Revision 28756f80
| b/lib/cmdlib/common.py | ||
|---|---|---|
| 1237 | 1237 |
assert crypto_type == constants.CRYPTO_TYPE_SSL_DIGEST |
| 1238 | 1238 |
|
| 1239 | 1239 |
utils.AddNodeToCandidateCerts(node_uuid, digest, cluster.candidate_certs) |
| 1240 |
|
|
| 1241 |
|
|
| 1242 |
def RemoveNodeCertFromCandidateCerts(node_uuid, cluster): |
|
| 1243 |
"""Removes the node's certificate from the candidate certificates list. |
|
| 1244 |
|
|
| 1245 |
@type node_uuid: string |
|
| 1246 |
@param node_uuid: the node's UUID |
|
| 1247 |
@type cluster: C{objects.Cluster}
|
|
| 1248 |
@param cluster: the cluster's configuration |
|
| 1249 |
|
|
| 1250 |
""" |
|
| 1251 |
utils.RemoveNodeFromCandidateCerts(node_uuid, cluster.candidate_certs) |
|
| 1252 |
|
|
| 1253 |
|
|
| 1254 |
def CreateNewClientCert(self, node_uuid, filename=None): |
|
| 1255 |
"""Creates a new client SSL certificate for the node. |
|
| 1256 |
|
|
| 1257 |
@type node_uuid: string |
|
| 1258 |
@param node_uuid: the node's UUID |
|
| 1259 |
@type filename: string |
|
| 1260 |
@param filename: the certificate's filename |
|
| 1261 |
@rtype: string |
|
| 1262 |
@return: the digest of the newly created certificate |
|
| 1263 |
|
|
| 1264 |
""" |
|
| 1265 |
options = {}
|
|
| 1266 |
if filename: |
|
| 1267 |
options[constants.CRYPTO_OPTION_CERT_FILE] = filename |
|
| 1268 |
result = self.rpc.call_node_crypto_tokens( |
|
| 1269 |
node_uuid, |
|
| 1270 |
[(constants.CRYPTO_TYPE_SSL_DIGEST, |
|
| 1271 |
constants.CRYPTO_ACTION_CREATE, |
|
| 1272 |
options)]) |
|
| 1273 |
result.Raise("Could not create the node's (uuid %s) SSL client"
|
|
| 1274 |
" certificate." % node_uuid) |
|
| 1275 |
((crypto_type, new_digest), ) = result.payload |
|
| 1276 |
assert crypto_type == constants.CRYPTO_TYPE_SSL_DIGEST |
|
| 1277 |
return new_digest |
|
| b/lib/cmdlib/node.py | ||
|---|---|---|
| 42 | 42 |
CheckInstanceState, INSTANCE_DOWN, GetUpdatedParams, \ |
| 43 | 43 |
AdjustCandidatePool, CheckIAllocatorOrNode, LoadNodeEvacResult, \ |
| 44 | 44 |
GetWantedNodes, MapInstanceLvsToNodes, RunPostHook, \ |
| 45 |
FindFaultyInstanceDisks, CheckStorageTypeEnabled, AddNodeCertToCandidateCerts |
|
| 45 |
FindFaultyInstanceDisks, CheckStorageTypeEnabled, CreateNewClientCert, \ |
|
| 46 |
AddNodeCertToCandidateCerts, RemoveNodeCertFromCandidateCerts |
|
| 46 | 47 |
|
| 47 | 48 |
|
| 48 | 49 |
def _DecideSelfPromotion(lu, exceptions=None): |
| ... | ... | |
| 416 | 417 |
|
| 417 | 418 |
cluster = self.cfg.GetClusterInfo() |
| 418 | 419 |
if self.new_node.master_candidate: |
| 419 |
AddNodeCertToCandidateCerts(self, self.new_node.uuid, cluster) |
|
| 420 |
# We create a new certificate even if the node is readded |
|
| 421 |
digest = CreateNewClientCert(self, self.new_node.uuid) |
|
| 422 |
utils.AddNodeToCandidateCerts(self.new_node.uuid, digest, |
|
| 423 |
cluster.candidate_certs) |
|
| 420 | 424 |
self.cfg.Update(cluster, feedback_fn) |
| 421 | 425 |
else: |
| 422 | 426 |
if self.new_node.uuid in cluster.candidate_certs: |
| ... | ... | |
| 780 | 784 |
if self.lock_all: |
| 781 | 785 |
AdjustCandidatePool(self, [node.uuid]) |
| 782 | 786 |
|
| 787 |
cluster = self.cfg.GetClusterInfo() |
|
| 788 |
# if node gets promoted, grant RPC priviledges |
|
| 789 |
if self.new_role == self._ROLE_CANDIDATE: |
|
| 790 |
AddNodeCertToCandidateCerts(self, node.uuid, cluster) |
|
| 791 |
# if node is demoted, revoke RPC priviledges |
|
| 792 |
if self.old_role == self._ROLE_CANDIDATE: |
|
| 793 |
RemoveNodeCertFromCandidateCerts(node.uuid, cluster) |
|
| 794 |
|
|
| 783 | 795 |
if self.op.secondary_ip: |
| 784 | 796 |
node.secondary_ip = self.op.secondary_ip |
| 785 | 797 |
result.append(("secondary_ip", self.op.secondary_ip))
|
Also available in: Unified diff