Currently, ConfD must be able to access server.pem (though this is likely to
change in the future). If this is not true, all sorts of weird things happen,
such as "gnt-node list" printing lots of question marks instead of actual
data, with no meaningful error.
This patch adds a check for the proper access permission to
"gnt-cluster verify".
Fixes Issue 518.
Signed-off-by: Michele Tartara <mtartara@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>
(errcode, msg) = _VerifyCertificate(cert_filename)
self._ErrorIf(errcode, constants.CV_ECLUSTERCERT, None, msg, code=errcode)
+ self._ErrorIf(not utils.CanRead(constants.CONFD_USER,
+ pathutils.NODED_CERT_FILE),
+ constants.CV_ECLUSTERCERT,
+ None,
+ pathutils.NODED_CERT_FILE + " must be accessible by the " +
+ constants.CONFD_USER + " user")
+
feedback_fn("* Verifying hypervisor parameters")
self._VerifyHVP(_GetAllHypervisorParameters(self.cfg.GetClusterInfo(),