
#!/usr/bin/python3
import argparse
import sys
import time
parser = argparse.ArgumentParser(description='iconograph wait_for_service')
parser.add_argument(
'--type',
dest='type',
action='store',
choices={'happy', 'angry'},
required=True)
FLAGS = parser.parse_args()
def Happy():
yield '\a'
time.sleep(3.0)
def Angry():
yield '\a'
time.sleep(0.2)
_TYPES = {
'happy': Happy,
'angry': Angry,
}
def main():
handler = _TYPES[FLAGS.type]
while True:
for item in handler():
sys.stdout.write(item)
sys.stdout.flush()
if __name__ == '__main__':
main()

63
server/modules/autoimage.py
View File

@@ -99,35 +99,50 @@ def main():
'--https-client-key', os.path.join('/', https_client_key_path), '--https-client-key', os.path.join('/', https_client_key_path),
]) ])
init = os.path.join(FLAGS.chroot_path, 'etc', 'init', 'autoimage.conf') tags = {
with open(init, 'w') as fh:
fh.write("""
description "AutoImage"
start on runlevel [2345]
script
exec </dev/tty8 >/dev/tty8 2>&1
chvt 8
/icon/iconograph/client/wait_for_service.py --host=%(server)s --service=https
chvt 8
/icon/iconograph/client/image.py --device=%(device)s --persistent-percent=%(persistent_percent)d --ca-cert=/icon/config/ca.image.cert.pem --server=%(server)s --image-type=%(image_type)s %(image_flags)s
chvt 8
echo
echo "=================="
echo "autoimage complete"
echo "=================="
/icon/iconograph/client/alert.py --type=happy
end script
""" % {
'device': FLAGS.device, 'device': FLAGS.device,
'persistent_percent': FLAGS.persistent_percent, 'persistent_percent': FLAGS.persistent_percent,
'server': FLAGS.server, 'server': FLAGS.server,
'image_type': FLAGS.image_type, 'image_type': FLAGS.image_type,
'image_flags': ' '.join(image_flags), 'image_flags': ' '.join(image_flags),
}) }
tool_path = os.path.join(FLAGS.chroot_path, 'icon', 'autoimage-%(image_type)s' % tags)
os.makedirs(tool_path, exist_ok=True)
script = os.path.join(tool_path, 'startup.sh')
with open(script, 'w') as fh:
os.fchmod(fh.fileno(), 0o755)
fh.write("""\
#!/bin/bash
exec </dev/tty8 >/dev/tty8 2>&1
chvt 8
/icon/iconograph/client/wait_for_service.py --host=%(server)s --service=https
chvt 8
/icon/iconograph/client/image.py --device=%(device)s --persistent-percent=%(persistent_percent)d --ca-cert=/icon/config/ca.image.cert.pem --server=%(server)s --image-type=%(image_type)s %(image_flags)s
chvt 8
echo
echo "=================="
echo "autoimage complete"
echo "=================="
""" % tags)
with module.ServiceFile('autoimage-%(image_type)s.service' % tags) as fh:
fh.write("""
[Unit]
Description=AutoImage %(image_type)s
[Service]
Type=simple
RemainAfterExit=yes
ExecStart=/icon/autoimage-%(image_type)s/startup.sh
[Install]
WantedBy=multi-user.target
""" % tags)
module.EnableService('autoimage-%(image_type)s.service' % tags)
if __name__ == '__main__': if __name__ == '__main__':

