fm-orchestrator

Clone
Source Code
GIT

#677 Clean up manage.py and update Vagrant to use Fedora 26
Merged 6 years ago by mprahl. Opened 6 years ago by mprahl.
various-fixes-mprahl  into  master

file modified
+8 -5 
@@ -20,8 +20,9 @@ 
 

          openssl-devel \
 

          python \
 

          python-devel \
 

-         python-devel \
 

+         python-docutils \
 

          python-flask \
 

+         python-m2ext \
 

          python-mock \
 

          python-qpid \
 

          python-virtualenv \
 
@@ -48,17 +49,19 @@ 
 

  SCRIPT_SERVICES
 

  

  Vagrant.configure("2") do |config|
 

-   config.vm.box = "fedora/24-cloud-base"
 

+   config.vm.box = "fedora/26-cloud-base"
 

    config.vm.synced_folder "./", "/tmp/module_build_service"
 

+   # Disable the default share
 

+   config.vm.synced_folder ".", "/vagrant", disabled: true
 

    config.vm.provision "file", source: "/tmp/mbs-krbcc", destination: "/var/tmp/krbcc", run: "always"
 

    config.vm.network "forwarded_port", guest_ip: "0.0.0.0", guest: 5000, host: 5000
 

    config.vm.network "forwarded_port", guest_ip: "0.0.0.0", guest: 2001, host: 5001
 

    config.vm.network "forwarded_port", guest_ip: "0.0.0.0", guest: 13747, host: 13747
 

    config.vm.provision "shell", inline: $script
 

    config.vm.provision "shell", inline: $script_services, run: "always"
 

-   config.vm.provider "libvirt" do |domain|
 

-     domain.memory = 1024
 

-     #domain.cpus = 2
 

+   config.vm.provider "libvirt" do |v|
 

+     v.memory = 1024
 

+     #v.cpus = 2
 

    end
 

    config.vm.provider "virtualbox" do |v|
 

      v.memory = 1024

file modified
+5 -109 
@@ -21,13 +21,12 @@ 
 

  #
 

  # Written by Matt Prahl <mprahl@redhat.com> except for the test functions
 

  

+ import random
 

  from flask_script import Manager
 

  from functools import wraps
 

  import flask_migrate
 

  import logging
 

  import os
 

- import ssl
 

- from shutil import rmtree
 

  import getpass
 

  

  from module_build_service import app, conf, db, create_app
 
@@ -86,13 +85,8 @@ 
 

          if not os.path.exists(value):
 

              raise OSError("%s: %s file not found." % (attribute, value))
 

  

-     # Then, establish the ssl context and return it
 

-     ssl_ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
 

-     ssl_ctx.load_cert_chain(conf.ssl_certificate_file,
 

-                             conf.ssl_certificate_key_file)
 

-     ssl_ctx.verify_mode = ssl.CERT_OPTIONAL
 

-     ssl_ctx.load_verify_locations(cafile=conf.ssl_ca_certificate_file)
 

-     return ssl_ctx
 

+     return (os.path.abspath(conf.ssl_certificate_file),
 

+             os.path.abspath(conf.ssl_certificate_key_file))
 

  

  

  @console_script_help
 
@@ -153,108 +147,10 @@ 
 

          module_build_service.scheduler.main([], stop)
 

  

  

- @manager.command
 

- def gendevfedmsgcert(pki_dir='/etc/module_build_service', force=False):
 

-     """ Creates a CA, a certificate signed by that CA, and generates a CRL.
 

-     """
 

-     from OpenSSL import crypto
 

- 

-     if os.path.exists(pki_dir):
 

-         if force:
 

-             rmtree(pki_dir)
 

-         else:
 

-             print('The directory "{}" already exists'.format(pki_dir))
 

-             return
 

- 

-     os.mkdir(pki_dir)
 

- 

-     ca_crt_path = os.path.join(pki_dir, 'ca.crt')
 

-     ca_key_path = os.path.join(pki_dir, 'ca.key')
 

-     msg_key_path = os.path.join(pki_dir, 'localhost.key')
 

-     msg_crt_path = os.path.join(pki_dir, 'localhost.crt')
 

-     ca_crl = os.path.join(pki_dir, 'ca.crl')
 

- 

-     # Create a key pair for the CA
 

-     ca_key = crypto.PKey()
 

-     ca_key.generate_key(crypto.TYPE_RSA, 2048)
 

- 

-     with open(ca_key_path, 'w') as ca_key_file:
 

-         ca_key_file.write(
 

-             crypto.dump_privatekey(crypto.FILETYPE_PEM, ca_key))
 

- 

-     # Create a self-signed CA cert
 

-     ca_cert = crypto.X509()
 

-     ca_subject = ca_cert.get_subject()
 

-     ca_subject.C = 'US'
 

-     ca_subject.ST = 'MA'
 

-     ca_subject.L = 'Boston'
 

-     ca_subject.O = 'Development'
 

-     ca_subject.CN = 'Dev-CA'
 

-     ca_cert.set_serial_number(1)
 

-     ca_cert.gmtime_adj_notBefore(0)
 

-     ca_cert.gmtime_adj_notAfter(315360000)  # 10 years
 

-     ca_cert.set_issuer(ca_cert.get_subject())
 

-     ca_cert.set_pubkey(ca_key)
 

-     ca_cert.add_extensions([
 

-         crypto.X509Extension('basicConstraints', True, 'CA:true')])
 

-     ca_cert.sign(ca_key, 'sha256')
 

- 

-     with open(ca_crt_path, 'w') as ca_crt_file:
 

-         ca_crt_file.write(
 

-             crypto.dump_certificate(crypto.FILETYPE_PEM, ca_cert))
 

- 

-     # Create a key pair for the message signing cert
 

-     msg_key = crypto.PKey()
 

-     msg_key.generate_key(crypto.TYPE_RSA, 2048)
 

- 

-     with open(msg_key_path, 'w') as msg_key_file:
 

-         msg_key_file.write(
 

-             crypto.dump_privatekey(crypto.FILETYPE_PEM, msg_key))
 

- 

-     # Create a cert signed by the CA
 

-     msg_cert = crypto.X509()
 

-     msg_cert_subject = msg_cert.get_subject()
 

-     msg_cert_subject.C = 'US'
 

-     msg_cert_subject.ST = 'MA'
 

-     msg_cert_subject.L = 'Boston'
 

-     msg_cert_subject.O = 'Development'
 

-     msg_cert_subject.CN = 'localhost'
 

-     msg_cert.set_serial_number(2)
 

-     msg_cert.gmtime_adj_notBefore(0)
 

-     msg_cert.gmtime_adj_notAfter(315360000)  # 10 years
 

-     msg_cert.set_issuer(ca_cert.get_subject())
 

-     msg_cert.set_pubkey(msg_key)
 

-     cert_extensions = [
 

-         crypto.X509Extension(
 

-             'keyUsage', True,
 

-             'digitalSignature, keyEncipherment, nonRepudiation'),
 

-         crypto.X509Extension('extendedKeyUsage', True, 'serverAuth'),
 

-         crypto.X509Extension('basicConstraints', True, 'CA:false'),
 

-         crypto.X509Extension('crlDistributionPoints', False,
 

-                              'URI:http://localhost/crl/ca.crl'),
 

-         crypto.X509Extension('authorityInfoAccess', False,
 

-                              'caIssuers;URI:http://localhost/crl/ca.crt'),
 

-         crypto.X509Extension('subjectKeyIdentifier', False, 'hash',
 

-                              subject=ca_cert)
 

-     ]
 

-     msg_cert.add_extensions(cert_extensions)
 

-     msg_cert.sign(ca_key, 'sha256')
 

- 

-     with open(msg_crt_path, 'w') as msg_crt_file:
 

-         msg_crt_file.write(
 

-             crypto.dump_certificate(crypto.FILETYPE_PEM, msg_cert))
 

- 

-     # Generate the CRL
 

-     with open(ca_crl, 'w') as ca_crl_file:
 

-         ca_crl_file.write(
 

-             crypto.CRL().export(ca_cert, ca_key, type=crypto.FILETYPE_PEM,
 

-                                 days=3650, digest='sha256'))
 

- 

- 

  @console_script_help
 

  @manager.command
 

  def generatelocalhostcert():
 

-     """ Creates a public/private key pair for message signing and the frontend
 

+     """ Creates a public/private key pair for the frontend
 

      """
 

      from OpenSSL import crypto
 

      cert_key = crypto.PKey()
 
@@ -272,7 +168,7 @@ 
 

      msg_cert_subject.L = 'Boston'
 

      msg_cert_subject.O = 'Development'
 

      msg_cert_subject.CN = 'localhost'
 

-     cert.set_serial_number(2)
 

+     cert.set_serial_number(random.randint(2, 99999999))
 

      cert.gmtime_adj_notBefore(0)
 

      cert.gmtime_adj_notAfter(315360000)  # 10 years
 

      cert.set_issuer(cert.get_subject())

file modified
+1 
@@ -22,3 +22,4 @@ 
 

  six
 

  sqlalchemy
 

  tabulate
 

+ urlgrabber
ralph commented 6 years ago

I see this is already in the .spec file too.

Changes:

  • Update Vagrant box to Fedora 26 and include some fixes
  • Modify generatelocalhostcert in manage.py to use a random serial number to prevent errors in the browser
  • Simplify _establish_ssl_context in manage.py
  • Remove unused command in manage.py

4 new commits added

  • Update Vagrant box to Fedora 26 and include some fixes
  • Modify generatelocalhostcert in manage.py to use a random serial number to prevent errors in the browser
  • Simplify _establish_ssl_context in manage.py
  • Remove unused command in manage.py
6 years ago

I see this is already in the .spec file too.

LGTM.

Didn't mean to include this. This should be a separate PR. Will remove this and merge.

4 new commits added

  • Update Vagrant box to Fedora 26 and include some fixes
  • Modify generatelocalhostcert in manage.py to use a random serial number to prevent errors in the browser
  • Simplify _establish_ssl_context in manage.py
  • Remove unused command in manage.py
6 years ago

4 new commits added

  • Update Vagrant box to Fedora 26 and include some fixes
  • Modify generatelocalhostcert in manage.py to use a random serial number to prevent errors in the browser
  • Simplify _establish_ssl_context in manage.py
  • Remove unused command in manage.py
6 years ago

Pull-Request has been merged by mprahl
6 years ago
Changes Summary 3
+8 -5
file changed
Vagrantfile
+5 -109
file changed
module_build_service/manage.py
+1 -0
file changed
requirements.txt
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.