[enh] better logging during key migration

2024-09-03 20:06:10 +02:00 · 2018-01-03 18:45:18 +01:00 · 2018-01-03 18:45:18 +01:00 · 044b2406d3
commit 044b2406d3
parent 5086707983
2 changed files with 10 additions and 5 deletions
--- a/locales/en.json
+++ b/locales/en.json
@ -207,6 +207,10 @@
    "mailbox_used_space_dovecot_down": "Dovecot mailbox service need to be up, if you want to get mailbox used space",
    "maindomain_change_failed": "Unable to change the main domain",
    "maindomain_changed": "The main domain has been changed",
+    "migrate_tsig_end": "Migration to hmac-sha512 finished",
+    "migrate_tsig_failed": "Migrating the dyndns domain {domain} to hmac-sha512 failed, rolling back. Error: {error_code} - {error}",
+    "migrate_tsig_start": "Not secure enough key algorithm detected for TSIG signature of domain '{domain}', initiating migration to the more secure one hmac-sha512",
+    "migrate_tsig_wait": "Let's wait 3min for the dyndns server to take the new key into account...",
    "migrations_backward": "Migrating backward.",
    "migrations_bad_value_for_target": "Invalide number for target argument, available migrations numbers are 0 or {}",
    "migrations_cant_reach_migration_file": "Can't access migrations files at path %s",
--- a/src/yunohost/dyndns.py
+++ b/src/yunohost/dyndns.py
@ -278,6 +278,7 @@ def dyndns_update(dyn_host="dyndns.yunohost.org", domain=None, key=None,


 def _migrate_from_md5_tsig_to_sha512_tsig(private_key_path, domain, dyn_host):
+    logger.warning(m18n.n('migrate_tsig_start', domain=domain))
    public_key_path = private_key_path.rsplit(".private", 1)[0] + ".key"
    public_key_md5 = open(public_key_path).read().strip().split(' ')[-1]

@ -299,19 +300,17 @@ def _migrate_from_md5_tsig_to_sha512_tsig(private_key_path, domain, dyn_host):
        raise MoulinetteError(errno.ENETUNREACH, m18n.n('no_internet_connection'))

    if r.status_code != 201:
-        print r.text
        try:
            error = json.loads(r.text)['error']
-            print "ERROR:", error
        except Exception as e:
            import traceback
            traceback.print_exc()
            print e
            error = r.text

-        # raise MoulinetteError(errno.EPERM,
-        #                       m18n.n('dyndns_registration_failed', error=error))
-        # XXX print warning
+        logger.warning(m18n.n('migrate_tsig_failed', domain=domain,
+                              error_code=str(r.status_code), error=error))
+
        os.system("mv /etc/yunohost/dyndns/*+165* /tmp")
        return public_key_path

@ -319,8 +318,10 @@ def _migrate_from_md5_tsig_to_sha512_tsig(private_key_path, domain, dyn_host):
    os.system("mv /etc/yunohost/dyndns/*+157* /tmp")

    # sleep to wait for dyndns cache invalidation
+    logger.warning(m18n.n('migrate_tsig_wait'))
    time.sleep(180)

+    logger.warning(m18n.n('migrate_tsig_end'))
    return new_key_path.rsplit(".key", 1)[0] + ".private"