- result = utils.RunCmd(["openssl", "req", "-new", "-newkey", "rsa:1024",
- "-days", str(validity), "-nodes", "-x509",
- "-keyout", tmp_file_name, "-out", tmp_file_name,
- "-batch"])
- if result.failed:
- raise errors.OpExecError("Could not generate SSL certificate, command"
- " %s had exitcode %s and error message %s" %
- (result.cmd, result.exit_code, result.output))
+ """
+ # noded SSL certificate
+ cluster_cert_exists = os.path.exists(nodecert_file)
+ if new_cluster_cert or not cluster_cert_exists:
+ if cluster_cert_exists:
+ utils.CreateBackup(nodecert_file)
+
+ logging.debug("Generating new cluster certificate at %s", nodecert_file)
+ utils.GenerateSelfSignedSslCert(nodecert_file)
+
+ # confd HMAC key
+ if new_confd_hmac_key or not os.path.exists(hmackey_file):
+ logging.debug("Writing new confd HMAC key to %s", hmackey_file)
+ GenerateHmacKey(hmackey_file)
+
+ # RAPI
+ rapi_cert_exists = os.path.exists(rapicert_file)
+
+ if rapi_cert_pem:
+ # Assume rapi_pem contains a valid PEM-formatted certificate and key
+ logging.debug("Writing RAPI certificate at %s", rapicert_file)
+ utils.WriteFile(rapicert_file, data=rapi_cert_pem, backup=True)
+
+ elif new_rapi_cert or not rapi_cert_exists:
+ if rapi_cert_exists:
+ utils.CreateBackup(rapicert_file)
+
+ logging.debug("Generating new RAPI certificate at %s", rapicert_file)
+ utils.GenerateSelfSignedSslCert(rapicert_file)
+
+ # SPICE
+ spice_cert_exists = os.path.exists(spicecert_file)
+ spice_cacert_exists = os.path.exists(spicecacert_file)
+ if spice_cert_pem:
+ # spice_cert_pem implies also spice_cacert_pem
+ logging.debug("Writing SPICE certificate at %s", spicecert_file)
+ utils.WriteFile(spicecert_file, data=spice_cert_pem, backup=True)
+ logging.debug("Writing SPICE CA certificate at %s", spicecacert_file)
+ utils.WriteFile(spicecacert_file, data=spice_cacert_pem, backup=True)
+ elif new_spice_cert or not spice_cert_exists:
+ if spice_cert_exists:
+ utils.CreateBackup(spicecert_file)
+ if spice_cacert_exists:
+ utils.CreateBackup(spicecacert_file)
+
+ logging.debug("Generating new self-signed SPICE certificate at %s",
+ spicecert_file)
+ (_, cert_pem) = utils.GenerateSelfSignedSslCert(spicecert_file)
+
+ # Self-signed certificate -> the public certificate is also the CA public
+ # certificate
+ logging.debug("Writing the public certificate to %s",
+ spicecert_file)
+ utils.io.WriteFile(spicecacert_file, mode=0400, data=cert_pem)
+
+ # Cluster domain secret
+ if cds:
+ logging.debug("Writing cluster domain secret to %s", cds_file)
+ utils.WriteFile(cds_file, data=cds, backup=True)
+
+ elif new_cds or not os.path.exists(cds_file):
+ logging.debug("Generating new cluster domain secret at %s", cds_file)
+ GenerateHmacKey(cds_file)
+
+
+def _InitGanetiServerSetup(master_name):
+ """Setup the necessary configuration for the initial node daemon.