Revision b3cc1646 lib/rpc/node.py
| b/lib/rpc/node.py | ||
|---|---|---|
| 36 | 36 |
import pycurl |
| 37 | 37 |
import threading |
| 38 | 38 |
import copy |
| 39 |
import os |
|
| 39 | 40 |
|
| 40 | 41 |
from ganeti import utils |
| 41 | 42 |
from ganeti import objects |
| ... | ... | |
| 97 | 98 |
|
| 98 | 99 |
def _ConfigRpcCurl(curl): |
| 99 | 100 |
noded_cert = str(pathutils.NODED_CERT_FILE) |
| 101 |
noded_client_cert = str(pathutils.NODED_CLIENT_CERT_FILE) |
|
| 102 |
|
|
| 103 |
# FIXME: The next two lines are necessary to ensure upgradability from |
|
| 104 |
# 2.10 to 2.11. Remove in 2.12, because this slows down RPC calls. |
|
| 105 |
if not os.path.exists(noded_client_cert): |
|
| 106 |
logging.info("Using server certificate as client certificate for RPC"
|
|
| 107 |
"call.") |
|
| 108 |
noded_client_cert = noded_cert |
|
| 100 | 109 |
|
| 101 | 110 |
curl.setopt(pycurl.FOLLOWLOCATION, False) |
| 102 | 111 |
curl.setopt(pycurl.CAINFO, noded_cert) |
| 103 | 112 |
curl.setopt(pycurl.SSL_VERIFYHOST, 0) |
| 104 | 113 |
curl.setopt(pycurl.SSL_VERIFYPEER, True) |
| 105 | 114 |
curl.setopt(pycurl.SSLCERTTYPE, "PEM") |
| 106 |
curl.setopt(pycurl.SSLCERT, noded_cert) |
|
| 115 |
curl.setopt(pycurl.SSLCERT, noded_client_cert)
|
|
| 107 | 116 |
curl.setopt(pycurl.SSLKEYTYPE, "PEM") |
| 108 |
curl.setopt(pycurl.SSLKEY, noded_cert) |
|
| 117 |
curl.setopt(pycurl.SSLKEY, noded_client_cert)
|
|
| 109 | 118 |
curl.setopt(pycurl.CONNECTTIMEOUT, constants.RPC_CONNECT_TIMEOUT) |
| 110 | 119 |
|
| 111 | 120 |
|
Also available in: Unified diff