Revision f942a838 lib/backend.py
| b/lib/backend.py | ||
|---|---|---|
| 63 | 63 |
constants.DATA_DIR, |
| 64 | 64 |
constants.JOB_QUEUE_ARCHIVE_DIR, |
| 65 | 65 |
constants.QUEUE_DIR, |
| 66 |
constants.CRYPTO_KEYS_DIR, |
|
| 66 | 67 |
]) |
| 68 |
_MAX_SSL_CERT_VALIDITY = 7 * 24 * 60 * 60 |
|
| 69 |
_X509_KEY_FILE = "key" |
|
| 70 |
_X509_CERT_FILE = "cert" |
|
| 67 | 71 |
|
| 68 | 72 |
|
| 69 | 73 |
class RPCFail(Exception): |
| ... | ... | |
| 385 | 389 |
|
| 386 | 390 |
""" |
| 387 | 391 |
_CleanDirectory(constants.DATA_DIR) |
| 392 |
_CleanDirectory(constants.CRYPTO_KEYS_DIR) |
|
| 388 | 393 |
JobQueuePurge() |
| 389 | 394 |
|
| 390 | 395 |
if modify_ssh_setup: |
| ... | ... | |
| 2510 | 2515 |
utils.RemoveFile(constants.CLUSTER_CONF_FILE) |
| 2511 | 2516 |
|
| 2512 | 2517 |
|
| 2518 |
def _GetX509Filenames(cryptodir, name): |
|
| 2519 |
"""Returns the full paths for the private key and certificate. |
|
| 2520 |
|
|
| 2521 |
""" |
|
| 2522 |
return (utils.PathJoin(cryptodir, name), |
|
| 2523 |
utils.PathJoin(cryptodir, name, _X509_KEY_FILE), |
|
| 2524 |
utils.PathJoin(cryptodir, name, _X509_CERT_FILE)) |
|
| 2525 |
|
|
| 2526 |
|
|
| 2527 |
def CreateX509Certificate(validity, cryptodir=constants.CRYPTO_KEYS_DIR): |
|
| 2528 |
"""Creates a new X509 certificate for SSL/TLS. |
|
| 2529 |
|
|
| 2530 |
@type validity: int |
|
| 2531 |
@param validity: Validity in seconds |
|
| 2532 |
@rtype: tuple; (string, string) |
|
| 2533 |
@return: Certificate name and public part |
|
| 2534 |
|
|
| 2535 |
""" |
|
| 2536 |
(key_pem, cert_pem) = \ |
|
| 2537 |
utils.GenerateSelfSignedX509Cert(utils.HostInfo.SysName(), |
|
| 2538 |
min(validity, _MAX_SSL_CERT_VALIDITY)) |
|
| 2539 |
|
|
| 2540 |
cert_dir = tempfile.mkdtemp(dir=cryptodir, |
|
| 2541 |
prefix="x509-%s-" % utils.TimestampForFilename()) |
|
| 2542 |
try: |
|
| 2543 |
name = os.path.basename(cert_dir) |
|
| 2544 |
assert len(name) > 5 |
|
| 2545 |
|
|
| 2546 |
(_, key_file, cert_file) = _GetX509Filenames(cryptodir, name) |
|
| 2547 |
|
|
| 2548 |
utils.WriteFile(key_file, mode=0400, data=key_pem) |
|
| 2549 |
utils.WriteFile(cert_file, mode=0400, data=cert_pem) |
|
| 2550 |
|
|
| 2551 |
# Never return private key as it shouldn't leave the node |
|
| 2552 |
return (name, cert_pem) |
|
| 2553 |
except Exception: |
|
| 2554 |
shutil.rmtree(cert_dir, ignore_errors=True) |
|
| 2555 |
raise |
|
| 2556 |
|
|
| 2557 |
|
|
| 2558 |
def RemoveX509Certificate(name, cryptodir=constants.CRYPTO_KEYS_DIR): |
|
| 2559 |
"""Removes a X509 certificate. |
|
| 2560 |
|
|
| 2561 |
@type name: string |
|
| 2562 |
@param name: Certificate name |
|
| 2563 |
|
|
| 2564 |
""" |
|
| 2565 |
(cert_dir, key_file, cert_file) = _GetX509Filenames(cryptodir, name) |
|
| 2566 |
|
|
| 2567 |
utils.RemoveFile(key_file) |
|
| 2568 |
utils.RemoveFile(cert_file) |
|
| 2569 |
|
|
| 2570 |
try: |
|
| 2571 |
os.rmdir(cert_dir) |
|
| 2572 |
except EnvironmentError, err: |
|
| 2573 |
_Fail("Cannot remove certificate directory '%s': %s",
|
|
| 2574 |
cert_dir, err) |
|
| 2575 |
|
|
| 2576 |
|
|
| 2513 | 2577 |
def _FindDisks(nodes_ip, disks): |
| 2514 | 2578 |
"""Sets the physical ID on disks and returns the block devices. |
| 2515 | 2579 |
|
Also available in: Unified diff