Revision 77b076ca lib/bootstrap.py
b/lib/bootstrap.py | ||
---|---|---|
349 | 349 |
|
350 | 350 |
noded_cert = utils.ReadFile(constants.SSL_CERT_FILE) |
351 | 351 |
rapi_cert = utils.ReadFile(constants.RAPI_CERT_FILE) |
352 |
hmac_key = utils.ReadFile(constants.HMAC_CLUSTER_KEY) |
|
352 | 353 |
|
353 | 354 |
# in the base64 pem encoding, neither '!' nor '.' are valid chars, |
354 | 355 |
# so we use this to detect an invalid certificate; as long as the |
355 | 356 |
# cert doesn't contain this, the here-document will be correctly |
356 |
# parsed by the shell sequence below |
|
357 |
if (re.search('^!EOF\.', noded_cert, re.MULTILINE) or |
|
358 |
re.search('^!EOF\.', rapi_cert, re.MULTILINE)): |
|
359 |
raise errors.OpExecError("invalid PEM encoding in the SSL certificate") |
|
357 |
# parsed by the shell sequence below. HMAC keys are hexadecimal strings, |
|
358 |
# so the same restrictions apply. |
|
359 |
for content in (noded_cert, rapi_cert, hmac_key): |
|
360 |
if re.search('^!EOF\.', content, re.MULTILINE): |
|
361 |
raise errors.OpExecError("invalid SSL certificate or HMAC key") |
|
360 | 362 |
|
361 | 363 |
if not noded_cert.endswith("\n"): |
362 | 364 |
noded_cert += "\n" |
363 | 365 |
if not rapi_cert.endswith("\n"): |
364 | 366 |
rapi_cert += "\n" |
367 |
if not hmac_key.endswith("\n"): |
|
368 |
hmac_key += "\n" |
|
365 | 369 |
|
366 | 370 |
# set up inter-node password and certificate and restarts the node daemon |
367 | 371 |
# and then connect with ssh to set password and start ganeti-noded |
... | ... | |
372 | 376 |
"%s!EOF.\n" |
373 | 377 |
"cat > '%s' << '!EOF.' && \n" |
374 | 378 |
"%s!EOF.\n" |
375 |
"chmod 0400 %s %s && " |
|
379 |
"cat > '%s' << '!EOF.' && \n" |
|
380 |
"%s!EOF.\n" |
|
381 |
"chmod 0400 %s %s %s && " |
|
376 | 382 |
"%s restart" % |
377 | 383 |
(constants.SSL_CERT_FILE, noded_cert, |
378 | 384 |
constants.RAPI_CERT_FILE, rapi_cert, |
385 |
constants.HMAC_CLUSTER_KEY, hmac_key, |
|
379 | 386 |
constants.SSL_CERT_FILE, constants.RAPI_CERT_FILE, |
387 |
constants.HMAC_CLUSTER_KEY, |
|
380 | 388 |
constants.NODE_INITD_SCRIPT)) |
381 | 389 |
|
382 | 390 |
result = sshrunner.Run(node, 'root', mycommand, batch=False, |
Also available in: Unified diff