Improve synchronizer
diff --git a/xos/services/vpn/admin.py b/xos/services/vpn/admin.py
index 26887078..d346ddf 100644
--- a/xos/services/vpn/admin.py
+++ b/xos/services/vpn/admin.py
@@ -173,7 +173,6 @@
VPNService.get_service_objects().all()[0])
def save(self, commit=True):
- result = super(VPNTenantForm, self).save(commit=commit)
self.instance.creator = self.cleaned_data.get("creator")
self.instance.is_persistent = self.cleaned_data.get('is_persistent')
self.instance.vpn_subnet = self.cleaned_data.get("vpn_subnet")
@@ -192,35 +191,8 @@
self.instance.use_ca_from[:] = []
self.instance.use_ca_from.append(self.cleaned_data.get('use_ca_from'))
- result.save() # Need to do this so that we know the ID
- self.instance.pki_dir = (
- VPNService.OPENVPN_PREFIX + "server-" + str(result.id))
-
- if (not os.path.isdir(self.instance.pki_dir)):
- VPNService.execute_easyrsa_command(
- self.instance.pki_dir, "init-pki")
- if (self.instance.use_ca_from[0]):
- shutil.copy2(
- self.instance.use_ca_from[0].pki_dir + "/ca.crt",
- self.instance.pki_dir)
- shutil.copy2(
- self.instance.use_ca_from[0].pki_dir + "/private/ca.key",
- self.instance.pki_dir + "/private")
- else:
- VPNService.execute_easyrsa_command(
- self.instance.pki_dir, "--req-cn=XOS build-ca nopass")
- elif (self.instance.use_ca_from[0]):
- shutil.copy2(
- self.instance.use_ca_from[0].pki_dir + "/ca.crt",
- self.instance.pki_dir)
- shutil.copy2(
- self.instance.use_ca_from[0].pki_dir + "/private/ca.key",
- self.instance.pki_dir + "/private")
-
- result.ca_crt = self.generate_ca_crt()
-
- return result
+ return super(VPNTenantForm, self).save(commit=commit)
def generate_ca_crt(self):
"""str: Generates the ca cert by reading from the ca file"""
diff --git a/xos/synchronizers/vpn/steps/sync_vpntenant.py b/xos/synchronizers/vpn/steps/sync_vpntenant.py
index 58a9287..7538628 100644
--- a/xos/synchronizers/vpn/steps/sync_vpntenant.py
+++ b/xos/synchronizers/vpn/steps/sync_vpntenant.py
@@ -1,4 +1,5 @@
import os
+import shutil
import sys
from django.db.models import F, Q
@@ -18,8 +19,46 @@
template_name = "sync_vpntenant.yaml"
service_key_name = "/opt/xos/synchronizers/vpn/vpn_private_key"
- def __init__(self, *args, **kwargs):
- super(SyncVPNTenant, self).__init__(*args, **kwargs)
+
+ def sync_fields(self, tenant, fields):
+ tenant.pki_dir = (
+ VPNService.OPENVPN_PREFIX + "server-" + str(result.id))
+
+ if (not os.path.isdir(tenant.pki_dir)):
+ VPNService.execute_easyrsa_command(
+ tenant.pki_dir, "init-pki")
+ if (tenant.use_ca_from[0]):
+ shutil.copy2(
+ tenant.use_ca_from[0].pki_dir + "/ca.crt",
+ tenant.pki_dir)
+ shutil.copy2(
+ tenant.use_ca_from[0].pki_dir + "/private/ca.key",
+ tenant.pki_dir + "/private")
+ else:
+ VPNService.execute_easyrsa_command(
+ tenant.pki_dir, "--req-cn=XOS build-ca nopass")
+ elif (tenant.use_ca_from[0]):
+ shutil.copy2(
+ tenant.use_ca_from[0].pki_dir + "/ca.crt",
+ tenant.pki_dir)
+ shutil.copy2(
+ tenant.use_ca_from[0].pki_dir + "/private/ca.key",
+ tenant.pki_dir + "/private")
+
+ tenant.ca_crt = tenant.generate_ca_crt()
+
+ if (not os.path.isfile(tenant.pki_dir + "/issued/server.crt")):
+ VPNService.execute_easyrsa_command(
+ tenant.pki_dir, "build-server-full server nopass")
+
+ if (not os.path.isfile(tenant.pki_dir + "crl.pem")):
+ VPNService.execute_easyrsa_command(tenant.pki_dir, "gen-crl")
+
+ if (not os.path.isfile(tenant.pki_dir + "dh.pem")):
+ VPNService.execute_easyrsa_command(tenant.pki_dir, "gen-dh")
+
+ # will call run_playbook
+ super(SyncVPNTenant, self).sync_fields(tenant, fields)
def fetch_pending(self, deleted):
if (not deleted):
@@ -41,11 +80,3 @@
"protocol": tenant.protocol,
"pki_dir": tenant.pki_dir
}
-
- def run_playbook(self, o, fields):
- # Generate the server files
- if (not os.path.isfile(o.pki_dir + "/issued/server.crt")):
- VPNService.execute_easyrsa_command(
- o.pki_dir, "build-server-full server nopass")
- VPNService.execute_easyrsa_command(o.pki_dir, "gen-crl")
- super(SyncVPNTenant, self).run_playbook(o, fields)
diff --git a/xos/synchronizers/vpn/steps/sync_vpntenant.yaml b/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
index 7bf1a25..556212c 100644
--- a/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
+++ b/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
@@ -39,7 +39,7 @@
copy: src={{ pki_dir }}/crl.pem dest={{ pki_dir }}/crl.pem
- name: get dh
- copy: src=/opt/openvpn/init_pki/dh.pem dest={{ pki_dir }}/dh.pem
+ copy: src={{ pki_dir }}/dh.pem dest={{ pki_dir }}/dh.pem
- name: erase config
shell: rm -f {{ pki_dir }}/server.conf