Commit c9f79949 authored by Michael Hanselmann's avatar Michael Hanselmann

Add constant for node certificate mode

A new utility for configuring the node daemon will have to write the
node certificate as well. To not split information about the certificate
file even more, the constant is added to “pathutils”.
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
parent dffa96d6
......@@ -74,7 +74,6 @@ UIDPOOL_LOCKDIR = RUN_DIR + "/uid-pool"
SSCONF_LOCK_FILE = LOCK_DIR + "/ganeti-ssconf.lock"
CLUSTER_CONF_FILE = DATA_DIR + "/config.data"
NODED_CERT_FILE = DATA_DIR + "/server.pem"
RAPI_CERT_FILE = DATA_DIR + "/rapi.pem"
CONFD_HMAC_KEY = DATA_DIR + "/hmac.key"
SPICE_CERT_FILE = DATA_DIR + "/spice.pem"
......@@ -90,6 +89,12 @@ HOOKS_BASE_DIR = CONF_DIR + "/hooks"
FILE_STORAGE_PATHS_FILE = CONF_DIR + "/file-storage-paths"
RESTRICTED_COMMANDS_DIR = CONF_DIR + "/restricted-commands"
#: Node daemon certificate path
NODED_CERT_FILE = DATA_DIR + "/server.pem"
#: Node daemon certificate file permissions
NODED_CERT_MODE = 0440
#: Locked in exclusive mode while noded verifies a remote command
RESTRICTED_COMMANDS_LOCK_FILE = LOCK_DIR + "/ganeti-restricted-commands.lock"
......
......@@ -144,8 +144,8 @@ def GetPaths():
getent.masterd_gid, False),
(pathutils.SPICE_CACERT_FILE, FILE, 0440, getent.noded_uid,
getent.masterd_gid, False),
(pathutils.NODED_CERT_FILE, FILE, 0440, getent.masterd_uid,
getent.masterd_gid, False),
(pathutils.NODED_CERT_FILE, FILE, pathutils.NODED_CERT_MODE,
getent.masterd_uid, getent.masterd_gid, False),
]
ss = ssconf.SimpleStore()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment