Commit 840ad2ab authored by Helga Velroyen's avatar Helga Velroyen
Browse files

Handle client certificates on node add/remove



This patch adds the certificate of a newly added or
readded master candidate node to the map of master candidate
certificates. It removes a master candidate node's certificate
digest from the candidate certificate map if the node is
removed from the cluster.
Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
parent 5b6f9e35
......@@ -42,7 +42,7 @@ from ganeti.cmdlib.common import CheckParamsNotGlobal, \
CheckInstanceState, INSTANCE_DOWN, GetUpdatedParams, \
AdjustCandidatePool, CheckIAllocatorOrNode, LoadNodeEvacResult, \
GetWantedNodes, MapInstanceLvsToNodes, RunPostHook, \
FindFaultyInstanceDisks, CheckStorageTypeEnabled
FindFaultyInstanceDisks, CheckStorageTypeEnabled, AddNodeCertToCandidateCerts
def _DecideSelfPromotion(lu, exceptions=None):
......@@ -414,6 +414,16 @@ class LUNodeAdd(LogicalUnit):
self.context.AddNode(self.new_node, self.proc.GetECId())
RedistributeAncillaryFiles(self)
cluster = self.cfg.GetClusterInfo()
if self.new_node.master_candidate:
AddNodeCertToCandidateCerts(self, self.new_node.uuid, cluster)
self.cfg.Update(cluster, feedback_fn)
else:
if self.new_node.uuid in cluster.candidate_certs:
utils.RemoveNodeFromCandidateCerts(self.new_node.uuid,
cluster.candidate_certs)
self.cfg.Update(cluster, feedback_fn)
class LUNodeSetParams(LogicalUnit):
"""Modifies the parameters of a node.
......@@ -1473,8 +1483,16 @@ class LUNodeRemove(LogicalUnit):
self.LogWarning("Errors encountered on the remote node while leaving"
" the cluster: %s", msg)
cluster = self.cfg.GetClusterInfo()
# Remove node from candidate certificate list
if self.node.master_candidate:
utils.RemoveNodeFromCandidateCerts(self.node.uuid,
cluster.candidate_certs)
self.cfg.Update(cluster, feedback_fn)
# Remove node from our /etc/hosts
if self.cfg.GetClusterInfo().modify_etc_hosts:
if cluster.modify_etc_hosts:
master_node_uuid = self.cfg.GetMasterNode()
result = self.rpc.call_etc_hosts_modify(master_node_uuid,
constants.ETC_HOSTS_REMOVE,
......
......@@ -29,7 +29,6 @@ from ganeti import compat
from ganeti import constants
from ganeti import objects
from ganeti import opcodes
from ganeti import errors
from testsupport import *
......@@ -81,6 +80,10 @@ class TestLUNodeAdd(CmdlibTestCase):
# we can't know the node's UUID in advance, so use defaultdict here
self.rpc.call_node_verify.return_value = \
defaultdict(lambda: node_verify_result, {})
self.rpc.call_node_crypto_tokens.return_value = \
self.RpcResultsBuilder() \
.CreateSuccessfulNodeResult(self.node_add,
[(constants.CRYPTO_TYPE_SSL_DIGEST, "IA:MA:FA:KE:DI:GE:ST")])
def testOvsNoLink(self):
ndparams = {
......@@ -106,6 +109,28 @@ class TestLUNodeAdd(CmdlibTestCase):
self.assertEqual(ndparams[constants.ND_OVS_LINK],
created_node.ndparams.get(constants.ND_OVS_LINK, None))
def testAddCandidateCert(self):
self.ExecOpCode(self.op_add)
created_node = self.cfg.GetNodeInfoByName(self.op_add.node_name)
cluster = self.cfg.GetClusterInfo()
self.assertTrue(created_node.uuid in cluster.candidate_certs)
def testReAddCandidateCert(self):
cluster = self.cfg.GetClusterInfo()
self.ExecOpCode(self.op_readd)
created_node = self.cfg.GetNodeInfoByName(self.op_readd.node_name)
self.assertTrue(created_node.uuid in cluster.candidate_certs)
def testAddNoCandidateCert(self):
op = self.CopyOpCode(self.op_add,
master_capable=False)
self.ExecOpCode(op)
created_node = self.cfg.GetNodeInfoByName(self.op_add.node_name)
cluster = self.cfg.GetClusterInfo()
self.assertFalse(created_node.uuid in cluster.candidate_certs)
def testWithoutOVS(self):
self.ExecOpCode(self.op_add)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment