On Fri, Dec 20, 2013 at 10:14 AM, Hrvoje Ribicic <[email protected]> wrote:
> On Thu, Dec 19, 2013 at 3:49 PM, Helga Velroyen <[email protected]> wrote: > >> On cluster initializiation, the master node's >> > s/initializiation/initialization > Fixed. > SSL certificate digest is added to the list of master >> candidate certificates. >> >> Signed-off-by: Helga Velroyen <[email protected]> >> --- >> lib/bootstrap.py | 1 - >> lib/cmdlib/cluster.py | 6 +++++- >> lib/cmdlib/common.py | 19 +++++++++++++++++++ >> test/py/cmdlib/cluster_unittest.py | 10 +++++++++- >> 4 files changed, 33 insertions(+), 3 deletions(-) >> >> diff --git a/lib/bootstrap.py b/lib/bootstrap.py >> index 3fe91ca..f122b7f 100644 >> --- a/lib/bootstrap.py >> +++ b/lib/bootstrap.py >> @@ -806,7 +806,6 @@ def InitCluster(cluster_name, mac_prefix, # pylint: >> disable=R0913, R0914 >> cfg = config.ConfigWriter(offline=True) >> ssh.WriteKnownHostsFile(cfg, pathutils.SSH_KNOWN_HOSTS_FILE) >> cfg.Update(cfg.GetClusterInfo(), logging.error) >> - >> ssconf.WriteSsconfFiles(cfg.GetSsconfValues()) >> >> # set up the inter-node password and certificate >> diff --git a/lib/cmdlib/cluster.py b/lib/cmdlib/cluster.py >> index bd3629a..c6290df 100644 >> --- a/lib/cmdlib/cluster.py >> +++ b/lib/cmdlib/cluster.py >> @@ -58,7 +58,7 @@ from ganeti.cmdlib.common import ShareAll, RunPostHook, >> \ >> CheckOSParams, CheckHVParams, AdjustCandidatePool, CheckNodePVs, \ >> ComputeIPolicyInstanceViolation, AnnotateDiskParams, SupportsOob, \ >> CheckIpolicyVsDiskTemplates, CheckDiskAccessModeValidity, \ >> - CheckDiskAccessModeConsistency >> + CheckDiskAccessModeConsistency, AddNodeCertToCandidateCerts >> >> import ganeti.masterd.instance >> >> @@ -220,6 +220,10 @@ class LUClusterPostInit(LogicalUnit): >> self.master_ndparams[constants.ND_OVS_NAME], >> self.master_ndparams.get(constants.ND_OVS_LINK, None)) >> result.Raise("Could not successully configure Open vSwitch") >> + >> + AddNodeCertToCandidateCerts(self, self.master_uuid, >> + self.cfg.GetClusterInfo()) >> + >> return True >> >> >> diff --git a/lib/cmdlib/common.py b/lib/cmdlib/common.py >> index 4224ce3..e501965 100644 >> --- a/lib/cmdlib/common.py >> +++ b/lib/cmdlib/common.py >> @@ -1216,3 +1216,22 @@ def IsValidDiskAccessModeCombination(hv, >> disk_template, mode): >> >> # Everything else: >> return False >> + >> + >> +def AddNodeCertToCandidateCerts(lu, node_uuid, cluster): >> + """Add the node's client SSL certificate digest to the candidate certs. >> + >> + @type node_uuid: string >> + @param node_uuid: the node's UUID >> + @type cluster: C{object.Cluster} >> + @param cluster: the cluster's configuration >> + >> + """ >> + result = lu.rpc.call_node_crypto_tokens( >> + node_uuid, [constants.CRYPTO_TYPE_SSL]) >> + result.Raise("Could not retrieve the node's (uuid %s) SSL digest." >> + % node_uuid) >> + ((crypto_type, digest), ) = result.payload >> + assert crypto_type == constants.CRYPTO_TYPE_SSL >> + >> + utils.AddNodeToCandidateCerts(node_uuid, digest, >> cluster.candidate_certs) >> diff --git a/test/py/cmdlib/cluster_unittest.py >> b/test/py/cmdlib/cluster_unittest.py >> index 15e504f..2941c26 100644 >> --- a/test/py/cmdlib/cluster_unittest.py >> +++ b/test/py/cmdlib/cluster_unittest.py >> @@ -31,6 +31,8 @@ import os >> import tempfile >> import shutil >> >> +from collections import defaultdict >> + >> from ganeti import constants >> from ganeti import errors >> from ganeti import netutils >> @@ -229,7 +231,13 @@ class TestLUClusterDestroy(CmdlibTestCase): >> >> >> class TestLUClusterPostInit(CmdlibTestCase): >> - def testExecuion(self): >> + def testExecution(self): >> + # For the purpose of this test, return the same certificate digest >> for all >> + # nodes >> + self.rpc.call_node_crypto_tokens = \ >> + lambda node_uuid, _: self.RpcResultsBuilder() \ >> + .CreateSuccessfulNodeResult(node_uuid, >> + [(constants.CRYPTO_TYPE_SSL, "IA:MA:FA:KE:DI:GE:ST")]) >> op = opcodes.OpClusterPostInit() >> >> self.ExecOpCode(op) >> -- >> 1.8.5.1 >> >> > Apart from the typo, LGTM, thanks!. > Interdiff due to the crypto type renaming: diff --git a/lib/cmdlib/common.py b/lib/cmdlib/common.py index e501965..ebc9af0 100644 --- a/lib/cmdlib/common.py +++ b/lib/cmdlib/common.py @@ -1228,10 +1228,10 @@ def AddNodeCertToCandidateCerts(lu, node_uuid, cluster): """ result = lu.rpc.call_node_crypto_tokens( - node_uuid, [constants.CRYPTO_TYPE_SSL]) + node_uuid, [constants.CRYPTO_TYPE_SSL_DIGEST]) result.Raise("Could not retrieve the node's (uuid %s) SSL digest." % node_uuid) ((crypto_type, digest), ) = result.payload - assert crypto_type == constants.CRYPTO_TYPE_SSL + assert crypto_type == constants.CRYPTO_TYPE_SSL_DIGEST utils.AddNodeToCandidateCerts(node_uuid, digest, cluster.candidate_certs) diff --git a/test/py/cmdlib/cluster_unittest.py b/test/py/cmdlib/cluster_unittest.py index 2941c26..b7d6e82 100644 --- a/test/py/cmdlib/cluster_unittest.py +++ b/test/py/cmdlib/cluster_unittest.py @@ -237,7 +237,7 @@ class TestLUClusterPostInit(CmdlibTestCase): self.rpc.call_node_crypto_tokens = \ lambda node_uuid, _: self.RpcResultsBuilder() \ .CreateSuccessfulNodeResult(node_uuid, - [(constants.CRYPTO_TYPE_SSL, "IA:MA:FA:KE:DI:GE:ST")]) + [(constants.CRYPTO_TYPE_SSL_DIGEST, "IA:MA:FA:KE:DI:GE:ST")]) op = opcodes.OpClusterPostInit() self.ExecOpCode(op) Cheers, Helga -- -- Helga Velroyen | Software Engineer | [email protected] | Google Germany GmbH Dienerstr. 12 80331 München Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores
