Fix cfgupgrade with non-default DATA_DIR

Commit 43575108 added bootstrap.GenerateclusterCrypto and commit
7506a7f1 changed cfgupgrade to use it. However, this lost the
functionality of upgrading in non-default DATA_DIR.

To fix this, we enhance bootstrap.GenerateclusterCrypto to accept custom
file paths for the three files it modifies. If more files will be needed
in the future, we could just pass in modified DATA_DIR, but for now it
suffices.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: René Nussbaumer <rn@google.com>

diff --git a/lib/bootstrap.py b/lib/bootstrap.py
index 4763c84..24aa524 100644 (file)
--- a/lib/bootstrap.py
+++ b/lib/bootstrap.py
@@ -112,7 +112,10 @@ def GenerateHmacKey(file_name):
 
 
 def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_confd_hmac_key,
-                          rapi_cert_pem=None):
+                          rapi_cert_pem=None,
+                          nodecert_file=constants.NODED_CERT_FILE,
+                          rapicert_file=constants.RAPI_CERT_FILE,
+                          hmackey_file=constants.CONFD_HMAC_KEY):
   """Updates the cluster certificates, keys and secrets.
 
   @type new_cluster_cert: bool
@@ -123,39 +126,42 @@ def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_confd_hmac_key,
   @param new_confd_hmac_key: Whether to generate a new HMAC key
   @type rapi_cert_pem: string
   @param rapi_cert_pem: New RAPI certificate in PEM format
+  @type nodecert_file: string
+  @param nodecert_file: optional override of the node cert file path
+  @type rapicert_file: string
+  @param rapicert_file: optional override of the rapi cert file path
+  @type hmackey_file: string
+  @param hmackey_file: optional override of the hmac key file path
 
   """
   # noded SSL certificate
-  cluster_cert_exists = os.path.exists(constants.NODED_CERT_FILE)
+  cluster_cert_exists = os.path.exists(nodecert_file)
   if new_cluster_cert or not cluster_cert_exists:
     if cluster_cert_exists:
-      utils.CreateBackup(constants.NODED_CERT_FILE)
+      utils.CreateBackup(nodecert_file)
 
-    logging.debug("Generating new cluster certificate at %s",
-                  constants.NODED_CERT_FILE)
-    GenerateSelfSignedSslCert(constants.NODED_CERT_FILE)
+    logging.debug("Generating new cluster certificate at %s", nodecert_file)
+    GenerateSelfSignedSslCert(nodecert_file)
 
   # confd HMAC key
-  if new_confd_hmac_key or not os.path.exists(constants.CONFD_HMAC_KEY):
-    logging.debug("Writing new confd HMAC key to %s", constants.CONFD_HMAC_KEY)
-    GenerateHmacKey(constants.CONFD_HMAC_KEY)
+  if new_confd_hmac_key or not os.path.exists(hmackey_file):
+    logging.debug("Writing new confd HMAC key to %s", hmackey_file)
+    GenerateHmacKey(hmackey_file)
 
   # RAPI
-  rapi_cert_exists = os.path.exists(constants.RAPI_CERT_FILE)
+  rapi_cert_exists = os.path.exists(rapicert_file)
 
   if rapi_cert_pem:
     # Assume rapi_pem contains a valid PEM-formatted certificate and key
-    logging.debug("Writing RAPI certificate at %s",
-                  constants.RAPI_CERT_FILE)
-    utils.WriteFile(constants.RAPI_CERT_FILE, data=rapi_cert_pem, backup=True)
+    logging.debug("Writing RAPI certificate at %s", rapicert_file)
+    utils.WriteFile(rapicert_file, data=rapi_cert_pem, backup=True)
 
   elif new_rapi_cert or not rapi_cert_exists:
     if rapi_cert_exists:
-      utils.CreateBackup(constants.RAPI_CERT_FILE)
+      utils.CreateBackup(rapicert_file)
 
-    logging.debug("Generating new RAPI certificate at %s",
-                  constants.RAPI_CERT_FILE)
-    GenerateSelfSignedSslCert(constants.RAPI_CERT_FILE)
+    logging.debug("Generating new RAPI certificate at %s", rapicert_file)
+    GenerateSelfSignedSslCert(rapicert_file)
 
 
 def _InitGanetiServerSetup(master_name):

diff --git a/tools/cfgupgrade b/tools/cfgupgrade
index fa6a819..2143ba0 100755 (executable)
--- a/tools/cfgupgrade
+++ b/tools/cfgupgrade
@@ -1,7 +1,7 @@
 #!/usr/bin/python
 #
 
-# Copyright (C) 2007, 2008, 2009 Google Inc.
+# Copyright (C) 2007, 2008, 2009, 2010 Google Inc.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -174,7 +174,10 @@ def main():
                     backup=True)
 
     if not options.dry_run:
-      bootstrap.GenerateClusterCrypto(False, False, False)
+      bootstrap.GenerateClusterCrypto(False, False, False,
+                                      nodecert_file=options.SERVER_PEM_PATH,
+                                      rapicert_file=options.RAPI_CERT_FILE,
+                                      hmackey_file=options.CONFD_HMAC_KEY)
 
   except:
     logging.critical("Writing configuration failed. It is probably in an"