Fix cfgupgrade with non-default DATA_DIR

Commit 43575108 added bootstrap.GenerateclusterCrypto and commit 7506a7f1 changed cfgupgrade to use it. However, this lost the functionality of upgrading in non-default DATA_DIR. To fix this, we enhance bootstrap.GenerateclusterCrypto to accept custom file paths for the three files it modifies. If more files will be needed in the future, we could just pass in modified DATA_DIR, but for now it suffices. Signed-off-by: Iustin Pop <iustin@google.com> Reviewed-by: René Nussbaumer <rn@google.com>

Fix cfgupgrade with non-default DATA_DIR
Commit 43575108 added bootstrap.GenerateclusterCrypto and commit 7506a7f1 changed cfgupgrade to use it. However, this lost the functionality of upgrading in non-default DATA_DIR. To fix this, we enhance bootstrap.GenerateclusterCrypto to accept custom file paths for the three files it modifies. If more files will be needed in the future, we could just pass in modified DATA_DIR, but for now it suffices. Signed-off-by: Iustin Pop <iustin@google.com> Reviewed-by: René Nussbaumer <rn@google.com>
aeefe835 · Iustin Pop · 88394aa7 · aeefe835 · aeefe835
Commit aeefe835 authored 15 years ago by Iustin Pop
--- a/lib/bootstrap.py
+++ b/lib/bootstrap.py
@@ -112,7 +112,10 @@ def GenerateHmacKey(file_name):
 def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_confd_hmac_key,
-                          rapi_cert_pem=None):
+                          rapi_cert_pem=None,
+                          nodecert_file=constants.NODED_CERT_FILE,
+                          rapicert_file=constants.RAPI_CERT_FILE,
+                          hmackey_file=constants.CONFD_HMAC_KEY):
  """Updates the cluster certificates, keys and secrets.
  @type new_cluster_cert: bool
@@ -123,39 +126,42 @@ def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_confd_hmac_key,
  @param new_confd_hmac_key: Whether to generate a new HMAC key
  @type rapi_cert_pem: string
  @param rapi_cert_pem: New RAPI certificate in PEM format
+  @type nodecert_file: string
+  @param nodecert_file: optional override of the node cert file path
+  @type rapicert_file: string
+  @param rapicert_file: optional override of the rapi cert file path
+  @type hmackey_file: string
+  @param hmackey_file: optional override of the hmac key file path
  """
  # noded SSL certificate
-  cluster_cert_exists = os.path.exists(constants.NODED_CERT_FILE)
+  cluster_cert_exists = os.path.exists(nodecert_file)
  if new_cluster_cert or not cluster_cert_exists:
    if cluster_cert_exists:
-      utils.CreateBackup(constants.NODED_CERT_FILE)
+      utils.CreateBackup(nodecert_file)
-    logging.debug("Generating new cluster certificate at %s",
+    logging.debug("Generating new cluster certificate at %s", nodecert_file)
-                  constants.NODED_CERT_FILE)
+    GenerateSelfSignedSslCert(nodecert_file)
-    GenerateSelfSignedSslCert(constants.NODED_CERT_FILE)
  # confd HMAC key
-  if new_confd_hmac_key or not os.path.exists(constants.CONFD_HMAC_KEY):
+  if new_confd_hmac_key or not os.path.exists(hmackey_file):
-    logging.debug("Writing new confd HMAC key to %s", constants.CONFD_HMAC_KEY)
+    logging.debug("Writing new confd HMAC key to %s", hmackey_file)
-    GenerateHmacKey(constants.CONFD_HMAC_KEY)
+    GenerateHmacKey(hmackey_file)
  # RAPI
-  rapi_cert_exists = os.path.exists(constants.RAPI_CERT_FILE)
+  rapi_cert_exists = os.path.exists(rapicert_file)
  if rapi_cert_pem:
    # Assume rapi_pem contains a valid PEM-formatted certificate and key
-    logging.debug("Writing RAPI certificate at %s",
+    logging.debug("Writing RAPI certificate at %s", rapicert_file)
-                  constants.RAPI_CERT_FILE)
+    utils.WriteFile(rapicert_file, data=rapi_cert_pem, backup=True)
-    utils.WriteFile(constants.RAPI_CERT_FILE, data=rapi_cert_pem, backup=True)
  elif new_rapi_cert or not rapi_cert_exists:
    if rapi_cert_exists:
-      utils.CreateBackup(constants.RAPI_CERT_FILE)
+      utils.CreateBackup(rapicert_file)
-    logging.debug("Generating new RAPI certificate at %s",
+    logging.debug("Generating new RAPI certificate at %s", rapicert_file)
-                  constants.RAPI_CERT_FILE)
+    GenerateSelfSignedSslCert(rapicert_file)
-    GenerateSelfSignedSslCert(constants.RAPI_CERT_FILE)
 def _InitGanetiServerSetup(master_name):

--- a/tools/cfgupgrade
+++ b/tools/cfgupgrade
 #!/usr/bin/python
 #
-# Copyright (C) 2007, 2008, 2009 Google Inc.
+# Copyright (C) 2007, 2008, 2009, 2010 Google Inc.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -174,7 +174,10 @@ def main():
                    backup=True)
    if not options.dry_run:
-      bootstrap.GenerateClusterCrypto(False, False, False)
+      bootstrap.GenerateClusterCrypto(False, False, False,
+                                      nodecert_file=options.SERVER_PEM_PATH,
+                                      rapicert_file=options.RAPI_CERT_FILE,
+                                      hmackey_file=options.CONFD_HMAC_KEY)
  except:
    logging.critical("Writing configuration failed. It is probably in an"