Revision aeefe835 lib/bootstrap.py
| b/lib/bootstrap.py | ||
|---|---|---|
| 112 | 112 |
|
| 113 | 113 |
|
| 114 | 114 |
def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_confd_hmac_key, |
| 115 |
rapi_cert_pem=None): |
|
| 115 |
rapi_cert_pem=None, |
|
| 116 |
nodecert_file=constants.NODED_CERT_FILE, |
|
| 117 |
rapicert_file=constants.RAPI_CERT_FILE, |
|
| 118 |
hmackey_file=constants.CONFD_HMAC_KEY): |
|
| 116 | 119 |
"""Updates the cluster certificates, keys and secrets. |
| 117 | 120 |
|
| 118 | 121 |
@type new_cluster_cert: bool |
| ... | ... | |
| 123 | 126 |
@param new_confd_hmac_key: Whether to generate a new HMAC key |
| 124 | 127 |
@type rapi_cert_pem: string |
| 125 | 128 |
@param rapi_cert_pem: New RAPI certificate in PEM format |
| 129 |
@type nodecert_file: string |
|
| 130 |
@param nodecert_file: optional override of the node cert file path |
|
| 131 |
@type rapicert_file: string |
|
| 132 |
@param rapicert_file: optional override of the rapi cert file path |
|
| 133 |
@type hmackey_file: string |
|
| 134 |
@param hmackey_file: optional override of the hmac key file path |
|
| 126 | 135 |
|
| 127 | 136 |
""" |
| 128 | 137 |
# noded SSL certificate |
| 129 |
cluster_cert_exists = os.path.exists(constants.NODED_CERT_FILE)
|
|
| 138 |
cluster_cert_exists = os.path.exists(nodecert_file)
|
|
| 130 | 139 |
if new_cluster_cert or not cluster_cert_exists: |
| 131 | 140 |
if cluster_cert_exists: |
| 132 |
utils.CreateBackup(constants.NODED_CERT_FILE)
|
|
| 141 |
utils.CreateBackup(nodecert_file)
|
|
| 133 | 142 |
|
| 134 |
logging.debug("Generating new cluster certificate at %s",
|
|
| 135 |
constants.NODED_CERT_FILE) |
|
| 136 |
GenerateSelfSignedSslCert(constants.NODED_CERT_FILE) |
|
| 143 |
logging.debug("Generating new cluster certificate at %s", nodecert_file)
|
|
| 144 |
GenerateSelfSignedSslCert(nodecert_file) |
|
| 137 | 145 |
|
| 138 | 146 |
# confd HMAC key |
| 139 |
if new_confd_hmac_key or not os.path.exists(constants.CONFD_HMAC_KEY):
|
|
| 140 |
logging.debug("Writing new confd HMAC key to %s", constants.CONFD_HMAC_KEY)
|
|
| 141 |
GenerateHmacKey(constants.CONFD_HMAC_KEY)
|
|
| 147 |
if new_confd_hmac_key or not os.path.exists(hmackey_file):
|
|
| 148 |
logging.debug("Writing new confd HMAC key to %s", hmackey_file)
|
|
| 149 |
GenerateHmacKey(hmackey_file)
|
|
| 142 | 150 |
|
| 143 | 151 |
# RAPI |
| 144 |
rapi_cert_exists = os.path.exists(constants.RAPI_CERT_FILE)
|
|
| 152 |
rapi_cert_exists = os.path.exists(rapicert_file)
|
|
| 145 | 153 |
|
| 146 | 154 |
if rapi_cert_pem: |
| 147 | 155 |
# Assume rapi_pem contains a valid PEM-formatted certificate and key |
| 148 |
logging.debug("Writing RAPI certificate at %s",
|
|
| 149 |
constants.RAPI_CERT_FILE) |
|
| 150 |
utils.WriteFile(constants.RAPI_CERT_FILE, data=rapi_cert_pem, backup=True) |
|
| 156 |
logging.debug("Writing RAPI certificate at %s", rapicert_file)
|
|
| 157 |
utils.WriteFile(rapicert_file, data=rapi_cert_pem, backup=True) |
|
| 151 | 158 |
|
| 152 | 159 |
elif new_rapi_cert or not rapi_cert_exists: |
| 153 | 160 |
if rapi_cert_exists: |
| 154 |
utils.CreateBackup(constants.RAPI_CERT_FILE)
|
|
| 161 |
utils.CreateBackup(rapicert_file)
|
|
| 155 | 162 |
|
| 156 |
logging.debug("Generating new RAPI certificate at %s",
|
|
| 157 |
constants.RAPI_CERT_FILE) |
|
| 158 |
GenerateSelfSignedSslCert(constants.RAPI_CERT_FILE) |
|
| 163 |
logging.debug("Generating new RAPI certificate at %s", rapicert_file)
|
|
| 164 |
GenerateSelfSignedSslCert(rapicert_file) |
|
| 159 | 165 |
|
| 160 | 166 |
|
| 161 | 167 |
def _InitGanetiServerSetup(master_name): |
Also available in: Unified diff