Revision 43575108 lib/bootstrap.py
| b/lib/bootstrap.py | ||
|---|---|---|
| 107 | 107 |
@param file_name: Path to output file |
| 108 | 108 |
|
| 109 | 109 |
""" |
| 110 |
utils.WriteFile(file_name, data="%s\n" % utils.GenerateSecret(), mode=0400) |
|
| 110 |
utils.WriteFile(file_name, data="%s\n" % utils.GenerateSecret(), mode=0400, |
|
| 111 |
backup=True) |
|
| 112 |
|
|
| 113 |
|
|
| 114 |
def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_hmac_key, |
|
| 115 |
rapi_cert_pem=None): |
|
| 116 |
"""Updates the cluster certificates, keys and secrets. |
|
| 117 |
|
|
| 118 |
@type new_cluster_cert: bool |
|
| 119 |
@param new_cluster_cert: Whether to generate a new cluster certificate |
|
| 120 |
@type new_rapi_cert: bool |
|
| 121 |
@param new_rapi_cert: Whether to generate a new RAPI certificate |
|
| 122 |
@type new_hmac_key: bool |
|
| 123 |
@param new_hmac_key: Whether to generate a new HMAC key |
|
| 124 |
@type rapi_cert_pem: string |
|
| 125 |
@param rapi_cert_pem: New RAPI certificate in PEM format |
|
| 126 |
|
|
| 127 |
""" |
|
| 128 |
# SSL certificate |
|
| 129 |
cluster_cert_exists = os.path.exists(constants.SSL_CERT_FILE) |
|
| 130 |
if new_cluster_cert or not cluster_cert_exists: |
|
| 131 |
if cluster_cert_exists: |
|
| 132 |
utils.CreateBackup(constants.SSL_CERT_FILE) |
|
| 133 |
|
|
| 134 |
logging.debug("Generating new cluster certificate at %s",
|
|
| 135 |
constants.SSL_CERT_FILE) |
|
| 136 |
GenerateSelfSignedSslCert(constants.SSL_CERT_FILE) |
|
| 137 |
|
|
| 138 |
# HMAC key |
|
| 139 |
if new_hmac_key or not os.path.exists(constants.HMAC_CLUSTER_KEY): |
|
| 140 |
logging.debug("Writing new HMAC key to %s", constants.HMAC_CLUSTER_KEY)
|
|
| 141 |
GenerateHmacKey(constants.HMAC_CLUSTER_KEY) |
|
| 142 |
|
|
| 143 |
# RAPI |
|
| 144 |
rapi_cert_exists = os.path.exists(constants.RAPI_CERT_FILE) |
|
| 145 |
|
|
| 146 |
if rapi_cert_pem: |
|
| 147 |
# Assume rapi_pem contains a valid PEM-formatted certificate and key |
|
| 148 |
logging.debug("Writing RAPI certificate at %s",
|
|
| 149 |
constants.RAPI_CERT_FILE) |
|
| 150 |
utils.WriteFile(constants.RAPI_CERT_FILE, data=rapi_cert_pem, backup=True) |
|
| 151 |
|
|
| 152 |
elif new_rapi_cert or not rapi_cert_exists: |
|
| 153 |
if rapi_cert_exists: |
|
| 154 |
utils.CreateBackup(constants.RAPI_CERT_FILE) |
|
| 155 |
|
|
| 156 |
logging.debug("Generating new RAPI certificate at %s",
|
|
| 157 |
constants.RAPI_CERT_FILE) |
|
| 158 |
GenerateSelfSignedSslCert(constants.RAPI_CERT_FILE) |
|
| 111 | 159 |
|
| 112 | 160 |
|
| 113 | 161 |
def _InitGanetiServerSetup(master_name): |
| ... | ... | |
| 117 | 165 |
the cluster and also generates the SSL certificate. |
| 118 | 166 |
|
| 119 | 167 |
""" |
| 120 |
GenerateSelfSignedSslCert(constants.SSL_CERT_FILE) |
|
| 121 |
|
|
| 122 |
# Don't overwrite existing file |
|
| 123 |
if not os.path.exists(constants.RAPI_CERT_FILE): |
|
| 124 |
GenerateSelfSignedSslCert(constants.RAPI_CERT_FILE) |
|
| 125 |
|
|
| 126 |
if not os.path.exists(constants.HMAC_CLUSTER_KEY): |
|
| 127 |
GenerateHmacKey(constants.HMAC_CLUSTER_KEY) |
|
| 168 |
# Generate cluster secrets |
|
| 169 |
GenerateClusterCrypto(True, False, False) |
|
| 128 | 170 |
|
| 129 | 171 |
result = utils.RunCmd([constants.DAEMON_UTIL, "start", constants.NODED]) |
| 130 | 172 |
if result.failed: |
Also available in: Unified diff