Commit fc0726b9 authored by Michael Hanselmann's avatar Michael Hanselmann

cfgupgrade: Local variable for cluster-domain-secret filename

This is necessary to allow cfgupgrade to work on a non-standard directory.
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarIustin Pop <iustin@google.com>
parent 94182b63
......@@ -80,7 +80,8 @@ def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_confd_hmac_key,
new_cds, rapi_cert_pem=None, cds=None,
nodecert_file=constants.NODED_CERT_FILE,
rapicert_file=constants.RAPI_CERT_FILE,
hmackey_file=constants.CONFD_HMAC_KEY):
hmackey_file=constants.CONFD_HMAC_KEY,
cds_file=constants.CLUSTER_DOMAIN_SECRET_FILE):
"""Updates the cluster certificates, keys and secrets.
@type new_cluster_cert: bool
......@@ -134,15 +135,12 @@ def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_confd_hmac_key,
# Cluster domain secret
if cds:
logging.debug("Writing cluster domain secret to %s",
constants.CLUSTER_DOMAIN_SECRET_FILE)
utils.WriteFile(constants.CLUSTER_DOMAIN_SECRET_FILE,
data=cds, backup=True)
elif new_cds or not os.path.exists(constants.CLUSTER_DOMAIN_SECRET_FILE):
logging.debug("Generating new cluster domain secret at %s",
constants.CLUSTER_DOMAIN_SECRET_FILE)
GenerateHmacKey(constants.CLUSTER_DOMAIN_SECRET_FILE)
logging.debug("Writing cluster domain secret to %s", cds_file)
utils.WriteFile(cds_file, data=cds, backup=True)
elif new_cds or not os.path.exists(cds_file):
logging.debug("Generating new cluster domain secret at %s", cds_file)
GenerateHmacKey(cds_file)
def _InitGanetiServerSetup(master_name):
......
......@@ -123,6 +123,7 @@ def main():
options.KNOWN_HOSTS_PATH = options.data_dir + "/known_hosts"
options.RAPI_CERT_FILE = options.data_dir + "/rapi.pem"
options.CONFD_HMAC_KEY = options.data_dir + "/hmac.key"
options.CDS_FILE = options.data_dir + "/cluster-domain-secret"
SetupLogging()
......@@ -178,7 +179,8 @@ def main():
bootstrap.GenerateClusterCrypto(False, False, False, False,
nodecert_file=options.SERVER_PEM_PATH,
rapicert_file=options.RAPI_CERT_FILE,
hmackey_file=options.CONFD_HMAC_KEY)
hmackey_file=options.CONFD_HMAC_KEY,
cds_file=options.CDS_FILE)
except:
logging.critical("Writing configuration failed. It is probably in an"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment