Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

nimbus-configure improvements.

* Add header to config file output
* Check for keystore mismatch with host cert/key
* Handle Ctrl-C more gracefully
  • Loading branch information...
commit 8cc7d254439ccbd68d4a69ac590593bcc8c9c5f9 1 parent 3539374
@labisso labisso authored
Showing with 38 additions and 8 deletions.
  1. +2 −0  bin/install
  2. +36 −8 home/sbin/nimbusconfigure.py
View
2  bin/install
@@ -58,6 +58,8 @@ $CONFIG_SCRIPT
if [ $? -ne 0 ]; then
echo "Nimbus configuration script failed! You may try running it manually:"
echo " $CONFIG_SCRIPT"
+ echo "You can also run the script with debugging output:"
+ echo " $CONFIG_SCRIPT --debug"
exit 1
fi
View
44 home/sbin/nimbusconfigure.py
@@ -10,6 +10,7 @@
from StringIO import StringIO
import readline
import string
+import time
from random import Random
from nimbusweb.setup import pathutil,javautil,checkssl,gtcontainer,autoca
from nimbusweb.setup.setuperrors import *
@@ -42,6 +43,27 @@
"JupiterNimbusCA" as the name.
"""
+CONFIG_HEADER = """
+# Autogenerated at %(time)s
+#
+# This file contains configuration values used by the nimbus-configure program.
+# If you want to change any of these values, you may edit this file, but you
+# must run nimbus-configure before the change will take effect.
+
+"""
+
+KEYSTORE_MISMATCH_MSG = """
+A Java keystore already exists at:
+ %(keystore)s
+However, it does not contain the host certificate and private key which are
+being configured.
+ Certificate: %(hostcert)s
+ Private key: %(hostkey)s
+This may be because you have switched certificates and the keystore contains
+the old version. If so, the best solution is to delete (or relocate) the
+keystore and rerun nimbus-configure to generate a new one.
+"""
+
def getlog(override=None):
"""Allow developer to replace logging mechanism, e.g. if this
module is incorporated into another program as an API.
@@ -304,15 +326,20 @@ def perform_setup(self):
checkssl.run(self.webdir, self.hostcert_path, self.hostkey_path, log,
cadir=self.cadir, hostname=hostname)
- #TODO if the keystore exists, we should check it for the right cert/key
- if not os.path.exists(self.keystore_path):
- password = self['keystore.pass']
- if not password:
- raise InvalidConfig("Keystore password is unknown")
+ password = self['keystore.pass']
+ if not password:
+ raise InvalidConfig("Keystore password is unknown")
- autoca.createKeystore(self.hostcert_path, self.hostkey_path,
+ try:
+ autoca.ensureKeystore(self.hostcert_path, self.hostkey_path,
self.keystore_path, password, self.webdir, log)
-
+ except autoca.KeystoreMismatchError:
+ raise IncompatibleEnvironment(KEYSTORE_MISMATCH_MSG % {
+ 'keystore' : self.keystore_path,
+ 'hostcert' : self.hostcert_path,
+ 'hostkey' : self.hostkey_path })
+ pathutil.make_path_rw_private(self.keystore_path)
+
# then adjust the web config to point to these keys
webconfpath = pathutil.pathjoin(self.webdir, 'nimbusweb.conf')
@@ -431,6 +458,7 @@ def main(argv=None):
f = None
try:
f = open(opts.configpath, 'wb')
+ f.write(CONFIG_HEADER % {'time' : time.strftime('%c')})
config.write(f)
except:
log.info("Failed to save settings to %s!" % opts.configpath)
@@ -466,7 +494,7 @@ def main(argv=None):
except SystemExit:
raise
except KeyboardInterrupt:
- raise
+ print "\n\nReceived keyboard interrupt. Aborting!\n"
except:
exception_type = sys.exc_type
try:
Please sign in to comment.
Something went wrong with that request. Please try again.