On Thu, Dec 19, 2013 at 3:49 PM, Helga Velroyen <[email protected]> wrote:
> On cluster initializiation, the master node's > s/initializiation/initialization > SSL certificate digest is added to the list of master > candidate certificates. > > Signed-off-by: Helga Velroyen <[email protected]> > --- > lib/bootstrap.py | 1 - > lib/cmdlib/cluster.py | 6 +++++- > lib/cmdlib/common.py | 19 +++++++++++++++++++ > test/py/cmdlib/cluster_unittest.py | 10 +++++++++- > 4 files changed, 33 insertions(+), 3 deletions(-) > > diff --git a/lib/bootstrap.py b/lib/bootstrap.py > index 3fe91ca..f122b7f 100644 > --- a/lib/bootstrap.py > +++ b/lib/bootstrap.py > @@ -806,7 +806,6 @@ def InitCluster(cluster_name, mac_prefix, # pylint: > disable=R0913, R0914 > cfg = config.ConfigWriter(offline=True) > ssh.WriteKnownHostsFile(cfg, pathutils.SSH_KNOWN_HOSTS_FILE) > cfg.Update(cfg.GetClusterInfo(), logging.error) > - > ssconf.WriteSsconfFiles(cfg.GetSsconfValues()) > > # set up the inter-node password and certificate > diff --git a/lib/cmdlib/cluster.py b/lib/cmdlib/cluster.py > index bd3629a..c6290df 100644 > --- a/lib/cmdlib/cluster.py > +++ b/lib/cmdlib/cluster.py > @@ -58,7 +58,7 @@ from ganeti.cmdlib.common import ShareAll, RunPostHook, \ > CheckOSParams, CheckHVParams, AdjustCandidatePool, CheckNodePVs, \ > ComputeIPolicyInstanceViolation, AnnotateDiskParams, SupportsOob, \ > CheckIpolicyVsDiskTemplates, CheckDiskAccessModeValidity, \ > - CheckDiskAccessModeConsistency > + CheckDiskAccessModeConsistency, AddNodeCertToCandidateCerts > > import ganeti.masterd.instance > > @@ -220,6 +220,10 @@ class LUClusterPostInit(LogicalUnit): > self.master_ndparams[constants.ND_OVS_NAME], > self.master_ndparams.get(constants.ND_OVS_LINK, None)) > result.Raise("Could not successully configure Open vSwitch") > + > + AddNodeCertToCandidateCerts(self, self.master_uuid, > + self.cfg.GetClusterInfo()) > + > return True > > > diff --git a/lib/cmdlib/common.py b/lib/cmdlib/common.py > index 4224ce3..e501965 100644 > --- a/lib/cmdlib/common.py > +++ b/lib/cmdlib/common.py > @@ -1216,3 +1216,22 @@ def IsValidDiskAccessModeCombination(hv, > disk_template, mode): > > # Everything else: > return False > + > + > +def AddNodeCertToCandidateCerts(lu, node_uuid, cluster): > + """Add the node's client SSL certificate digest to the candidate certs. > + > + @type node_uuid: string > + @param node_uuid: the node's UUID > + @type cluster: C{object.Cluster} > + @param cluster: the cluster's configuration > + > + """ > + result = lu.rpc.call_node_crypto_tokens( > + node_uuid, [constants.CRYPTO_TYPE_SSL]) > + result.Raise("Could not retrieve the node's (uuid %s) SSL digest." > + % node_uuid) > + ((crypto_type, digest), ) = result.payload > + assert crypto_type == constants.CRYPTO_TYPE_SSL > + > + utils.AddNodeToCandidateCerts(node_uuid, digest, > cluster.candidate_certs) > diff --git a/test/py/cmdlib/cluster_unittest.py > b/test/py/cmdlib/cluster_unittest.py > index 15e504f..2941c26 100644 > --- a/test/py/cmdlib/cluster_unittest.py > +++ b/test/py/cmdlib/cluster_unittest.py > @@ -31,6 +31,8 @@ import os > import tempfile > import shutil > > +from collections import defaultdict > + > from ganeti import constants > from ganeti import errors > from ganeti import netutils > @@ -229,7 +231,13 @@ class TestLUClusterDestroy(CmdlibTestCase): > > > class TestLUClusterPostInit(CmdlibTestCase): > - def testExecuion(self): > + def testExecution(self): > + # For the purpose of this test, return the same certificate digest > for all > + # nodes > + self.rpc.call_node_crypto_tokens = \ > + lambda node_uuid, _: self.RpcResultsBuilder() \ > + .CreateSuccessfulNodeResult(node_uuid, > + [(constants.CRYPTO_TYPE_SSL, "IA:MA:FA:KE:DI:GE:ST")]) > op = opcodes.OpClusterPostInit() > > self.ExecOpCode(op) > -- > 1.8.5.1 > > Apart from the typo, LGTM, thanks!.
