-
Helga Velroyen authored
From this patch on, incoming RPC calls are checked against the map of valid master candidate certificates. If no map is present, the cluster is assumed to be in bootstrap/upgrade mode and compares the incoming call against the server certificate. This is necessary, because neither at cluster initialization nor at upgrades from pre-2.11 versions a candidate map is established yet. After an upgrade, the cluster RPC communication continues to use the server certificate until the client certificates are created and the candidate map is populated using 'gnt-cluster renew-crypto --new-node-certificates'. Note that for updating the master's certificate, a trick was necessary. The new certificate is first created under a temporary name, then it's digest is updated and distributed using the old certificate, because otherwise distribution will fail since the nodes don't know the new digest yet. Then the certificate is moved to its proper location. Signed-off-by: Helga Velroyen <helgav@google.com> Reviewed-by: Hrvoje Ribicic <riba@google.com>
b3cc1646