Revision b3cc1646 lib/bootstrap.py
| b/lib/bootstrap.py | ||
|---|---|---|
| 91 | 91 |
backup=True) |
| 92 | 92 |
|
| 93 | 93 |
|
| 94 |
# pylint: disable=R0913 |
|
| 94 | 95 |
def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_spice_cert, |
| 95 |
new_confd_hmac_key, new_cds, new_node_client_cert,
|
|
| 96 |
new_confd_hmac_key, new_cds, |
|
| 96 | 97 |
rapi_cert_pem=None, spice_cert_pem=None, |
| 97 | 98 |
spice_cacert_pem=None, cds=None, |
| 98 | 99 |
nodecert_file=pathutils.NODED_CERT_FILE, |
| 99 |
nodecert_client_file=pathutils.NODED_CLIENT_CERT_FILE, |
|
| 100 | 100 |
rapicert_file=pathutils.RAPI_CERT_FILE, |
| 101 | 101 |
spicecert_file=pathutils.SPICE_CERT_FILE, |
| 102 | 102 |
spicecacert_file=pathutils.SPICE_CACERT_FILE, |
| ... | ... | |
| 114 | 114 |
@param new_confd_hmac_key: Whether to generate a new HMAC key |
| 115 | 115 |
@type new_cds: bool |
| 116 | 116 |
@param new_cds: Whether to generate a new cluster domain secret |
| 117 |
@type new_node_client_cert: bool |
|
| 118 |
@param new_node_client_cert: Whether to generate a new node (SSL) |
|
| 119 |
client certificate |
|
| 120 | 117 |
@type rapi_cert_pem: string |
| 121 | 118 |
@param rapi_cert_pem: New RAPI certificate in PEM format |
| 122 | 119 |
@type spice_cert_pem: string |
| ... | ... | |
| 128 | 125 |
@param cds: New cluster domain secret |
| 129 | 126 |
@type nodecert_file: string |
| 130 | 127 |
@param nodecert_file: optional override of the node cert file path |
| 131 |
@type nodecert_client_file: string |
|
| 132 |
@param nodecert_client_file: optional override of the node client certificate |
|
| 133 |
file path |
|
| 134 | 128 |
@type rapicert_file: string |
| 135 | 129 |
@param rapicert_file: optional override of the rapi cert file path |
| 136 | 130 |
@type spicecert_file: string |
| ... | ... | |
| 141 | 135 |
@param hmackey_file: optional override of the hmac key file path |
| 142 | 136 |
|
| 143 | 137 |
""" |
| 138 |
# pylint: disable=R0913 |
|
| 144 | 139 |
# noded SSL certificate |
| 145 | 140 |
utils.GenerateNewSslCert( |
| 146 | 141 |
new_cluster_cert, nodecert_file, |
| 147 | 142 |
"Generating new cluster certificate at %s" % nodecert_file) |
| 148 | 143 |
|
| 149 |
# noded client SSL certificate (to be used only by this very node) |
|
| 150 |
utils.GenerateNewSslCert( |
|
| 151 |
new_node_client_cert, nodecert_client_file, |
|
| 152 |
"Generating new node client certificate at %s" % nodecert_client_file) |
|
| 153 |
|
|
| 154 | 144 |
# confd HMAC key |
| 155 | 145 |
if new_confd_hmac_key or not os.path.exists(hmackey_file): |
| 156 | 146 |
logging.debug("Writing new confd HMAC key to %s", hmackey_file)
|
| ... | ... | |
| 212 | 202 |
|
| 213 | 203 |
""" |
| 214 | 204 |
# Generate cluster secrets |
| 215 |
GenerateClusterCrypto(True, False, False, False, False, True)
|
|
| 205 |
GenerateClusterCrypto(True, False, False, False, False) |
|
| 216 | 206 |
|
| 217 | 207 |
result = utils.RunCmd([pathutils.DAEMON_UTIL, "start", constants.NODED]) |
| 218 | 208 |
if result.failed: |
Also available in: Unified diff