等待子进程执行 openvpn 命令。采购变量问题

Question

我在等待从 python 中运行的子进程时遇到问题。我也在这里阅读了大量有关它的信息。很抱歉再次提出这个问题，但我仍然没有解决方案。

我的代码

cmds = "cd /etc/openvpn/easy-rsa && . ./vars && ./clean-all && ./pkitool --initca && ./pkitool --server && ./build-dh"
runCmds = subprocess.Popen(cmds, shell=True)
# run = os.system
# runCmds = run(cmds)
# runCmds.wait()
# runCmds.call() 

工作完美，但我需要它等待子进程结束以运行下一部分代码。注释行对我不起作用。如果我从评论中运行某些东西，我会收到错误

请先获取 vars 脚本（即“source ./vars”）.......

有一次，wait() 似乎有效，但一段时间后就无效了。方法call() 运行命令但永远不会结束。为什么方法对我不起作用，尤其是wait()？我建议我的问题是在我的环境中采购 openvpn vars 脚本。请帮帮我！
更新：带有

的控制台日志

设置-x

  [25/Jan/2016 18:30:42]"POST /run-step3-process/ HTTP/1.1" 200 49
+ cd /etc/openvpn/easy-rsa
+ . ./vars
+ pwd
+ export EASY_RSA=/etc/openvpn/easy-rsa
+ export OPENSSL=openssl
+ export PKCS11TOOL=pkcs11-tool
+ export GREP=grep
+ /etc/openvpn/easy-rsa/whichopensslcnf /etc/openvpn/easy-rsa
+ export KEY_CONFIG=/etc/openvpn/easy-rsa/openssl-1.0.0.cnf
+ export KEY_DIR=/etc/openvpn/easy-rsa/keys
+ echo NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
+ export PKCS11_MODULE_PATH=dummy
+ export PKCS11_PIN=dummy
+ export KEY_SIZE=1024
+ export CA_EXPIRE=3650
+ export KEY_EXPIRE=3650
+ export KEY_COUNTRY=SS
+ export KEY_PROVINCE=FFFFFFF
+ export KEY_CITY=AAAA
+ export KEY_ORG=GGGG
+ export KEY_EMAIL=qq@qq.yy
+ export KEY_EMAIL=mail@host.domain
+ export KEY_CN=ccccccc
+ export KEY_NAME=changeme
+ export KEY_OU=changeme
+ export PKCS11_MODULE_PATH=changeme
+ export PKCS11_PIN=1234
+ ./clean-all
+ ./pkitool --initca
Using CA Common Name: ccccccc
Generating a 1024 bit RSA private key
.................................++++++
............................................++++++
writing new private key to 'ca.key'
-----
+ ./pkitool --server
Using Common Name: ccccccc
Generating a 1024 bit RSA private key
............++++++
...........................++++++
writing new private key to 'ccccccc.key'
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'SS'
stateOrProvinceName   :PRINTABLE:'FFFFFFF'
localityName          :PRINTABLE:'AAAA'
organizationName      :PRINTABLE:'GGGG'
organizationalUnitName:PRINTABLE:'changeme'
commonName            :PRINTABLE:'ccccccc'
name                  :PRINTABLE:'changeme'
emailAddress          :IA5STRING:'mail@host.domain'
Certificate is to be certified until Jan 22 18:30:42 2026 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated
+ ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
.....................................+...+..................................................................................................................................+................+..................................++*++*++*

更新 2 我研究了我的代码的行为：

Before run:
1.apache(or localhost)restart
2.etc/openvpn/easy-rsa/keys clean
3.start browser with new incognito window
I give permission for etc/openvpn/easy-rsa/ as 47777

success == generating process run, new keys create
error == “please source ./vars.....”
CN == variable for server name in vars 
wait() == subrpocess.wait() code following string with bash commands

code ALWAYS work as below:

orig vars -> edit -> wait() -> error
orig vars -> edit (without CN, ./pkitool --server SERVER )-> wait() -> error

orig vars -> NONedit ->wait() -> success

orig vars -> edit ->WITHOUT_wait() -> success
edited vars -> edit ->WITHOUT_wait() -> success
edited vars -> edit(without CN, ./pkitool --server SERVER) -> WITHOUT_wait() -> success
orig vars -> edit(WITH_ CN, ./pkitool --server) -> WITHOUT_wait() -> success
edited vars -> edit(WITH_ CN, ./pkitool --server) -> WITHOUT_wait() -> success

我在 python 中编辑变量：

from django.shortcuts import  HttpResponse, HttpRequest
import subprocess
from subprocess import Popen, PIPE
import json
import os.path

def pass3Cmds():
''' run commands on step3  to generate keys and cert in '/etc/openvpn/easy-     rsa/keys'
'''
    cmds = "cd /etc/openvpn/easy-rsa && . ./vars && ./clean-all && ./pkitool --initca && ./pkitool --server && ./build-dh"
    runCmds = subprocess.Popen(cmds, shell=True)


def runStep3Process(request):
    '''collect data from step3 user form and insert 
    them in '/etc/openvpn/easy-rsa/vars'
    '''
    path = '/etc/openvpn/easy-rsa/vars'
    data = json.loads(request.body)

    key_cn = 'export KEY_CN="%s"' % data['key_cn']
    if request.method=='POST' and request.user.is_authenticated():
        with open(path) as varsfile:
            data = varsfile.readlines()
        try:
            data[69] = key_cn +'\n' 
            with open(path, 'w') as newvarsfile:
                newvarsfile.writelines(data)
                pass3Cmds()
                pem = '/etc/openvpn/easy-rsa/keys/dh1024.pem'
                if os.path.exists(pem):
                    return HttpResponse(successMsg2)
                return HttpResponse(dangerMsg)
        except IndexError:
            return HttpResponse(warnMsg2)
     return HttpResponse(warnMsg)

再次：代码完美地与这种方式编辑的变量一起工作，直到我想运行任何代码来等待子进程。如果我运行例如subprocess.wait() 我得到“please source ./vars”错误

问题是：为什么在我的情况下编辑变量会导致错误？

Answer 1

您的日志显示进程在./build-dh 中无限期等待。

1. 正如相关日志消息所示，这是一个缓慢的过程。你不应该期望它是即时的。

2. 但是，如果您的系统的熵池很低，它不仅会很慢，而且可能是不确定的。考虑使用 rng-tools 包中的 rngd 来使用系统的硬件随机数生成器（假设其 CPU 提供）来填充内核的熵池。

---

除此之外，你的用法不正确：

./pkitool --server

...不是有效命令：需要提供CN来生成服务器证书，例如：

./pkitool --server server

Answer 2

我不知道“/etc/openvpn/easy-rsa”，但如果它建立了一个 vpn 连接，程序将在连接保持时挂起。为了终止它，您可以使用超时参数来强制它超时。使用 subprocess.call。

cmds = "cd /etc/openvpn/easy-rsa && . ./vars && ./clean-all && ./pkitool --initca && ./pkitool --server && ./build-dh"
timeout = 60 * 10 # 10 minutes

try:
   ret_code = subprocess.call(cmds, shell=True, timeout=timeout)
   # return_code
except subprocess.TimeoutExpired: 
   # do_something()

call, check_call and check_output 接受超时参数。

Answer 3

导入时间模块并使用time.sleep(amount_of_seconds)。