On Thu, Jun 25, 2015 at 05:31:55PM +0200, 'Helga Velroyen' via ganeti-devel wrote: > This patch integrates renewing the client certificate > of non-master nodes using the new ssl_update tool. > > Signed-off-by: Helga Velroyen <[email protected]> > --- > Makefile.am | 5 ++++- > lib/client/gnt_cluster.py | 42 ++++++++++++++++++++++++++++++++++++------ > lib/pathutils.py | 1 + > 3 files changed, 41 insertions(+), 7 deletions(-)
> + if new_node_cert: > + RunWhileDaemonsStopped(ToStdout, [constants.WCONFD], _RenewClientCerts) The function RunWhileDaemonsStopped does not that the exceptional daemons with the --no-voting --yes-do-it options; hence WConfD will not win a voting on startup given that noded is not running. I see that this is fixed in a later patch, but still, we do not want to introduce errors in one patch of a series just to fix them in a later patch in the same series. -- Klaus Aehlig Google Germany GmbH, Dienerstr. 12, 80331 Muenchen Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschaeftsfuehrer: Graham Law, Christine Elizabeth Flores
