VPN close to being done
diff --git a/xos/services/vpn/admin.py b/xos/services/vpn/admin.py
index d70252b..29329ae 100644
--- a/xos/services/vpn/admin.py
+++ b/xos/services/vpn/admin.py
@@ -9,7 +9,7 @@
from django.core import serializers
from services.vpn.models import VPN_KIND, VPNService, VPNTenant
from subprocess import Popen, PIPE
-from xos.exceptions import XOSValidationError
+from xos.exceptions import XOSConfigurationError, XOSValidationError
class VPNServiceForm(forms.ModelForm):
@@ -170,8 +170,12 @@
shutil.copy2("/opt/openvpn/easyrsa3/openssl-1.0.cnf", pki_dir)
shutil.copy2("/opt/openvpn/easyrsa3/easyrsa", pki_dir)
shutil.copytree("/opt/openvpn/easyrsa3/x509-types", pki_dir + "/x509-types")
- Popen(pki_dir + "/easyrsa --batch init-pki nopass", shell=True, stdout=PIPE).communicate()
- Popen(pki_dir + "/easyrsa --batch --req-cn=XOS build-ca nopass", shell=True, stdout=PIPE).communicate()
+ (stdout, stderr) = Popen(pki_dir + "/easyrsa --batch init-pki nopass", shell=True, stdout=PIPE, stderr=PIPE).communicate()
+ if (stderr):
+ raise XOSConfigurationError("init-pki failed with standard out:" + str(stdout) + " and stderr: " + str(stderr))
+ (stdout, stderr) = Popen(pki_dir + "/easyrsa --batch --req-cn=XOS build-ca nopass", shell=True, stdout=PIPE, stderr=PIPE).communicate()
+ if (stderr):
+ raise XOSConfigurationError("build-ca failed with standard out:" + str(stdout) + " and stderr: " + str(stderr))
self.instance.ca_crt = self.generate_ca_crt(self.instance.id)
return result
@@ -214,7 +218,9 @@
# If anything deleated was a TenantPrivilege then revoke the certificate
if type(obj) is TenantPrivilege:
certificate = self.certificate_name(obj)
- Popen("/opt/openvpn/easyrsa3/server-" + obj.tenant.id + "/easyrsa --batch revoke " + certificate, shell=True, stdout=PIPE).communicate()
+ (stdout, stderr) = Popen("/opt/openvpn/easyrsa3/server-" + obj.tenant.id + "/easyrsa --batch revoke " + certificate, shell=True, stdout=PIPE, stderr=PIPE).communicate()
+ if (stderr):
+ raise XOSConfigurationError("revoke failed with standard out:" + str(stdout) + " and stderr: " + str(stderr))
# TODO(jermowery): determine if this is necessary.
# if type(obj) is VPNTenant:
# if the tenant was deleted revoke all certs assoicated
@@ -224,8 +230,9 @@
# If there were any new TenantPrivlege objects then create certs
if type(obj) is TenantPrivilege:
certificate = self.certificate_name(obj)
- Popen("/opt/openvpn/easyrsa3/server-" + obj.tenant.id + "/easyrsa --batch build-client-full " + certificate + " nopass", shell=True, stdout=PIPE).communicate()
-
+ (stdout, stderr) = Popen("/opt/openvpn/easyrsa3/server-" + obj.tenant.id + "/easyrsa --batch build-client-full " + certificate + " nopass", shell=True, stdout=PIPE, stderr=PIPE).communicate()
+ if (stderr):
+ raise XOSConfigurationError("build-client-full failed with standard out:" + str(stdout) + " and stderr: " + str(stderr))
# Associate the admin forms with the models.
admin.site.register(VPNService, VPNServiceAdmin)
diff --git a/xos/synchronizers/vpn/steps/sync_vpntenant.py b/xos/synchronizers/vpn/steps/sync_vpntenant.py
index 99cb83d..90c46a3 100644
--- a/xos/synchronizers/vpn/steps/sync_vpntenant.py
+++ b/xos/synchronizers/vpn/steps/sync_vpntenant.py
@@ -6,6 +6,7 @@
from subprocess import Popen, PIPE
from synchronizers.base.SyncInstanceUsingAnsible import \
SyncInstanceUsingAnsible
+from xos.exceptions import XOSConfigurationError
parentdir = os.path.join(os.path.dirname(__file__), "..")
sys.path.insert(0, parentdir)
@@ -43,10 +44,10 @@
def run_playbook(self, o, fields):
# Generate the server files
- (stdout, stderr) = Popen("/opt/openvpn/easyrsa3/server-" + o.id + "/easyrsa --batch build-server-full server nopass", shell=True, stdout=PIPE).communicate()
- print(str(stdout))
- print(str(stderr))
- (stdout, stderr) = Popen("/opt/openvpn/easyrsa3/server-" + o.id + "/easyrsa --batch gen-crl", shell=True, stdout=PIPE).communicate()
- print(str(stdout))
- print(str(stderr))
+ (stdout, stderr) = Popen("/opt/openvpn/easyrsa3/server-" + o.id + "/easyrsa --batch build-server-full server nopass", shell=True, stdout=PIPE, stderr=PIPE).communicate()
+ if (stderr):
+ raise XOSConfigurationError("build-server-full failed with standard out:" + str(stdout) + " and stderr: " + str(stderr))
+ (stdout, stderr) = Popen("/opt/openvpn/easyrsa3/server-" + o.id + "/easyrsa --batch gen-crl", shell=True, stdout=PIPE, stderr=PIPE).communicate()
+ if (stderr):
+ raise XOSConfigurationError("gen-crl failed with standard out:" + str(stdout) + " and stderr: " + str(stderr))
super(SyncVPNTenant, self).run_playbook(o, fields)