Revision 2438c157 lib/bootstrap.py
b/lib/bootstrap.py | ||
---|---|---|
324 | 324 |
sshrunner = ssh.SshRunner(cluster_name) |
325 | 325 |
|
326 | 326 |
noded_cert = utils.ReadFile(constants.SSL_CERT_FILE) |
327 |
rapi_cert = utils.ReadFile(constants.RAPI_CERT_FILE) |
|
327 | 328 |
|
328 | 329 |
# in the base64 pem encoding, neither '!' nor '.' are valid chars, |
329 | 330 |
# so we use this to detect an invalid certificate; as long as the |
330 | 331 |
# cert doesn't contain this, the here-document will be correctly |
331 | 332 |
# parsed by the shell sequence below |
332 |
if re.search('^!EOF\.', noded_cert, re.MULTILINE): |
|
333 |
if (re.search('^!EOF\.', noded_cert, re.MULTILINE) or |
|
334 |
re.search('^!EOF\.', rapi_cert, re.MULTILINE)): |
|
333 | 335 |
raise errors.OpExecError("invalid PEM encoding in the SSL certificate") |
334 | 336 |
|
335 | 337 |
if not noded_cert.endswith("\n"): |
336 | 338 |
noded_cert += "\n" |
339 |
if not rapi_cert.endswith("\n"): |
|
340 |
rapi_cert += "\n" |
|
337 | 341 |
|
338 | 342 |
# set up inter-node password and certificate and restarts the node daemon |
339 | 343 |
# and then connect with ssh to set password and start ganeti-noded |
... | ... | |
341 | 345 |
# either by being constants or by the checks above |
342 | 346 |
mycommand = ("umask 077 && " |
343 | 347 |
"cat > '%s' << '!EOF.' && \n" |
344 |
"%s!EOF.\n%s restart" % |
|
348 |
"%s!EOF.\n" |
|
349 |
"cat > '%s' << '!EOF.' && \n" |
|
350 |
"%s!EOF.\n" |
|
351 |
"%s restart" % |
|
345 | 352 |
(constants.SSL_CERT_FILE, noded_cert, |
353 |
constants.RAPI_CERT_FILE, rapi_cert, |
|
346 | 354 |
constants.NODE_INITD_SCRIPT)) |
347 | 355 |
|
348 | 356 |
result = sshrunner.Run(node, 'root', mycommand, batch=False, |
Also available in: Unified diff