On Thu, Jun 25, 2015 at 05:31:58PM +0200, 'Helga Velroyen' via ganeti-devel wrote: > So far, the cluster certificate and the individual node > certificate could be renewed independent of each other. > This is no longer possible, because when renewing the > server certificate, all node certificates need to be > renewed as well, because they are signed by the server > certificate. This patch couples the two operations > together. > > Signed-off-by: Helga Velroyen <[email protected]> > --- > lib/client/gnt_cluster.py | 40 ++++++++++++++++++++++++++++++++++------ > 1 file changed, 34 insertions(+), 6 deletions(-)
> + # If the cluster certificate are renewed, the client certificates need > + # to be renewed too. > + if new_cluster_cert: > + RunWhileDaemonsStopped(ToStdout, [constants.WCONFD], > + _RenewServerAndClientCerts) Here again, just starting WConfD on its own won't work. -- Klaus Aehlig Google Germany GmbH, Dienerstr. 12, 80331 Muenchen Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschaeftsfuehrer: Graham Law, Christine Elizabeth Flores
