Skip to content

Cert Refresh #4440

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lindig merged 4 commits into from
Jun 25, 2021
Merged

Cert Refresh #4440

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d38d985
CP-36098 introduce host-refresh-server-certificates
lindig Jun 8, 2021
662405a
CP-36098 add path argument to Gencertlib.Lib.install_server_certificate
lindig Jun 9, 2021
9447e23
CP-36098 new API: host.refresh-host-certficate
lindig Jun 9, 2021
ae8cf8b
CP-36098 introduce pool op cert_refresh
lindig Jun 22, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
CP-36098 add path argument to Gencertlib.Lib.install_server_certificate 
To make the function usable for both internal and external host
certificates, add a path parameter to where to install a certificate.

Signed-off-by: Christian Lindig <[email protected]>
  • Loading branch information
@lindig
lindig committed Jun 23, 2021
commit 662405a5ffe761167d46b4c63f49f9fb593e888f
5 changes: 2 additions & 3 deletions ocaml/xapi/certificates.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -438,11 +438,10 @@ let hostnames_of_pem_cert pem =
>>| X509.Certificate.hostnames

let install_server_certificate ?(pem_chain = None) ~pem_leaf ~pkcs8_private_key
=
let server_cert_path = !Xapi_globs.server_cert_path in
~path =
let installation =
Gencertlib.Lib.install_server_certificate ~pem_chain ~pem_leaf
~pkcs8_private_key ~server_cert_path
~pkcs8_private_key ~server_cert_path:path
in
match installation with
| Ok cert ->
Expand Down
14 changes: 8 additions & 6 deletions ocaml/xapi/xapi_host.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1488,17 +1488,17 @@ let install_server_certificate ~__context ~host ~certificate ~private_key
~certificate_chain =
if Db.Pool.get_ha_enabled ~__context ~self:(Helpers.get_pool ~__context) then
raise Api_errors.(Server_error (ha_is_enabled, [])) ;
let path = !Xapi_globs.server_cert_path in
let write_cert_fs () =
let pem_chain =
match certificate_chain with "" -> None | pem_chain -> Some pem_chain
in
Certificates.install_server_certificate ~pem_leaf:certificate
~pkcs8_private_key:private_key ~pem_chain
~pkcs8_private_key:private_key ~pem_chain ~path
in
replace_host_certificate ~__context ~type':`host ~host write_cert_fs

let _new_host_cert ~dbg : X509.Certificate.t =
let xapi_ssl_pem = !Xapi_globs.server_cert_path in
let _new_host_cert ~dbg ~path : X509.Certificate.t =
let name, ip =
match Networking_info.get_management_ip_addr ~dbg with
| None ->
Expand All @@ -1510,16 +1510,18 @@ let _new_host_cert ~dbg : X509.Certificate.t =
in
let dns_names = Networking_info.dns_names () in
let ips = [ip] in
Gencertlib.Selfcert.host ~name ~dns_names ~ips xapi_ssl_pem
Gencertlib.Selfcert.host ~name ~dns_names ~ips path

let reset_server_certificate ~__context ~host =
let dbg = Context.string_of_task __context in
let write_cert_fs () = _new_host_cert ~dbg in
let path = !Xapi_globs.server_cert_path in
let write_cert_fs () = _new_host_cert ~dbg ~path in
replace_host_certificate ~__context ~type':`host ~host write_cert_fs

let emergency_reset_server_certificate ~(__context : 'a) =
let path = !Xapi_globs.server_cert_path in
let (_ : X509.Certificate.t) =
_new_host_cert ~dbg:"emergency_reset_certificate"
_new_host_cert ~dbg:"emergency_reset_certificate" ~path
in
()

Expand Down