Commit 6e8f7fe5 authored by Helga Velroyen's avatar Helga Velroyen
Browse files

Renew crypto retries for non-master nodes



If renewing the SSL certificate for non-master nodes fails,
try retring two more times. Unit tests included.
Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
Reviewed-by: default avatarPetr Pudlak <pudlak@google.com>
parent fa27c1a2
......@@ -164,14 +164,19 @@ class LUClusterRenewCrypto(NoHooksLU):
feedback_fn("* Skipping offline node %s" % node_info.name)
continue
if node_uuid != master_uuid:
try:
new_digest = CreateNewClientCert(self, node_uuid)
if node_info.master_candidate:
utils.AddNodeToCandidateCerts(node_uuid,
new_digest,
cluster.candidate_certs)
except errors.OpExecError as e:
node_errors[node_uuid] = e
for _ in range(self._MAX_NUM_RETRIES):
try:
new_digest = CreateNewClientCert(self, node_uuid)
if node_info.master_candidate:
utils.AddNodeToCandidateCerts(node_uuid,
new_digest,
cluster.candidate_certs)
break
except errors.OpExecError as last_exception:
pass
else:
if last_exception:
node_errors[node_uuid] = last_exception
if node_errors:
msg = ("Some nodes' SSL client certificates could not be renewed."
......
......@@ -2469,7 +2469,48 @@ class TestLUClusterRenewCrypto(CmdlibTestCase):
self._AssertCertFiles(pathutils)
cluster = self.cfg.GetClusterInfo()
self.assertFalse(cluster.candidate_certs.values)
self.assertFalse(cluster.candidate_certs)
def _RpcSuccessfulAfterRetriesNonMaster(self, node_uuid, _):
if self._retries < self._max_retries and node_uuid != self._master_uuid:
self._retries += 1
return self.RpcResultsBuilder() \
.CreateFailedNodeResult(node_uuid)
else:
return self.RpcResultsBuilder() \
.CreateSuccessfulNodeResult(node_uuid,
[(constants.CRYPTO_TYPE_SSL_DIGEST, self._GetFakeDigest(node_uuid))])
def _NonMasterRetries(self, pathutils, max_retries):
self._InitPathutils(pathutils)
self._master_uuid = self.cfg.GetMasterNode()
self._max_retries = max_retries
self._retries = 0
self.rpc.call_node_crypto_tokens = self._RpcSuccessfulAfterRetriesNonMaster
# Add one non-master node
self.cfg.AddNewNode()
op = opcodes.OpClusterRenewCrypto()
self.ExecOpCode(op)
self._AssertCertFiles(pathutils)
return self.cfg.GetClusterInfo()
@patchPathutils("cluster")
def testNonMasterRetriesSuccess(self, pathutils):
cluster = self._NonMasterRetries(pathutils, 2)
self.assertEqual(2, len(cluster.candidate_certs.values()))
@patchPathutils("cluster")
def testNonMasterRetriesFail(self, pathutils):
cluster = self._NonMasterRetries(pathutils, 5)
# Only the master digest should be in the cert list
self.assertEqual(1, len(cluster.candidate_certs.values()))
self.assertTrue(self._master_uuid in cluster.candidate_certs)
if __name__ == "__main__":
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment