Revision 3db3eb2a lib/bootstrap.py
b/lib/bootstrap.py | ||
---|---|---|
77 | 77 |
|
78 | 78 |
|
79 | 79 |
def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_confd_hmac_key, |
80 |
rapi_cert_pem=None):
|
|
80 |
new_cds, rapi_cert_pem=None, cds=None):
|
|
81 | 81 |
"""Updates the cluster certificates, keys and secrets. |
82 | 82 |
|
83 | 83 |
@type new_cluster_cert: bool |
... | ... | |
86 | 86 |
@param new_rapi_cert: Whether to generate a new RAPI certificate |
87 | 87 |
@type new_confd_hmac_key: bool |
88 | 88 |
@param new_confd_hmac_key: Whether to generate a new HMAC key |
89 |
@type new_cds: bool |
|
90 |
@param new_cds: Whether to generate a new cluster domain secret |
|
89 | 91 |
@type rapi_cert_pem: string |
90 | 92 |
@param rapi_cert_pem: New RAPI certificate in PEM format |
93 |
@type cds: string |
|
94 |
@param cds: New cluster domain secret |
|
91 | 95 |
|
92 | 96 |
""" |
93 | 97 |
# noded SSL certificate |
... | ... | |
122 | 126 |
constants.RAPI_CERT_FILE) |
123 | 127 |
utils.GenerateSelfSignedSslCert(constants.RAPI_CERT_FILE) |
124 | 128 |
|
129 |
# Cluster domain secret |
|
130 |
if cds: |
|
131 |
logging.debug("Writing cluster domain secret to %s", |
|
132 |
constants.CLUSTER_DOMAIN_SECRET_FILE) |
|
133 |
utils.WriteFile(constants.CLUSTER_DOMAIN_SECRET_FILE, |
|
134 |
data=cds, backup=True) |
|
135 |
|
|
136 |
elif new_cds or not os.path.exists(constants.CLUSTER_DOMAIN_SECRET_FILE): |
|
137 |
logging.debug("Generating new cluster domain secret at %s", |
|
138 |
constants.CLUSTER_DOMAIN_SECRET_FILE) |
|
139 |
GenerateHmacKey(constants.CLUSTER_DOMAIN_SECRET_FILE) |
|
140 |
|
|
125 | 141 |
|
126 | 142 |
def _InitGanetiServerSetup(master_name): |
127 | 143 |
"""Setup the necessary configuration for the initial node daemon. |
... | ... | |
131 | 147 |
|
132 | 148 |
""" |
133 | 149 |
# Generate cluster secrets |
134 |
GenerateClusterCrypto(True, False, False) |
|
150 |
GenerateClusterCrypto(True, False, False, False)
|
|
135 | 151 |
|
136 | 152 |
result = utils.RunCmd([constants.DAEMON_UTIL, "start", constants.NODED]) |
137 | 153 |
if result.failed: |
... | ... | |
415 | 431 |
# and then connect with ssh to set password and start ganeti-noded |
416 | 432 |
# note that all the below variables are sanitized at this point, |
417 | 433 |
# either by being constants or by the checks above |
434 |
# TODO: Could this command exceed a shell's maximum command length? |
|
418 | 435 |
mycommand = ("umask 077 && " |
419 | 436 |
"cat > '%s' << '!EOF.' && \n" |
420 | 437 |
"%s!EOF.\n" |
Also available in: Unified diff