diff --git a/lib/backend.py b/lib/backend.py
index 07ffa75991135bb59151a4c10f6ccf5f0edab6af..e36fc3629a316d630527588f1e20f652ea79b7d9 100644
--- a/lib/backend.py
+++ b/lib/backend.py
@@ -215,6 +215,9 @@ def _BuildUploadFileList():
hv_class = hypervisor.GetHypervisorClass(hv_name)
allowed_files.update(hv_class.GetAncillaryFiles()[0])
+ assert pathutils.FILE_STORAGE_PATHS_FILE not in allowed_files, \
+ "Allowed file storage paths should never be uploaded via RPC"
+
return frozenset(allowed_files)
diff --git a/lib/cmdlib.py b/lib/cmdlib.py
index aca93a700c1f371ae6fa4fed1b4432282db4ca49..815897b07b67e91e96004ce79cd20b8d0011c5b9 100644
--- a/lib/cmdlib.py
+++ b/lib/cmdlib.py
@@ -4291,12 +4291,12 @@ def _ComputeAncillaryFiles(cluster, redist):
pathutils.RAPI_USERS_FILE,
])
- if not redist:
- files_all.update(pathutils.ALL_CERT_FILES)
- files_all.update(ssconf.SimpleStore().GetFileList())
- else:
+ if redist:
# we need to ship at least the RAPI certificate
files_all.add(pathutils.RAPI_CERT_FILE)
+ else:
+ files_all.update(pathutils.ALL_CERT_FILES)
+ files_all.update(ssconf.SimpleStore().GetFileList())
if cluster.modify_etc_hosts:
files_all.add(constants.ETC_HOSTS)
@@ -4317,6 +4317,12 @@ def _ComputeAncillaryFiles(cluster, redist):
if not redist:
files_mc.add(pathutils.CLUSTER_CONF_FILE)
+ # File storage
+ if (not redist and
+ (constants.ENABLE_FILE_STORAGE or constants.ENABLE_SHARED_FILE_STORAGE)):
+ files_all.add(pathutils.FILE_STORAGE_PATHS_FILE)
+ files_opt.add(pathutils.FILE_STORAGE_PATHS_FILE)
+
# Files which should only be on VM-capable nodes
files_vm = set(
filename
@@ -4338,6 +4344,10 @@ def _ComputeAncillaryFiles(cluster, redist):
assert all_files_set.issuperset(files_opt), \
"Optional file not in a different required list"
+ # This one file should never ever be re-distributed via RPC
+ assert not (redist and
+ pathutils.FILE_STORAGE_PATHS_FILE in all_files_set)
+
return (files_all, files_opt, files_mc, files_vm)