src/mount_efs/__init__.py [2433:2483]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - create_certificate_signing_request( certificate_config, private_key, certificate_signing_request ) not_before = get_certificate_timestamp(current_time, minutes=-NOT_BEFORE_MINS) not_after = get_certificate_timestamp(current_time, hours=NOT_AFTER_HOURS) cmd = ( "openssl ca -startdate %s -enddate %s -selfsign -batch -notext -config %s -in %s -out %s" % ( not_before, not_after, certificate_config, certificate_signing_request, certificate, ) ) subprocess_call(cmd, "Failed to create self-signed client-side certificate") return current_time.strftime(CERT_DATETIME_FORMAT) def get_private_key_path(): """Wrapped for mocking purposes in unit tests""" return PRIVATE_KEY_FILE def check_and_create_private_key(base_path=STATE_FILE_DIR): # Creating RSA private keys is slow, so we will create one private key and allow mounts to share it. # This means, however, that we have to include a locking mechanism to ensure that the private key is # atomically created, as mounts occurring in parallel may try to create the key simultaneously. key = get_private_key_path() @contextmanager def open_lock_file(): lock_file = os.path.join(base_path, "efs-utils-lock") f = os.open(lock_file, os.O_CREAT | os.O_DSYNC | os.O_EXCL | os.O_RDWR) try: lock_file_contents = "PID: %s" % os.getpid() os.write(f, lock_file_contents.encode("utf-8")) yield f finally: check_and_remove_lock_file(lock_file, f) def do_with_lock(function): while True: try: with open_lock_file(): return function() except OSError as e: if e.errno == errno.EEXIST: logging.info( - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - src/watchdog/__init__.py [1660:1712]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - create_certificate_signing_request( certificate_config, private_key, certificate_signing_request ) not_before = get_certificate_timestamp(current_time, minutes=-NOT_BEFORE_MINS) not_after = get_certificate_timestamp(current_time, hours=NOT_AFTER_HOURS) cmd = ( "openssl ca -startdate %s -enddate %s -selfsign -batch -notext -config %s -in %s -out %s" % ( not_before, not_after, certificate_config, certificate_signing_request, certificate, ) ) subprocess_call(cmd, "Failed to create self-signed client-side certificate") return current_time.strftime(CERT_DATETIME_FORMAT) def get_private_key_path(): """Wrapped for mocking purposes in unit tests""" return PRIVATE_KEY_FILE def check_and_create_private_key(base_path=STATE_FILE_DIR): # Creating RSA private keys is slow, so we will create one private key and allow mounts to share it. # This means, however, that we have to include a locking mechanism to ensure that the private key is # atomically created, as mounts occurring in parallel may try to create the key simultaneously. # The key should have been created during mounting, but the watchdog will recreate the private key if # it is missing. key = get_private_key_path() @contextmanager def open_lock_file(): lock_file = os.path.join(base_path, "efs-utils-lock") f = os.open(lock_file, os.O_CREAT | os.O_DSYNC | os.O_EXCL | os.O_RDWR) try: lock_file_contents = "PID: %s" % os.getpid() os.write(f, lock_file_contents.encode("utf-8")) yield f finally: check_and_remove_lock_file(lock_file, f) def do_with_lock(function): while True: try: with open_lock_file(): return function() except OSError as e: if e.errno == errno.EEXIST: logging.info( - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -