Commit eafd8762 authored by Michael Hanselmann's avatar Michael Hanselmann
Browse files

Use SSL for master/node RPC

This patch enables SSL between masterd and noded.

Reviewed-by: iustinp
parent ec17d09c
......@@ -710,11 +710,16 @@ def main():
stderr_logging=not options.fork)
logging.info("ganeti node daemon startup")
# Read SSL certificate
ssl_params = http.HttpSslParams(ssl_key_path=constants.SSL_CERT_FILE,
ssl_cert_path=constants.SSL_CERT_FILE)
# Prepare job queue
queue_lock = jstore.InitAndVerifyQueue(must_lock=False)
mainloop = daemon.Mainloop()
server = NodeHttpServer(mainloop, "", port)
server = NodeHttpServer(mainloop, "", port,
ssl_params=ssl_params, ssl_verify_peer=True)
server.Start()
try:
mainloop.Run()
......
......@@ -39,6 +39,7 @@ from ganeti import utils
from ganeti import objects
from ganeti import http
from ganeti import serializer
from ganeti import constants
# Module level variable
......@@ -121,9 +122,15 @@ class Client:
if address is None:
address = name
# TODO: Cache key and certificate for different requests
ssl_params = http.HttpSslParams(ssl_key_path=constants.SSL_CERT_FILE,
ssl_cert_path=constants.SSL_CERT_FILE)
self.nc[name] = http.HttpClientRequest(address, self.port, http.HTTP_PUT,
"/%s" % self.procedure,
post_data=self.body)
post_data=self.body,
ssl_params=ssl_params,
ssl_verify_peer=True)
def GetResults(self):
"""Call nodes and return results.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment