Revision c4415fd5
| b/lib/bootstrap.py | ||
|---|---|---|
| 28 | 28 |
import sha |
| 29 | 29 |
import re |
| 30 | 30 |
import logging |
| 31 |
import tempfile |
|
| 31 | 32 |
|
| 32 | 33 |
from ganeti import rpc |
| 33 | 34 |
from ganeti import ssh |
| ... | ... | |
| 76 | 77 |
@param validity: Validity for certificate in days |
| 77 | 78 |
|
| 78 | 79 |
""" |
| 79 |
result = utils.RunCmd(["openssl", "req", "-new", "-newkey", "rsa:1024", |
|
| 80 |
"-days", str(validity), "-nodes", "-x509", |
|
| 81 |
"-keyout", file_name, "-out", file_name, "-batch"]) |
|
| 82 |
if result.failed: |
|
| 83 |
raise errors.OpExecError("Could not generate SSL certificate, command"
|
|
| 84 |
" %s had exitcode %s and error message %s" % |
|
| 85 |
(result.cmd, result.exit_code, result.output)) |
|
| 86 |
|
|
| 87 |
os.chmod(file_name, 0400) |
|
| 80 |
(fd, tmp_file_name) = tempfile.mkstemp(dir=os.path.dirname(file_name)) |
|
| 81 |
try: |
|
| 82 |
# Set permissions before writing key |
|
| 83 |
os.chmod(tmp_file_name, 0600) |
|
| 84 |
|
|
| 85 |
result = utils.RunCmd(["openssl", "req", "-new", "-newkey", "rsa:1024", |
|
| 86 |
"-days", str(validity), "-nodes", "-x509", |
|
| 87 |
"-keyout", tmp_file_name, "-out", tmp_file_name, |
|
| 88 |
"-batch"]) |
|
| 89 |
if result.failed: |
|
| 90 |
raise errors.OpExecError("Could not generate SSL certificate, command"
|
|
| 91 |
" %s had exitcode %s and error message %s" % |
|
| 92 |
(result.cmd, result.exit_code, result.output)) |
|
| 93 |
|
|
| 94 |
# Make read-only |
|
| 95 |
os.chmod(tmp_file_name, 0400) |
|
| 96 |
|
|
| 97 |
os.rename(tmp_file_name, file_name) |
|
| 98 |
finally: |
|
| 99 |
utils.RemoveFile(tmp_file_name) |
|
| 88 | 100 |
|
| 89 | 101 |
|
| 90 | 102 |
def _InitGanetiServerSetup(): |
Also available in: Unified diff