Revision 40a97d80 lib/bootstrap.py
| b/lib/bootstrap.py | ||
|---|---|---|
| 67 | 67 |
f.close() |
| 68 | 68 |
|
| 69 | 69 |
|
| 70 |
def _InitGanetiServerSetup():
|
|
| 71 |
"""Setup the necessary configuration for the initial node daemon.
|
|
| 70 |
def _GenerateSelfSignedSslCert(file_name, validity=(365 * 5)):
|
|
| 71 |
"""Generates a self-signed SSL certificate.
|
|
| 72 | 72 |
|
| 73 |
This creates the nodepass file containing the shared password for |
|
| 74 |
the cluster and also generates the SSL certificate. |
|
| 73 |
@type file_name: str |
|
| 74 |
@param file_name: Path to output file |
|
| 75 |
@type validity: int |
|
| 76 |
@param validity: Validity for certificate in days |
|
| 75 | 77 |
|
| 76 | 78 |
""" |
| 77 | 79 |
result = utils.RunCmd(["openssl", "req", "-new", "-newkey", "rsa:1024", |
| 78 |
"-days", str(365*5), "-nodes", "-x509", |
|
| 79 |
"-keyout", constants.SSL_CERT_FILE, |
|
| 80 |
"-out", constants.SSL_CERT_FILE, "-batch"]) |
|
| 80 |
"-days", str(validity), "-nodes", "-x509", |
|
| 81 |
"-keyout", file_name, "-out", file_name, "-batch"]) |
|
| 81 | 82 |
if result.failed: |
| 82 |
raise errors.OpExecError("could not generate server ssl cert, command"
|
|
| 83 |
raise errors.OpExecError("Could not generate SSL certificate, command"
|
|
| 83 | 84 |
" %s had exitcode %s and error message %s" % |
| 84 | 85 |
(result.cmd, result.exit_code, result.output)) |
| 85 | 86 |
|
| 86 |
os.chmod(constants.SSL_CERT_FILE, 0400) |
|
| 87 |
os.chmod(file_name, 0400) |
|
| 88 |
|
|
| 89 |
|
|
| 90 |
def _InitGanetiServerSetup(): |
|
| 91 |
"""Setup the necessary configuration for the initial node daemon. |
|
| 92 |
|
|
| 93 |
This creates the nodepass file containing the shared password for |
|
| 94 |
the cluster and also generates the SSL certificate. |
|
| 95 |
|
|
| 96 |
""" |
|
| 97 |
_GenerateSelfSignedSslCert(constants.SSL_CERT_FILE) |
|
| 87 | 98 |
|
| 88 | 99 |
result = utils.RunCmd([constants.NODE_INITD_SCRIPT, "restart"]) |
| 89 | 100 |
|
Also available in: Unified diff