Revision 3b1b0cb6
| b/daemons/ganeti-noded | ||
|---|---|---|
| 732 | 732 |
return backend.ValidateHVParams(hvname, hvparams) |
| 733 | 733 |
|
| 734 | 734 |
|
| 735 |
def CheckNODED(options, args): |
|
| 736 |
"""Initial checks whether to run exit with a failure |
|
| 737 |
|
|
| 738 |
""" |
|
| 739 |
for fname in (constants.SSL_CERT_FILE,): |
|
| 740 |
if not os.path.isfile(fname): |
|
| 741 |
print "config %s not there, will not run." % fname |
|
| 742 |
sys.exit(constants.EXIT_NOTCLUSTER) |
|
| 743 |
|
|
| 744 |
|
|
| 745 | 735 |
def ExecNODED(options, args): |
| 746 | 736 |
"""Main NODED function, executed with the pidfile held. |
| 747 | 737 |
|
| ... | ... | |
| 749 | 739 |
global queue_lock |
| 750 | 740 |
|
| 751 | 741 |
# Read SSL certificate |
| 752 |
ssl_params = http.HttpSslParams(ssl_key_path=constants.SSL_CERT_FILE, |
|
| 753 |
ssl_cert_path=constants.SSL_CERT_FILE) |
|
| 742 |
if options.ssl: |
|
| 743 |
ssl_params = http.HttpSslParams(ssl_key_path=options.ssl_key, |
|
| 744 |
ssl_cert_path=options.ssl_cert) |
|
| 745 |
else: |
|
| 746 |
ssl_params = None |
|
| 754 | 747 |
|
| 755 | 748 |
# Prepare job queue |
| 756 | 749 |
queue_lock = jstore.InitAndVerifyQueue(must_lock=False) |
| ... | ... | |
| 776 | 769 |
dirs = [(val, constants.RUN_DIRS_MODE) for val in constants.SUB_RUN_DIRS] |
| 777 | 770 |
dirs.append((constants.LOG_OS_DIR, 0750)) |
| 778 | 771 |
dirs.append((constants.LOCK_DIR, 1777)) |
| 779 |
daemon.GenericMain(constants.NODED, parser, dirs, CheckNODED, ExecNODED)
|
|
| 772 |
daemon.GenericMain(constants.NODED, parser, dirs, None, ExecNODED)
|
|
| 780 | 773 |
|
| 781 | 774 |
|
| 782 | 775 |
if __name__ == '__main__': |
| b/daemons/ganeti-rapi | ||
|---|---|---|
| 186 | 186 |
sys.argv[0] |
| 187 | 187 |
sys.exit(constants.EXIT_FAILURE) |
| 188 | 188 |
|
| 189 |
if options.ssl: |
|
| 190 |
if not (options.ssl_cert and options.ssl_key): |
|
| 191 |
print >> sys.stderr, ("For secure mode please provide "
|
|
| 192 |
"--ssl-key and --ssl-cert arguments") |
|
| 193 |
sys.exit(constants.EXIT_FAILURE) |
|
| 194 |
for fname in (options.ssl_cert, options.ssl_key): |
|
| 195 |
if not os.path.isfile(fname): |
|
| 196 |
print >> sys.stderr, "config %s not there, will not run." % fname |
|
| 197 |
sys.exit(constants.EXIT_FAILURE) |
|
| 198 |
|
|
| 199 | 189 |
ssconf.CheckMaster(options.debug) |
| 200 | 190 |
|
| 201 | 191 |
|
| ... | ... | |
| 228 | 218 |
parser = optparse.OptionParser(description="Ganeti Remote API", |
| 229 | 219 |
usage="%prog [-f] [-d] [-p port] [-b ADDRESS]", |
| 230 | 220 |
version="%%prog (ganeti) %s" % constants.RAPI_VERSION) |
| 231 |
parser.add_option("--no-ssl", dest="ssl",
|
|
| 232 |
help="Do not secure HTTP protocol with SSL", |
|
| 233 |
default=True, action="store_false") |
|
| 234 |
parser.add_option("-K", "--ssl-key", dest="ssl_key",
|
|
| 235 |
help="SSL key", |
|
| 236 |
default=constants.RAPI_CERT_FILE, type="string") |
|
| 237 |
parser.add_option("-C", "--ssl-cert", dest="ssl_cert",
|
|
| 238 |
help="SSL certificate", |
|
| 239 |
default=constants.RAPI_CERT_FILE, type="string") |
|
| 240 | 221 |
|
| 241 | 222 |
dirs = [(val, constants.RUN_DIRS_MODE) for val in constants.SUB_RUN_DIRS] |
| 242 | 223 |
dirs.append((constants.LOG_OS_DIR, 0750)) |
| b/lib/constants.py | ||
|---|---|---|
| 117 | 117 |
|
| 118 | 118 |
MULTITHREADED_DAEMONS = frozenset([MASTERD]) |
| 119 | 119 |
|
| 120 |
DAEMONS_SSL = {
|
|
| 121 |
# daemon-name: (default-cert-path, default-key-path) |
|
| 122 |
NODED: (SSL_CERT_FILE, SSL_CERT_FILE), |
|
| 123 |
RAPI: (RAPI_CERT_FILE, RAPI_CERT_FILE), |
|
| 124 |
} |
|
| 125 |
|
|
| 120 | 126 |
DAEMONS_PORTS = {
|
| 121 | 127 |
# daemon-name: ("proto", "default-port")
|
| 122 | 128 |
NODED: ("tcp", 1811),
|
| b/lib/daemon.py | ||
|---|---|---|
| 22 | 22 |
"""Module with helper classes and functions for daemons""" |
| 23 | 23 |
|
| 24 | 24 |
|
| 25 |
import os |
|
| 25 | 26 |
import select |
| 26 | 27 |
import signal |
| 27 | 28 |
import errno |
| ... | ... | |
| 339 | 340 |
help="Bind address", |
| 340 | 341 |
default="", metavar="ADDRESS") |
| 341 | 342 |
|
| 343 |
if daemon_name in constants.DAEMONS_SSL: |
|
| 344 |
default_cert, default_key = constants.DAEMONS_SSL[daemon_name] |
|
| 345 |
optionparser.add_option("--no-ssl", dest="ssl",
|
|
| 346 |
help="Do not secure HTTP protocol with SSL", |
|
| 347 |
default=True, action="store_false") |
|
| 348 |
optionparser.add_option("-K", "--ssl-key", dest="ssl_key",
|
|
| 349 |
help="SSL key", |
|
| 350 |
default=default_key, type="string") |
|
| 351 |
optionparser.add_option("-C", "--ssl-cert", dest="ssl_cert",
|
|
| 352 |
help="SSL certificate", |
|
| 353 |
default=default_cert, type="string") |
|
| 354 |
|
|
| 342 | 355 |
multithread = utils.no_fork = daemon_name in constants.MULTITHREADED_DAEMONS |
| 343 | 356 |
|
| 344 | 357 |
options, args = optionparser.parse_args() |
| 345 | 358 |
|
| 346 |
check_fn(options, args) |
|
| 359 |
if hasattr(options, 'ssl') and options.ssl: |
|
| 360 |
if not (options.ssl_cert and options.ssl_key): |
|
| 361 |
print >> sys.stderr, "Need key and certificate to use ssl" |
|
| 362 |
sys.exit(constants.EXIT_FAILURE) |
|
| 363 |
for fname in (options.ssl_cert, options.ssl_key): |
|
| 364 |
if not os.path.isfile(fname): |
|
| 365 |
print >> sys.stderr, "Need ssl file %s to run" % fname |
|
| 366 |
sys.exit(constants.EXIT_FAILURE) |
|
| 367 |
|
|
| 368 |
if check_fn is not None: |
|
| 369 |
check_fn(options, args) |
|
| 370 |
|
|
| 347 | 371 |
utils.EnsureDirs(dirs) |
| 348 | 372 |
|
| 349 | 373 |
if options.fork: |
Also available in: Unified diff