Revision 168c1de2
b/lib/backend.py | ||
---|---|---|
401 | 401 |
try: |
402 | 402 |
utils.RemoveFile(constants.HMAC_CLUSTER_KEY) |
403 | 403 |
utils.RemoveFile(constants.RAPI_CERT_FILE) |
404 |
utils.RemoveFile(constants.SSL_CERT_FILE)
|
|
404 |
utils.RemoveFile(constants.NODED_CERT_FILE)
|
|
405 | 405 |
except: # pylint: disable-msg=W0702 |
406 | 406 |
logging.exception("Error while removing cluster secrets") |
407 | 407 |
|
b/lib/bootstrap.py | ||
---|---|---|
125 | 125 |
@param rapi_cert_pem: New RAPI certificate in PEM format |
126 | 126 |
|
127 | 127 |
""" |
128 |
# SSL certificate |
|
129 |
cluster_cert_exists = os.path.exists(constants.SSL_CERT_FILE)
|
|
128 |
# noded SSL certificate
|
|
129 |
cluster_cert_exists = os.path.exists(constants.NODED_CERT_FILE)
|
|
130 | 130 |
if new_cluster_cert or not cluster_cert_exists: |
131 | 131 |
if cluster_cert_exists: |
132 |
utils.CreateBackup(constants.SSL_CERT_FILE)
|
|
132 |
utils.CreateBackup(constants.NODED_CERT_FILE)
|
|
133 | 133 |
|
134 | 134 |
logging.debug("Generating new cluster certificate at %s", |
135 |
constants.SSL_CERT_FILE)
|
|
136 |
GenerateSelfSignedSslCert(constants.SSL_CERT_FILE)
|
|
135 |
constants.NODED_CERT_FILE)
|
|
136 |
GenerateSelfSignedSslCert(constants.NODED_CERT_FILE)
|
|
137 | 137 |
|
138 | 138 |
# HMAC key |
139 | 139 |
if new_hmac_key or not os.path.exists(constants.HMAC_CLUSTER_KEY): |
... | ... | |
426 | 426 |
""" |
427 | 427 |
sshrunner = ssh.SshRunner(cluster_name) |
428 | 428 |
|
429 |
noded_cert = utils.ReadFile(constants.SSL_CERT_FILE)
|
|
429 |
noded_cert = utils.ReadFile(constants.NODED_CERT_FILE)
|
|
430 | 430 |
rapi_cert = utils.ReadFile(constants.RAPI_CERT_FILE) |
431 | 431 |
hmac_key = utils.ReadFile(constants.HMAC_CLUSTER_KEY) |
432 | 432 |
|
... | ... | |
459 | 459 |
"%s!EOF.\n" |
460 | 460 |
"chmod 0400 %s %s %s && " |
461 | 461 |
"%s start %s" % |
462 |
(constants.SSL_CERT_FILE, noded_cert,
|
|
462 |
(constants.NODED_CERT_FILE, noded_cert,
|
|
463 | 463 |
constants.RAPI_CERT_FILE, rapi_cert, |
464 | 464 |
constants.HMAC_CLUSTER_KEY, hmac_key, |
465 |
constants.SSL_CERT_FILE, constants.RAPI_CERT_FILE,
|
|
465 |
constants.NODED_CERT_FILE, constants.RAPI_CERT_FILE,
|
|
466 | 466 |
constants.HMAC_CLUSTER_KEY, |
467 | 467 |
constants.DAEMON_UTIL, constants.NODED)) |
468 | 468 |
|
b/lib/constants.py | ||
---|---|---|
97 | 97 |
LOCK_DIR = _autoconf.LOCALSTATEDIR + "/lock" |
98 | 98 |
SSCONF_LOCK_FILE = LOCK_DIR + "/ganeti-ssconf.lock" |
99 | 99 |
CLUSTER_CONF_FILE = DATA_DIR + "/config.data" |
100 |
SSL_CERT_FILE = DATA_DIR + "/server.pem"
|
|
100 |
NODED_CERT_FILE = DATA_DIR + "/server.pem"
|
|
101 | 101 |
RAPI_CERT_FILE = DATA_DIR + "/rapi.pem" |
102 | 102 |
HMAC_CLUSTER_KEY = DATA_DIR + "/hmac.key" |
103 | 103 |
WATCHER_STATEFILE = DATA_DIR + "/watcher.data" |
... | ... | |
114 | 114 |
TOOLSDIR = _autoconf.TOOLSDIR |
115 | 115 |
CONF_DIR = SYSCONFDIR + "/ganeti" |
116 | 116 |
|
117 |
ALL_CERT_FILES = frozenset([SSL_CERT_FILE, RAPI_CERT_FILE])
|
|
117 |
ALL_CERT_FILES = frozenset([NODED_CERT_FILE, RAPI_CERT_FILE])
|
|
118 | 118 |
|
119 | 119 |
MASTER_SOCKET = SOCKET_DIR + "/ganeti-master" |
120 | 120 |
|
... | ... | |
129 | 129 |
|
130 | 130 |
DAEMONS_SSL = { |
131 | 131 |
# daemon-name: (default-cert-path, default-key-path) |
132 |
NODED: (SSL_CERT_FILE, SSL_CERT_FILE),
|
|
132 |
NODED: (NODED_CERT_FILE, NODED_CERT_FILE),
|
|
133 | 133 |
RAPI: (RAPI_CERT_FILE, RAPI_CERT_FILE), |
134 | 134 |
} |
135 | 135 |
|
b/lib/rpc.py | ||
---|---|---|
185 | 185 |
self.nc = {} |
186 | 186 |
|
187 | 187 |
self._ssl_params = \ |
188 |
http.HttpSslParams(ssl_key_path=constants.SSL_CERT_FILE,
|
|
189 |
ssl_cert_path=constants.SSL_CERT_FILE)
|
|
188 |
http.HttpSslParams(ssl_key_path=constants.NODED_CERT_FILE,
|
|
189 |
ssl_cert_path=constants.NODED_CERT_FILE)
|
|
190 | 190 |
|
191 | 191 |
def ConnectList(self, node_list, address_list=None): |
192 | 192 |
"""Add a list of nodes to the target nodes. |
b/scripts/gnt-cluster | ||
---|---|---|
554 | 554 |
files_to_copy = [] |
555 | 555 |
|
556 | 556 |
if new_cluster_cert: |
557 |
files_to_copy.append(constants.SSL_CERT_FILE)
|
|
557 |
files_to_copy.append(constants.NODED_CERT_FILE)
|
|
558 | 558 |
|
559 | 559 |
if new_rapi_cert or rapi_cert_pem: |
560 | 560 |
files_to_copy.append(constants.RAPI_CERT_FILE) |
Also available in: Unified diff