Revision ec17d09c lib/bootstrap.py
b/lib/bootstrap.py | ||
---|---|---|
77 | 77 |
the cluster and also generates the SSL certificate. |
78 | 78 |
|
79 | 79 |
""" |
80 |
# Create pseudo random password |
|
81 |
randpass = utils.GenerateSecret() |
|
82 |
|
|
83 |
# and write it into the config file |
|
84 |
utils.WriteFile(constants.CLUSTER_PASSWORD_FILE, |
|
85 |
data="%s\n" % randpass, mode=0400) |
|
86 |
|
|
87 | 80 |
result = utils.RunCmd(["openssl", "req", "-new", "-newkey", "rsa:1024", |
88 | 81 |
"-days", str(365*5), "-nodes", "-x509", |
89 | 82 |
"-keyout", constants.SSL_CERT_FILE, |
... | ... | |
291 | 284 |
""" |
292 | 285 |
cfg = ssconf.SimpleConfigReader() |
293 | 286 |
sshrunner = ssh.SshRunner(cfg.GetClusterName()) |
294 |
gntpass = utils.GetNodeDaemonPassword() |
|
295 |
if not re.match('^[a-zA-Z0-9.]{1,64}$', gntpass): |
|
296 |
raise errors.OpExecError("ganeti password corruption detected") |
|
297 | 287 |
gntpem = utils.ReadFile(constants.SSL_CERT_FILE) |
298 | 288 |
# in the base64 pem encoding, neither '!' nor '.' are valid chars, |
299 | 289 |
# so we use this to detect an invalid certificate; as long as the |
... | ... | |
309 | 299 |
# note that all the below variables are sanitized at this point, |
310 | 300 |
# either by being constants or by the checks above |
311 | 301 |
mycommand = ("umask 077 && " |
312 |
"echo '%s' > '%s' && " |
|
313 | 302 |
"cat > '%s' << '!EOF.' && \n" |
314 | 303 |
"%s!EOF.\n%s restart" % |
315 |
(gntpass, constants.CLUSTER_PASSWORD_FILE, |
|
316 |
constants.SSL_CERT_FILE, gntpem, |
|
304 |
(constants.SSL_CERT_FILE, gntpem, |
|
317 | 305 |
constants.NODE_INITD_SCRIPT)) |
318 | 306 |
|
319 | 307 |
result = sshrunner.Run(node, 'root', mycommand, batch=False, |
Also available in: Unified diff