Gitiles
Code Review Sign In
gerrit.opencord.org / xos / dd325a4de10c73a90efb1d911d42b9d3c7a589ea^! / .
commitdd325a4de10c73a90efb1d911d42b9d3c7a589ea[log] [tgz]
authorJeremy Mowery <jermowery@email.arizona.edu>Sat Apr 02 00:02:00 2016 -0700
committerJeremy Mowery <jermowery@email.arizona.edu>Sat Apr 02 00:02:00 2016 -0700
tree006b079cee8e114f151ccea46e8a0a22bf4a45e9
parent3bcea4b857f50a59fbee7753f732f8ad24cbc0b1 [diff]
Move to a more sane way of making the pkis

diff --git a/containers/xos/Dockerfile.devel b/containers/xos/Dockerfile.devel
index ef6753b..f1c1c26 100644
--- a/containers/xos/Dockerfile.devel
+++ b/containers/xos/Dockerfile.devel

@@ -98,7 +98,9 @@
 RUN chmod 777 /opt/openvpn
 RUN git clone https://github.com/OpenVPN/easy-rsa.git /opt/openvpn
 RUN git -C /opt/openvpn pull origin master
-RUN echo "set_var EASYRSA	/opt/openvpn/easyrsa3" | tee /opt/openvpn/easyrsa3/vars
-RUN /opt/openvpn/easyrsa3/easyrsa --batch init-pki
-RUN /opt/openvpn/easyrsa3/easyrsa --batch gen-dh
-RUN chmod 777 /opt/openvpn/easyrsa3/pki/dh.pem
+RUN echo 'set_var EASYRSA	"/opt/openvpn/easyrsa3"' | tee /opt/openvpn/init_vars
+RUN echo 'set_var EASYRSA_PKI	"/opt/openvpn/init_pki"' | tee -a /opt/openvpn/init_vars
+RUN echo 'set_var EASYRSA_BATCH	"true"' | tee -a /opt/openvpn/init_vars
+RUN /opt/openvpn/easyrsa3/easyrsa --vars=/opt/openvpn/init_vars init-pki
+RUN /opt/openvpn/easyrsa3/easyrsa --vars=/opt/openvpn/init_vars gen-dh
+RUN chmod 777 /opt/openvpn/init_pki/dh.pem

diff --git a/xos/services/vpn/admin.py b/xos/services/vpn/admin.py
index bd33d99..c38721a 100644
--- a/xos/services/vpn/admin.py
+++ b/xos/services/vpn/admin.py

@@ -184,7 +184,8 @@
                 self.instance.protocol))
 
         result = super(VPNTenantForm, self).save(commit=commit)
-        pki_dir = "/opt/openvpn/easyrsa3/server-" + result.id
+        result.save()
+        pki_dir = "/opt/openvpn/easyrsa3/server-" + str(result.id)
         if (not os.path.isdir(pki_dir)):
             os.makedirs(pki_dir)
             shutil.copy2("/opt/openvpn/easyrsa3/openssl-1.0.cnf", pki_dir)
@@ -209,8 +210,7 @@
                 raise XOSConfigurationError(
                     "build-ca failed with standard out:" + str(stdout) +
                     " and stderr: " + str(stderr))
-            self.instance.ca_crt = self.generate_ca_crt(result.id)
-            return super(VPNTenantForm, self).save(commit=commit)
+            result.ca_crt = self.generate_ca_crt(result.id)
         return result
 
     def generate_ca_crt(self, server_id):