Revision 6b7d5878 scripts/gnt-cluster
| b/scripts/gnt-cluster | ||
|---|---|---|
| 495 | 495 |
|
| 496 | 496 |
|
| 497 | 497 |
def _RenewCrypto(new_cluster_cert, new_rapi_cert, rapi_cert_filename, |
| 498 |
new_hmac_key, force): |
|
| 498 |
new_confd_hmac_key, force):
|
|
| 499 | 499 |
"""Renews cluster certificates, keys and secrets. |
| 500 | 500 |
|
| 501 | 501 |
@type new_cluster_cert: bool |
| ... | ... | |
| 504 | 504 |
@param new_rapi_cert: Whether to generate a new RAPI certificate |
| 505 | 505 |
@type rapi_cert_filename: string |
| 506 | 506 |
@param rapi_cert_filename: Path to file containing new RAPI certificate |
| 507 |
@type new_hmac_key: bool |
|
| 508 |
@param new_hmac_key: Whether to generate a new HMAC key |
|
| 507 |
@type new_confd_hmac_key: bool
|
|
| 508 |
@param new_confd_hmac_key: Whether to generate a new HMAC key
|
|
| 509 | 509 |
@type force: bool |
| 510 | 510 |
@param force: Whether to ask user for confirmation |
| 511 | 511 |
|
| 512 | 512 |
""" |
| 513 |
assert new_cluster_cert or new_rapi_cert or rapi_cert_filename or new_hmac_key |
|
| 513 |
assert (new_cluster_cert or new_rapi_cert or rapi_cert_filename or |
|
| 514 |
new_confd_hmac_key) |
|
| 514 | 515 |
|
| 515 | 516 |
if new_rapi_cert and rapi_cert_filename: |
| 516 | 517 |
ToStderr("Only one of the --new-rapi-certficate and --rapi-certificate"
|
| ... | ... | |
| 548 | 549 |
def _RenewCryptoInner(ctx): |
| 549 | 550 |
ctx.feedback_fn("Updating certificates and keys")
|
| 550 | 551 |
bootstrap.GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, |
| 551 |
new_hmac_key, |
|
| 552 |
new_confd_hmac_key,
|
|
| 552 | 553 |
rapi_cert_pem=rapi_cert_pem) |
| 553 | 554 |
|
| 554 | 555 |
files_to_copy = [] |
| ... | ... | |
| 559 | 560 |
if new_rapi_cert or rapi_cert_pem: |
| 560 | 561 |
files_to_copy.append(constants.RAPI_CERT_FILE) |
| 561 | 562 |
|
| 562 |
if new_hmac_key: |
|
| 563 |
files_to_copy.append(constants.HMAC_CLUSTER_KEY)
|
|
| 563 |
if new_confd_hmac_key:
|
|
| 564 |
files_to_copy.append(constants.CONFD_HMAC_KEY)
|
|
| 564 | 565 |
|
| 565 | 566 |
if files_to_copy: |
| 566 | 567 |
for node_name in ctx.nonmaster_nodes: |
| ... | ... | |
| 584 | 585 |
return _RenewCrypto(opts.new_cluster_cert, |
| 585 | 586 |
opts.new_rapi_cert, |
| 586 | 587 |
opts.rapi_cert, |
| 587 |
opts.new_hmac_key, |
|
| 588 |
opts.new_confd_hmac_key,
|
|
| 588 | 589 |
opts.force) |
| 589 | 590 |
|
| 590 | 591 |
|
| ... | ... | |
| 790 | 791 |
"Alters the parameters of the cluster"), |
| 791 | 792 |
"renew-crypto": ( |
| 792 | 793 |
RenewCrypto, ARGS_NONE, |
| 793 |
[NEW_CLUSTER_CERT_OPT, NEW_RAPI_CERT_OPT, RAPI_CERT_OPT, NEW_HMAC_KEY_OPT,
|
|
| 794 |
FORCE_OPT], |
|
| 794 |
[NEW_CLUSTER_CERT_OPT, NEW_RAPI_CERT_OPT, RAPI_CERT_OPT, |
|
| 795 |
NEW_CONFD_HMAC_KEY_OPT, FORCE_OPT],
|
|
| 795 | 796 |
"[opts...]", |
| 796 | 797 |
"Renews cluster certificates, keys and secrets"), |
| 797 | 798 |
} |
Also available in: Unified diff