From 3439fd6bee27627478732efbf6969b72336365b0 Mon Sep 17 00:00:00 2001
From: Michael Hanselmann <hansmi@google.com>
Date: Fri, 5 Oct 2012 01:46:08 +0200
Subject: [PATCH] Check fingerprint of file with allowed file storage paths
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This makes differences show up in βgnt-cluster verifyβ.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Iustin Pop <iustin@google.com>
---
lib/backend.py | 3 +++
lib/cmdlib.py | 18 ++++++++++++++----
2 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/lib/backend.py b/lib/backend.py
index 07ffa7599..e36fc3629 100644
--- a/lib/backend.py
+++ b/lib/backend.py
@@ -215,6 +215,9 @@ def _BuildUploadFileList():
hv_class = hypervisor.GetHypervisorClass(hv_name)
allowed_files.update(hv_class.GetAncillaryFiles()[0])
+ assert pathutils.FILE_STORAGE_PATHS_FILE not in allowed_files, \
+ "Allowed file storage paths should never be uploaded via RPC"
+
return frozenset(allowed_files)
diff --git a/lib/cmdlib.py b/lib/cmdlib.py
index aca93a700..815897b07 100644
--- a/lib/cmdlib.py
+++ b/lib/cmdlib.py
@@ -4291,12 +4291,12 @@ def _ComputeAncillaryFiles(cluster, redist):
pathutils.RAPI_USERS_FILE,
])
- if not redist:
- files_all.update(pathutils.ALL_CERT_FILES)
- files_all.update(ssconf.SimpleStore().GetFileList())
- else:
+ if redist:
# we need to ship at least the RAPI certificate
files_all.add(pathutils.RAPI_CERT_FILE)
+ else:
+ files_all.update(pathutils.ALL_CERT_FILES)
+ files_all.update(ssconf.SimpleStore().GetFileList())
if cluster.modify_etc_hosts:
files_all.add(constants.ETC_HOSTS)
@@ -4317,6 +4317,12 @@ def _ComputeAncillaryFiles(cluster, redist):
if not redist:
files_mc.add(pathutils.CLUSTER_CONF_FILE)
+ # File storage
+ if (not redist and
+ (constants.ENABLE_FILE_STORAGE or constants.ENABLE_SHARED_FILE_STORAGE)):
+ files_all.add(pathutils.FILE_STORAGE_PATHS_FILE)
+ files_opt.add(pathutils.FILE_STORAGE_PATHS_FILE)
+
# Files which should only be on VM-capable nodes
files_vm = set(
filename
@@ -4338,6 +4344,10 @@ def _ComputeAncillaryFiles(cluster, redist):
assert all_files_set.issuperset(files_opt), \
"Optional file not in a different required list"
+ # This one file should never ever be re-distributed via RPC
+ assert not (redist and
+ pathutils.FILE_STORAGE_PATHS_FILE in all_files_set)
+
return (files_all, files_opt, files_mc, files_vm)
--
GitLab