Commit ec17d09c authored by Michael Hanselmann's avatar Michael Hanselmann
Browse files

Get rid of node daemon password

With the new SSL client certificate stuff it's no longer needed.

Reviewed-by: iustinp
parent f20cbea2
...@@ -694,7 +694,6 @@ def main(): ...@@ -694,7 +694,6 @@ def main():
try: try:
port = utils.GetNodeDaemonPort() port = utils.GetNodeDaemonPort()
pwdata = utils.GetNodeDaemonPassword()
except errors.ConfigurationError, err: except errors.ConfigurationError, err:
print "Cluster configuration incomplete: '%s'" % str(err) print "Cluster configuration incomplete: '%s'" % str(err)
sys.exit(5) sys.exit(5)
......
...@@ -36,7 +36,6 @@ test -f $NODED || exit 0 ...@@ -36,7 +36,6 @@ test -f $NODED || exit 0
check_config() { check_config() {
for fname in \ for fname in \
"@LOCALSTATEDIR@/lib/ganeti/ssconf_node_pass" \
"@LOCALSTATEDIR@/lib/ganeti/server.pem" "@LOCALSTATEDIR@/lib/ganeti/server.pem"
do do
if ! [ -f "$fname" ]; then if ! [ -f "$fname" ]; then
......
...@@ -77,13 +77,6 @@ def _InitGanetiServerSetup(): ...@@ -77,13 +77,6 @@ def _InitGanetiServerSetup():
the cluster and also generates the SSL certificate. the cluster and also generates the SSL certificate.
""" """
# Create pseudo random password
randpass = utils.GenerateSecret()
# and write it into the config file
utils.WriteFile(constants.CLUSTER_PASSWORD_FILE,
data="%s\n" % randpass, mode=0400)
result = utils.RunCmd(["openssl", "req", "-new", "-newkey", "rsa:1024", result = utils.RunCmd(["openssl", "req", "-new", "-newkey", "rsa:1024",
"-days", str(365*5), "-nodes", "-x509", "-days", str(365*5), "-nodes", "-x509",
"-keyout", constants.SSL_CERT_FILE, "-keyout", constants.SSL_CERT_FILE,
...@@ -291,9 +284,6 @@ def SetupNodeDaemon(node, ssh_key_check): ...@@ -291,9 +284,6 @@ def SetupNodeDaemon(node, ssh_key_check):
""" """
cfg = ssconf.SimpleConfigReader() cfg = ssconf.SimpleConfigReader()
sshrunner = ssh.SshRunner(cfg.GetClusterName()) sshrunner = ssh.SshRunner(cfg.GetClusterName())
gntpass = utils.GetNodeDaemonPassword()
if not re.match('^[a-zA-Z0-9.]{1,64}$', gntpass):
raise errors.OpExecError("ganeti password corruption detected")
gntpem = utils.ReadFile(constants.SSL_CERT_FILE) gntpem = utils.ReadFile(constants.SSL_CERT_FILE)
# in the base64 pem encoding, neither '!' nor '.' are valid chars, # in the base64 pem encoding, neither '!' nor '.' are valid chars,
# so we use this to detect an invalid certificate; as long as the # so we use this to detect an invalid certificate; as long as the
...@@ -309,11 +299,9 @@ def SetupNodeDaemon(node, ssh_key_check): ...@@ -309,11 +299,9 @@ def SetupNodeDaemon(node, ssh_key_check):
# note that all the below variables are sanitized at this point, # note that all the below variables are sanitized at this point,
# either by being constants or by the checks above # either by being constants or by the checks above
mycommand = ("umask 077 && " mycommand = ("umask 077 && "
"echo '%s' > '%s' && "
"cat > '%s' << '!EOF.' && \n" "cat > '%s' << '!EOF.' && \n"
"%s!EOF.\n%s restart" % "%s!EOF.\n%s restart" %
(gntpass, constants.CLUSTER_PASSWORD_FILE, (constants.SSL_CERT_FILE, gntpem,
constants.SSL_CERT_FILE, gntpem,
constants.NODE_INITD_SCRIPT)) constants.NODE_INITD_SCRIPT))
result = sshrunner.Run(node, 'root', mycommand, batch=False, result = sshrunner.Run(node, 'root', mycommand, batch=False,
......
...@@ -93,7 +93,6 @@ CLUSTER_CONF_FILE = DATA_DIR + "/config.data" ...@@ -93,7 +93,6 @@ CLUSTER_CONF_FILE = DATA_DIR + "/config.data"
SSL_CERT_FILE = DATA_DIR + "/server.pem" SSL_CERT_FILE = DATA_DIR + "/server.pem"
WATCHER_STATEFILE = DATA_DIR + "/watcher.data" WATCHER_STATEFILE = DATA_DIR + "/watcher.data"
SSH_KNOWN_HOSTS_FILE = DATA_DIR + "/known_hosts" SSH_KNOWN_HOSTS_FILE = DATA_DIR + "/known_hosts"
CLUSTER_PASSWORD_FILE = DATA_DIR + "/ssconf_node_pass"
QUEUE_DIR = DATA_DIR + "/queue" QUEUE_DIR = DATA_DIR + "/queue"
ETC_HOSTS = "/etc/hosts" ETC_HOSTS = "/etc/hosts"
DEFAULT_FILE_STORAGE_DIR = _autoconf.FILE_STORAGE_DIR DEFAULT_FILE_STORAGE_DIR = _autoconf.FILE_STORAGE_DIR
......
...@@ -89,7 +89,6 @@ class Client: ...@@ -89,7 +89,6 @@ class Client:
self.body = serializer.DumpJson(args, indent=False) self.body = serializer.DumpJson(args, indent=False)
self.port = utils.GetNodeDaemonPort() self.port = utils.GetNodeDaemonPort()
self.nodepw = utils.GetNodeDaemonPassword()
self.nc = {} self.nc = {}
def ConnectList(self, node_list, address_list=None): def ConnectList(self, node_list, address_list=None):
......
...@@ -1522,15 +1522,6 @@ def GetNodeDaemonPort(): ...@@ -1522,15 +1522,6 @@ def GetNodeDaemonPort():
return port return port
def GetNodeDaemonPassword():
"""Get the node password for the cluster.
@rtype: str
"""
return ReadFile(constants.CLUSTER_PASSWORD_FILE)
def SetupLogging(logfile, debug=False, stderr_logging=False, program=""): def SetupLogging(logfile, debug=False, stderr_logging=False, program=""):
"""Configures the logging module. """Configures the logging module.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment