LGTM, thanks!
On Fri, Dec 20, 2013 at 10:36 AM, Helga Velroyen <[email protected]> wrote: > > > > On Thu, Dec 19, 2013 at 7:06 PM, Hrvoje Ribicic <[email protected]> wrote: > >> >> >> >> On Thu, Dec 19, 2013 at 3:49 PM, Helga Velroyen <[email protected]>wrote: >> >>> At the end of this patch series, incoming RPC calls are >>> legitimized against a map of master candidate nodes' >>> SSL certificate digests. This patch adds the map itself >>> to the cluster's configuration. >>> >>> Signed-off-by: Helga Velroyen <[email protected]> >>> --- >>> lib/bootstrap.py | 4 ++++ >>> lib/objects.py | 4 ++++ >>> src/Ganeti/Objects.hs | 4 ++++ >>> test/py/cfgupgrade_unittest.py | 3 ++- >>> 4 files changed, 14 insertions(+), 1 deletion(-) >>> >>> diff --git a/lib/bootstrap.py b/lib/bootstrap.py >>> index 748ab48..3fe91ca 100644 >>> --- a/lib/bootstrap.py >>> +++ b/lib/bootstrap.py >>> @@ -749,6 +749,8 @@ def InitCluster(cluster_name, mac_prefix, # pylint: >>> disable=R0913, R0914 >>> os.path.isfile): >>> default_iallocator = constants.IALLOC_HAIL >>> >>> + candidate_certs = {} >>> + >>> now = time.time() >>> >>> # init of cluster config file >>> @@ -790,6 +792,7 @@ def InitCluster(cluster_name, mac_prefix, # pylint: >>> disable=R0913, R0914 >>> hv_state_static=hv_state, >>> disk_state_static=disk_state, >>> enabled_disk_templates=enabled_disk_templates, >>> + candidate_certs=candidate_certs, >>> ) >>> master_node_config = objects.Node(name=hostname.name, >>> primary_ip=hostname.ip, >>> @@ -803,6 +806,7 @@ def InitCluster(cluster_name, mac_prefix, # pylint: >>> disable=R0913, R0914 >>> cfg = config.ConfigWriter(offline=True) >>> ssh.WriteKnownHostsFile(cfg, pathutils.SSH_KNOWN_HOSTS_FILE) >>> cfg.Update(cfg.GetClusterInfo(), logging.error) >>> + >>> ssconf.WriteSsconfFiles(cfg.GetSsconfValues()) >>> >>> # set up the inter-node password and certificate >>> diff --git a/lib/objects.py b/lib/objects.py >>> index 4307488..565ba4e 100644 >>> --- a/lib/objects.py >>> +++ b/lib/objects.py >>> @@ -1576,6 +1576,7 @@ class Cluster(TaggableObject): >>> "hv_state_static", >>> "disk_state_static", >>> "enabled_disk_templates", >>> + "candidate_certs", >>> ] + _TIMESTAMPS + _UUID >>> >>> def UpgradeConfig(self): >>> @@ -1698,6 +1699,9 @@ class Cluster(TaggableObject): >>> raise errors.ConfigurationError(msg) >>> self.ipolicy = FillIPolicy(constants.IPOLICY_DEFAULTS, >>> self.ipolicy) >>> >>> + if self.candidate_certs is None: >>> + self.candidate_certs = {} >>> + >>> @property >>> def primary_hypervisor(self): >>> """The first hypervisor is the primary. >>> diff --git a/src/Ganeti/Objects.hs b/src/Ganeti/Objects.hs >>> index b1a0747..93f3322 100644 >>> --- a/src/Ganeti/Objects.hs >>> +++ b/src/Ganeti/Objects.hs >>> @@ -659,6 +659,9 @@ type UidPool = [(Int, Int)] >>> -- | The iallocator parameters type. >>> type IAllocatorParams = Container JSValue >>> >>> +-- | The master candidate client certificate digests >>> +type CandidateC >> >> diff --git a/src/Ganeti/Objects.hs b/src/Ganeti/Objects.hs >> >> index 93f3322..5a5406f 100644 >> >> --- a/src/Ganeti/Objects.hs >> >> +++ b/src/Ganeti/Objects.hs >> >> @@ -660,7 +660,7 @@ type UidPool = [(Int, Int)] >> >> type IAllocatorParams = Container JSValue >> >> >> >> -- | The master candidate client certificate digests >> >> -type CandidateCertificates = Container JSValue >> >> +type CandidateCertificates = Container String >> >> >> >> -- * Cluster definitions >> >> $(buildObject "Cluster" "cluster" $ >> >> ertificates = Container JSValue >>> >> >> Unless additional metadata is to be used, why not Container String? >> > > Good point, interdiff: > > diff --git a/src/Ganeti/Objects.hs b/src/Ganeti/Objects.hs > index 93f3322..5a5406f 100644 > --- a/src/Ganeti/Objects.hs > +++ b/src/Ganeti/Objects.hs > @@ -660,7 +660,7 @@ type UidPool = [(Int, Int)] > type IAllocatorParams = Container JSValue > > -- | The master candidate client certificate digests > -type CandidateCertificates = Container JSValue > +type CandidateCertificates = Container String > > -- * Cluster definitions > $(buildObject "Cluster" "cluster" $ > > > > > >> >> >>> + >>> -- * Cluster definitions >>> $(buildObject "Cluster" "cluster" $ >>> [ simpleField "rsahostkeypub" [t| String |] >>> @@ -702,6 +705,7 @@ $(buildObject "Cluster" "cluster" $ >>> , simpleField "prealloc_wipe_disks" [t| Bool |] >>> , simpleField "ipolicy" [t| FilledIPolicy |] >>> , simpleField "enabled_disk_templates" [t| [DiskTemplate] |] >>> + , simpleField "candidate_certs" [t| CandidateCertificates |] >>> ] >>> ++ timeStampFields >>> ++ uuidFields >>> diff --git a/test/py/cfgupgrade_unittest.py >>> b/test/py/cfgupgrade_unittest.py >>> index 24b0667..b56a8c5 100755 >>> --- a/test/py/cfgupgrade_unittest.py >>> +++ b/test/py/cfgupgrade_unittest.py >>> @@ -45,7 +45,8 @@ def GetMinimalConfig(): >>> "master_node": "node1-uuid", >>> "ipolicy": None, >>> "default_iallocator_params": {}, >>> - "ndparams": {} >>> + "ndparams": {}, >>> + "candidate_certs": {}, >>> }, >>> "instances": {}, >>> "networks": {}, >>> -- >>> 1.8.5.1 >>> >>> >> > > > -- > -- > Helga Velroyen | Software Engineer | [email protected] | > > Google Germany GmbH > Dienerstr. 12 > 80331 München > > Registergericht und -nummer: Hamburg, HRB 86891 > Sitz der Gesellschaft: Hamburg > Geschäftsführer: Graham Law, Christine Elizabeth Flores >
