Revision fc0726b9
b/lib/bootstrap.py | ||
---|---|---|
80 | 80 |
new_cds, rapi_cert_pem=None, cds=None, |
81 | 81 |
nodecert_file=constants.NODED_CERT_FILE, |
82 | 82 |
rapicert_file=constants.RAPI_CERT_FILE, |
83 |
hmackey_file=constants.CONFD_HMAC_KEY): |
|
83 |
hmackey_file=constants.CONFD_HMAC_KEY, |
|
84 |
cds_file=constants.CLUSTER_DOMAIN_SECRET_FILE): |
|
84 | 85 |
"""Updates the cluster certificates, keys and secrets. |
85 | 86 |
|
86 | 87 |
@type new_cluster_cert: bool |
... | ... | |
134 | 135 |
|
135 | 136 |
# Cluster domain secret |
136 | 137 |
if cds: |
137 |
logging.debug("Writing cluster domain secret to %s", |
|
138 |
constants.CLUSTER_DOMAIN_SECRET_FILE) |
|
139 |
utils.WriteFile(constants.CLUSTER_DOMAIN_SECRET_FILE, |
|
140 |
data=cds, backup=True) |
|
141 |
|
|
142 |
elif new_cds or not os.path.exists(constants.CLUSTER_DOMAIN_SECRET_FILE): |
|
143 |
logging.debug("Generating new cluster domain secret at %s", |
|
144 |
constants.CLUSTER_DOMAIN_SECRET_FILE) |
|
145 |
GenerateHmacKey(constants.CLUSTER_DOMAIN_SECRET_FILE) |
|
138 |
logging.debug("Writing cluster domain secret to %s", cds_file) |
|
139 |
utils.WriteFile(cds_file, data=cds, backup=True) |
|
140 |
|
|
141 |
elif new_cds or not os.path.exists(cds_file): |
|
142 |
logging.debug("Generating new cluster domain secret at %s", cds_file) |
|
143 |
GenerateHmacKey(cds_file) |
|
146 | 144 |
|
147 | 145 |
|
148 | 146 |
def _InitGanetiServerSetup(master_name): |
b/tools/cfgupgrade | ||
---|---|---|
123 | 123 |
options.KNOWN_HOSTS_PATH = options.data_dir + "/known_hosts" |
124 | 124 |
options.RAPI_CERT_FILE = options.data_dir + "/rapi.pem" |
125 | 125 |
options.CONFD_HMAC_KEY = options.data_dir + "/hmac.key" |
126 |
options.CDS_FILE = options.data_dir + "/cluster-domain-secret" |
|
126 | 127 |
|
127 | 128 |
SetupLogging() |
128 | 129 |
|
... | ... | |
178 | 179 |
bootstrap.GenerateClusterCrypto(False, False, False, False, |
179 | 180 |
nodecert_file=options.SERVER_PEM_PATH, |
180 | 181 |
rapicert_file=options.RAPI_CERT_FILE, |
181 |
hmackey_file=options.CONFD_HMAC_KEY) |
|
182 |
hmackey_file=options.CONFD_HMAC_KEY, |
|
183 |
cds_file=options.CDS_FILE) |
|
182 | 184 |
|
183 | 185 |
except: |
184 | 186 |
logging.critical("Writing configuration failed. It is probably in an" |
Also available in: Unified diff