Revision ec17d09c lib/bootstrap.py
| b/lib/bootstrap.py | ||
|---|---|---|
| 77 | 77 |
the cluster and also generates the SSL certificate. |
| 78 | 78 |
|
| 79 | 79 |
""" |
| 80 |
# Create pseudo random password |
|
| 81 |
randpass = utils.GenerateSecret() |
|
| 82 |
|
|
| 83 |
# and write it into the config file |
|
| 84 |
utils.WriteFile(constants.CLUSTER_PASSWORD_FILE, |
|
| 85 |
data="%s\n" % randpass, mode=0400) |
|
| 86 |
|
|
| 87 | 80 |
result = utils.RunCmd(["openssl", "req", "-new", "-newkey", "rsa:1024", |
| 88 | 81 |
"-days", str(365*5), "-nodes", "-x509", |
| 89 | 82 |
"-keyout", constants.SSL_CERT_FILE, |
| ... | ... | |
| 291 | 284 |
""" |
| 292 | 285 |
cfg = ssconf.SimpleConfigReader() |
| 293 | 286 |
sshrunner = ssh.SshRunner(cfg.GetClusterName()) |
| 294 |
gntpass = utils.GetNodeDaemonPassword() |
|
| 295 |
if not re.match('^[a-zA-Z0-9.]{1,64}$', gntpass):
|
|
| 296 |
raise errors.OpExecError("ganeti password corruption detected")
|
|
| 297 | 287 |
gntpem = utils.ReadFile(constants.SSL_CERT_FILE) |
| 298 | 288 |
# in the base64 pem encoding, neither '!' nor '.' are valid chars, |
| 299 | 289 |
# so we use this to detect an invalid certificate; as long as the |
| ... | ... | |
| 309 | 299 |
# note that all the below variables are sanitized at this point, |
| 310 | 300 |
# either by being constants or by the checks above |
| 311 | 301 |
mycommand = ("umask 077 && "
|
| 312 |
"echo '%s' > '%s' && " |
|
| 313 | 302 |
"cat > '%s' << '!EOF.' && \n" |
| 314 | 303 |
"%s!EOF.\n%s restart" % |
| 315 |
(gntpass, constants.CLUSTER_PASSWORD_FILE, |
|
| 316 |
constants.SSL_CERT_FILE, gntpem, |
|
| 304 |
(constants.SSL_CERT_FILE, gntpem, |
|
| 317 | 305 |
constants.NODE_INITD_SCRIPT)) |
| 318 | 306 |
|
| 319 | 307 |
result = sshrunner.Run(node, 'root', mycommand, batch=False, |
Also available in: Unified diff