Revision 3db3eb2a lib/bootstrap.py

b/lib/bootstrap.py
77 77 

  		





  78
  78
  
    

  		





  79
  79
  
    
def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_confd_hmac_key,


  		





  80
  
  
    
                          rapi_cert_pem=None):


  		





  
  80
  
    
                          new_cds, rapi_cert_pem=None, cds=None):


  		





  81
  81
  
    
  """Updates the cluster certificates, keys and secrets.


  		





  82
  82
  
    

  		





  83
  83
  
    
  @type new_cluster_cert: bool


  		





  ......




  86
  86
  
    
  @param new_rapi_cert: Whether to generate a new RAPI certificate


  		





  87
  87
  
    
  @type new_confd_hmac_key: bool


  		





  88
  88
  
    
  @param new_confd_hmac_key: Whether to generate a new HMAC key


  		





  
  89
  
    
  @type new_cds: bool


  		





  
  90
  
    
  @param new_cds: Whether to generate a new cluster domain secret


  		





  89
  91
  
    
  @type rapi_cert_pem: string


  		





  90
  92
  
    
  @param rapi_cert_pem: New RAPI certificate in PEM format


  		





  
  93
  
    
  @type cds: string


  		





  
  94
  
    
  @param cds: New cluster domain secret


  		





  91
  95
  
    

  		





  92
  96
  
    
  """


  		





  93
  97
  
    
  # noded SSL certificate


  		





  ......




  122
  126
  
    
                  constants.RAPI_CERT_FILE)


  		





  123
  127
  
    
    utils.GenerateSelfSignedSslCert(constants.RAPI_CERT_FILE)


  		





  124
  128
  
    

  		





  
  129
  
    
  # Cluster domain secret


  		





  
  130
  
    
  if cds:


  		





  
  131
  
    
    logging.debug("Writing cluster domain secret to %s",


  		





  
  132
  
    
                  constants.CLUSTER_DOMAIN_SECRET_FILE)


  		





  
  133
  
    
    utils.WriteFile(constants.CLUSTER_DOMAIN_SECRET_FILE,


  		





  
  134
  
    
                    data=cds, backup=True)


  		





  
  135
  
    

  		





  
  136
  
    
  elif new_cds or not os.path.exists(constants.CLUSTER_DOMAIN_SECRET_FILE):


  		





  
  137
  
    
    logging.debug("Generating new cluster domain secret at %s",


  		





  
  138
  
    
                  constants.CLUSTER_DOMAIN_SECRET_FILE)


  		





  
  139
  
    
    GenerateHmacKey(constants.CLUSTER_DOMAIN_SECRET_FILE)


  		





  
  140
  
    

  		





  125
  141
  
    

  		





  126
  142
  
    
def _InitGanetiServerSetup(master_name):


  		





  127
  143
  
    
  """Setup the necessary configuration for the initial node daemon.


  		





  ......




  131
  147
  
    

  		





  132
  148
  
    
  """


  		





  133
  149
  
    
  # Generate cluster secrets


  		





  134
  
  
    
  GenerateClusterCrypto(True, False, False)


  		





  
  150
  
    
  GenerateClusterCrypto(True, False, False, False)


  		





  135
  151
  
    

  		





  136
  152
  
    
  result = utils.RunCmd([constants.DAEMON_UTIL, "start", constants.NODED])


  		





  137
  153
  
    
  if result.failed:


  		





  ......




  415
  431
  
    
  # and then connect with ssh to set password and start ganeti-noded


  		





  416
  432
  
    
  # note that all the below variables are sanitized at this point,


  		





  417
  433
  
    
  # either by being constants or by the checks above


  		





  
  434
  
    
  # TODO: Could this command exceed a shell's maximum command length?


  		





  418
  435
  
    
  mycommand = ("umask 077 && "


  		





  419
  436
  
    
               "cat > '%s' << '!EOF.' && \n"


  		





  420
  437
  
    
               "%s!EOF.\n"


  		












Also available in:
  Unified diff