Revision f942a838 lib/backend.py
b/lib/backend.py | ||
---|---|---|
63 | 63 |
constants.DATA_DIR, |
64 | 64 |
constants.JOB_QUEUE_ARCHIVE_DIR, |
65 | 65 |
constants.QUEUE_DIR, |
66 |
constants.CRYPTO_KEYS_DIR, |
|
66 | 67 |
]) |
68 |
_MAX_SSL_CERT_VALIDITY = 7 * 24 * 60 * 60 |
|
69 |
_X509_KEY_FILE = "key" |
|
70 |
_X509_CERT_FILE = "cert" |
|
67 | 71 |
|
68 | 72 |
|
69 | 73 |
class RPCFail(Exception): |
... | ... | |
385 | 389 |
|
386 | 390 |
""" |
387 | 391 |
_CleanDirectory(constants.DATA_DIR) |
392 |
_CleanDirectory(constants.CRYPTO_KEYS_DIR) |
|
388 | 393 |
JobQueuePurge() |
389 | 394 |
|
390 | 395 |
if modify_ssh_setup: |
... | ... | |
2510 | 2515 |
utils.RemoveFile(constants.CLUSTER_CONF_FILE) |
2511 | 2516 |
|
2512 | 2517 |
|
2518 |
def _GetX509Filenames(cryptodir, name): |
|
2519 |
"""Returns the full paths for the private key and certificate. |
|
2520 |
|
|
2521 |
""" |
|
2522 |
return (utils.PathJoin(cryptodir, name), |
|
2523 |
utils.PathJoin(cryptodir, name, _X509_KEY_FILE), |
|
2524 |
utils.PathJoin(cryptodir, name, _X509_CERT_FILE)) |
|
2525 |
|
|
2526 |
|
|
2527 |
def CreateX509Certificate(validity, cryptodir=constants.CRYPTO_KEYS_DIR): |
|
2528 |
"""Creates a new X509 certificate for SSL/TLS. |
|
2529 |
|
|
2530 |
@type validity: int |
|
2531 |
@param validity: Validity in seconds |
|
2532 |
@rtype: tuple; (string, string) |
|
2533 |
@return: Certificate name and public part |
|
2534 |
|
|
2535 |
""" |
|
2536 |
(key_pem, cert_pem) = \ |
|
2537 |
utils.GenerateSelfSignedX509Cert(utils.HostInfo.SysName(), |
|
2538 |
min(validity, _MAX_SSL_CERT_VALIDITY)) |
|
2539 |
|
|
2540 |
cert_dir = tempfile.mkdtemp(dir=cryptodir, |
|
2541 |
prefix="x509-%s-" % utils.TimestampForFilename()) |
|
2542 |
try: |
|
2543 |
name = os.path.basename(cert_dir) |
|
2544 |
assert len(name) > 5 |
|
2545 |
|
|
2546 |
(_, key_file, cert_file) = _GetX509Filenames(cryptodir, name) |
|
2547 |
|
|
2548 |
utils.WriteFile(key_file, mode=0400, data=key_pem) |
|
2549 |
utils.WriteFile(cert_file, mode=0400, data=cert_pem) |
|
2550 |
|
|
2551 |
# Never return private key as it shouldn't leave the node |
|
2552 |
return (name, cert_pem) |
|
2553 |
except Exception: |
|
2554 |
shutil.rmtree(cert_dir, ignore_errors=True) |
|
2555 |
raise |
|
2556 |
|
|
2557 |
|
|
2558 |
def RemoveX509Certificate(name, cryptodir=constants.CRYPTO_KEYS_DIR): |
|
2559 |
"""Removes a X509 certificate. |
|
2560 |
|
|
2561 |
@type name: string |
|
2562 |
@param name: Certificate name |
|
2563 |
|
|
2564 |
""" |
|
2565 |
(cert_dir, key_file, cert_file) = _GetX509Filenames(cryptodir, name) |
|
2566 |
|
|
2567 |
utils.RemoveFile(key_file) |
|
2568 |
utils.RemoveFile(cert_file) |
|
2569 |
|
|
2570 |
try: |
|
2571 |
os.rmdir(cert_dir) |
|
2572 |
except EnvironmentError, err: |
|
2573 |
_Fail("Cannot remove certificate directory '%s': %s", |
|
2574 |
cert_dir, err) |
|
2575 |
|
|
2576 |
|
|
2513 | 2577 |
def _FindDisks(nodes_ip, disks): |
2514 | 2578 |
"""Sets the physical ID on disks and returns the block devices. |
2515 | 2579 |
|
Also available in: Unified diff