Revision 8b72b05c
| b/Makefile.am | ||
|---|---|---|
| 514 | 514 |
echo "PKGLIBDIR = '$(pkglibdir)'"; \ |
| 515 | 515 |
echo "DRBD_BARRIERS = $(DRBD_BARRIERS)"; \ |
| 516 | 516 |
echo "SYSLOG_USAGE = '$(SYSLOG_USAGE)'"; \ |
| 517 |
echo "DAEMONS_GROUP = '$(DAEMONS_GROUP)'"; \ |
|
| 518 |
echo "MASTERD_USER = '$(MASTERD_USER)'"; \ |
|
| 519 |
echo "RAPI_USER = '$(RAPI_USER)'"; \ |
|
| 517 | 520 |
} > $@ |
| 518 | 521 |
|
| 519 | 522 |
$(REPLACE_VARS_SED): Makefile |
| b/daemons/ganeti-rapi | ||
|---|---|---|
| 214 | 214 |
|
| 215 | 215 |
ssconf.CheckMaster(options.debug) |
| 216 | 216 |
|
| 217 |
# Read SSL certificate (this is a little hackish to read the cert as root) |
|
| 218 |
if options.ssl: |
|
| 219 |
options.ssl_params = http.HttpSslParams(ssl_key_path=options.ssl_key, |
|
| 220 |
ssl_cert_path=options.ssl_cert) |
|
| 221 |
else: |
|
| 222 |
options.ssl_params = None |
|
| 223 |
|
|
| 217 | 224 |
|
| 218 | 225 |
def ExecRapi(options, _): |
| 219 | 226 |
"""Main remote API function, executed with the PID file held. |
| 220 | 227 |
|
| 221 | 228 |
""" |
| 222 |
# Read SSL certificate |
|
| 223 |
if options.ssl: |
|
| 224 |
ssl_params = http.HttpSslParams(ssl_key_path=options.ssl_key, |
|
| 225 |
ssl_cert_path=options.ssl_cert) |
|
| 226 |
else: |
|
| 227 |
ssl_params = None |
|
| 228 | 229 |
|
| 229 | 230 |
mainloop = daemon.Mainloop() |
| 230 | 231 |
server = RemoteApiHttpServer(mainloop, options.bind_address, options.port, |
| 231 |
ssl_params=ssl_params, ssl_verify_peer=False, |
|
| 232 |
ssl_params=options.ssl_params, |
|
| 233 |
ssl_verify_peer=False, |
|
| 232 | 234 |
request_executor_class=JsonErrorRequestExecutor) |
| 233 | 235 |
# pylint: disable-msg=E1101 |
| 234 | 236 |
# it seems pylint doesn't see the second parent class there |
| ... | ... | |
| 251 | 253 |
dirs.append((constants.LOG_OS_DIR, 0750)) |
| 252 | 254 |
daemon.GenericMain(constants.RAPI, parser, dirs, CheckRapi, ExecRapi, |
| 253 | 255 |
default_ssl_cert=constants.RAPI_CERT_FILE, |
| 254 |
default_ssl_key=constants.RAPI_CERT_FILE) |
|
| 256 |
default_ssl_key=constants.RAPI_CERT_FILE, |
|
| 257 |
user=constants.RAPI_USER, group=constants.DAEMONS_GROUP) |
|
| 255 | 258 |
|
| 256 | 259 |
|
| 257 | 260 |
if __name__ == "__main__": |
| b/lib/constants.py | ||
|---|---|---|
| 82 | 82 |
CONFIG_REVISION = 0 |
| 83 | 83 |
CONFIG_VERSION = BuildVersion(CONFIG_MAJOR, CONFIG_MINOR, CONFIG_REVISION) |
| 84 | 84 |
|
| 85 |
# user separation |
|
| 86 |
DAEMONS_GROUP = _autoconf.DAEMONS_GROUP |
|
| 87 |
MASTERD_USER = _autoconf.MASTERD_USER |
|
| 88 |
RAPI_USER = _autoconf.RAPI_USER |
|
| 89 |
|
|
| 85 | 90 |
# file paths |
| 86 | 91 |
DATA_DIR = _autoconf.LOCALSTATEDIR + "/lib/ganeti" |
| 87 | 92 |
RUN_DIR = _autoconf.LOCALSTATEDIR + "/run" |
| 88 | 93 |
RUN_GANETI_DIR = RUN_DIR + "/ganeti" |
| 89 | 94 |
BDEV_CACHE_DIR = RUN_GANETI_DIR + "/bdev-cache" |
| 90 | 95 |
DISK_LINKS_DIR = RUN_GANETI_DIR + "/instance-disks" |
| 91 |
RUN_DIRS_MODE = 0755
|
|
| 96 |
RUN_DIRS_MODE = 0775
|
|
| 92 | 97 |
SOCKET_DIR = RUN_GANETI_DIR + "/socket" |
| 93 | 98 |
SECURE_DIR_MODE = 0700 |
| 94 |
SOCKET_DIR_MODE = SECURE_DIR_MODE
|
|
| 99 |
SOCKET_DIR_MODE = 0750
|
|
| 95 | 100 |
CRYPTO_KEYS_DIR = RUN_GANETI_DIR + "/crypto" |
| 96 | 101 |
CRYPTO_KEYS_DIR_MODE = SECURE_DIR_MODE |
| 97 | 102 |
IMPORT_EXPORT_DIR = RUN_GANETI_DIR + "/import-export" |
Also available in: Unified diff