-#!/bin/bash
+#!/usr/bin/python
-if [ "$(ls /etc/invirt/vnc-cert.d)" == "" ]; then
- echo "E: No certs in /etc/invirt/vnc-cert.d/" >&2
- echo " Put certificates for all Invirt VNC proxy servers in" >&2
- echo " /etc/invirt/vnc-cert.d, then run this script again" >&2
- exit 1
-fi
+from invirt.config import structs as config
+from subprocess import Popen, check_call, PIPE, CalledProcessError
+import tempfile
+import os
+import sys
+import shutil
-TMP_DIR="$(mktemp -d)"
-for i in $(ls /etc/invirt/vnc-cert.d/*.crt); do
- keytool -noprompt -alias "${i%.crt}" -file "/etc/invirt/vnc-cert.d/$i" \
- -keystore "$TMP_DIR/trust.store" -storepass "foobar"
-done
+def check_wait(popen):
+ retcode = popen.wait()
+ if retcode != 0:
+ raise CalledProcessError(retcode, popen.pid)
+ return retcode
-jar uf /usr/share/invirt-vnc-client/VncViewer.jar -C "$TMP_DIR" trust.store
+def main():
+ check_call(['kinit', '-k', 'daemon/%s' % config.web.hostname])
+
+ temp_dir = tempfile.mkdtemp()
-rm -rf "$TMP_DIR"
+ jarfile = os.path.join(temp_dir, 'VncViewer.jar')
+
+ shutil.copy('/usr/share/invirt-vnc-client/VncViewer.src.jar',
+ jarfile)
+
+ keystore = os.path.join(temp_dir, 'trust.store')
+ for host in config.hosts:
+ cert = Popen(['remctl', config.remote.hostname, 'web', 'vnccert', host.hostname],
+ stdout=PIPE)
+ check_wait(cert)
+ check_call(['keytool', '-import', '-noprompt', '-alias', host.hostname,
+ '-keystore', keystore, '-storepass', 'foobar'],
+ stdin=cert.stdout)
+
+ check_call(['jar', 'uf', jarfile,
+ '-C', temp_dir, 'trust.store'])
+
+ shutil.move(jarfile, '/usr/share/invirt-vnc-client/VncViewer.jar')
+
+ shutil.rmtree(temp_dir)
+
+if __name__ == '__main__':
+ sys.exit(main())