Revision 2438c157 lib/bootstrap.py
| b/lib/bootstrap.py | ||
|---|---|---|
| 324 | 324 |
sshrunner = ssh.SshRunner(cluster_name) |
| 325 | 325 |
|
| 326 | 326 |
noded_cert = utils.ReadFile(constants.SSL_CERT_FILE) |
| 327 |
rapi_cert = utils.ReadFile(constants.RAPI_CERT_FILE) |
|
| 327 | 328 |
|
| 328 | 329 |
# in the base64 pem encoding, neither '!' nor '.' are valid chars, |
| 329 | 330 |
# so we use this to detect an invalid certificate; as long as the |
| 330 | 331 |
# cert doesn't contain this, the here-document will be correctly |
| 331 | 332 |
# parsed by the shell sequence below |
| 332 |
if re.search('^!EOF\.', noded_cert, re.MULTILINE):
|
|
| 333 |
if (re.search('^!EOF\.', noded_cert, re.MULTILINE) or
|
|
| 334 |
re.search('^!EOF\.', rapi_cert, re.MULTILINE)):
|
|
| 333 | 335 |
raise errors.OpExecError("invalid PEM encoding in the SSL certificate")
|
| 334 | 336 |
|
| 335 | 337 |
if not noded_cert.endswith("\n"):
|
| 336 | 338 |
noded_cert += "\n" |
| 339 |
if not rapi_cert.endswith("\n"):
|
|
| 340 |
rapi_cert += "\n" |
|
| 337 | 341 |
|
| 338 | 342 |
# set up inter-node password and certificate and restarts the node daemon |
| 339 | 343 |
# and then connect with ssh to set password and start ganeti-noded |
| ... | ... | |
| 341 | 345 |
# either by being constants or by the checks above |
| 342 | 346 |
mycommand = ("umask 077 && "
|
| 343 | 347 |
"cat > '%s' << '!EOF.' && \n" |
| 344 |
"%s!EOF.\n%s restart" % |
|
| 348 |
"%s!EOF.\n" |
|
| 349 |
"cat > '%s' << '!EOF.' && \n" |
|
| 350 |
"%s!EOF.\n" |
|
| 351 |
"%s restart" % |
|
| 345 | 352 |
(constants.SSL_CERT_FILE, noded_cert, |
| 353 |
constants.RAPI_CERT_FILE, rapi_cert, |
|
| 346 | 354 |
constants.NODE_INITD_SCRIPT)) |
| 347 | 355 |
|
| 348 | 356 |
result = sshrunner.Run(node, 'root', mycommand, batch=False, |
Also available in: Unified diff