Revision 827f753e lib/cmdlib.py

b/lib/cmdlib.py
1529 1529
    new_node = self.new_node
1530 1530
    node = new_node.name
1531 1531

  
1532
    # set up inter-node password and certificate and restarts the node daemon
1533
    gntpass = self.sstore.GetNodeDaemonPassword()
1534
    if not re.match('^[a-zA-Z0-9.]{1,64}$', gntpass):
1535
      raise errors.OpExecError("ganeti password corruption detected")
1536
    f = open(constants.SSL_CERT_FILE)
1537
    try:
1538
      gntpem = f.read(8192)
1539
    finally:
1540
      f.close()
1541
    # in the base64 pem encoding, neither '!' nor '.' are valid chars,
1542
    # so we use this to detect an invalid certificate; as long as the
1543
    # cert doesn't contain this, the here-document will be correctly
1544
    # parsed by the shell sequence below
1545
    if re.search('^!EOF\.', gntpem, re.MULTILINE):
1546
      raise errors.OpExecError("invalid PEM encoding in the SSL certificate")
1547
    if not gntpem.endswith("\n"):
1548
      raise errors.OpExecError("PEM must end with newline")
1549
    logger.Info("copy cluster pass to %s and starting the node daemon" % node)
1550

  
1551
    # and then connect with ssh to set password and start ganeti-noded
1552
    # note that all the below variables are sanitized at this point,
1553
    # either by being constants or by the checks above
1554
    ss = self.sstore
1555
    mycommand = ("umask 077 && "
1556
                 "echo '%s' > '%s' && "
1557
                 "cat > '%s' << '!EOF.' && \n"
1558
                 "%s!EOF.\n%s restart" %
1559
                 (gntpass, ss.KeyToFilename(ss.SS_NODED_PASS),
1560
                  constants.SSL_CERT_FILE, gntpem,
1561
                  constants.NODE_INITD_SCRIPT))
1562

  
1563
    result = self.ssh.Run(node, 'root', mycommand, batch=False, ask_key=True)
1564
    if result.failed:
1565
      raise errors.OpExecError("Remote command on node %s, error: %s,"
1566
                               " output: %s" %
1567
                               (node, result.fail_reason, result.output))
1568

  
1569 1532
    # check connectivity
1570
    time.sleep(4)
1571

  
1572 1533
    result = rpc.call_version([node])[node]
1573 1534
    if result:
1574 1535
      if constants.PROTOCOL_VERSION == result:

Also available in: Unified diff