Revision 3b1b0cb6
b/daemons/ganeti-noded | ||
---|---|---|
732 | 732 |
return backend.ValidateHVParams(hvname, hvparams) |
733 | 733 |
|
734 | 734 |
|
735 |
def CheckNODED(options, args): |
|
736 |
"""Initial checks whether to run exit with a failure |
|
737 |
|
|
738 |
""" |
|
739 |
for fname in (constants.SSL_CERT_FILE,): |
|
740 |
if not os.path.isfile(fname): |
|
741 |
print "config %s not there, will not run." % fname |
|
742 |
sys.exit(constants.EXIT_NOTCLUSTER) |
|
743 |
|
|
744 |
|
|
745 | 735 |
def ExecNODED(options, args): |
746 | 736 |
"""Main NODED function, executed with the pidfile held. |
747 | 737 |
|
... | ... | |
749 | 739 |
global queue_lock |
750 | 740 |
|
751 | 741 |
# Read SSL certificate |
752 |
ssl_params = http.HttpSslParams(ssl_key_path=constants.SSL_CERT_FILE, |
|
753 |
ssl_cert_path=constants.SSL_CERT_FILE) |
|
742 |
if options.ssl: |
|
743 |
ssl_params = http.HttpSslParams(ssl_key_path=options.ssl_key, |
|
744 |
ssl_cert_path=options.ssl_cert) |
|
745 |
else: |
|
746 |
ssl_params = None |
|
754 | 747 |
|
755 | 748 |
# Prepare job queue |
756 | 749 |
queue_lock = jstore.InitAndVerifyQueue(must_lock=False) |
... | ... | |
776 | 769 |
dirs = [(val, constants.RUN_DIRS_MODE) for val in constants.SUB_RUN_DIRS] |
777 | 770 |
dirs.append((constants.LOG_OS_DIR, 0750)) |
778 | 771 |
dirs.append((constants.LOCK_DIR, 1777)) |
779 |
daemon.GenericMain(constants.NODED, parser, dirs, CheckNODED, ExecNODED)
|
|
772 |
daemon.GenericMain(constants.NODED, parser, dirs, None, ExecNODED)
|
|
780 | 773 |
|
781 | 774 |
|
782 | 775 |
if __name__ == '__main__': |
b/daemons/ganeti-rapi | ||
---|---|---|
186 | 186 |
sys.argv[0] |
187 | 187 |
sys.exit(constants.EXIT_FAILURE) |
188 | 188 |
|
189 |
if options.ssl: |
|
190 |
if not (options.ssl_cert and options.ssl_key): |
|
191 |
print >> sys.stderr, ("For secure mode please provide " |
|
192 |
"--ssl-key and --ssl-cert arguments") |
|
193 |
sys.exit(constants.EXIT_FAILURE) |
|
194 |
for fname in (options.ssl_cert, options.ssl_key): |
|
195 |
if not os.path.isfile(fname): |
|
196 |
print >> sys.stderr, "config %s not there, will not run." % fname |
|
197 |
sys.exit(constants.EXIT_FAILURE) |
|
198 |
|
|
199 | 189 |
ssconf.CheckMaster(options.debug) |
200 | 190 |
|
201 | 191 |
|
... | ... | |
228 | 218 |
parser = optparse.OptionParser(description="Ganeti Remote API", |
229 | 219 |
usage="%prog [-f] [-d] [-p port] [-b ADDRESS]", |
230 | 220 |
version="%%prog (ganeti) %s" % constants.RAPI_VERSION) |
231 |
parser.add_option("--no-ssl", dest="ssl", |
|
232 |
help="Do not secure HTTP protocol with SSL", |
|
233 |
default=True, action="store_false") |
|
234 |
parser.add_option("-K", "--ssl-key", dest="ssl_key", |
|
235 |
help="SSL key", |
|
236 |
default=constants.RAPI_CERT_FILE, type="string") |
|
237 |
parser.add_option("-C", "--ssl-cert", dest="ssl_cert", |
|
238 |
help="SSL certificate", |
|
239 |
default=constants.RAPI_CERT_FILE, type="string") |
|
240 | 221 |
|
241 | 222 |
dirs = [(val, constants.RUN_DIRS_MODE) for val in constants.SUB_RUN_DIRS] |
242 | 223 |
dirs.append((constants.LOG_OS_DIR, 0750)) |
b/lib/constants.py | ||
---|---|---|
117 | 117 |
|
118 | 118 |
MULTITHREADED_DAEMONS = frozenset([MASTERD]) |
119 | 119 |
|
120 |
DAEMONS_SSL = { |
|
121 |
# daemon-name: (default-cert-path, default-key-path) |
|
122 |
NODED: (SSL_CERT_FILE, SSL_CERT_FILE), |
|
123 |
RAPI: (RAPI_CERT_FILE, RAPI_CERT_FILE), |
|
124 |
} |
|
125 |
|
|
120 | 126 |
DAEMONS_PORTS = { |
121 | 127 |
# daemon-name: ("proto", "default-port") |
122 | 128 |
NODED: ("tcp", 1811), |
b/lib/daemon.py | ||
---|---|---|
22 | 22 |
"""Module with helper classes and functions for daemons""" |
23 | 23 |
|
24 | 24 |
|
25 |
import os |
|
25 | 26 |
import select |
26 | 27 |
import signal |
27 | 28 |
import errno |
... | ... | |
339 | 340 |
help="Bind address", |
340 | 341 |
default="", metavar="ADDRESS") |
341 | 342 |
|
343 |
if daemon_name in constants.DAEMONS_SSL: |
|
344 |
default_cert, default_key = constants.DAEMONS_SSL[daemon_name] |
|
345 |
optionparser.add_option("--no-ssl", dest="ssl", |
|
346 |
help="Do not secure HTTP protocol with SSL", |
|
347 |
default=True, action="store_false") |
|
348 |
optionparser.add_option("-K", "--ssl-key", dest="ssl_key", |
|
349 |
help="SSL key", |
|
350 |
default=default_key, type="string") |
|
351 |
optionparser.add_option("-C", "--ssl-cert", dest="ssl_cert", |
|
352 |
help="SSL certificate", |
|
353 |
default=default_cert, type="string") |
|
354 |
|
|
342 | 355 |
multithread = utils.no_fork = daemon_name in constants.MULTITHREADED_DAEMONS |
343 | 356 |
|
344 | 357 |
options, args = optionparser.parse_args() |
345 | 358 |
|
346 |
check_fn(options, args) |
|
359 |
if hasattr(options, 'ssl') and options.ssl: |
|
360 |
if not (options.ssl_cert and options.ssl_key): |
|
361 |
print >> sys.stderr, "Need key and certificate to use ssl" |
|
362 |
sys.exit(constants.EXIT_FAILURE) |
|
363 |
for fname in (options.ssl_cert, options.ssl_key): |
|
364 |
if not os.path.isfile(fname): |
|
365 |
print >> sys.stderr, "Need ssl file %s to run" % fname |
|
366 |
sys.exit(constants.EXIT_FAILURE) |
|
367 |
|
|
368 |
if check_fn is not None: |
|
369 |
check_fn(options, args) |
|
370 |
|
|
347 | 371 |
utils.EnsureDirs(dirs) |
348 | 372 |
|
349 | 373 |
if options.fork: |
Also available in: Unified diff