Merge pull request #455 from carlroth/roth_swl_4810_2

Cleanups for PKI, mounts points, logging, onie-sysinfo
2025-12-25 17:27:01 +00:00 · 2018-09-25 14:08:10 -07:00
parent 89513d0489 8ac2f0330b
commit 14c387475b
3 changed files with 103 additions and 42 deletions
--- a/packages/base/all/vendor-config-onl/src/python/onl/install/ShellApp.py
+++ b/packages/base/all/vendor-config-onl/src/python/onl/install/ShellApp.py
@@ -242,8 +242,10 @@ class OnieSysinfoApp(SubprocessMixin, object):
        with InitrdContext(initrd=initrd, log=self.log) as ctx:
            cmd = ['onie-sysinfo',]
            cmd.extend(self.args)
+            self.log.info("foo!")
+            cmd = 'IFS=;' + " ".join(cmd)
            cmd = ('chroot', ctx.dir,
-                   '/bin/sh', '-c', 'IFS=;' + " ".join(cmd))
+                   '/bin/sh', '-c', cmd,)
            try:
                self.output = self.check_output(cmd)
                ret = 0
--- a/packages/base/all/vendor-config-onl/src/python/onl/pki/init.py
+++ b/packages/base/all/vendor-config-onl/src/python/onl/pki/init.py
@@ -8,11 +8,8 @@ import sys
 import os
 import argparse
 import logging
-import tempfile
 import shutil
-import subprocess
 import tempfile
-import yaml
 from onl.mounts import OnlMountManager, OnlMountContextReadOnly, OnlMountContextReadWrite
 from onl.sysconfig import sysconfig
 from onl.util import *
@@ -50,39 +47,70 @@ class OnlPki(OnlServiceMixin):
        self.init_cert(force=force)

    def init_key(self, force=False):
-        with OnlPkiContextReadOnly(self.logger):
-            if not os.path.exists(self.kpath) or force:
-                self.logger.info("Generating private key...")
-                cmd = "openssl genrsa -out %s %s" % (self.kpath, sysconfig.pki.key.len)
-                with OnlPkiContextReadWrite(self.logger):
-                    if not os.path.isdir(self.CONFIG_PKI_DIR):
-                        os.makedirs(self.CONFIG_PKI_DIR)
-                    self._execute(cmd)
-                self.init_cert(force=True)
-            else:
-                self.logger.info("Using existing private key.")
+        need_key = False
+        need_cert = False
+
+        if force:
+            need_key = True
+        else:
+            with OnlPkiContextReadOnly(self.logger):
+                if not os.path.exists(self.kpath):
+                    need_key = True
+
+        if need_key:
+            self.logger.info("Generating private key...")
+            cmd = ('openssl', 'genrsa',
+                   '-out', self.kpath,
+                   str(sysconfig.pki.key.len),)
+            with OnlPkiContextReadWrite(self.logger):
+                if not os.path.isdir(self.CONFIG_PKI_DIR):
+                    os.makedirs(self.CONFIG_PKI_DIR)
+                self._execute(cmd, logLevel=logging.INFO)
+            need_cert = True
+        else:
+            self.logger.info("Using existing private key.")
+
+        if need_cert:
+            self.init_cert(force=True)

    def init_cert(self, force=False):
-        with OnlPkiContextReadOnly(self.logger):
-            if not os.path.exists(self.cpath) or force:
-                self.logger.info("Generating self-signed certificate...")
-                csr = tempfile.NamedTemporaryFile(prefix="pki-", suffix=".csr", delete=False)
-                csr.close()
-                fields = [ "%s=%s" % (k, v) for k,v in sysconfig.pki.cert.csr.fields.iteritems() ]
-                subject = "/" + "/".join(fields)
-                self.logger.debug("Subject: '%s'", subject)
-                self.logger.debug("CSR: %s", csr.name)
-                with OnlPkiContextReadWrite(self.logger):
-                    if not os.path.isdir(self.CONFIG_PKI_DIR):
-                        os.makedirs(self.CONFIG_PKI_DIR)
-                    self._execute("""openssl req -new -batch -subj "%s" -key %s -out %s""" % (
-                            subject, self.kpath, csr.name))
-                    self._execute("""openssl x509 -req -days %s -sha256 -in %s -signkey %s -out %s""" % (
-                            sysconfig.pki.cert.csr.cdays,
-                            csr.name, self.kpath, self.cpath))
-                os.unlink(csr.name)
-            else:
-                self.logger.info("Using existing certificate.")
+        need_cert = False
+
+        if force:
+            need_cert = True
+        else:
+            with OnlPkiContextReadOnly(self.logger):
+                if not os.path.exists(self.cpath):
+                    need_cert = True
+
+        if need_cert:
+            self.logger.info("Generating self-signed certificate...")
+            csr = tempfile.NamedTemporaryFile(prefix="pki-", suffix=".csr", delete=False)
+            csr.close()
+            fields = [ "%s=%s" % (k, v) for k,v in sysconfig.pki.cert.csr.fields.iteritems() ]
+            subject = "/" + "/".join(fields)
+            self.logger.debug("Subject: '%s'", subject)
+            self.logger.debug("CSR: %s", csr.name)
+            with OnlPkiContextReadWrite(self.logger):
+                if not os.path.isdir(self.CONFIG_PKI_DIR):
+                    os.makedirs(self.CONFIG_PKI_DIR)
+                self._execute(('openssl', 'req',
+                               '-new', '-batch',
+                               '-subj', subject,
+                               '-key', self.kpath,
+                               '-out', csr.name,),
+                              logLevel=logging.INFO)
+                self._execute(('openssl', 'x509',
+                               '-req',
+                               '-days', str(sysconfig.pki.cert.csr.cdays),
+                               '-sha256',
+                               '-in', csr.name,
+                               '-signkey', self.kpath,
+                               '-out', self.cpath,),
+                              logLevel=logging.INFO)
+            os.unlink(csr.name)
+        else:
+            self.logger.info("Using existing certificate.")

    @staticmethod
    def main():
--- a/packages/base/all/vendor-config-onl/src/python/onl/util/init.py
+++ b/packages/base/all/vendor-config-onl/src/python/onl/util/init.py
@@ -1,18 +1,49 @@
 import subprocess
+import logging

 class OnlServiceMixin(object):
-    def _execute(self, cmd, root=False, ex=True):
-        self.logger.debug("Executing: %s" % cmd)
+
+    def _execute(self, cmd,
+                 root=False, ex=True,
+                 logLevel=logging.DEBUG):
+        self.logger.log(logLevel, "Executing: %s", cmd)
+
+        if isinstance(cmd, basestring):
+            shell = True
+        else:
+            shell = False
+
        if root is True and os.getuid() != 0:
-            cmd = "sudo " + cmd
+            if isinstance(cmd, basestring):
+                cmd = "sudo " + cmd
+            else:
+                cmd = ['sudo',] + list(cmd)
+
        try:
-            subprocess.check_call(cmd, shell=True)
-        except Exception, e:
+            pipe = subprocess.Popen(cmd, shell=shell,
+                                    stdout=subprocess.PIPE,
+                                    stderr=subprocess.STDOUT)
+        except OSError as e:
            if ex:
-                self.logger.error("Command failed: %s" % e)
+                self.logger.error("Command did not start: %s (%s)",
+                                  str(e), str(e.child_traceback),)
                raise
            else:
-                return e.returncode
+                return -1
+
+        out, _ = pipe.communicate()
+        code = pipe.wait()
+
+        lvl = logging.WARN if code else logLevel
+        out = (out or "").rstrip()
+        for line in out.splitlines(False):
+            self.logger.log(lvl, ">>> %s", line)
+
+        if ex and code:
+            self.logger.error("Command failed with code %s", code)
+            raise subprocess.CalledProcessError(code, cmd)
+
+        return code

    def _raise(self, msg, klass):
        self.logger.critical(msg)