Commit 63bcea2a authored by Michael Hanselmann's avatar Michael Hanselmann
Browse files

backend: Check paths and always write CA file for import/export daemon



Once the import/export daemon uses separate users, the node daemon file (which
is used for intra-cluster transfers) might not be readable anymore. Always
writing it to a daemon-specific file will make this easier.
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
parent 3718bf6d
......@@ -2656,26 +2656,28 @@ def StartImportExportDaemon(mode, key_name, ca, host, port, instance,
key_name)
assert ca is not None
for i in [key_path, cert_path]:
if os.path.exists(i):
_Fail("File '%s' does not exist" % i)
status_dir = _CreateImportExportStatusDir(prefix)
try:
status_file = utils.PathJoin(status_dir, _IES_STATUS_FILE)
pid_file = utils.PathJoin(status_dir, _IES_PID_FILE)
ca_file = utils.PathJoin(status_dir, _IES_CA_FILE)
if ca is None:
# Use server.pem
# TODO: If socat runs as a non-root user, this might need to be copied to
# a separate file
ca_path = constants.NODED_CERT_FILE
else:
ca_path = utils.PathJoin(status_dir, _IES_CA_FILE)
utils.WriteFile(ca_path, data=ca, mode=0400)
ca = utils.ReadFile(constants.NODED_CERT_FILE)
utils.WriteFile(ca_file, data=ca, mode=0400)
cmd = [
constants.IMPORT_EXPORT_DAEMON,
status_file, mode,
"--key=%s" % key_path,
"--cert=%s" % cert_path,
"--ca=%s" % ca_path,
"--ca=%s" % ca_file,
]
if host:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment