Revision 6b7d5878 scripts/gnt-cluster
b/scripts/gnt-cluster | ||
---|---|---|
495 | 495 |
|
496 | 496 |
|
497 | 497 |
def _RenewCrypto(new_cluster_cert, new_rapi_cert, rapi_cert_filename, |
498 |
new_hmac_key, force): |
|
498 |
new_confd_hmac_key, force):
|
|
499 | 499 |
"""Renews cluster certificates, keys and secrets. |
500 | 500 |
|
501 | 501 |
@type new_cluster_cert: bool |
... | ... | |
504 | 504 |
@param new_rapi_cert: Whether to generate a new RAPI certificate |
505 | 505 |
@type rapi_cert_filename: string |
506 | 506 |
@param rapi_cert_filename: Path to file containing new RAPI certificate |
507 |
@type new_hmac_key: bool |
|
508 |
@param new_hmac_key: Whether to generate a new HMAC key |
|
507 |
@type new_confd_hmac_key: bool
|
|
508 |
@param new_confd_hmac_key: Whether to generate a new HMAC key
|
|
509 | 509 |
@type force: bool |
510 | 510 |
@param force: Whether to ask user for confirmation |
511 | 511 |
|
512 | 512 |
""" |
513 |
assert new_cluster_cert or new_rapi_cert or rapi_cert_filename or new_hmac_key |
|
513 |
assert (new_cluster_cert or new_rapi_cert or rapi_cert_filename or |
|
514 |
new_confd_hmac_key) |
|
514 | 515 |
|
515 | 516 |
if new_rapi_cert and rapi_cert_filename: |
516 | 517 |
ToStderr("Only one of the --new-rapi-certficate and --rapi-certificate" |
... | ... | |
548 | 549 |
def _RenewCryptoInner(ctx): |
549 | 550 |
ctx.feedback_fn("Updating certificates and keys") |
550 | 551 |
bootstrap.GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, |
551 |
new_hmac_key, |
|
552 |
new_confd_hmac_key,
|
|
552 | 553 |
rapi_cert_pem=rapi_cert_pem) |
553 | 554 |
|
554 | 555 |
files_to_copy = [] |
... | ... | |
559 | 560 |
if new_rapi_cert or rapi_cert_pem: |
560 | 561 |
files_to_copy.append(constants.RAPI_CERT_FILE) |
561 | 562 |
|
562 |
if new_hmac_key: |
|
563 |
files_to_copy.append(constants.HMAC_CLUSTER_KEY)
|
|
563 |
if new_confd_hmac_key:
|
|
564 |
files_to_copy.append(constants.CONFD_HMAC_KEY)
|
|
564 | 565 |
|
565 | 566 |
if files_to_copy: |
566 | 567 |
for node_name in ctx.nonmaster_nodes: |
... | ... | |
584 | 585 |
return _RenewCrypto(opts.new_cluster_cert, |
585 | 586 |
opts.new_rapi_cert, |
586 | 587 |
opts.rapi_cert, |
587 |
opts.new_hmac_key, |
|
588 |
opts.new_confd_hmac_key,
|
|
588 | 589 |
opts.force) |
589 | 590 |
|
590 | 591 |
|
... | ... | |
790 | 791 |
"Alters the parameters of the cluster"), |
791 | 792 |
"renew-crypto": ( |
792 | 793 |
RenewCrypto, ARGS_NONE, |
793 |
[NEW_CLUSTER_CERT_OPT, NEW_RAPI_CERT_OPT, RAPI_CERT_OPT, NEW_HMAC_KEY_OPT,
|
|
794 |
FORCE_OPT], |
|
794 |
[NEW_CLUSTER_CERT_OPT, NEW_RAPI_CERT_OPT, RAPI_CERT_OPT, |
|
795 |
NEW_CONFD_HMAC_KEY_OPT, FORCE_OPT],
|
|
795 | 796 |
"[opts...]", |
796 | 797 |
"Renews cluster certificates, keys and secrets"), |
797 | 798 |
} |
Also available in: Unified diff