Collapse SSL key checking/overriding for daemons

Signed-off-by: Guido Trotter <ultrotter@google.com>

Collapse SSL key checking/overriding for daemons
Signed-off-by: Guido Trotter <ultrotter@google.com>
3b1b0cb6 · Guido Trotter · 04ccf5e9 · 3b1b0cb6 · 3b1b0cb6 · 3b1b0cb6
Commit 3b1b0cb6 authored 15 years ago by Guido Trotter
--- a/daemons/ganeti-noded
+++ b/daemons/ganeti-noded
@@ -732,16 +732,6 @@ class NodeHttpServer(http.server.HttpServer):
    return backend.ValidateHVParams(hvname, hvparams)
-def CheckNODED(options, args):
-  """Initial checks whether to run exit with a failure
-  """
-  for fname in (constants.SSL_CERT_FILE,):
-    if not os.path.isfile(fname):
-      print "config %s not there, will not run." % fname
-      sys.exit(constants.EXIT_NOTCLUSTER)
 def ExecNODED(options, args):
  """Main NODED function, executed with the pidfile held.
@@ -749,8 +739,11 @@ def ExecNODED(options, args):
  global queue_lock
  # Read SSL certificate
-  ssl_params = http.HttpSslParams(ssl_key_path=constants.SSL_CERT_FILE,
+  if options.ssl:
-                                  ssl_cert_path=constants.SSL_CERT_FILE)
+    ssl_params = http.HttpSslParams(ssl_key_path=options.ssl_key,
+                                    ssl_cert_path=options.ssl_cert)
+  else:
+    ssl_params = None
  # Prepare job queue
  queue_lock = jstore.InitAndVerifyQueue(must_lock=False)
@@ -776,7 +769,7 @@ def main():
  dirs = [(val, constants.RUN_DIRS_MODE) for val in constants.SUB_RUN_DIRS]
  dirs.append((constants.LOG_OS_DIR, 0750))
  dirs.append((constants.LOCK_DIR, 1777))
-  daemon.GenericMain(constants.NODED, parser, dirs, CheckNODED, ExecNODED)
+  daemon.GenericMain(constants.NODED, parser, dirs, None, ExecNODED)
 if __name__ == '__main__':

--- a/daemons/ganeti-rapi
+++ b/daemons/ganeti-rapi
@@ -186,16 +186,6 @@ def CheckRAPI(options, args):
        sys.argv[0]
    sys.exit(constants.EXIT_FAILURE)
-  if options.ssl:
-    if not (options.ssl_cert and options.ssl_key):
-      print >> sys.stderr, ("For secure mode please provide "
-                            "--ssl-key and --ssl-cert arguments")
-      sys.exit(constants.EXIT_FAILURE)
-    for fname in (options.ssl_cert, options.ssl_key):
-      if not os.path.isfile(fname):
-        print >> sys.stderr, "config %s not there, will not run." % fname
-        sys.exit(constants.EXIT_FAILURE)
  ssconf.CheckMaster(options.debug)
@@ -228,15 +218,6 @@ def main():
  parser = optparse.OptionParser(description="Ganeti Remote API",
                    usage="%prog [-f] [-d] [-p port] [-b ADDRESS]",
                    version="%%prog (ganeti) %s" % constants.RAPI_VERSION)
-  parser.add_option("--no-ssl", dest="ssl",
-                    help="Do not secure HTTP protocol with SSL",
-                    default=True, action="store_false")
-  parser.add_option("-K", "--ssl-key", dest="ssl_key",
-                    help="SSL key",
-                    default=constants.RAPI_CERT_FILE, type="string")
-  parser.add_option("-C", "--ssl-cert", dest="ssl_cert",
-                    help="SSL certificate",
-                    default=constants.RAPI_CERT_FILE, type="string")
  dirs = [(val, constants.RUN_DIRS_MODE) for val in constants.SUB_RUN_DIRS]
  dirs.append((constants.LOG_OS_DIR, 0750))

--- a/lib/constants.py
+++ b/lib/constants.py
@@ -117,6 +117,12 @@ MASTERD = "ganeti-masterd"
 MULTITHREADED_DAEMONS = frozenset([MASTERD])
+DAEMONS_SSL = {
+  # daemon-name: (default-cert-path, default-key-path)
+  NODED: (SSL_CERT_FILE, SSL_CERT_FILE),
+  RAPI: (RAPI_CERT_FILE, RAPI_CERT_FILE),
+}
 DAEMONS_PORTS = {
  # daemon-name: ("proto", "default-port")
  NODED: ("tcp", 1811),

--- a/lib/daemon.py
+++ b/lib/daemon.py
@@ -22,6 +22,7 @@
 """Module with helper classes and functions for daemons"""
+import os
 import select
 import signal
 import errno
@@ -339,11 +340,34 @@ def GenericMain(daemon_name, optionparser, dirs, check_fn, exec_fn):
                            help="Bind address",
                            default="", metavar="ADDRESS")
+  if daemon_name in constants.DAEMONS_SSL:
+    default_cert, default_key = constants.DAEMONS_SSL[daemon_name]
+    optionparser.add_option("--no-ssl", dest="ssl",
+                            help="Do not secure HTTP protocol with SSL",
+                            default=True, action="store_false")
+    optionparser.add_option("-K", "--ssl-key", dest="ssl_key",
+                            help="SSL key",
+                            default=default_key, type="string")
+    optionparser.add_option("-C", "--ssl-cert", dest="ssl_cert",
+                            help="SSL certificate",
+                            default=default_cert, type="string")
  multithread = utils.no_fork = daemon_name in constants.MULTITHREADED_DAEMONS
  options, args = optionparser.parse_args()
-  check_fn(options, args)
+  if hasattr(options, 'ssl') and options.ssl:
+    if not (options.ssl_cert and options.ssl_key):
+      print >> sys.stderr, "Need key and certificate to use ssl"
+      sys.exit(constants.EXIT_FAILURE)
+    for fname in (options.ssl_cert, options.ssl_key):
+      if not os.path.isfile(fname):
+        print >> sys.stderr, "Need ssl file %s to run" % fname
+        sys.exit(constants.EXIT_FAILURE)
+  if check_fn is not None:
+    check_fn(options, args)
  utils.EnsureDirs(dirs)
  if options.fork: