Passing the paths in seems more logical.
---
daemons/ganeti-confd | 1 +
daemons/ganeti-noded | 4 +++-
daemons/ganeti-rapi | 4 +++-
lib/constants.py | 6 ------
lib/daemon.py | 40 +++++++++++++++++++++++++++-------------
5 files changed, 34 insertions(+), 21 deletions(-)
diff --git a/daemons/ganeti-confd b/daemons/ganeti-confd
index 4d19ea6..f508783 100755
--- a/daemons/ganeti-confd
+++ b/daemons/ganeti-confd
@@ -40,6 +40,7 @@ from ganeti.confd import server as confd_server
from ganeti import constants
from ganeti import errors
from ganeti import daemon
+from ganeti import utils
from ganeti import ssconf
diff --git a/daemons/ganeti-noded b/daemons/ganeti-noded
index 5ee2eef..f963da4 100755
--- a/daemons/ganeti-noded
+++ b/daemons/ganeti-noded
@@ -820,7 +820,9 @@ def main():
dirs.append((constants.LOG_OS_DIR, 0750))
dirs.append((constants.LOCK_DIR, 1777))
daemon.GenericMain(constants.NODED, parser, dirs, None, ExecNoded,
- default_port=utils.GetDaemonPort(constants.NODED))
+ default_port=utils.GetDaemonPort(constants.NODED),
+ default_ssl_cert=constants.SSL_CERT_FILE,
+ default_ssl_key=constants.SSL_CERT_FILE)
if __name__ == '__main__':
diff --git a/daemons/ganeti-rapi b/daemons/ganeti-rapi
index 087a6db..2bc2a21 100755
--- a/daemons/ganeti-rapi
+++ b/daemons/ganeti-rapi
@@ -223,7 +223,9 @@ def main():
dirs = [(val, constants.RUN_DIRS_MODE) for val in constants.SUB_RUN_DIRS]
dirs.append((constants.LOG_OS_DIR, 0750))
daemon.GenericMain(constants.RAPI, parser, dirs, CheckRapi, ExecRapi,
- default_port=utils.GetDaemonPort(constants.RAPI))
+ default_port=utils.GetDaemonPort(constants.RAPI),
+ default_ssl_cert=constants.RAPI_CERT_FILE,
+ default_ssl_key=constants.RAPI_CERT_FILE)
if __name__ == "__main__":
diff --git a/lib/constants.py b/lib/constants.py
index b4d82f8..c6e9168 100644
--- a/lib/constants.py
+++ b/lib/constants.py
@@ -118,12 +118,6 @@ CONFD = "ganeti-confd"
RAPI = "ganeti-rapi"
MASTERD = "ganeti-masterd"
-DAEMONS_SSL = {
- # daemon-name: (default-cert-path, default-key-path)
- NODED: (SSL_CERT_FILE, SSL_CERT_FILE),
- RAPI: (RAPI_CERT_FILE, RAPI_CERT_FILE),
- }
-
DAEMONS_PORTS = {
# daemon-name: ("proto", "default-port")
NODED: ("tcp", 1811),
diff --git a/lib/daemon.py b/lib/daemon.py
index 605a4a3..991f54f 100644
--- a/lib/daemon.py
+++ b/lib/daemon.py
@@ -223,6 +223,7 @@ class Mainloop(object):
def GenericMain(daemon_name, optionparser, dirs, check_fn, exec_fn,
multithreaded=False, default_port=None):
+ default_ssl_cert=None, default_ssl_key=None):
"""Shared main function for daemons.
@type daemon_name: string
@@ -242,6 +243,10 @@ def GenericMain(daemon_name, optionparser, dirs, check_fn,
exec_fn,
@param multithreaded: Whether the daemon uses threads
@type default_port: int
@param default_port: Default network port
+ @type default_ssl_cert: string
+ @param default_ssl_cert: Default SSL certificate path
+ @type default_ssl_key: string
+ @param default_ssl_key: Default SSL key path
"""
optionparser.add_option("-f", "--foreground", dest="fork",
@@ -260,32 +265,41 @@ def GenericMain(daemon_name, optionparser, dirs,
check_fn, exec_fn,
help="Bind address (default: 0.0.0.0)",
default="0.0.0.0", metavar="ADDRESS")
- if daemon_name in constants.DAEMONS_SSL:
- default_cert, default_key = constants.DAEMONS_SSL[daemon_name]
+ if default_ssl_key is not None and default_ssl_cert is not None:
optionparser.add_option("--no-ssl", dest="ssl",
help="Do not secure HTTP protocol with SSL",
default=True, action="store_false")
optionparser.add_option("-K", "--ssl-key", dest="ssl_key",
- help="SSL key",
- default=default_key, type="string")
+ help=("SSL key path (default: %s)" %
+ default_ssl_key),
+ default=default_ssl_key, type="string",
+ metavar="SSL_KEY_PATH")
optionparser.add_option("-C", "--ssl-cert", dest="ssl_cert",
- help="SSL certificate",
- default=default_cert, type="string")
+ help=("SSL certificate path (default: %s)" %
+ default_ssl_cert),
+ default=default_ssl_cert, type="string",
+ metavar="SSL_CERT_PATH")
# Disable the use of fork(2) if the daemon uses threads
utils.no_fork = multithreaded
options, args = optionparser.parse_args()
- if hasattr(options, 'ssl') and options.ssl:
- if not (options.ssl_cert and options.ssl_key):
- print >> sys.stderr, "Need key and certificate to use ssl"
- sys.exit(constants.EXIT_FAILURE)
- for fname in (options.ssl_cert, options.ssl_key):
- if not os.path.isfile(fname):
- print >> sys.stderr, "Need ssl file %s to run" % fname
+ if getattr(options, "ssl", False):
+ ssl_paths = {
+ "certificate": options.ssl_cert,
+ "key": options.ssl_key,
+ }
+
+ for name, path in ssl_paths.iteritems():
+ if not os.path.isfile(path):
+ print >> sys.stderr, "SSL %s file '%s' was not found" % (name, path)
sys.exit(constants.EXIT_FAILURE)
+ # TODO: By initiating http.HttpSslParams here we would only read the files
+ # once and have a proper validation (isfile returns False on directories)
+ # at the same time.
+
if check_fn is not None:
check_fn(options, args)
--
1.6.4.3
