diff --git a/lib/bootstrap.py b/lib/bootstrap.py
index 4763c84937a9196ccbd59aba6a14cb357537a481..24aa5240219d1084355847a480d6d778c3d45647 100644
--- a/lib/bootstrap.py
+++ b/lib/bootstrap.py
@@ -112,7 +112,10 @@ def GenerateHmacKey(file_name):
def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_confd_hmac_key,
- rapi_cert_pem=None):
+ rapi_cert_pem=None,
+ nodecert_file=constants.NODED_CERT_FILE,
+ rapicert_file=constants.RAPI_CERT_FILE,
+ hmackey_file=constants.CONFD_HMAC_KEY):
"""Updates the cluster certificates, keys and secrets.
@type new_cluster_cert: bool
@@ -123,39 +126,42 @@ def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_confd_hmac_key,
@param new_confd_hmac_key: Whether to generate a new HMAC key
@type rapi_cert_pem: string
@param rapi_cert_pem: New RAPI certificate in PEM format
+ @type nodecert_file: string
+ @param nodecert_file: optional override of the node cert file path
+ @type rapicert_file: string
+ @param rapicert_file: optional override of the rapi cert file path
+ @type hmackey_file: string
+ @param hmackey_file: optional override of the hmac key file path
"""
# noded SSL certificate
- cluster_cert_exists = os.path.exists(constants.NODED_CERT_FILE)
+ cluster_cert_exists = os.path.exists(nodecert_file)
if new_cluster_cert or not cluster_cert_exists:
if cluster_cert_exists:
- utils.CreateBackup(constants.NODED_CERT_FILE)
+ utils.CreateBackup(nodecert_file)
- logging.debug("Generating new cluster certificate at %s",
- constants.NODED_CERT_FILE)
- GenerateSelfSignedSslCert(constants.NODED_CERT_FILE)
+ logging.debug("Generating new cluster certificate at %s", nodecert_file)
+ GenerateSelfSignedSslCert(nodecert_file)
# confd HMAC key
- if new_confd_hmac_key or not os.path.exists(constants.CONFD_HMAC_KEY):
- logging.debug("Writing new confd HMAC key to %s", constants.CONFD_HMAC_KEY)
- GenerateHmacKey(constants.CONFD_HMAC_KEY)
+ if new_confd_hmac_key or not os.path.exists(hmackey_file):
+ logging.debug("Writing new confd HMAC key to %s", hmackey_file)
+ GenerateHmacKey(hmackey_file)
# RAPI
- rapi_cert_exists = os.path.exists(constants.RAPI_CERT_FILE)
+ rapi_cert_exists = os.path.exists(rapicert_file)
if rapi_cert_pem:
# Assume rapi_pem contains a valid PEM-formatted certificate and key
- logging.debug("Writing RAPI certificate at %s",
- constants.RAPI_CERT_FILE)
- utils.WriteFile(constants.RAPI_CERT_FILE, data=rapi_cert_pem, backup=True)
+ logging.debug("Writing RAPI certificate at %s", rapicert_file)
+ utils.WriteFile(rapicert_file, data=rapi_cert_pem, backup=True)
elif new_rapi_cert or not rapi_cert_exists:
if rapi_cert_exists:
- utils.CreateBackup(constants.RAPI_CERT_FILE)
+ utils.CreateBackup(rapicert_file)
- logging.debug("Generating new RAPI certificate at %s",
- constants.RAPI_CERT_FILE)
- GenerateSelfSignedSslCert(constants.RAPI_CERT_FILE)
+ logging.debug("Generating new RAPI certificate at %s", rapicert_file)
+ GenerateSelfSignedSslCert(rapicert_file)
def _InitGanetiServerSetup(master_name):
diff --git a/tools/cfgupgrade b/tools/cfgupgrade
index fa6a8194dfc69b0121901dbba8867edbbe403b1c..2143ba03b87ce0e9a332e60e5bc360d21f1c9139 100755
--- a/tools/cfgupgrade
+++ b/tools/cfgupgrade
@@ -1,7 +1,7 @@
#!/usr/bin/python
#
-# Copyright (C) 2007, 2008, 2009 Google Inc.
+# Copyright (C) 2007, 2008, 2009, 2010 Google Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -174,7 +174,10 @@ def main():
backup=True)
if not options.dry_run:
- bootstrap.GenerateClusterCrypto(False, False, False)
+ bootstrap.GenerateClusterCrypto(False, False, False,
+ nodecert_file=options.SERVER_PEM_PATH,
+ rapicert_file=options.RAPI_CERT_FILE,
+ hmackey_file=options.CONFD_HMAC_KEY)
except:
logging.critical("Writing configuration failed. It is probably in an"