Commit daeece8b authored by Helga Velroyen's avatar Helga Velroyen

tools: Move (Re)GenerateClientCert to common

So far the generation of client certificates was only
called from ssl_update.py used in when calling 'gnt-cluster
renew-crypto'. This patch moves the function from
ssl_update.py to tools/common.py, because it will also
be needed by prepare_node_join.py when adding nodes
(see next patch in the series).
Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
parent 51d34b04
......@@ -33,9 +33,12 @@
import logging
import OpenSSL
import os
import time
from cStringIO import StringIO
from ganeti import constants
from ganeti import pathutils
from ganeti import utils
from ganeti import serializer
from ganeti import ssconf
......@@ -138,3 +141,30 @@ def LoadData(raw, data_check):
"""
return serializer.LoadAndVerifyJson(raw, data_check)
def GenerateClientCertificate(
data, error_fn, client_cert=pathutils.NODED_CLIENT_CERT_FILE,
signing_cert=pathutils.NODED_CERT_FILE):
"""Regenerates the client certificate of the node.
@type data: string
@param data: the JSON-formated input data
"""
if not os.path.exists(signing_cert):
raise error_fn("The signing certificate '%s' cannot be found."
% signing_cert)
# TODO: This sets the serial number to the number of seconds
# since epoch. This is technically not a correct serial number
# (in the way SSL is supposed to be used), but it serves us well
# enough for now, as we don't have any infrastructure for keeping
# track of the number of signed certificates yet.
serial_no = int(time.time())
# The hostname of the node is provided with the input data.
hostname = data.get(constants.NDS_NODE_NAME)
utils.GenerateSignedSslCert(client_cert, serial_no, signing_cert,
common_name=hostname)
......@@ -36,14 +36,12 @@ import os.path
import optparse
import sys
import logging
import time
from ganeti import cli
from ganeti import constants
from ganeti import errors
from ganeti import utils
from ganeti import ht
from ganeti import pathutils
from ganeti.tools import common
......@@ -77,33 +75,6 @@ def ParseOptions():
return common.VerifyOptions(parser, opts, args)
def RegenerateClientCertificate(
data, client_cert=pathutils.NODED_CLIENT_CERT_FILE,
signing_cert=pathutils.NODED_CERT_FILE):
"""Regenerates the client certificate of the node.
@type data: string
@param data: the JSON-formated input data
"""
if not os.path.exists(signing_cert):
raise SslSetupError("The signing certificate '%s' cannot be found."
% signing_cert)
# TODO: This sets the serial number to the number of seconds
# since epoch. This is technically not a correct serial number
# (in the way SSL is supposed to be used), but it serves us well
# enough for now, as we don't have any infrastructure for keeping
# track of the number of signed certificates yet.
serial_no = int(time.time())
# The hostname of the node is provided with the input data.
hostname = data.get(constants.NDS_NODE_NAME)
utils.GenerateSignedSslCert(client_cert, serial_no, signing_cert,
common_name=hostname)
def Main():
"""Main routine.
......@@ -121,7 +92,7 @@ def Main():
# is the same as on this node.
common.VerifyCertificate(data, SslSetupError)
RegenerateClientCertificate(data)
common.GenerateClientCertificate(data, SslSetupError)
except Exception, err: # pylint: disable=W0703
logging.debug("Caught unhandled exception", exc_info=True)
......
......@@ -37,18 +37,15 @@ import os.path
import OpenSSL
import time
from ganeti import errors
from ganeti import constants
from ganeti import serializer
from ganeti import pathutils
from ganeti import compat
from ganeti import utils
from ganeti.tools import ssl_update
from ganeti.tools import common
import testutils
class TestGenerateClientCert(unittest.TestCase):
def setUp(self):
self.tmpdir = tempfile.mkdtemp()
......@@ -67,8 +64,9 @@ class TestGenerateClientCert(unittest.TestCase):
constants.NDS_NODE_DAEMON_CERTIFICATE: "some_cert",
constants.NDS_NODE_NAME: my_node_name}
ssl_update.RegenerateClientCertificate(data, client_cert=self.client_cert,
signing_cert=self.server_cert)
common.GenerateClientCertificate(data, Exception,
client_cert=self.client_cert,
signing_cert=self.server_cert)
client_cert_pem = utils.ReadFile(self.client_cert)
server_cert_pem = utils.ReadFile(self.server_cert)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment