Skip to content

Commit

Permalink
let the taskomatic task save and update CA certs; update PaygUpdateHo…
Browse files Browse the repository at this point in the history 
…stsTask
  • Loading branch information
@CDellaGiusta
CDellaGiusta committed Jan 22, 2025
1 parent ccac3ee commit 872a7f9
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 33 deletions.
55 changes: 44 additions & 11 deletions java/code/src/com/redhat/rhn/taskomatic/task/RootCaCertUpdateTask.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,14 @@
*/
package com.redhat.rhn.taskomatic.task;

import com.suse.utils.CertificateUtils;

import org.quartz.JobDataMap;
import org.quartz.JobExecutionContext;
import org.quartz.JobExecutionException;

import java.io.FileWriter;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

Expand All @@ -31,6 +35,20 @@ public String getConfigNamespace() {
return "root-ca-cert-update";
}

private Map<String, String> getFilenameToRootCaCertMap(final JobDataMap jobDataMap) {
Map<String, String> filenameToRootCaCertMap = new HashMap<>();

if (jobDataMap.containsKey(MAP_KEY)) {
try {
filenameToRootCaCertMap = (Map<String, String>) jobDataMap.get(MAP_KEY);
}
catch (ClassCastException e) {
//filenameToRootCaCertMap is already empty
}
}
return filenameToRootCaCertMap;
}

/**
* {@inheritDoc}
*/
Expand All @@ -43,21 +61,36 @@ public void execute(JobExecutionContext context) throws JobExecutionException {
String fileName = pair.getKey();
String rootCaCertContent = pair.getValue();

log.info("Filename: {} Content: {}", fileName, rootCaCertContent);
try {
saveCertificate(fileName, rootCaCertContent);
log.info("CA certificate file: {} successfully written", fileName);
}
catch (IOException e) {
log.error("error when writing CA certificate file {}: {}", fileName, e);
}
}

if (!filenameToRootCaCertMap.isEmpty()) {
updateCaCertificates();
}
}

private Map<String, String> getFilenameToRootCaCertMap(final JobDataMap jobDataMap) {
Map<String, String> filenameToRootCaCertMap = new HashMap<>();
private void saveCertificate(String fileName, String rootCaCertContent) throws IOException {
String fullFileName = CertificateUtils.CERTS_PATH.resolve(fileName).toString();
try (FileWriter fw = new FileWriter(fullFileName, false)) {
fw.write(rootCaCertContent);
}
}

if (jobDataMap.containsKey(MAP_KEY)) {
try {
filenameToRootCaCertMap = (Map<String, String>) jobDataMap.get(MAP_KEY);
}
catch (ClassCastException e) {
//filenameToRootCaCertMap is already empty
}
private void updateCaCertificates() throws JobExecutionException {
try {
String[] cmd = {"systemctl", "is-active", "--quiet", "ca-certificates.path"};
executeExtCmd(cmd);
}
catch (Exception e) {
log.debug("ca-certificates.path service is not active, we will call 'update-ca-certificates' tool");
String[] cmd = {"/usr/share/rhn/certs/update-ca-cert-trust.sh"};
executeExtCmd(cmd);
}
return filenameToRootCaCertMap;
}
}
38 changes: 16 additions & 22 deletions java/code/src/com/redhat/rhn/taskomatic/task/payg/PaygUpdateHostsTask.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@

import com.redhat.rhn.domain.cloudpayg.CloudRmtHost;
import com.redhat.rhn.domain.cloudpayg.CloudRmtHostFactory;
import com.redhat.rhn.taskomatic.TaskomaticApi;
import com.redhat.rhn.taskomatic.TaskomaticApiException;
import com.redhat.rhn.taskomatic.task.RhnJavaJob;

import org.quartz.JobExecutionContext;
Expand All @@ -28,15 +30,17 @@
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

public class PaygUpdateHostsTask extends RhnJavaJob {
private static final String HOSTS = "/etc/hosts";
private static final String RETAIN_COMMENT = " - retain comment as well\n";
private static final String HOST_COMMENT_START = "# Added by Suma - Start";
private static final String HOST_COMMENT_END = "# Added by Suma - End";

private static final String CA_LOCATION_TEMPLATE = "/etc/pki/trust/anchors/registration_server_%s.pem";
private static final String CA_FILENAME_TEMPLATE_WITH_IP = "registration_server_%s.pem";

@Override
public String getConfigNamespace() {
Expand All @@ -54,29 +58,19 @@ public void execute(JobExecutionContext jobExecutionContext) throws JobExecution
}

private void loadHttpsCertificates(List<CloudRmtHost> hostToUpdate) throws JobExecutionException {
try {
for (CloudRmtHost host : hostToUpdate) {
String caFileName = String.format(CA_LOCATION_TEMPLATE, host.getIp());
try (FileWriter fw = new FileWriter(caFileName, false)) {
fw.write(host.getSslCert());
}
}
Map<String, String> filenameToRootCaCertMap = new HashMap<>();
for (CloudRmtHost host : hostToUpdate) {
String caFileName = String.format(CA_FILENAME_TEMPLATE_WITH_IP, host.getIp());
filenameToRootCaCertMap.put(caFileName, host.getSslCert());
}
catch (IOException e) {
log.error("error when writing the hosts file", e);

TaskomaticApi taskomaticApi = new TaskomaticApi();
try {
taskomaticApi.scheduleSingleRootCaCertUpdate(filenameToRootCaCertMap);
}
finally {
if (!hostToUpdate.isEmpty()) {
try {
String[] cmd = {"systemctl", "is-active", "--quiet", "ca-certificates.path"};
executeExtCmd(cmd);
}
catch (Exception e) {
log.debug("ca-certificates.path service is not active, we will call 'update-ca-certificates' tool");
String[] cmd = {"/usr/share/rhn/certs/update-ca-cert-trust.sh"};
executeExtCmd(cmd);
}
}
catch (TaskomaticApiException e) {
log.error(e.getMessage(), e);
throw new JobExecutionException(e);
}
}

Expand Down

0 comments on commit 872a7f9

Please sign in to comment.