Revision d5104ca4 lib/rpc/node.py
b/lib/rpc/node.py | ||
---|---|---|
36 | 36 |
import pycurl |
37 | 37 |
import threading |
38 | 38 |
import copy |
39 |
import os |
|
39 | 40 |
|
40 | 41 |
from ganeti import utils |
41 | 42 |
from ganeti import objects |
... | ... | |
97 | 98 |
|
98 | 99 |
def _ConfigRpcCurl(curl): |
99 | 100 |
noded_cert = str(pathutils.NODED_CERT_FILE) |
101 |
noded_client_cert = str(pathutils.NODED_CLIENT_CERT_FILE) |
|
102 |
|
|
103 |
# FIXME: The next two lines are necessary to ensure upgradability from |
|
104 |
# 2.10 to 2.11. Remove in 2.12, because this slows down RPC calls. |
|
105 |
if not os.path.exists(noded_client_cert): |
|
106 |
logging.info("Using server certificate as client certificate for RPC" |
|
107 |
"call.") |
|
108 |
noded_client_cert = noded_cert |
|
100 | 109 |
|
101 | 110 |
curl.setopt(pycurl.FOLLOWLOCATION, False) |
102 | 111 |
curl.setopt(pycurl.CAINFO, noded_cert) |
103 | 112 |
curl.setopt(pycurl.SSL_VERIFYHOST, 0) |
104 | 113 |
curl.setopt(pycurl.SSL_VERIFYPEER, True) |
105 | 114 |
curl.setopt(pycurl.SSLCERTTYPE, "PEM") |
106 |
curl.setopt(pycurl.SSLCERT, noded_cert) |
|
115 |
curl.setopt(pycurl.SSLCERT, noded_client_cert)
|
|
107 | 116 |
curl.setopt(pycurl.SSLKEYTYPE, "PEM") |
108 |
curl.setopt(pycurl.SSLKEY, noded_cert) |
|
117 |
curl.setopt(pycurl.SSLKEY, noded_client_cert)
|
|
109 | 118 |
curl.setopt(pycurl.CONNECTTIMEOUT, constants.RPC_CONNECT_TIMEOUT) |
110 | 119 |
|
111 | 120 |
|
Also available in: Unified diff