After a discussion with helgav@, find that this isn't a signficant performance issue, but is necessary for as long as we want to allow upgrades from Ganeti 2.10 or earlier.
Signed-off-by: Brian Foley <[email protected]> --- lib/rpc/node.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/rpc/node.py b/lib/rpc/node.py index e5d77cf..43f843f 100644 --- a/lib/rpc/node.py +++ b/lib/rpc/node.py @@ -109,8 +109,10 @@ def _ConfigRpcCurl(curl): noded_cert = pathutils.NODED_CERT_FILE noded_client_cert = pathutils.NODED_CLIENT_CERT_FILE - # FIXME: The next two lines are necessary to ensure upgradability from - # 2.10 to 2.11. Remove in 2.12, because this slows down RPC calls. + # This fallback is required for backwards compatibility with 2.10. Ganeti + # 2.11 introduced per-node client certificates, but when we restart after + # an upgrade from 2.10, the client certs are not in place yet, and we need + # to fall back to using the cluster-wide server cert. if not os.path.exists(noded_client_cert): logging.warn("Using server certificate as client certificate for RPC" "call.") -- 2.8.0.rc3.226.g39d4020
