Revision 3db3eb2a scripts/gnt-cluster
b/scripts/gnt-cluster | ||
---|---|---|
495 | 495 |
|
496 | 496 |
|
497 | 497 |
def _RenewCrypto(new_cluster_cert, new_rapi_cert, rapi_cert_filename, |
498 |
new_confd_hmac_key, force): |
|
498 |
new_confd_hmac_key, new_cds, cds_filename, |
|
499 |
force): |
|
499 | 500 |
"""Renews cluster certificates, keys and secrets. |
500 | 501 |
|
501 | 502 |
@type new_cluster_cert: bool |
... | ... | |
506 | 507 |
@param rapi_cert_filename: Path to file containing new RAPI certificate |
507 | 508 |
@type new_confd_hmac_key: bool |
508 | 509 |
@param new_confd_hmac_key: Whether to generate a new HMAC key |
510 |
@type new_cds: bool |
|
511 |
@param new_cds: Whether to generate a new cluster domain secret |
|
512 |
@type cds_filename: string |
|
513 |
@param cds_filename: Path to file containing new cluster domain secret |
|
509 | 514 |
@type force: bool |
510 | 515 |
@param force: Whether to ask user for confirmation |
511 | 516 |
|
... | ... | |
515 | 520 |
" options can be specified at the same time.") |
516 | 521 |
return 1 |
517 | 522 |
|
523 |
if new_cds and cds_filename: |
|
524 |
ToStderr("Only one of the --new-cluster-domain-secret and" |
|
525 |
" --cluster-domain-secret options can be specified at" |
|
526 |
" the same time.") |
|
527 |
return 1 |
|
528 |
|
|
518 | 529 |
if rapi_cert_filename: |
519 | 530 |
# Read and verify new certificate |
520 | 531 |
try: |
... | ... | |
537 | 548 |
else: |
538 | 549 |
rapi_cert_pem = None |
539 | 550 |
|
551 |
if cds_filename: |
|
552 |
try: |
|
553 |
cds = utils.ReadFile(cds_filename) |
|
554 |
except Exception, err: # pylint: disable-msg=W0703 |
|
555 |
ToStderr("Can't load new cluster domain secret from %s: %s" % |
|
556 |
(cds_filename, str(err))) |
|
557 |
return 1 |
|
558 |
else: |
|
559 |
cds = None |
|
560 |
|
|
540 | 561 |
if not force: |
541 | 562 |
usertext = ("This requires all daemons on all nodes to be restarted and" |
542 | 563 |
" may take some time. Continue?") |
... | ... | |
547 | 568 |
ctx.feedback_fn("Updating certificates and keys") |
548 | 569 |
bootstrap.GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, |
549 | 570 |
new_confd_hmac_key, |
550 |
rapi_cert_pem=rapi_cert_pem) |
|
571 |
new_cds, |
|
572 |
rapi_cert_pem=rapi_cert_pem, |
|
573 |
cds=cds) |
|
551 | 574 |
|
552 | 575 |
files_to_copy = [] |
553 | 576 |
|
... | ... | |
560 | 583 |
if new_confd_hmac_key: |
561 | 584 |
files_to_copy.append(constants.CONFD_HMAC_KEY) |
562 | 585 |
|
586 |
if new_cds or cds: |
|
587 |
files_to_copy.append(constants.CLUSTER_DOMAIN_SECRET_FILE) |
|
588 |
|
|
563 | 589 |
if files_to_copy: |
564 | 590 |
for node_name in ctx.nonmaster_nodes: |
565 | 591 |
ctx.feedback_fn("Copying %s to %s" % |
... | ... | |
583 | 609 |
opts.new_rapi_cert, |
584 | 610 |
opts.rapi_cert, |
585 | 611 |
opts.new_confd_hmac_key, |
612 |
opts.new_cluster_domain_secret, |
|
613 |
opts.cluster_domain_secret, |
|
586 | 614 |
opts.force) |
587 | 615 |
|
588 | 616 |
|
... | ... | |
789 | 817 |
"renew-crypto": ( |
790 | 818 |
RenewCrypto, ARGS_NONE, |
791 | 819 |
[NEW_CLUSTER_CERT_OPT, NEW_RAPI_CERT_OPT, RAPI_CERT_OPT, |
792 |
NEW_CONFD_HMAC_KEY_OPT, FORCE_OPT], |
|
820 |
NEW_CONFD_HMAC_KEY_OPT, FORCE_OPT, |
|
821 |
NEW_CLUSTER_DOMAIN_SECRET_OPT, CLUSTER_DOMAIN_SECRET_OPT], |
|
793 | 822 |
"[opts...]", |
794 | 823 |
"Renews cluster certificates, keys and secrets"), |
795 | 824 |
} |
Also available in: Unified diff