Revision 40a97d80
b/lib/bootstrap.py | ||
---|---|---|
67 | 67 |
f.close() |
68 | 68 |
|
69 | 69 |
|
70 |
def _InitGanetiServerSetup():
|
|
71 |
"""Setup the necessary configuration for the initial node daemon.
|
|
70 |
def _GenerateSelfSignedSslCert(file_name, validity=(365 * 5)):
|
|
71 |
"""Generates a self-signed SSL certificate.
|
|
72 | 72 |
|
73 |
This creates the nodepass file containing the shared password for |
|
74 |
the cluster and also generates the SSL certificate. |
|
73 |
@type file_name: str |
|
74 |
@param file_name: Path to output file |
|
75 |
@type validity: int |
|
76 |
@param validity: Validity for certificate in days |
|
75 | 77 |
|
76 | 78 |
""" |
77 | 79 |
result = utils.RunCmd(["openssl", "req", "-new", "-newkey", "rsa:1024", |
78 |
"-days", str(365*5), "-nodes", "-x509", |
|
79 |
"-keyout", constants.SSL_CERT_FILE, |
|
80 |
"-out", constants.SSL_CERT_FILE, "-batch"]) |
|
80 |
"-days", str(validity), "-nodes", "-x509", |
|
81 |
"-keyout", file_name, "-out", file_name, "-batch"]) |
|
81 | 82 |
if result.failed: |
82 |
raise errors.OpExecError("could not generate server ssl cert, command"
|
|
83 |
raise errors.OpExecError("Could not generate SSL certificate, command"
|
|
83 | 84 |
" %s had exitcode %s and error message %s" % |
84 | 85 |
(result.cmd, result.exit_code, result.output)) |
85 | 86 |
|
86 |
os.chmod(constants.SSL_CERT_FILE, 0400) |
|
87 |
os.chmod(file_name, 0400) |
|
88 |
|
|
89 |
|
|
90 |
def _InitGanetiServerSetup(): |
|
91 |
"""Setup the necessary configuration for the initial node daemon. |
|
92 |
|
|
93 |
This creates the nodepass file containing the shared password for |
|
94 |
the cluster and also generates the SSL certificate. |
|
95 |
|
|
96 |
""" |
|
97 |
_GenerateSelfSignedSslCert(constants.SSL_CERT_FILE) |
|
87 | 98 |
|
88 | 99 |
result = utils.RunCmd([constants.NODE_INITD_SCRIPT, "restart"]) |
89 | 100 |
|
Also available in: Unified diff