def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_confd_hmac_key,
- new_cds, rapi_cert_pem=None, cds=None):
- rapi_cert_pem=None,
++ new_cds, rapi_cert_pem=None, cds=None,
+ nodecert_file=constants.NODED_CERT_FILE,
+ rapicert_file=constants.RAPI_CERT_FILE,
+ hmackey_file=constants.CONFD_HMAC_KEY):
"""Updates the cluster certificates, keys and secrets.
@type new_cluster_cert: bool
@param new_rapi_cert: Whether to generate a new RAPI certificate
@type new_confd_hmac_key: bool
@param new_confd_hmac_key: Whether to generate a new HMAC key
+ @type new_cds: bool
+ @param new_cds: Whether to generate a new cluster domain secret
@type rapi_cert_pem: string
@param rapi_cert_pem: New RAPI certificate in PEM format
+ @type cds: string
+ @param cds: New cluster domain secret
+ @type nodecert_file: string
+ @param nodecert_file: optional override of the node cert file path
+ @type rapicert_file: string
+ @param rapicert_file: optional override of the rapi cert file path
+ @type hmackey_file: string
+ @param hmackey_file: optional override of the hmac key file path
"""
# noded SSL certificate
- cluster_cert_exists = os.path.exists(constants.NODED_CERT_FILE)
+ cluster_cert_exists = os.path.exists(nodecert_file)
if new_cluster_cert or not cluster_cert_exists:
if cluster_cert_exists:
- utils.CreateBackup(constants.NODED_CERT_FILE)
+ utils.CreateBackup(nodecert_file)
- logging.debug("Generating new cluster certificate at %s",
- constants.NODED_CERT_FILE)
- utils.GenerateSelfSignedSslCert(constants.NODED_CERT_FILE)
+ logging.debug("Generating new cluster certificate at %s", nodecert_file)
- GenerateSelfSignedSslCert(nodecert_file)
++ utils.GenerateSelfSignedSslCert(nodecert_file)
# confd HMAC key
- if new_confd_hmac_key or not os.path.exists(constants.CONFD_HMAC_KEY):
- logging.debug("Writing new confd HMAC key to %s", constants.CONFD_HMAC_KEY)
- GenerateHmacKey(constants.CONFD_HMAC_KEY)
+ if new_confd_hmac_key or not os.path.exists(hmackey_file):
+ logging.debug("Writing new confd HMAC key to %s", hmackey_file)
+ GenerateHmacKey(hmackey_file)
# RAPI
- rapi_cert_exists = os.path.exists(constants.RAPI_CERT_FILE)
+ rapi_cert_exists = os.path.exists(rapicert_file)
if rapi_cert_pem:
# Assume rapi_pem contains a valid PEM-formatted certificate and key
elif new_rapi_cert or not rapi_cert_exists:
if rapi_cert_exists:
- utils.CreateBackup(constants.RAPI_CERT_FILE)
+ utils.CreateBackup(rapicert_file)
- logging.debug("Generating new RAPI certificate at %s",
- constants.RAPI_CERT_FILE)
- utils.GenerateSelfSignedSslCert(constants.RAPI_CERT_FILE)
+ logging.debug("Generating new RAPI certificate at %s", rapicert_file)
- GenerateSelfSignedSslCert(rapicert_file)
++ utils.GenerateSelfSignedSslCert(rapicert_file)
+
+ # Cluster domain secret
+ if cds:
+ logging.debug("Writing cluster domain secret to %s",
+ constants.CLUSTER_DOMAIN_SECRET_FILE)
+ utils.WriteFile(constants.CLUSTER_DOMAIN_SECRET_FILE,
+ data=cds, backup=True)
+
+ elif new_cds or not os.path.exists(constants.CLUSTER_DOMAIN_SECRET_FILE):
+ logging.debug("Generating new cluster domain secret at %s",
+ constants.CLUSTER_DOMAIN_SECRET_FILE)
+ GenerateHmacKey(constants.CLUSTER_DOMAIN_SECRET_FILE)
def _InitGanetiServerSetup(master_name):
else:
network_port = None
- # this is needed because os.path.join does not accept None arguments
- if self.op.file_storage_dir is None:
- string_file_storage_dir = ""
- else:
- string_file_storage_dir = self.op.file_storage_dir
+ if constants.ENABLE_FILE_STORAGE:
+ # this is needed because os.path.join does not accept None arguments
+ if self.op.file_storage_dir is None:
+ string_file_storage_dir = ""
+ else:
+ string_file_storage_dir = self.op.file_storage_dir
- # build the full file storage dir path
- file_storage_dir = utils.PathJoin(self.cfg.GetFileStorageDir(),
- string_file_storage_dir, instance)
+ # build the full file storage dir path
+ file_storage_dir = utils.PathJoin(self.cfg.GetFileStorageDir(),
+ string_file_storage_dir, instance)
+ else:
+ file_storage_dir = ""
-
disks = _GenerateDiskTemplate(self,
self.op.disk_template,
instance, pnode_name,