MCPcopy Index your code
hub / github.com/saltstack/salt / _setup_keys

Method _setup_keys

salt/crypt.py:608–690  ·  view source on GitHub ↗
(self)

Source from the content-addressed store, hash-verified

606 return {"opts": self.opts}
607
608 def _setup_keys(self):
609 # it's important to init this even if cluster_id is enabled so that on
610 # initial start the master's non cluster key is generated
611 key_pass = salt.utils.sdb.sdb_get(self.opts["key_pass"], self.opts)
612
613 if self.cache.contains("master_keys", f"{self.master_id}.pem"):
614 self.master_key = self.key = self.find_or_create_keys(
615 name=self.master_id, passphrase=key_pass
616 )
617 else:
618 self.master_key = self.key = self.find_or_create_keys(
619 name="master", passphrase=key_pass
620 )
621
622 # facilitate migrating to pem named off the master id instead of master.pem
623 if not self.cache.contains("master_keys", f"{self.master_id}.pem"):
624 priv = self.cache.fetch("master_keys", "master.pem")
625 pub = self.cache.fetch("master_keys", "master.pub")
626 self.cache.store("master_keys", f"{self.master_id}.pem", priv)
627 self.cache.store("master_keys", f"{self.master_id}.pub", pub)
628 self.cache.flush("master_keys", "master.pem")
629 self.cache.flush("master_keys", "master.pub")
630
631 # lets create symlinks in case a user downgrades back to a previous version
632 if self.opts["keys.cache_driver"] == "localfs_key":
633 os.symlink(
634 os.path.join(self.opts["pki_dir"], f"{self.master_id}.pem"),
635 os.path.join(self.opts["pki_dir"], "master.pem"),
636 )
637 os.symlink(
638 os.path.join(self.opts["pki_dir"], f"{self.master_id}.pub"),
639 os.path.join(self.opts["pki_dir"], "master.pub"),
640 )
641
642 if self.opts["cluster_id"]:
643 self.check_master_shared_pub()
644 key_pass = salt.utils.sdb.sdb_get(self.opts["cluster_key_pass"], self.opts)
645 self.cluster_key = self.key = self.find_or_create_keys(
646 name="cluster",
647 passphrase=key_pass,
648 )
649
650 if self.opts["master_sign_pubkey"]:
651 # if only the signature is available, use that
652 if self.opts["master_use_pubkey_signature"]:
653 if self.opts["keys.cache_driver"] == "localfs_key":
654 sig_path = os.path.join(
655 self.opts["pki_dir"], self.master_pubkey_signature
656 )
657 else:
658 sig_path = f"{self.opts['keys.cache_driver']}:master_keys/{self.master_pubkey_signature}"
659
660 if self.cache.contains("master_keys", self.master_pubkey_signature):
661 self.pubkey_signature = clean_key(
662 self.cache.fetch("master_keys", self.master_pubkey_signature)
663 )
664 log.info(
665 "Read %s's signature from %s",

Callers 3

__init__Method · 0.95

Calls 10

find_or_create_keysMethod · 0.95
clean_keyFunction · 0.85
exitMethod · 0.80
containsMethod · 0.45
fetchMethod · 0.45
storeMethod · 0.45
flushMethod · 0.45
infoMethod · 0.45
errorMethod · 0.45