return backend.ValidateHVParams(hvname, hvparams)
-def CheckNODED(options, args):
- """Initial checks whether to run exit with a failure
-
- """
- for fname in (constants.SSL_CERT_FILE,):
- if not os.path.isfile(fname):
- print "config %s not there, will not run." % fname
- sys.exit(constants.EXIT_NOTCLUSTER)
-
-
def ExecNODED(options, args):
"""Main NODED function, executed with the pidfile held.
global queue_lock
# Read SSL certificate
- ssl_params = http.HttpSslParams(ssl_key_path=constants.SSL_CERT_FILE,
- ssl_cert_path=constants.SSL_CERT_FILE)
+ if options.ssl:
+ ssl_params = http.HttpSslParams(ssl_key_path=options.ssl_key,
+ ssl_cert_path=options.ssl_cert)
+ else:
+ ssl_params = None
# Prepare job queue
queue_lock = jstore.InitAndVerifyQueue(must_lock=False)
dirs = [(val, constants.RUN_DIRS_MODE) for val in constants.SUB_RUN_DIRS]
dirs.append((constants.LOG_OS_DIR, 0750))
dirs.append((constants.LOCK_DIR, 1777))
- daemon.GenericMain(constants.NODED, parser, dirs, CheckNODED, ExecNODED)
+ daemon.GenericMain(constants.NODED, parser, dirs, None, ExecNODED)
if __name__ == '__main__':
sys.argv[0]
sys.exit(constants.EXIT_FAILURE)
- if options.ssl:
- if not (options.ssl_cert and options.ssl_key):
- print >> sys.stderr, ("For secure mode please provide "
- "--ssl-key and --ssl-cert arguments")
- sys.exit(constants.EXIT_FAILURE)
- for fname in (options.ssl_cert, options.ssl_key):
- if not os.path.isfile(fname):
- print >> sys.stderr, "config %s not there, will not run." % fname
- sys.exit(constants.EXIT_FAILURE)
-
ssconf.CheckMaster(options.debug)
parser = optparse.OptionParser(description="Ganeti Remote API",
usage="%prog [-f] [-d] [-p port] [-b ADDRESS]",
version="%%prog (ganeti) %s" % constants.RAPI_VERSION)
- parser.add_option("--no-ssl", dest="ssl",
- help="Do not secure HTTP protocol with SSL",
- default=True, action="store_false")
- parser.add_option("-K", "--ssl-key", dest="ssl_key",
- help="SSL key",
- default=constants.RAPI_CERT_FILE, type="string")
- parser.add_option("-C", "--ssl-cert", dest="ssl_cert",
- help="SSL certificate",
- default=constants.RAPI_CERT_FILE, type="string")
dirs = [(val, constants.RUN_DIRS_MODE) for val in constants.SUB_RUN_DIRS]
dirs.append((constants.LOG_OS_DIR, 0750))
MULTITHREADED_DAEMONS = frozenset([MASTERD])
+DAEMONS_SSL = {
+ # daemon-name: (default-cert-path, default-key-path)
+ NODED: (SSL_CERT_FILE, SSL_CERT_FILE),
+ RAPI: (RAPI_CERT_FILE, RAPI_CERT_FILE),
+}
+
DAEMONS_PORTS = {
# daemon-name: ("proto", "default-port")
NODED: ("tcp", 1811),
"""Module with helper classes and functions for daemons"""
+import os
import select
import signal
import errno
help="Bind address",
default="", metavar="ADDRESS")
+ if daemon_name in constants.DAEMONS_SSL:
+ default_cert, default_key = constants.DAEMONS_SSL[daemon_name]
+ optionparser.add_option("--no-ssl", dest="ssl",
+ help="Do not secure HTTP protocol with SSL",
+ default=True, action="store_false")
+ optionparser.add_option("-K", "--ssl-key", dest="ssl_key",
+ help="SSL key",
+ default=default_key, type="string")
+ optionparser.add_option("-C", "--ssl-cert", dest="ssl_cert",
+ help="SSL certificate",
+ default=default_cert, type="string")
+
multithread = utils.no_fork = daemon_name in constants.MULTITHREADED_DAEMONS
options, args = optionparser.parse_args()
- check_fn(options, args)
+ if hasattr(options, 'ssl') and options.ssl:
+ if not (options.ssl_cert and options.ssl_key):
+ print >> sys.stderr, "Need key and certificate to use ssl"
+ sys.exit(constants.EXIT_FAILURE)
+ for fname in (options.ssl_cert, options.ssl_key):
+ if not os.path.isfile(fname):
+ print >> sys.stderr, "Need ssl file %s to run" % fname
+ sys.exit(constants.EXIT_FAILURE)
+
+ if check_fn is not None:
+ check_fn(options, args)
+
utils.EnsureDirs(dirs)
if options.fork: