From ec17d09c01f897bc6951e4125db152162caa0aa2 Mon Sep 17 00:00:00 2001
From: Michael Hanselmann <hansmi@google.com>
Date: Fri, 21 Nov 2008 10:46:58 +0000
Subject: [PATCH] Get rid of node daemon password
With the new SSL client certificate stuff it's no longer needed.
Reviewed-by: iustinp
---
daemons/ganeti-noded | 1 -
doc/examples/ganeti.initd.in | 1 -
lib/bootstrap.py | 14 +-------------
lib/constants.py | 1 -
lib/rpc.py | 1 -
lib/utils.py | 9 ---------
6 files changed, 1 insertion(+), 26 deletions(-)
diff --git a/daemons/ganeti-noded b/daemons/ganeti-noded
index c124dd180..8a2db9f16 100755
--- a/daemons/ganeti-noded
+++ b/daemons/ganeti-noded
@@ -694,7 +694,6 @@ def main():
try:
port = utils.GetNodeDaemonPort()
- pwdata = utils.GetNodeDaemonPassword()
except errors.ConfigurationError, err:
print "Cluster configuration incomplete: '%s'" % str(err)
sys.exit(5)
diff --git a/doc/examples/ganeti.initd.in b/doc/examples/ganeti.initd.in
index 816c5b76a..8460216a3 100644
--- a/doc/examples/ganeti.initd.in
+++ b/doc/examples/ganeti.initd.in
@@ -36,7 +36,6 @@ test -f $NODED || exit 0
check_config() {
for fname in \
- "@LOCALSTATEDIR@/lib/ganeti/ssconf_node_pass" \
"@LOCALSTATEDIR@/lib/ganeti/server.pem"
do
if ! [ -f "$fname" ]; then
diff --git a/lib/bootstrap.py b/lib/bootstrap.py
index 8a6ca56a6..d28135ad1 100644
--- a/lib/bootstrap.py
+++ b/lib/bootstrap.py
@@ -77,13 +77,6 @@ def _InitGanetiServerSetup():
the cluster and also generates the SSL certificate.
"""
- # Create pseudo random password
- randpass = utils.GenerateSecret()
-
- # and write it into the config file
- utils.WriteFile(constants.CLUSTER_PASSWORD_FILE,
- data="%s\n" % randpass, mode=0400)
-
result = utils.RunCmd(["openssl", "req", "-new", "-newkey", "rsa:1024",
"-days", str(365*5), "-nodes", "-x509",
"-keyout", constants.SSL_CERT_FILE,
@@ -291,9 +284,6 @@ def SetupNodeDaemon(node, ssh_key_check):
"""
cfg = ssconf.SimpleConfigReader()
sshrunner = ssh.SshRunner(cfg.GetClusterName())
- gntpass = utils.GetNodeDaemonPassword()
- if not re.match('^[a-zA-Z0-9.]{1,64}$', gntpass):
- raise errors.OpExecError("ganeti password corruption detected")
gntpem = utils.ReadFile(constants.SSL_CERT_FILE)
# in the base64 pem encoding, neither '!' nor '.' are valid chars,
# so we use this to detect an invalid certificate; as long as the
@@ -309,11 +299,9 @@ def SetupNodeDaemon(node, ssh_key_check):
# note that all the below variables are sanitized at this point,
# either by being constants or by the checks above
mycommand = ("umask 077 && "
- "echo '%s' > '%s' && "
"cat > '%s' << '!EOF.' && \n"
"%s!EOF.\n%s restart" %
- (gntpass, constants.CLUSTER_PASSWORD_FILE,
- constants.SSL_CERT_FILE, gntpem,
+ (constants.SSL_CERT_FILE, gntpem,
constants.NODE_INITD_SCRIPT))
result = sshrunner.Run(node, 'root', mycommand, batch=False,
diff --git a/lib/constants.py b/lib/constants.py
index 6c3e0dd3d..a64b2a3ee 100644
--- a/lib/constants.py
+++ b/lib/constants.py
@@ -93,7 +93,6 @@ CLUSTER_CONF_FILE = DATA_DIR + "/config.data"
SSL_CERT_FILE = DATA_DIR + "/server.pem"
WATCHER_STATEFILE = DATA_DIR + "/watcher.data"
SSH_KNOWN_HOSTS_FILE = DATA_DIR + "/known_hosts"
-CLUSTER_PASSWORD_FILE = DATA_DIR + "/ssconf_node_pass"
QUEUE_DIR = DATA_DIR + "/queue"
ETC_HOSTS = "/etc/hosts"
DEFAULT_FILE_STORAGE_DIR = _autoconf.FILE_STORAGE_DIR
diff --git a/lib/rpc.py b/lib/rpc.py
index 5850cd2dd..d789677c9 100644
--- a/lib/rpc.py
+++ b/lib/rpc.py
@@ -89,7 +89,6 @@ class Client:
self.body = serializer.DumpJson(args, indent=False)
self.port = utils.GetNodeDaemonPort()
- self.nodepw = utils.GetNodeDaemonPassword()
self.nc = {}
def ConnectList(self, node_list, address_list=None):
diff --git a/lib/utils.py b/lib/utils.py
index 7884366d5..e0dfcb247 100644
--- a/lib/utils.py
+++ b/lib/utils.py
@@ -1522,15 +1522,6 @@ def GetNodeDaemonPort():
return port
-def GetNodeDaemonPassword():
- """Get the node password for the cluster.
-
- @rtype: str
-
- """
- return ReadFile(constants.CLUSTER_PASSWORD_FILE)
-
-
def SetupLogging(logfile, debug=False, stderr_logging=False, program=""):
"""Configures the logging module.
--
GitLab