Revision 8b72b05c
b/Makefile.am | ||
---|---|---|
514 | 514 |
echo "PKGLIBDIR = '$(pkglibdir)'"; \ |
515 | 515 |
echo "DRBD_BARRIERS = $(DRBD_BARRIERS)"; \ |
516 | 516 |
echo "SYSLOG_USAGE = '$(SYSLOG_USAGE)'"; \ |
517 |
echo "DAEMONS_GROUP = '$(DAEMONS_GROUP)'"; \ |
|
518 |
echo "MASTERD_USER = '$(MASTERD_USER)'"; \ |
|
519 |
echo "RAPI_USER = '$(RAPI_USER)'"; \ |
|
517 | 520 |
} > $@ |
518 | 521 |
|
519 | 522 |
$(REPLACE_VARS_SED): Makefile |
b/daemons/ganeti-rapi | ||
---|---|---|
214 | 214 |
|
215 | 215 |
ssconf.CheckMaster(options.debug) |
216 | 216 |
|
217 |
# Read SSL certificate (this is a little hackish to read the cert as root) |
|
218 |
if options.ssl: |
|
219 |
options.ssl_params = http.HttpSslParams(ssl_key_path=options.ssl_key, |
|
220 |
ssl_cert_path=options.ssl_cert) |
|
221 |
else: |
|
222 |
options.ssl_params = None |
|
223 |
|
|
217 | 224 |
|
218 | 225 |
def ExecRapi(options, _): |
219 | 226 |
"""Main remote API function, executed with the PID file held. |
220 | 227 |
|
221 | 228 |
""" |
222 |
# Read SSL certificate |
|
223 |
if options.ssl: |
|
224 |
ssl_params = http.HttpSslParams(ssl_key_path=options.ssl_key, |
|
225 |
ssl_cert_path=options.ssl_cert) |
|
226 |
else: |
|
227 |
ssl_params = None |
|
228 | 229 |
|
229 | 230 |
mainloop = daemon.Mainloop() |
230 | 231 |
server = RemoteApiHttpServer(mainloop, options.bind_address, options.port, |
231 |
ssl_params=ssl_params, ssl_verify_peer=False, |
|
232 |
ssl_params=options.ssl_params, |
|
233 |
ssl_verify_peer=False, |
|
232 | 234 |
request_executor_class=JsonErrorRequestExecutor) |
233 | 235 |
# pylint: disable-msg=E1101 |
234 | 236 |
# it seems pylint doesn't see the second parent class there |
... | ... | |
251 | 253 |
dirs.append((constants.LOG_OS_DIR, 0750)) |
252 | 254 |
daemon.GenericMain(constants.RAPI, parser, dirs, CheckRapi, ExecRapi, |
253 | 255 |
default_ssl_cert=constants.RAPI_CERT_FILE, |
254 |
default_ssl_key=constants.RAPI_CERT_FILE) |
|
256 |
default_ssl_key=constants.RAPI_CERT_FILE, |
|
257 |
user=constants.RAPI_USER, group=constants.DAEMONS_GROUP) |
|
255 | 258 |
|
256 | 259 |
|
257 | 260 |
if __name__ == "__main__": |
b/lib/constants.py | ||
---|---|---|
82 | 82 |
CONFIG_REVISION = 0 |
83 | 83 |
CONFIG_VERSION = BuildVersion(CONFIG_MAJOR, CONFIG_MINOR, CONFIG_REVISION) |
84 | 84 |
|
85 |
# user separation |
|
86 |
DAEMONS_GROUP = _autoconf.DAEMONS_GROUP |
|
87 |
MASTERD_USER = _autoconf.MASTERD_USER |
|
88 |
RAPI_USER = _autoconf.RAPI_USER |
|
89 |
|
|
85 | 90 |
# file paths |
86 | 91 |
DATA_DIR = _autoconf.LOCALSTATEDIR + "/lib/ganeti" |
87 | 92 |
RUN_DIR = _autoconf.LOCALSTATEDIR + "/run" |
88 | 93 |
RUN_GANETI_DIR = RUN_DIR + "/ganeti" |
89 | 94 |
BDEV_CACHE_DIR = RUN_GANETI_DIR + "/bdev-cache" |
90 | 95 |
DISK_LINKS_DIR = RUN_GANETI_DIR + "/instance-disks" |
91 |
RUN_DIRS_MODE = 0755
|
|
96 |
RUN_DIRS_MODE = 0775
|
|
92 | 97 |
SOCKET_DIR = RUN_GANETI_DIR + "/socket" |
93 | 98 |
SECURE_DIR_MODE = 0700 |
94 |
SOCKET_DIR_MODE = SECURE_DIR_MODE
|
|
99 |
SOCKET_DIR_MODE = 0750
|
|
95 | 100 |
CRYPTO_KEYS_DIR = RUN_GANETI_DIR + "/crypto" |
96 | 101 |
CRYPTO_KEYS_DIR_MODE = SECURE_DIR_MODE |
97 | 102 |
IMPORT_EXPORT_DIR = RUN_GANETI_DIR + "/import-export" |
Also available in: Unified diff