123
server/modules/certclient.py
View File

@@ -8,7 +8,7 @@ import subprocess
import icon_lib import icon_lib
parser = argparse.ArgumentParser(description='iconograph autoimage') parser = argparse.ArgumentParser(description='iconograph certclient')
parser.add_argument( parser.add_argument(
'--chroot-path', '--chroot-path',
dest='chroot_path', dest='chroot_path',
@@ -87,62 +87,79 @@ def main():
os.path.join(FLAGS.chroot_path, client_key_path)) os.path.join(FLAGS.chroot_path, client_key_path))
os.chmod(os.path.join(FLAGS.chroot_path, client_key_path), 0o400) os.chmod(os.path.join(FLAGS.chroot_path, client_key_path), 0o400)
init = os.path.join(FLAGS.chroot_path, 'etc', 'init', 'certclient.%s.conf' % FLAGS.tag) tags = {
with open(init, 'w') as fh:
fh.write("""
description "CertClient %(tag)s"
start on systemid-ready
script
exec </dev/tty9 >/dev/tty9 2>&1
chvt 9
DH="/systemid/$(hostname).%(tag)s.dh.pem"
DH_LINK="/systemid/%(tag)s.dh.pem"
KEY="/systemid/$(hostname).%(tag)s.key.pem"
KEY_LINK="/systemid/%(tag)s.key.pem"
CERT="/systemid/$(hostname).%(tag)s.cert.pem"
CERT_LINK="/systemid/%(tag)s.cert.pem"
SUBJECT="$(echo '%(subject)s' | sed s/SYSTEMID/$(hostname)/g)"
if test ! -s "${KEY}"; then
openssl ecparam -name secp384r1 -genkey | openssl ec -out "${KEY}"
chmod 0400 "${KEY}"
fi
chvt 9
/icon/iconograph/client/wait_for_service.py --host=%(server)s --service=https
chvt 9
if test ! -s "${CERT}"; then
openssl req -new -key "${KEY}" -subj "${SUBJECT}" | /icon/certserver/certclient.py --ca-cert=/icon/config/ca.%(tag)s.certserver.cert.pem --client-cert=/icon/config/client.%(tag)s.certserver.cert.pem --client-key=/icon/config/client.%(tag)s.certserver.key.pem --server=%(server)s > "${CERT}"
chmod 0444 "${CERT}"
fi
if test "%(dh)s" = "y"; then
if test ! -s "${DH}"; then
openssl dhparam -out "${DH}" 2048
fi
ln --symbolic --force $(basename "${DH}") "${DH_LINK}"
fi
ln --symbolic --force $(basename "${KEY}") "${KEY_LINK}"
ln --symbolic --force $(basename "${CERT}") "${CERT_LINK}"
chvt 9
echo
echo "=================="
echo "certclient %(tag)s complete"
echo "=================="
end script
""" % {
'dh': 'y' if FLAGS.generate_dh else 'n', 'dh': 'y' if FLAGS.generate_dh else 'n',
'server': FLAGS.server, 'server': FLAGS.server,
'subject': FLAGS.subject, 'subject': FLAGS.subject,
'tag': FLAGS.tag, 'tag': FLAGS.tag,
}) }
tool_path = os.path.join(FLAGS.chroot_path, 'icon', 'certclient-%(tag)s' % tags)
os.makedirs(tool_path, exist_ok=True)
script = os.path.join(tool_path, 'startup.sh')
with open(script, 'w') as fh:
os.chmod(fh.fileno(), 0o755)
fh.write("""\
#!/bin/bash
exec </dev/tty9 >/dev/tty9 2>&1
chvt 9
DH="/systemid/$(hostname).%(tag)s.dh.pem"
DH_LINK="/systemid/%(tag)s.dh.pem"
KEY="/systemid/$(hostname).%(tag)s.key.pem"
KEY_LINK="/systemid/%(tag)s.key.pem"
CERT="/systemid/$(hostname).%(tag)s.cert.pem"
CERT_LINK="/systemid/%(tag)s.cert.pem"
SUBJECT="$(echo '%(subject)s' | sed s/SYSTEMID/$(hostname)/g)"
if test ! -s "${KEY}"; then
openssl ecparam -name secp384r1 -genkey | openssl ec -out "${KEY}"
chmod 0400 "${KEY}"
fi
chvt 9
/icon/iconograph/client/wait_for_service.py --host=%(server)s --service=https
chvt 9
if test ! -s "${CERT}"; then
openssl req -new -key "${KEY}" -subj "${SUBJECT}" | /icon/certserver/certclient.py --ca-cert=/icon/config/ca.%(tag)s.certserver.cert.pem --client-cert=/icon/config/client.%(tag)s.certserver.cert.pem --client-key=/icon/config/client.%(tag)s.certserver.key.pem --server=%(server)s > "${CERT}"
chmod 0444 "${CERT}"
fi
if test "%(dh)s" = "y"; then
if test ! -s "${DH}"; then
openssl dhparam -out "${DH}" 2048
fi
ln --symbolic --force $(basename "${DH}") "${DH_LINK}"
fi
ln --symbolic --force $(basename "${KEY}") "${KEY_LINK}"
ln --symbolic --force $(basename "${CERT}") "${CERT_LINK}"
chvt 9
echo
echo "=================="
echo "certclient %(tag)s complete"
echo "=================="
""" % tags)
with module.ServiceFile('certclient-%(tag)s.service' % tags) as fh:
fh.write("""
[Unit]
Description=CertClient %(tag)s
[Service]
Type=simple
RemainAfterExit=yes
ExecStart=/icon/certclient-%(tag)s/startup.sh
[Install]
WantedBy=multi-user.target
""" % tags)
module.EnableService('certclient-%(tag)s.service' % tags)
if __name__ == '__main__': if __name__ == '__main__':