Revision 6b7d5878 lib/bootstrap.py

b/lib/bootstrap.py
111 111
                  backup=True)
112 112

  
113 113

  
114
def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_hmac_key,
114
def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_confd_hmac_key,
115 115
                          rapi_cert_pem=None):
116 116
  """Updates the cluster certificates, keys and secrets.
117 117

  
......
119 119
  @param new_cluster_cert: Whether to generate a new cluster certificate
120 120
  @type new_rapi_cert: bool
121 121
  @param new_rapi_cert: Whether to generate a new RAPI certificate
122
  @type new_hmac_key: bool
123
  @param new_hmac_key: Whether to generate a new HMAC key
122
  @type new_confd_hmac_key: bool
123
  @param new_confd_hmac_key: Whether to generate a new HMAC key
124 124
  @type rapi_cert_pem: string
125 125
  @param rapi_cert_pem: New RAPI certificate in PEM format
126 126

  
......
135 135
                  constants.NODED_CERT_FILE)
136 136
    GenerateSelfSignedSslCert(constants.NODED_CERT_FILE)
137 137

  
138
  # HMAC key
139
  if new_hmac_key or not os.path.exists(constants.HMAC_CLUSTER_KEY):
140
    logging.debug("Writing new HMAC key to %s", constants.HMAC_CLUSTER_KEY)
141
    GenerateHmacKey(constants.HMAC_CLUSTER_KEY)
138
  # confd HMAC key
139
  if new_confd_hmac_key or not os.path.exists(constants.CONFD_HMAC_KEY):
140
    logging.debug("Writing new confd HMAC key to %s", constants.CONFD_HMAC_KEY)
141
    GenerateHmacKey(constants.CONFD_HMAC_KEY)
142 142

  
143 143
  # RAPI
144 144
  rapi_cert_exists = os.path.exists(constants.RAPI_CERT_FILE)
......
428 428

  
429 429
  noded_cert = utils.ReadFile(constants.NODED_CERT_FILE)
430 430
  rapi_cert = utils.ReadFile(constants.RAPI_CERT_FILE)
431
  hmac_key = utils.ReadFile(constants.HMAC_CLUSTER_KEY)
431
  confd_hmac_key = utils.ReadFile(constants.CONFD_HMAC_KEY)
432 432

  
433 433
  # in the base64 pem encoding, neither '!' nor '.' are valid chars,
434 434
  # so we use this to detect an invalid certificate; as long as the
435 435
  # cert doesn't contain this, the here-document will be correctly
436 436
  # parsed by the shell sequence below. HMAC keys are hexadecimal strings,
437 437
  # so the same restrictions apply.
438
  for content in (noded_cert, rapi_cert, hmac_key):
438
  for content in (noded_cert, rapi_cert, confd_hmac_key):
439 439
    if re.search('^!EOF\.', content, re.MULTILINE):
440 440
      raise errors.OpExecError("invalid SSL certificate or HMAC key")
441 441

  
......
443 443
    noded_cert += "\n"
444 444
  if not rapi_cert.endswith("\n"):
445 445
    rapi_cert += "\n"
446
  if not hmac_key.endswith("\n"):
447
    hmac_key += "\n"
446
  if not confd_hmac_key.endswith("\n"):
447
    confd_hmac_key += "\n"
448 448

  
449 449
  # set up inter-node password and certificate and restarts the node daemon
450 450
  # and then connect with ssh to set password and start ganeti-noded
......
461 461
               "%s start %s" %
462 462
               (constants.NODED_CERT_FILE, noded_cert,
463 463
                constants.RAPI_CERT_FILE, rapi_cert,
464
                constants.HMAC_CLUSTER_KEY, hmac_key,
464
                constants.CONFD_HMAC_KEY, confd_hmac_key,
465 465
                constants.NODED_CERT_FILE, constants.RAPI_CERT_FILE,
466
                constants.HMAC_CLUSTER_KEY,
466
                constants.CONFD_HMAC_KEY,
467 467
                constants.DAEMON_UTIL, constants.NODED))
468 468

  
469 469
  result = sshrunner.Run(node, 'root', mycommand, batch=False,

Also available in: Unified diff