~citrix-openstack/nova/xenapi

« back to all changes in this revision

Viewing changes to nova/crypto.py

Committer: rlane at wikimedia
Date: 2011-03-03 23:04:11 UTC
mfrom: (408.9.363 nova)
mto: (408.9.366 nova)
mto: This revision was merged to the branch mainline in revision 449.
Revision ID: rlane@wikimedia.org-20110303230411-qx4qndimfyr1w1fx

Merge from trunk

files added:
doc/.autogenerated

doc/build/html

doc/build/html/.buildinfo

doc/source/api/autoindex.rst

doc/source/api/nova..adminclient.rst

doc/source/api/nova..api.direct.rst

doc/source/api/nova..api.ec2.admin.rst

doc/source/api/nova..api.ec2.apirequest.rst

doc/source/api/nova..api.ec2.cloud.rst

doc/source/api/nova..api.ec2.metadatarequesthandler.rst

doc/source/api/nova..api.openstack.auth.rst

doc/source/api/nova..api.openstack.backup_schedules.rst

doc/source/api/nova..api.openstack.common.rst

doc/source/api/nova..api.openstack.consoles.rst

doc/source/api/nova..api.openstack.faults.rst

doc/source/api/nova..api.openstack.flavors.rst

doc/source/api/nova..api.openstack.images.rst

doc/source/api/nova..api.openstack.servers.rst

doc/source/api/nova..api.openstack.shared_ip_groups.rst

doc/source/api/nova..api.openstack.zones.rst

doc/source/api/nova..auth.dbdriver.rst

doc/source/api/nova..auth.fakeldap.rst

doc/source/api/nova..auth.ldapdriver.rst

doc/source/api/nova..auth.manager.rst

doc/source/api/nova..auth.signer.rst

doc/source/api/nova..cloudpipe.pipelib.rst

doc/source/api/nova..compute.api.rst

doc/source/api/nova..compute.instance_types.rst

doc/source/api/nova..compute.manager.rst

doc/source/api/nova..compute.monitor.rst

doc/source/api/nova..compute.power_state.rst

doc/source/api/nova..console.api.rst

doc/source/api/nova..console.fake.rst

doc/source/api/nova..console.manager.rst

doc/source/api/nova..console.xvp.rst

doc/source/api/nova..context.rst

doc/source/api/nova..crypto.rst

doc/source/api/nova..db.api.rst

doc/source/api/nova..db.base.rst

doc/source/api/nova..db.migration.rst

doc/source/api/nova..db.sqlalchemy.api.rst

doc/source/api/nova..db.sqlalchemy.migrate_repo.manage.rst

doc/source/api/nova..db.sqlalchemy.migrate_repo.versions.001_austin.rst

doc/source/api/nova..db.sqlalchemy.migrate_repo.versions.002_bexar.rst

doc/source/api/nova..db.sqlalchemy.migrate_repo.versions.003_add_label_to_networks.rst

doc/source/api/nova..db.sqlalchemy.migrate_repo.versions.004_add_zone_tables.rst

doc/source/api/nova..db.sqlalchemy.migrate_repo.versions.005_add_instance_metadata.rst

doc/source/api/nova..db.sqlalchemy.migrate_repo.versions.006_add_provider_data_to_volumes.rst

doc/source/api/nova..db.sqlalchemy.migrate_repo.versions.007_add_instance_types.rst

doc/source/api/nova..db.sqlalchemy.migration.rst

doc/source/api/nova..db.sqlalchemy.models.rst

doc/source/api/nova..db.sqlalchemy.session.rst

doc/source/api/nova..exception.rst

doc/source/api/nova..fakememcache.rst

doc/source/api/nova..fakerabbit.rst

doc/source/api/nova..flags.rst

doc/source/api/nova..image.glance.rst

doc/source/api/nova..image.local.rst

doc/source/api/nova..image.s3.rst

doc/source/api/nova..image.service.rst

doc/source/api/nova..log.rst

doc/source/api/nova..manager.rst

doc/source/api/nova..network.api.rst

doc/source/api/nova..network.linux_net.rst

doc/source/api/nova..network.manager.rst

doc/source/api/nova..objectstore.bucket.rst

doc/source/api/nova..objectstore.handler.rst

doc/source/api/nova..objectstore.image.rst

doc/source/api/nova..objectstore.stored.rst

doc/source/api/nova..quota.rst

doc/source/api/nova..rpc.rst

doc/source/api/nova..scheduler.chance.rst

doc/source/api/nova..scheduler.driver.rst

doc/source/api/nova..scheduler.manager.rst

doc/source/api/nova..scheduler.simple.rst

doc/source/api/nova..scheduler.zone.rst

doc/source/api/nova..service.rst

doc/source/api/nova..test.rst

doc/source/api/nova..tests.api.openstack.fakes.rst

doc/source/api/nova..tests.api.openstack.test_adminapi.rst

doc/source/api/nova..tests.api.openstack.test_api.rst

doc/source/api/nova..tests.api.openstack.test_auth.rst

doc/source/api/nova..tests.api.openstack.test_common.rst

doc/source/api/nova..tests.api.openstack.test_faults.rst

doc/source/api/nova..tests.api.openstack.test_flavors.rst

doc/source/api/nova..tests.api.openstack.test_images.rst

doc/source/api/nova..tests.api.openstack.test_ratelimiting.rst

doc/source/api/nova..tests.api.openstack.test_servers.rst

doc/source/api/nova..tests.api.openstack.test_shared_ip_groups.rst

doc/source/api/nova..tests.api.openstack.test_zones.rst

doc/source/api/nova..tests.api.test_wsgi.rst

doc/source/api/nova..tests.db.fakes.rst

doc/source/api/nova..tests.declare_flags.rst

doc/source/api/nova..tests.fake_flags.rst

doc/source/api/nova..tests.glance.stubs.rst

doc/source/api/nova..tests.hyperv_unittest.rst

doc/source/api/nova..tests.objectstore_unittest.rst

doc/source/api/nova..tests.real_flags.rst

doc/source/api/nova..tests.runtime_flags.rst

doc/source/api/nova..tests.test_access.rst

doc/source/api/nova..tests.test_api.rst

doc/source/api/nova..tests.test_auth.rst

doc/source/api/nova..tests.test_cloud.rst

doc/source/api/nova..tests.test_compute.rst

doc/source/api/nova..tests.test_console.rst

doc/source/api/nova..tests.test_direct.rst

doc/source/api/nova..tests.test_flags.rst

doc/source/api/nova..tests.test_instance_types.rst

doc/source/api/nova..tests.test_localization.rst

doc/source/api/nova..tests.test_log.rst

doc/source/api/nova..tests.test_middleware.rst

doc/source/api/nova..tests.test_misc.rst

doc/source/api/nova..tests.test_network.rst

doc/source/api/nova..tests.test_quota.rst

doc/source/api/nova..tests.test_rpc.rst

doc/source/api/nova..tests.test_scheduler.rst

doc/source/api/nova..tests.test_service.rst

doc/source/api/nova..tests.test_test.rst

doc/source/api/nova..tests.test_twistd.rst

doc/source/api/nova..tests.test_utils.rst

doc/source/api/nova..tests.test_virt.rst

doc/source/api/nova..tests.test_volume.rst

doc/source/api/nova..tests.test_xenapi.rst

doc/source/api/nova..tests.xenapi.stubs.rst

doc/source/api/nova..twistd.rst

doc/source/api/nova..utils.rst

doc/source/api/nova..version.rst

doc/source/api/nova..virt.connection.rst

doc/source/api/nova..virt.disk.rst

doc/source/api/nova..virt.fake.rst

doc/source/api/nova..virt.hyperv.rst

doc/source/api/nova..virt.images.rst

doc/source/api/nova..virt.libvirt_conn.rst

doc/source/api/nova..virt.xenapi.fake.rst

doc/source/api/nova..virt.xenapi.network_utils.rst

doc/source/api/nova..virt.xenapi.vm_utils.rst

doc/source/api/nova..virt.xenapi.vmops.rst

doc/source/api/nova..virt.xenapi.volume_utils.rst

doc/source/api/nova..virt.xenapi.volumeops.rst

doc/source/api/nova..virt.xenapi_conn.rst

doc/source/api/nova..volume.api.rst

doc/source/api/nova..volume.driver.rst

doc/source/api/nova..volume.manager.rst

doc/source/api/nova..volume.san.rst

doc/source/api/nova..wsgi.rst

doc/source/runnova

doc/source/runnova/binaries.rst

doc/source/runnova/euca2ools.rst

doc/source/runnova/flags.rst

doc/source/runnova/getting.started.rst

doc/source/runnova/index.rst

doc/source/runnova/managing.images.rst

doc/source/runnova/managing.instance.types.rst

doc/source/runnova/managing.instances.rst

doc/source/runnova/managing.networks.rst

doc/source/runnova/managing.projects.rst

doc/source/runnova/managing.users.rst

doc/source/runnova/managingsecurity.rst

doc/source/runnova/monitoring.rst

doc/source/runnova/network.flat.rst

doc/source/runnova/network.vlan.rst

doc/source/runnova/nova.manage.rst

nova/api/ec2/ec2utils.py

nova/api/openstack/zones.py

nova/db/sqlalchemy/migrate_repo/versions/003_add_label_to_networks.py

nova/db/sqlalchemy/migrate_repo/versions/004_add_zone_tables.py

nova/db/sqlalchemy/migrate_repo/versions/005_add_instance_metadata.py

nova/db/sqlalchemy/migrate_repo/versions/006_add_provider_data_to_volumes.py

nova/db/sqlalchemy/migrate_repo/versions/007_add_ipv6_to_fixed_ips.py

nova/db/sqlalchemy/migrate_repo/versions/008_add_instance_types.py

nova/db/sqlalchemy/migrate_repo/versions/009_add_instance_migrations.py

nova/scheduler/api.py

nova/scheduler/zone_manager.py

nova/tests/api/openstack/common.py

nova/tests/api/openstack/test_common.py

nova/tests/api/openstack/test_zones.py

nova/tests/test_instance_types.py

nova/tests/test_test.py

nova/tests/test_utils.py

nova/tests/test_zones.py

nova/volume/san.py

plugins/xenserver/xenapi/etc/xapi.d/plugins/migration

po/ast.po

po/cs.po

po/da.po

po/de.po

po/es.po

po/it.po

po/ja.po

po/pt_BR.po

po/ru.po

po/uk.po

po/zh_CN.po

smoketests/netadmin_smoketests.py

smoketests/proxy.sh

files removed:
babel.cfg

bin/nova-combined

contrib/puppet

contrib/puppet/files

contrib/puppet/files/etc

contrib/puppet/files/etc/default

contrib/puppet/files/etc/default/nova-compute

contrib/puppet/files/etc/default/nova-volume

contrib/puppet/files/etc/issue

contrib/puppet/files/etc/libvirt

contrib/puppet/files/etc/libvirt/qemu.conf

contrib/puppet/files/etc/lvm

contrib/puppet/files/etc/lvm/lvm.conf

contrib/puppet/files/etc/nova.conf

contrib/puppet/files/production

contrib/puppet/files/production/boto.cfg

contrib/puppet/files/production/genvpn.sh

contrib/puppet/files/production/libvirt.qemu.xml.template

contrib/puppet/files/production/my.cnf

contrib/puppet/files/production/nova-iptables

contrib/puppet/files/production/nova-iscsi-dev.sh

contrib/puppet/files/production/setup_data.sh

contrib/puppet/files/production/slap.sh

contrib/puppet/fileserver.conf

contrib/puppet/manifests

contrib/puppet/manifests/classes

contrib/puppet/manifests/classes/apt.pp

contrib/puppet/manifests/classes/issue.pp

contrib/puppet/manifests/classes/kern_module.pp

contrib/puppet/manifests/classes/loopback.pp

contrib/puppet/manifests/classes/lvm.pp

contrib/puppet/manifests/classes/lvmconf.pp

contrib/puppet/manifests/classes/nova.pp

contrib/puppet/manifests/classes/swift.pp

contrib/puppet/manifests/site.pp

contrib/puppet/manifests/templates.pp

contrib/puppet/puppet.conf

contrib/puppet/templates

contrib/puppet/templates/haproxy.cfg.erb

contrib/puppet/templates/monitrc-nova-api.erb

contrib/puppet/templates/nova-iptables.erb

contrib/puppet/templates/production

contrib/puppet/templates/production/nova-common.conf.erb

contrib/puppet/templates/production/nova-nova.conf.erb

doc/source/adminguide

doc/source/adminguide/binaries.rst

doc/source/adminguide/distros

doc/source/adminguide/distros/others.rst

doc/source/adminguide/distros/ubuntu.10.04.rst

doc/source/adminguide/distros/ubuntu.10.10.rst

doc/source/adminguide/euca2ools.rst

doc/source/adminguide/flags.rst

doc/source/adminguide/getting.started.rst

doc/source/adminguide/index.rst

doc/source/adminguide/managing.images.rst

doc/source/adminguide/managing.instances.rst

doc/source/adminguide/managing.networks.rst

doc/source/adminguide/managing.projects.rst

doc/source/adminguide/managing.users.rst

doc/source/adminguide/managingsecurity.rst

doc/source/adminguide/monitoring.rst

doc/source/adminguide/multi.node.install.rst

doc/source/adminguide/network.flat.rst

doc/source/adminguide/network.vlan.rst

doc/source/adminguide/nova.manage.rst

doc/source/adminguide/single.node.install.rst

files renamed:
etc/nova-api.conf => etc/api-paste.ini

locale/ => po/

smoketests/user_smoketests.py => smoketests/sysadmin_smoketests.py

files modified:
.bzrignore

.mailmap

Authors

HACKING

MANIFEST.in

bin/nova-ajax-console-proxy

bin/nova-api

bin/nova-compute

bin/nova-console

bin/nova-dhcpbridge

bin/nova-direct-api

bin/nova-import-canonical-imagestore

bin/nova-instancemonitor

bin/nova-manage

bin/nova-network

bin/nova-scheduler

bin/nova-volume

contrib/nova.sh

doc/ext/nova_autodoc.py

doc/source/community.rst

doc/source/index.rst

doc/source/man/novamanage.rst

doc/source/nova.concepts.rst

doc/source/object.model.rst

doc/source/quickstart.rst

nova/__init__.py

nova/adminclient.py

nova/api/direct.py

nova/api/ec2/__init__.py

nova/api/ec2/admin.py

nova/api/ec2/apirequest.py

nova/api/ec2/cloud.py

nova/api/ec2/metadatarequesthandler.py

nova/api/openstack/__init__.py

nova/api/openstack/auth.py

nova/api/openstack/backup_schedules.py

nova/api/openstack/common.py

nova/api/openstack/consoles.py

nova/api/openstack/faults.py

nova/api/openstack/flavors.py

nova/api/openstack/images.py

nova/api/openstack/ratelimiting/__init__.py

nova/api/openstack/servers.py

nova/api/openstack/shared_ip_groups.py

nova/auth/ldapdriver.py

nova/auth/novarc.template

nova/compute/api.py

nova/compute/instance_types.py

nova/compute/manager.py

nova/compute/power_state.py

nova/console/manager.py

nova/console/xvp.py

nova/context.py

nova/crypto.py

nova/db/api.py

nova/db/sqlalchemy/api.py

nova/db/sqlalchemy/migrate_repo/versions/001_austin.py

nova/db/sqlalchemy/migrate_repo/versions/002_bexar.py

nova/db/sqlalchemy/migration.py

nova/db/sqlalchemy/models.py

nova/db/sqlalchemy/session.py

nova/exception.py

nova/fakerabbit.py

nova/flags.py

nova/image/glance.py

nova/image/local.py

nova/image/s3.py

nova/image/service.py

nova/log.py

nova/network/api.py

nova/network/linux_net.py

nova/network/manager.py

nova/objectstore/bucket.py

nova/objectstore/image.py

nova/quota.py

nova/rpc.py

nova/scheduler/manager.py

nova/service.py

nova/test.py

nova/tests/__init__.py

nova/tests/api/openstack/__init__.py

nova/tests/api/openstack/fakes.py

nova/tests/api/openstack/test_adminapi.py

nova/tests/api/openstack/test_api.py

nova/tests/api/openstack/test_auth.py

nova/tests/api/openstack/test_faults.py

nova/tests/api/openstack/test_flavors.py

nova/tests/api/openstack/test_images.py

nova/tests/api/openstack/test_ratelimiting.py

nova/tests/api/openstack/test_servers.py

nova/tests/api/openstack/test_shared_ip_groups.py

nova/tests/api/test_wsgi.py

nova/tests/db/fakes.py

nova/tests/fake_flags.py

nova/tests/glance/stubs.py

nova/tests/objectstore_unittest.py

nova/tests/test_api.py

nova/tests/test_auth.py

nova/tests/test_cloud.py

nova/tests/test_compute.py

nova/tests/test_console.py

nova/tests/test_direct.py

nova/tests/test_localization.py

nova/tests/test_log.py

nova/tests/test_misc.py

nova/tests/test_network.py

nova/tests/test_quota.py

nova/tests/test_scheduler.py

nova/tests/test_service.py

nova/tests/test_virt.py

nova/tests/test_volume.py

nova/tests/test_xenapi.py

nova/tests/xenapi/stubs.py

nova/twistd.py

nova/utils.py

nova/virt/disk.py

nova/virt/fake.py

nova/virt/images.py

nova/virt/libvirt_conn.py

nova/virt/xenapi/fake.py

nova/virt/xenapi/vm_utils.py

nova/virt/xenapi/vmops.py

nova/virt/xenapi/volumeops.py

nova/virt/xenapi_conn.py

nova/volume/api.py

nova/volume/driver.py

nova/volume/manager.py

nova/wsgi.py

plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py

plugins/xenserver/xenapi/etc/xapi.d/plugins/agent

plugins/xenserver/xenapi/etc/xapi.d/plugins/glance

plugins/xenserver/xenapi/etc/xapi.d/plugins/objectstore

plugins/xenserver/xenapi/etc/xapi.d/plugins/xenstore.py

po/nova.pot

run_tests.py

run_tests.sh

setup.py

smoketests/base.py

smoketests/flags.py

smoketests/public_network_smoketests.py

tools/euca-get-ajax-console

tools/pip-requires

Show diffs side-by-side

added added

removed removed

nova/crypto.py

105

106

tmpdir = tempfile.mkdtemp()

107

keyfile = os.path.join(tmpdir, 'temp')

108

utils.execute('ssh-keygen -q -b %d -N "" -f %s' % (bits, keyfile))

109

(out, err) = utils.execute('ssh-keygen -q -l -f %s.pub' % (keyfile))

108

utils.execute('ssh-keygen', '-q', '-b', bits, '-N', '',

109

'-f', keyfile)

110

(out, err) = utils.execute('ssh-keygen', '-q', '-l', '-f',

111

'%s.pub' % (keyfile))

110

112

fingerprint = out.split(' ')[1]

111

113

private_key = open(keyfile).read()

112

114

public_key = open(keyfile + '.pub').read()

118

120

# bio = M2Crypto.BIO.MemoryBuffer()

119

121

# key.save_pub_key_bio(bio)

120

122

# public_key = bio.read()

121

# public_key, err = execute('ssh-keygen -y -f /dev/stdin', private_key)

123

# public_key, err = execute('ssh-keygen', '-y', '-f',

124

# '/dev/stdin', private_key)

122

125

123

126

return (private_key, public_key, fingerprint)

124

127

143

146

start = os.getcwd()

144

147

os.chdir(ca_folder(project_id))

145

148

# NOTE(vish): potential race condition here

146

utils.execute("openssl ca -config ./openssl.cnf -revoke '%s'" % file_name)

147

utils.execute("openssl ca -gencrl -config ./openssl.cnf -out '%s'" %

148

FLAGS.crl_file)

149

utils.execute('openssl', 'ca', '-config', './openssl.cnf', '-revoke',

150

file_name)

151

utils.execute('openssl', 'ca', '-gencrl', '-config', './openssl.cnf',

152

'-out', FLAGS.crl_file)

149

153

os.chdir(start)

150

154

151

155

193

197

tmpdir = tempfile.mkdtemp()

194

198

keyfile = os.path.abspath(os.path.join(tmpdir, 'temp.key'))

195

199

csrfile = os.path.join(tmpdir, 'temp.csr')

196

utils.execute("openssl genrsa -out %s %s" % (keyfile, bits))

197

utils.execute("openssl req -new -key %s -out %s -batch -subj %s" %

198

(keyfile, csrfile, subject))

200

utils.execute('openssl', 'genrsa', '-out', keyfile, str(bits))

201

utils.execute('openssl', 'req', '-new', '-key', keyfile, '-out', csrfile,

202

'-batch', '-subj', subject)

199

203

private_key = open(keyfile).read()

200

204

csr = open(csrfile).read()

201

205

shutil.rmtree(tmpdir)

212

216

if not os.path.exists(ca_path(project_id)):

213

217

start = os.getcwd()

214

218

os.chdir(ca_folder())

215

utils.execute("sh geninter.sh %s %s" %

216

(project_id, _project_cert_subject(project_id)))

219

utils.execute('sh', 'geninter.sh', project_id,

220

_project_cert_subject(project_id))

217

221

os.chdir(start)

218

222

219

223

228

232

start = os.getcwd()

229

233

os.chdir(ca_folder())

230

234

# TODO(vish): the shell scripts could all be done in python

231

utils.execute("sh genvpn.sh %s %s" %

232

(project_id, _vpn_cert_subject(project_id)))

235

utils.execute('sh', 'genvpn.sh',

236

project_id, _vpn_cert_subject(project_id))

233

237

with open(csr_fn, "r") as csrfile:

234

238

csr_text = csrfile.read()

235

239

(serial, signed_csr) = sign_csr(csr_text, project_id)

259

263

start = os.getcwd()

260

264

# Change working dir to CA

261

265

os.chdir(ca_folder)

262

utils.execute("openssl ca -batch -out %s -config "

263

"./openssl.cnf -infiles %s" % (outbound, inbound))

264

out, _err = utils.execute("openssl x509 -in %s -serial -noout" % outbound)

266

utils.execute('openssl', 'ca', '-batch', '-out', outbound, '-config',

267

'./openssl.cnf', '-infiles', inbound)

268

out, _err = utils.execute('openssl', 'x509', '-in', outbound,

269

'-serial', '-noout')

265

270

serial = out.rpartition("=")[2]

266

271

os.chdir(start)

267

272

with open(outbound, "r") as crtfile:

Older »