Revision 3db3eb2a scripts/gnt-cluster

b/scripts/gnt-cluster
495 495

  
496 496

  
497 497
def _RenewCrypto(new_cluster_cert, new_rapi_cert, rapi_cert_filename,
498
                 new_confd_hmac_key, force):
498
                 new_confd_hmac_key, new_cds, cds_filename,
499
                 force):
499 500
  """Renews cluster certificates, keys and secrets.
500 501

  
501 502
  @type new_cluster_cert: bool
......
506 507
  @param rapi_cert_filename: Path to file containing new RAPI certificate
507 508
  @type new_confd_hmac_key: bool
508 509
  @param new_confd_hmac_key: Whether to generate a new HMAC key
510
  @type new_cds: bool
511
  @param new_cds: Whether to generate a new cluster domain secret
512
  @type cds_filename: string
513
  @param cds_filename: Path to file containing new cluster domain secret
509 514
  @type force: bool
510 515
  @param force: Whether to ask user for confirmation
511 516

  
......
515 520
             " options can be specified at the same time.")
516 521
    return 1
517 522

  
523
  if new_cds and cds_filename:
524
    ToStderr("Only one of the --new-cluster-domain-secret and"
525
             " --cluster-domain-secret options can be specified at"
526
             " the same time.")
527
    return 1
528

  
518 529
  if rapi_cert_filename:
519 530
    # Read and verify new certificate
520 531
    try:
......
537 548
  else:
538 549
    rapi_cert_pem = None
539 550

  
551
  if cds_filename:
552
    try:
553
      cds = utils.ReadFile(cds_filename)
554
    except Exception, err: # pylint: disable-msg=W0703
555
      ToStderr("Can't load new cluster domain secret from %s: %s" %
556
               (cds_filename, str(err)))
557
      return 1
558
  else:
559
    cds = None
560

  
540 561
  if not force:
541 562
    usertext = ("This requires all daemons on all nodes to be restarted and"
542 563
                " may take some time. Continue?")
......
547 568
    ctx.feedback_fn("Updating certificates and keys")
548 569
    bootstrap.GenerateClusterCrypto(new_cluster_cert, new_rapi_cert,
549 570
                                    new_confd_hmac_key,
550
                                    rapi_cert_pem=rapi_cert_pem)
571
                                    new_cds,
572
                                    rapi_cert_pem=rapi_cert_pem,
573
                                    cds=cds)
551 574

  
552 575
    files_to_copy = []
553 576

  
......
560 583
    if new_confd_hmac_key:
561 584
      files_to_copy.append(constants.CONFD_HMAC_KEY)
562 585

  
586
    if new_cds or cds:
587
      files_to_copy.append(constants.CLUSTER_DOMAIN_SECRET_FILE)
588

  
563 589
    if files_to_copy:
564 590
      for node_name in ctx.nonmaster_nodes:
565 591
        ctx.feedback_fn("Copying %s to %s" %
......
583 609
                      opts.new_rapi_cert,
584 610
                      opts.rapi_cert,
585 611
                      opts.new_confd_hmac_key,
612
                      opts.new_cluster_domain_secret,
613
                      opts.cluster_domain_secret,
586 614
                      opts.force)
587 615

  
588 616

  
......
789 817
  "renew-crypto": (
790 818
    RenewCrypto, ARGS_NONE,
791 819
    [NEW_CLUSTER_CERT_OPT, NEW_RAPI_CERT_OPT, RAPI_CERT_OPT,
792
     NEW_CONFD_HMAC_KEY_OPT, FORCE_OPT],
820
     NEW_CONFD_HMAC_KEY_OPT, FORCE_OPT,
821
     NEW_CLUSTER_DOMAIN_SECRET_OPT, CLUSTER_DOMAIN_SECRET_OPT],
793 822
    "[opts...]",
794 823
    "Renews cluster certificates, keys and secrets"),
795 824
  }

Also available in: Unified diff