Revision 28756f80
b/lib/cmdlib/common.py | ||
---|---|---|
1237 | 1237 |
assert crypto_type == constants.CRYPTO_TYPE_SSL_DIGEST |
1238 | 1238 |
|
1239 | 1239 |
utils.AddNodeToCandidateCerts(node_uuid, digest, cluster.candidate_certs) |
1240 |
|
|
1241 |
|
|
1242 |
def RemoveNodeCertFromCandidateCerts(node_uuid, cluster): |
|
1243 |
"""Removes the node's certificate from the candidate certificates list. |
|
1244 |
|
|
1245 |
@type node_uuid: string |
|
1246 |
@param node_uuid: the node's UUID |
|
1247 |
@type cluster: C{objects.Cluster} |
|
1248 |
@param cluster: the cluster's configuration |
|
1249 |
|
|
1250 |
""" |
|
1251 |
utils.RemoveNodeFromCandidateCerts(node_uuid, cluster.candidate_certs) |
|
1252 |
|
|
1253 |
|
|
1254 |
def CreateNewClientCert(self, node_uuid, filename=None): |
|
1255 |
"""Creates a new client SSL certificate for the node. |
|
1256 |
|
|
1257 |
@type node_uuid: string |
|
1258 |
@param node_uuid: the node's UUID |
|
1259 |
@type filename: string |
|
1260 |
@param filename: the certificate's filename |
|
1261 |
@rtype: string |
|
1262 |
@return: the digest of the newly created certificate |
|
1263 |
|
|
1264 |
""" |
|
1265 |
options = {} |
|
1266 |
if filename: |
|
1267 |
options[constants.CRYPTO_OPTION_CERT_FILE] = filename |
|
1268 |
result = self.rpc.call_node_crypto_tokens( |
|
1269 |
node_uuid, |
|
1270 |
[(constants.CRYPTO_TYPE_SSL_DIGEST, |
|
1271 |
constants.CRYPTO_ACTION_CREATE, |
|
1272 |
options)]) |
|
1273 |
result.Raise("Could not create the node's (uuid %s) SSL client" |
|
1274 |
" certificate." % node_uuid) |
|
1275 |
((crypto_type, new_digest), ) = result.payload |
|
1276 |
assert crypto_type == constants.CRYPTO_TYPE_SSL_DIGEST |
|
1277 |
return new_digest |
b/lib/cmdlib/node.py | ||
---|---|---|
42 | 42 |
CheckInstanceState, INSTANCE_DOWN, GetUpdatedParams, \ |
43 | 43 |
AdjustCandidatePool, CheckIAllocatorOrNode, LoadNodeEvacResult, \ |
44 | 44 |
GetWantedNodes, MapInstanceLvsToNodes, RunPostHook, \ |
45 |
FindFaultyInstanceDisks, CheckStorageTypeEnabled, AddNodeCertToCandidateCerts |
|
45 |
FindFaultyInstanceDisks, CheckStorageTypeEnabled, CreateNewClientCert, \ |
|
46 |
AddNodeCertToCandidateCerts, RemoveNodeCertFromCandidateCerts |
|
46 | 47 |
|
47 | 48 |
|
48 | 49 |
def _DecideSelfPromotion(lu, exceptions=None): |
... | ... | |
416 | 417 |
|
417 | 418 |
cluster = self.cfg.GetClusterInfo() |
418 | 419 |
if self.new_node.master_candidate: |
419 |
AddNodeCertToCandidateCerts(self, self.new_node.uuid, cluster) |
|
420 |
# We create a new certificate even if the node is readded |
|
421 |
digest = CreateNewClientCert(self, self.new_node.uuid) |
|
422 |
utils.AddNodeToCandidateCerts(self.new_node.uuid, digest, |
|
423 |
cluster.candidate_certs) |
|
420 | 424 |
self.cfg.Update(cluster, feedback_fn) |
421 | 425 |
else: |
422 | 426 |
if self.new_node.uuid in cluster.candidate_certs: |
... | ... | |
780 | 784 |
if self.lock_all: |
781 | 785 |
AdjustCandidatePool(self, [node.uuid]) |
782 | 786 |
|
787 |
cluster = self.cfg.GetClusterInfo() |
|
788 |
# if node gets promoted, grant RPC priviledges |
|
789 |
if self.new_role == self._ROLE_CANDIDATE: |
|
790 |
AddNodeCertToCandidateCerts(self, node.uuid, cluster) |
|
791 |
# if node is demoted, revoke RPC priviledges |
|
792 |
if self.old_role == self._ROLE_CANDIDATE: |
|
793 |
RemoveNodeCertFromCandidateCerts(node.uuid, cluster) |
|
794 |
|
|
783 | 795 |
if self.op.secondary_ip: |
784 | 796 |
node.secondary_ip = self.op.secondary_ip |
785 | 797 |
result.append(("secondary_ip", self.op.secondary_ip)) |
Also available in: Unified diff