Commit 3b1b0cb6 authored by Guido Trotter's avatar Guido Trotter
Browse files

Collapse SSL key checking/overriding for daemons


Signed-off-by: default avatarGuido Trotter <ultrotter@google.com>
parent 04ccf5e9
......@@ -732,16 +732,6 @@ class NodeHttpServer(http.server.HttpServer):
return backend.ValidateHVParams(hvname, hvparams)
def CheckNODED(options, args):
"""Initial checks whether to run exit with a failure
"""
for fname in (constants.SSL_CERT_FILE,):
if not os.path.isfile(fname):
print "config %s not there, will not run." % fname
sys.exit(constants.EXIT_NOTCLUSTER)
def ExecNODED(options, args):
"""Main NODED function, executed with the pidfile held.
......@@ -749,8 +739,11 @@ def ExecNODED(options, args):
global queue_lock
# Read SSL certificate
ssl_params = http.HttpSslParams(ssl_key_path=constants.SSL_CERT_FILE,
ssl_cert_path=constants.SSL_CERT_FILE)
if options.ssl:
ssl_params = http.HttpSslParams(ssl_key_path=options.ssl_key,
ssl_cert_path=options.ssl_cert)
else:
ssl_params = None
# Prepare job queue
queue_lock = jstore.InitAndVerifyQueue(must_lock=False)
......@@ -776,7 +769,7 @@ def main():
dirs = [(val, constants.RUN_DIRS_MODE) for val in constants.SUB_RUN_DIRS]
dirs.append((constants.LOG_OS_DIR, 0750))
dirs.append((constants.LOCK_DIR, 1777))
daemon.GenericMain(constants.NODED, parser, dirs, CheckNODED, ExecNODED)
daemon.GenericMain(constants.NODED, parser, dirs, None, ExecNODED)
if __name__ == '__main__':
......
......@@ -186,16 +186,6 @@ def CheckRAPI(options, args):
sys.argv[0]
sys.exit(constants.EXIT_FAILURE)
if options.ssl:
if not (options.ssl_cert and options.ssl_key):
print >> sys.stderr, ("For secure mode please provide "
"--ssl-key and --ssl-cert arguments")
sys.exit(constants.EXIT_FAILURE)
for fname in (options.ssl_cert, options.ssl_key):
if not os.path.isfile(fname):
print >> sys.stderr, "config %s not there, will not run." % fname
sys.exit(constants.EXIT_FAILURE)
ssconf.CheckMaster(options.debug)
......@@ -228,15 +218,6 @@ def main():
parser = optparse.OptionParser(description="Ganeti Remote API",
usage="%prog [-f] [-d] [-p port] [-b ADDRESS]",
version="%%prog (ganeti) %s" % constants.RAPI_VERSION)
parser.add_option("--no-ssl", dest="ssl",
help="Do not secure HTTP protocol with SSL",
default=True, action="store_false")
parser.add_option("-K", "--ssl-key", dest="ssl_key",
help="SSL key",
default=constants.RAPI_CERT_FILE, type="string")
parser.add_option("-C", "--ssl-cert", dest="ssl_cert",
help="SSL certificate",
default=constants.RAPI_CERT_FILE, type="string")
dirs = [(val, constants.RUN_DIRS_MODE) for val in constants.SUB_RUN_DIRS]
dirs.append((constants.LOG_OS_DIR, 0750))
......
......@@ -117,6 +117,12 @@ MASTERD = "ganeti-masterd"
MULTITHREADED_DAEMONS = frozenset([MASTERD])
DAEMONS_SSL = {
# daemon-name: (default-cert-path, default-key-path)
NODED: (SSL_CERT_FILE, SSL_CERT_FILE),
RAPI: (RAPI_CERT_FILE, RAPI_CERT_FILE),
}
DAEMONS_PORTS = {
# daemon-name: ("proto", "default-port")
NODED: ("tcp", 1811),
......
......@@ -22,6 +22,7 @@
"""Module with helper classes and functions for daemons"""
import os
import select
import signal
import errno
......@@ -339,11 +340,34 @@ def GenericMain(daemon_name, optionparser, dirs, check_fn, exec_fn):
help="Bind address",
default="", metavar="ADDRESS")
if daemon_name in constants.DAEMONS_SSL:
default_cert, default_key = constants.DAEMONS_SSL[daemon_name]
optionparser.add_option("--no-ssl", dest="ssl",
help="Do not secure HTTP protocol with SSL",
default=True, action="store_false")
optionparser.add_option("-K", "--ssl-key", dest="ssl_key",
help="SSL key",
default=default_key, type="string")
optionparser.add_option("-C", "--ssl-cert", dest="ssl_cert",
help="SSL certificate",
default=default_cert, type="string")
multithread = utils.no_fork = daemon_name in constants.MULTITHREADED_DAEMONS
options, args = optionparser.parse_args()
check_fn(options, args)
if hasattr(options, 'ssl') and options.ssl:
if not (options.ssl_cert and options.ssl_key):
print >> sys.stderr, "Need key and certificate to use ssl"
sys.exit(constants.EXIT_FAILURE)
for fname in (options.ssl_cert, options.ssl_key):
if not os.path.isfile(fname):
print >> sys.stderr, "Need ssl file %s to run" % fname
sys.exit(constants.EXIT_FAILURE)
if check_fn is not None:
check_fn(options, args)
utils.EnsureDirs(dirs)
if options.fork:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment