Re: [PATCH master 04/15] Add candiate certificate map to configuration

Fri, 20 Dec 2013 01:36:45 -0800 

On Thu, Dec 19, 2013 at 7:06 PM, Hrvoje Ribicic <[email protected]> wrote:

>
>
>
> On Thu, Dec 19, 2013 at 3:49 PM, Helga Velroyen <[email protected]> wrote:
>
>> At the end of this patch series, incoming RPC calls are
>> legitimized against a map of master candidate nodes'
>> SSL certificate digests. This patch adds the map itself
>> to the cluster's configuration.
>>
>> Signed-off-by: Helga Velroyen <[email protected]>
>> ---
>>  lib/bootstrap.py               | 4 ++++
>>  lib/objects.py                 | 4 ++++
>>  src/Ganeti/Objects.hs          | 4 ++++
>>  test/py/cfgupgrade_unittest.py | 3 ++-
>>  4 files changed, 14 insertions(+), 1 deletion(-)
>>
>> diff --git a/lib/bootstrap.py b/lib/bootstrap.py
>> index 748ab48..3fe91ca 100644
>> --- a/lib/bootstrap.py
>> +++ b/lib/bootstrap.py
>> @@ -749,6 +749,8 @@ def InitCluster(cluster_name, mac_prefix, # pylint:
>> disable=R0913, R0914
>>                        os.path.isfile):
>>        default_iallocator = constants.IALLOC_HAIL
>>
>> +  candidate_certs = {}
>> +
>>    now = time.time()
>>
>>    # init of cluster config file
>> @@ -790,6 +792,7 @@ def InitCluster(cluster_name, mac_prefix, # pylint:
>> disable=R0913, R0914
>>      hv_state_static=hv_state,
>>      disk_state_static=disk_state,
>>      enabled_disk_templates=enabled_disk_templates,
>> +    candidate_certs=candidate_certs,
>>      )
>>    master_node_config = objects.Node(name=hostname.name,
>>                                      primary_ip=hostname.ip,
>> @@ -803,6 +806,7 @@ def InitCluster(cluster_name, mac_prefix, # pylint:
>> disable=R0913, R0914
>>    cfg = config.ConfigWriter(offline=True)
>>    ssh.WriteKnownHostsFile(cfg, pathutils.SSH_KNOWN_HOSTS_FILE)
>>    cfg.Update(cfg.GetClusterInfo(), logging.error)
>> +
>>    ssconf.WriteSsconfFiles(cfg.GetSsconfValues())
>>
>>    # set up the inter-node password and certificate
>> diff --git a/lib/objects.py b/lib/objects.py
>> index 4307488..565ba4e 100644
>> --- a/lib/objects.py
>> +++ b/lib/objects.py
>> @@ -1576,6 +1576,7 @@ class Cluster(TaggableObject):
>>      "hv_state_static",
>>      "disk_state_static",
>>      "enabled_disk_templates",
>> +    "candidate_certs",
>>      ] + _TIMESTAMPS + _UUID
>>
>>    def UpgradeConfig(self):
>> @@ -1698,6 +1699,9 @@ class Cluster(TaggableObject):
>>          raise errors.ConfigurationError(msg)
>>        self.ipolicy = FillIPolicy(constants.IPOLICY_DEFAULTS,
>> self.ipolicy)
>>
>> +    if self.candidate_certs is None:
>> +      self.candidate_certs = {}
>> +
>>    @property
>>    def primary_hypervisor(self):
>>      """The first hypervisor is the primary.
>> diff --git a/src/Ganeti/Objects.hs b/src/Ganeti/Objects.hs
>> index b1a0747..93f3322 100644
>> --- a/src/Ganeti/Objects.hs
>> +++ b/src/Ganeti/Objects.hs
>> @@ -659,6 +659,9 @@ type UidPool = [(Int, Int)]
>>  -- | The iallocator parameters type.
>>  type IAllocatorParams = Container JSValue
>>
>> +-- | The master candidate client certificate digests
>> +type CandidateC
>
> diff --git a/src/Ganeti/Objects.hs b/src/Ganeti/Objects.hs
>
> index 93f3322..5a5406f 100644
>
> --- a/src/Ganeti/Objects.hs
>
> +++ b/src/Ganeti/Objects.hs
>
> @@ -660,7 +660,7 @@ type UidPool = [(Int, Int)]
>
>  type IAllocatorParams = Container JSValue
>
>
>
>  -- | The master candidate client certificate digests
>
> -type CandidateCertificates = Container JSValue
>
> +type CandidateCertificates = Container String
>
>
>
>  -- * Cluster definitions
>
>  $(buildObject "Cluster" "cluster" $
>
> ertificates = Container JSValue
>>
>
> Unless additional metadata is to be used, why not Container String?
>

Good point, interdiff:

diff --git a/src/Ganeti/Objects.hs b/src/Ganeti/Objects.hs
index 93f3322..5a5406f 100644
--- a/src/Ganeti/Objects.hs
+++ b/src/Ganeti/Objects.hs
@@ -660,7 +660,7 @@ type UidPool = [(Int, Int)]
 type IAllocatorParams = Container JSValue

 -- | The master candidate client certificate digests
-type CandidateCertificates = Container JSValue
+type CandidateCertificates = Container String

 -- * Cluster definitions
 $(buildObject "Cluster" "cluster" $





>
>
>> +
>>  -- * Cluster definitions
>>  $(buildObject "Cluster" "cluster" $
>>    [ simpleField "rsahostkeypub"             [t| String           |]
>> @@ -702,6 +705,7 @@ $(buildObject "Cluster" "cluster" $
>>    , simpleField "prealloc_wipe_disks"       [t| Bool             |]
>>    , simpleField "ipolicy"                   [t| FilledIPolicy    |]
>>    , simpleField "enabled_disk_templates"    [t| [DiskTemplate]   |]
>> +  , simpleField "candidate_certs"           [t| CandidateCertificates |]
>>   ]
>>   ++ timeStampFields
>>   ++ uuidFields
>> diff --git a/test/py/cfgupgrade_unittest.py
>> b/test/py/cfgupgrade_unittest.py
>> index 24b0667..b56a8c5 100755
>> --- a/test/py/cfgupgrade_unittest.py
>> +++ b/test/py/cfgupgrade_unittest.py
>> @@ -45,7 +45,8 @@ def GetMinimalConfig():
>>        "master_node": "node1-uuid",
>>        "ipolicy": None,
>>        "default_iallocator_params": {},
>> -      "ndparams": {}
>> +      "ndparams": {},
>> +      "candidate_certs": {},
>>      },
>>      "instances": {},
>>      "networks": {},
>> --
>> 1.8.5.1
>>
>>
>


-- 
-- 
Helga Velroyen | Software Engineer | [email protected] |

Google Germany GmbH
Dienerstr. 12
80331 München

Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores

Reply via email to