From c9f7994950537cde850e075be4f99a8164c12112 Mon Sep 17 00:00:00 2001
From: Michael Hanselmann <hansmi@google.com>
Date: Thu, 29 Nov 2012 08:40:04 +0100
Subject: [PATCH] Add constant for node certificate mode
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

A new utility for configuring the node daemon will have to write the
node certificate as well. To not split information about the certificate
file even more, the constant is added to βpathutilsβ.

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
---
 lib/pathutils.py         | 7 ++++++-
 lib/tools/ensure_dirs.py | 4 ++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/lib/pathutils.py b/lib/pathutils.py
index c50c6da30..b5800c050 100644
--- a/lib/pathutils.py
+++ b/lib/pathutils.py
@@ -74,7 +74,6 @@ UIDPOOL_LOCKDIR = RUN_DIR + "/uid-pool"
 SSCONF_LOCK_FILE = LOCK_DIR + "/ganeti-ssconf.lock"
 
 CLUSTER_CONF_FILE = DATA_DIR + "/config.data"
-NODED_CERT_FILE = DATA_DIR + "/server.pem"
 RAPI_CERT_FILE = DATA_DIR + "/rapi.pem"
 CONFD_HMAC_KEY = DATA_DIR + "/hmac.key"
 SPICE_CERT_FILE = DATA_DIR + "/spice.pem"
@@ -90,6 +89,12 @@ HOOKS_BASE_DIR = CONF_DIR + "/hooks"
 FILE_STORAGE_PATHS_FILE = CONF_DIR + "/file-storage-paths"
 RESTRICTED_COMMANDS_DIR = CONF_DIR + "/restricted-commands"
 
+#: Node daemon certificate path
+NODED_CERT_FILE = DATA_DIR + "/server.pem"
+
+#: Node daemon certificate file permissions
+NODED_CERT_MODE = 0440
+
 #: Locked in exclusive mode while noded verifies a remote command
 RESTRICTED_COMMANDS_LOCK_FILE = LOCK_DIR + "/ganeti-restricted-commands.lock"
 
diff --git a/lib/tools/ensure_dirs.py b/lib/tools/ensure_dirs.py
index 48a7b4415..bb20e5d8e 100644
--- a/lib/tools/ensure_dirs.py
+++ b/lib/tools/ensure_dirs.py
@@ -144,8 +144,8 @@ def GetPaths():
      getent.masterd_gid, False),
     (pathutils.SPICE_CACERT_FILE, FILE, 0440, getent.noded_uid,
      getent.masterd_gid, False),
-    (pathutils.NODED_CERT_FILE, FILE, 0440, getent.masterd_uid,
-     getent.masterd_gid, False),
+    (pathutils.NODED_CERT_FILE, FILE, pathutils.NODED_CERT_MODE,
+     getent.masterd_uid, getent.masterd_gid, False),
     ]
 
   ss = ssconf.SimpleStore()
-- 
GitLab