Commit 40a97d80 authored by Michael Hanselmann's avatar Michael Hanselmann

ganeti.bootstrap: Move SSL certificate generation into separate function

Reviewed-by: amishchenko
parent b5b67ef9
......@@ -67,23 +67,34 @@ def _InitSSHSetup():
f.close()
def _InitGanetiServerSetup():
"""Setup the necessary configuration for the initial node daemon.
def _GenerateSelfSignedSslCert(file_name, validity=(365 * 5)):
"""Generates a self-signed SSL certificate.
This creates the nodepass file containing the shared password for
the cluster and also generates the SSL certificate.
@type file_name: str
@param file_name: Path to output file
@type validity: int
@param validity: Validity for certificate in days
"""
result = utils.RunCmd(["openssl", "req", "-new", "-newkey", "rsa:1024",
"-days", str(365*5), "-nodes", "-x509",
"-keyout", constants.SSL_CERT_FILE,
"-out", constants.SSL_CERT_FILE, "-batch"])
"-days", str(validity), "-nodes", "-x509",
"-keyout", file_name, "-out", file_name, "-batch"])
if result.failed:
raise errors.OpExecError("could not generate server ssl cert, command"
raise errors.OpExecError("Could not generate SSL certificate, command"
" %s had exitcode %s and error message %s" %
(result.cmd, result.exit_code, result.output))
os.chmod(constants.SSL_CERT_FILE, 0400)
os.chmod(file_name, 0400)
def _InitGanetiServerSetup():
"""Setup the necessary configuration for the initial node daemon.
This creates the nodepass file containing the shared password for
the cluster and also generates the SSL certificate.
"""
_GenerateSelfSignedSslCert(constants.SSL_CERT_FILE)
result = utils.RunCmd([constants.NODE_INITD_SCRIPT, "restart"])
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment