Revision b3cc1646 lib/client/gnt_cluster.py
b/lib/client/gnt_cluster.py | ||
---|---|---|
885 | 885 |
def _RenewCrypto(new_cluster_cert, new_rapi_cert, # pylint: disable=R0911 |
886 | 886 |
rapi_cert_filename, new_spice_cert, spice_cert_filename, |
887 | 887 |
spice_cacert_filename, new_confd_hmac_key, new_cds, |
888 |
cds_filename, force): |
|
888 |
cds_filename, force, new_node_cert):
|
|
889 | 889 |
"""Renews cluster certificates, keys and secrets. |
890 | 890 |
|
891 | 891 |
@type new_cluster_cert: bool |
... | ... | |
909 | 909 |
@param cds_filename: Path to file containing new cluster domain secret |
910 | 910 |
@type force: bool |
911 | 911 |
@param force: Whether to ask user for confirmation |
912 |
@type new_node_cert: string |
|
913 |
@param new_node_cert: Whether to generate new node certificates |
|
912 | 914 |
|
913 | 915 |
""" |
914 | 916 |
if new_rapi_cert and rapi_cert_filename: |
... | ... | |
961 | 963 |
|
962 | 964 |
def _RenewCryptoInner(ctx): |
963 | 965 |
ctx.feedback_fn("Updating certificates and keys") |
964 |
# FIXME: add separate option for client certs
|
|
966 |
# Note: the node certificate will be generated in the LU
|
|
965 | 967 |
bootstrap.GenerateClusterCrypto(new_cluster_cert, |
966 | 968 |
new_rapi_cert, |
967 | 969 |
new_spice_cert, |
968 | 970 |
new_confd_hmac_key, |
969 | 971 |
new_cds, |
970 |
new_cluster_cert, |
|
971 | 972 |
rapi_cert_pem=rapi_cert_pem, |
972 | 973 |
spice_cert_pem=spice_cert_pem, |
973 | 974 |
spice_cacert_pem=spice_cacert_pem, |
... | ... | |
1004 | 1005 |
ToStdout("All requested certificates and keys have been replaced." |
1005 | 1006 |
" Running \"gnt-cluster verify\" now is recommended.") |
1006 | 1007 |
|
1008 |
if new_node_cert: |
|
1009 |
cl = GetClient() |
|
1010 |
renew_op = opcodes.OpClusterRenewCrypto() |
|
1011 |
SubmitOpCode(renew_op, cl=cl) |
|
1012 |
|
|
1007 | 1013 |
return 0 |
1008 | 1014 |
|
1009 | 1015 |
|
... | ... | |
1020 | 1026 |
opts.new_confd_hmac_key, |
1021 | 1027 |
opts.new_cluster_domain_secret, |
1022 | 1028 |
opts.cluster_domain_secret, |
1023 |
opts.force) |
|
1029 |
opts.force, |
|
1030 |
opts.new_node_cert) |
|
1024 | 1031 |
|
1025 | 1032 |
|
1026 | 1033 |
def _GetEnabledDiskTemplates(opts): |
... | ... | |
2137 | 2144 |
[NEW_CLUSTER_CERT_OPT, NEW_RAPI_CERT_OPT, RAPI_CERT_OPT, |
2138 | 2145 |
NEW_CONFD_HMAC_KEY_OPT, FORCE_OPT, |
2139 | 2146 |
NEW_CLUSTER_DOMAIN_SECRET_OPT, CLUSTER_DOMAIN_SECRET_OPT, |
2140 |
NEW_SPICE_CERT_OPT, SPICE_CERT_OPT, SPICE_CACERT_OPT], |
|
2147 |
NEW_SPICE_CERT_OPT, SPICE_CERT_OPT, SPICE_CACERT_OPT, |
|
2148 |
NEW_NODE_CERT_OPT], |
|
2141 | 2149 |
"[opts...]", |
2142 | 2150 |
"Renews cluster certificates, keys and secrets"), |
2143 | 2151 |
"epo": ( |
Also available in: Unified diff