Commit 3bcf2140 authored by Helga Velroyen's avatar Helga Velroyen

Add candiate certificate map to configuration

At the end of this patch series, incoming RPC calls are
legitimized against a map of master candidate nodes'
SSL certificate digests. This patch adds the map itself
to the cluster's configuration.
Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
parent b544a3c2
......@@ -749,6 +749,8 @@ def InitCluster(cluster_name, mac_prefix, # pylint: disable=R0913, R0914
os.path.isfile):
default_iallocator = constants.IALLOC_HAIL
candidate_certs = {}
now = time.time()
# init of cluster config file
......@@ -790,6 +792,7 @@ def InitCluster(cluster_name, mac_prefix, # pylint: disable=R0913, R0914
hv_state_static=hv_state,
disk_state_static=disk_state,
enabled_disk_templates=enabled_disk_templates,
candidate_certs=candidate_certs,
)
master_node_config = objects.Node(name=hostname.name,
primary_ip=hostname.ip,
......@@ -803,6 +806,7 @@ def InitCluster(cluster_name, mac_prefix, # pylint: disable=R0913, R0914
cfg = config.ConfigWriter(offline=True)
ssh.WriteKnownHostsFile(cfg, pathutils.SSH_KNOWN_HOSTS_FILE)
cfg.Update(cfg.GetClusterInfo(), logging.error)
ssconf.WriteSsconfFiles(cfg.GetSsconfValues())
# set up the inter-node password and certificate
......
......@@ -1576,6 +1576,7 @@ class Cluster(TaggableObject):
"hv_state_static",
"disk_state_static",
"enabled_disk_templates",
"candidate_certs",
] + _TIMESTAMPS + _UUID
def UpgradeConfig(self):
......@@ -1698,6 +1699,9 @@ class Cluster(TaggableObject):
raise errors.ConfigurationError(msg)
self.ipolicy = FillIPolicy(constants.IPOLICY_DEFAULTS, self.ipolicy)
if self.candidate_certs is None:
self.candidate_certs = {}
@property
def primary_hypervisor(self):
"""The first hypervisor is the primary.
......
......@@ -659,6 +659,9 @@ type UidPool = [(Int, Int)]
-- | The iallocator parameters type.
type IAllocatorParams = Container JSValue
-- | The master candidate client certificate digests
type CandidateCertificates = Container String
-- * Cluster definitions
$(buildObject "Cluster" "cluster" $
[ simpleField "rsahostkeypub" [t| String |]
......@@ -702,6 +705,7 @@ $(buildObject "Cluster" "cluster" $
, simpleField "prealloc_wipe_disks" [t| Bool |]
, simpleField "ipolicy" [t| FilledIPolicy |]
, simpleField "enabled_disk_templates" [t| [DiskTemplate] |]
, simpleField "candidate_certs" [t| CandidateCertificates |]
]
++ timeStampFields
++ uuidFields
......
......@@ -45,7 +45,8 @@ def GetMinimalConfig():
"master_node": "node1-uuid",
"ipolicy": None,
"default_iallocator_params": {},
"ndparams": {}
"ndparams": {},
"candidate_certs": {},
},
"instances": {},
"networks": {},
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment