Commit ec17d09c authored by Michael Hanselmann's avatar Michael Hanselmann
Browse files

Get rid of node daemon password

With the new SSL client certificate stuff it's no longer needed.

Reviewed-by: iustinp
parent f20cbea2
......@@ -694,7 +694,6 @@ def main():
try:
port = utils.GetNodeDaemonPort()
pwdata = utils.GetNodeDaemonPassword()
except errors.ConfigurationError, err:
print "Cluster configuration incomplete: '%s'" % str(err)
sys.exit(5)
......
......@@ -36,7 +36,6 @@ test -f $NODED || exit 0
check_config() {
for fname in \
"@LOCALSTATEDIR@/lib/ganeti/ssconf_node_pass" \
"@LOCALSTATEDIR@/lib/ganeti/server.pem"
do
if ! [ -f "$fname" ]; then
......
......@@ -77,13 +77,6 @@ def _InitGanetiServerSetup():
the cluster and also generates the SSL certificate.
"""
# Create pseudo random password
randpass = utils.GenerateSecret()
# and write it into the config file
utils.WriteFile(constants.CLUSTER_PASSWORD_FILE,
data="%s\n" % randpass, mode=0400)
result = utils.RunCmd(["openssl", "req", "-new", "-newkey", "rsa:1024",
"-days", str(365*5), "-nodes", "-x509",
"-keyout", constants.SSL_CERT_FILE,
......@@ -291,9 +284,6 @@ def SetupNodeDaemon(node, ssh_key_check):
"""
cfg = ssconf.SimpleConfigReader()
sshrunner = ssh.SshRunner(cfg.GetClusterName())
gntpass = utils.GetNodeDaemonPassword()
if not re.match('^[a-zA-Z0-9.]{1,64}$', gntpass):
raise errors.OpExecError("ganeti password corruption detected")
gntpem = utils.ReadFile(constants.SSL_CERT_FILE)
# in the base64 pem encoding, neither '!' nor '.' are valid chars,
# so we use this to detect an invalid certificate; as long as the
......@@ -309,11 +299,9 @@ def SetupNodeDaemon(node, ssh_key_check):
# note that all the below variables are sanitized at this point,
# either by being constants or by the checks above
mycommand = ("umask 077 && "
"echo '%s' > '%s' && "
"cat > '%s' << '!EOF.' && \n"
"%s!EOF.\n%s restart" %
(gntpass, constants.CLUSTER_PASSWORD_FILE,
constants.SSL_CERT_FILE, gntpem,
(constants.SSL_CERT_FILE, gntpem,
constants.NODE_INITD_SCRIPT))
result = sshrunner.Run(node, 'root', mycommand, batch=False,
......
......@@ -93,7 +93,6 @@ CLUSTER_CONF_FILE = DATA_DIR + "/config.data"
SSL_CERT_FILE = DATA_DIR + "/server.pem"
WATCHER_STATEFILE = DATA_DIR + "/watcher.data"
SSH_KNOWN_HOSTS_FILE = DATA_DIR + "/known_hosts"
CLUSTER_PASSWORD_FILE = DATA_DIR + "/ssconf_node_pass"
QUEUE_DIR = DATA_DIR + "/queue"
ETC_HOSTS = "/etc/hosts"
DEFAULT_FILE_STORAGE_DIR = _autoconf.FILE_STORAGE_DIR
......
......@@ -89,7 +89,6 @@ class Client:
self.body = serializer.DumpJson(args, indent=False)
self.port = utils.GetNodeDaemonPort()
self.nodepw = utils.GetNodeDaemonPassword()
self.nc = {}
def ConnectList(self, node_list, address_list=None):
......
......@@ -1522,15 +1522,6 @@ def GetNodeDaemonPort():
return port
def GetNodeDaemonPassword():
"""Get the node password for the cluster.
@rtype: str
"""
return ReadFile(constants.CLUSTER_PASSWORD_FILE)
def SetupLogging(logfile, debug=False, stderr_logging=False, program=""):
"""Configures the logging module.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment