Revision 5557b04c lib/bootstrap.py
| b/lib/bootstrap.py | ||
|---|---|---|
| 322 | 322 |
|
| 323 | 323 |
""" |
| 324 | 324 |
sshrunner = ssh.SshRunner(cluster_name) |
| 325 |
gntpem = utils.ReadFile(constants.SSL_CERT_FILE) |
|
| 325 |
|
|
| 326 |
noded_cert = utils.ReadFile(constants.SSL_CERT_FILE) |
|
| 327 |
|
|
| 326 | 328 |
# in the base64 pem encoding, neither '!' nor '.' are valid chars, |
| 327 | 329 |
# so we use this to detect an invalid certificate; as long as the |
| 328 | 330 |
# cert doesn't contain this, the here-document will be correctly |
| 329 | 331 |
# parsed by the shell sequence below |
| 330 |
if re.search('^!EOF\.', gntpem, re.MULTILINE):
|
|
| 332 |
if re.search('^!EOF\.', noded_cert, re.MULTILINE):
|
|
| 331 | 333 |
raise errors.OpExecError("invalid PEM encoding in the SSL certificate")
|
| 332 |
if not gntpem.endswith("\n"):
|
|
| 333 |
raise errors.OpExecError("PEM must end with newline")
|
|
| 334 |
|
|
| 335 |
if not noded_cert.endswith("\n"):
|
|
| 336 |
noded_cert += "\n" |
|
| 334 | 337 |
|
| 335 | 338 |
# set up inter-node password and certificate and restarts the node daemon |
| 336 | 339 |
# and then connect with ssh to set password and start ganeti-noded |
| ... | ... | |
| 339 | 342 |
mycommand = ("umask 077 && "
|
| 340 | 343 |
"cat > '%s' << '!EOF.' && \n" |
| 341 | 344 |
"%s!EOF.\n%s restart" % |
| 342 |
(constants.SSL_CERT_FILE, gntpem,
|
|
| 345 |
(constants.SSL_CERT_FILE, noded_cert,
|
|
| 343 | 346 |
constants.NODE_INITD_SCRIPT)) |
| 344 | 347 |
|
| 345 | 348 |
result = sshrunner.Run(node, 'root', mycommand, batch=False, |
Also available in: Unified diff