# file that puppet puts together.
# the input file looks like this:
# - service: www.debian.org
-# address: jmri7yqqjpdxob4s
-# name: busoni-www.debian.org
-# - service: www.debian.org
# address: ufhzy7r7qfy2tmy3
# name: klecker-www.debian.org
-# - service: www.ports.debian.org
-# address: g32eridc6ocxni5w
-# name: busoni-www.ports.debian.org
# and so on. This script collect together instances for the same
# service name, creates a new key if none is present already, and
# writes a new config.
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
+import os
import os.path
+import shutil
import subprocess
import yaml
relkeydir = 'private_keys'
keydir = os.path.join('/etc/onionbalance', relkeydir)
-data = yaml.safe_load(open(j))
+with open(j) as conf:
+ data = yaml.safe_load(conf)
service_instances = {}
for entry in data:
for s in service_instances:
keyfile = os.path.join(keydir, s+'.key')
relkeyfile = os.path.join(relkeydir, s+'.key')
- if (not os.path.exists(keyfile)):
- subprocess.check_call('umask 0027 && openssl genrsa -out %s 1024 && chgrp onionbalance %s && chmod 0640 %s'%(keyfile, keyfile, keyfile), shell=True)
+ if not os.path.exists(keyfile):
+ subprocess.check_call(['openssl', 'genrsa', '-out', keyfile, '1024'],
+ preexec_fn=lambda: os.umask(0o027))
+ shutil.chown(keyfile, group='onionbalance')
+ os.chmod(keyfile, 0o640)
service = {
'key': relkeyfile,