Revision b3cc1646 lib/bootstrap.py
b/lib/bootstrap.py | ||
---|---|---|
91 | 91 |
backup=True) |
92 | 92 |
|
93 | 93 |
|
94 |
# pylint: disable=R0913 |
|
94 | 95 |
def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_spice_cert, |
95 |
new_confd_hmac_key, new_cds, new_node_client_cert,
|
|
96 |
new_confd_hmac_key, new_cds, |
|
96 | 97 |
rapi_cert_pem=None, spice_cert_pem=None, |
97 | 98 |
spice_cacert_pem=None, cds=None, |
98 | 99 |
nodecert_file=pathutils.NODED_CERT_FILE, |
99 |
nodecert_client_file=pathutils.NODED_CLIENT_CERT_FILE, |
|
100 | 100 |
rapicert_file=pathutils.RAPI_CERT_FILE, |
101 | 101 |
spicecert_file=pathutils.SPICE_CERT_FILE, |
102 | 102 |
spicecacert_file=pathutils.SPICE_CACERT_FILE, |
... | ... | |
114 | 114 |
@param new_confd_hmac_key: Whether to generate a new HMAC key |
115 | 115 |
@type new_cds: bool |
116 | 116 |
@param new_cds: Whether to generate a new cluster domain secret |
117 |
@type new_node_client_cert: bool |
|
118 |
@param new_node_client_cert: Whether to generate a new node (SSL) |
|
119 |
client certificate |
|
120 | 117 |
@type rapi_cert_pem: string |
121 | 118 |
@param rapi_cert_pem: New RAPI certificate in PEM format |
122 | 119 |
@type spice_cert_pem: string |
... | ... | |
128 | 125 |
@param cds: New cluster domain secret |
129 | 126 |
@type nodecert_file: string |
130 | 127 |
@param nodecert_file: optional override of the node cert file path |
131 |
@type nodecert_client_file: string |
|
132 |
@param nodecert_client_file: optional override of the node client certificate |
|
133 |
file path |
|
134 | 128 |
@type rapicert_file: string |
135 | 129 |
@param rapicert_file: optional override of the rapi cert file path |
136 | 130 |
@type spicecert_file: string |
... | ... | |
141 | 135 |
@param hmackey_file: optional override of the hmac key file path |
142 | 136 |
|
143 | 137 |
""" |
138 |
# pylint: disable=R0913 |
|
144 | 139 |
# noded SSL certificate |
145 | 140 |
utils.GenerateNewSslCert( |
146 | 141 |
new_cluster_cert, nodecert_file, |
147 | 142 |
"Generating new cluster certificate at %s" % nodecert_file) |
148 | 143 |
|
149 |
# noded client SSL certificate (to be used only by this very node) |
|
150 |
utils.GenerateNewSslCert( |
|
151 |
new_node_client_cert, nodecert_client_file, |
|
152 |
"Generating new node client certificate at %s" % nodecert_client_file) |
|
153 |
|
|
154 | 144 |
# confd HMAC key |
155 | 145 |
if new_confd_hmac_key or not os.path.exists(hmackey_file): |
156 | 146 |
logging.debug("Writing new confd HMAC key to %s", hmackey_file) |
... | ... | |
212 | 202 |
|
213 | 203 |
""" |
214 | 204 |
# Generate cluster secrets |
215 |
GenerateClusterCrypto(True, False, False, False, False, True)
|
|
205 |
GenerateClusterCrypto(True, False, False, False, False) |
|
216 | 206 |
|
217 | 207 |
result = utils.RunCmd([pathutils.DAEMON_UTIL, "start", constants.NODED]) |
218 | 208 |
if result.failed: |
Also available in: Unified diff