Alon Bar-Lev has uploaded a new change for review. Change subject: vdsm: pki: pending key fixups ......................................................................
vdsm: pki: pending key fixups pending key existence should be deferred to misc stage as we do not have the actual vdsm key store at validation stage. make the cleanup stage more verbose, so it won't have application logic. Change-Id: I937229e5d156777b409364a1a6d44f705f4d3fce Signed-off-by: Alon Bar-Lev <[email protected]> --- M src/plugins/ovirt-host-deploy/vdsm/pki.py 1 file changed, 27 insertions(+), 20 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-host-deploy refs/changes/62/10362/1 diff --git a/src/plugins/ovirt-host-deploy/vdsm/pki.py b/src/plugins/ovirt-host-deploy/vdsm/pki.py index b83f963..31a25d6 100644 --- a/src/plugins/ovirt-host-deploy/vdsm/pki.py +++ b/src/plugins/ovirt-host-deploy/vdsm/pki.py @@ -165,6 +165,7 @@ def __init__(self, context): super(Plugin, self).__init__(context=context) self._enabled = False + self._cleanupFiles = [] @plugin.event( stage=plugin.Stages.STAGE_INIT, @@ -198,13 +199,6 @@ ] != odeploycons.Const.CERTIFICATE_ENROLLMENT_NONE, ) def _validation(self): - if ( - self.environment[ - odeploycons.VdsmEnv.CERTIFICATE_ENROLLMENT - ] == odeploycons.Const.CERTIFICATE_ENROLLMENT_ACCEPT and - not os.path.exists(odeploycons.FileLocations.VDSM_KEY_PENDING_FILE) - ): - raise RuntimeError(_('PKI accept mode while no pending request')) self._enabled = True @plugin.event( @@ -236,11 +230,19 @@ odeploycons.VdsmEnv.CERTIFICATE_ENROLLMENT ] + pendingKey = os.path.join( + vdsmTrustStore, + odeploycons.FileLocations.VDSM_KEY_PENDING_FILE, + ) + if enrollment == odeploycons.Const.CERTIFICATE_ENROLLMENT_ACCEPT: - with open( - odeploycons.FileLocations.VDSM_KEY_PENDING_FILE, - 'r' - ) as f: + # we cannot perform the following + # in validation stage, as we do not have + # the trust store location. + if not os.path.exists(pendingKey): + raise RuntimeError(_('PKI accept mode while no pending request')) + + with open(pendingKey, 'r') as f: vdsmkey = f.read() else: if useM2Crypto: @@ -265,10 +267,7 @@ self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( filetransaction.FileTransaction( - name=os.path.join( - vdsmTrustStore, - odeploycons.FileLocations.VDSM_KEY_PENDING_FILE, - ), + name=pendingKey, owner='root', downer='vdsm', dgroup='kvm', @@ -282,6 +281,8 @@ ) ) else: + self._cleanupFiles.append(pendingKey) + chain = self.environment[ odeploycons.VdsmEnv.CERTIFICATE_CHAIN ] @@ -388,8 +389,14 @@ condition=lambda self: self._enabled, ) def _closeup(self): - if self.environment[ - odeploycons.VdsmEnv.CERTIFICATE_ENROLLMENT - ] != odeploycons.Const.CERTIFICATE_ENROLLMENT_REQUEST: - if os.path.exists(odeploycons.FileLocations.VDSM_KEY_PENDING_FILE): - os.unlink(odeploycons.FileLocations.VDSM_KEY_PENDING_FILE) + for f in self._cleanupFiles: + if os.path.exists(f): + try: + os.unlink(f) + except OSError: + self.logger.warning( + _("Cannot remove file '{name}'.").format( + name=f, + ) + ) + self.logger.debug(exc_info=True) -- To view, visit http://gerrit.ovirt.org/10362 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I937229e5d156777b409364a1a6d44f705f4d3fce Gerrit-PatchSet: 1 Gerrit-Project: ovirt-host-deploy Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
