Revision c4415fd5
b/lib/bootstrap.py | ||
---|---|---|
28 | 28 |
import sha |
29 | 29 |
import re |
30 | 30 |
import logging |
31 |
import tempfile |
|
31 | 32 |
|
32 | 33 |
from ganeti import rpc |
33 | 34 |
from ganeti import ssh |
... | ... | |
76 | 77 |
@param validity: Validity for certificate in days |
77 | 78 |
|
78 | 79 |
""" |
79 |
result = utils.RunCmd(["openssl", "req", "-new", "-newkey", "rsa:1024", |
|
80 |
"-days", str(validity), "-nodes", "-x509", |
|
81 |
"-keyout", file_name, "-out", file_name, "-batch"]) |
|
82 |
if result.failed: |
|
83 |
raise errors.OpExecError("Could not generate SSL certificate, command" |
|
84 |
" %s had exitcode %s and error message %s" % |
|
85 |
(result.cmd, result.exit_code, result.output)) |
|
86 |
|
|
87 |
os.chmod(file_name, 0400) |
|
80 |
(fd, tmp_file_name) = tempfile.mkstemp(dir=os.path.dirname(file_name)) |
|
81 |
try: |
|
82 |
# Set permissions before writing key |
|
83 |
os.chmod(tmp_file_name, 0600) |
|
84 |
|
|
85 |
result = utils.RunCmd(["openssl", "req", "-new", "-newkey", "rsa:1024", |
|
86 |
"-days", str(validity), "-nodes", "-x509", |
|
87 |
"-keyout", tmp_file_name, "-out", tmp_file_name, |
|
88 |
"-batch"]) |
|
89 |
if result.failed: |
|
90 |
raise errors.OpExecError("Could not generate SSL certificate, command" |
|
91 |
" %s had exitcode %s and error message %s" % |
|
92 |
(result.cmd, result.exit_code, result.output)) |
|
93 |
|
|
94 |
# Make read-only |
|
95 |
os.chmod(tmp_file_name, 0400) |
|
96 |
|
|
97 |
os.rename(tmp_file_name, file_name) |
|
98 |
finally: |
|
99 |
utils.RemoveFile(tmp_file_name) |
|
88 | 100 |
|
89 | 101 |
|
90 | 102 |
def _InitGanetiServerSetup(): |
Also available in: Unified diff