This patch adds a few steps to bootstrap.py. After the creation of the server (cluster) certificate and the master node's client certificate, the digest of that client certificate is added to the configuration and by an update of the configuraiton written to the ssconf_master_candidates_certs file.
Signed-off-by: Helga Velroyen <[email protected]> --- lib/bootstrap.py | 14 ++++++++++++-- test/py/cmdlib/cluster_unittest.py | 11 +---------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/lib/bootstrap.py b/lib/bootstrap.py index fa6ae19..910ea63 100644 --- a/lib/bootstrap.py +++ b/lib/bootstrap.py @@ -214,7 +214,7 @@ def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_spice_cert, GenerateHmacKey(cds_file) -def _InitGanetiServerSetup(master_name): +def _InitGanetiServerSetup(master_name, cfg): """Setup the necessary configuration for the initial node daemon. This creates the nodepass file containing the shared password for @@ -222,11 +222,21 @@ def _InitGanetiServerSetup(master_name): @type master_name: str @param master_name: Name of the master node + @type cfg: ConfigWriter + @param cfg: the configuration writer """ # Generate cluster secrets GenerateClusterCrypto(True, False, False, False, False, False, master_name) + # Add the master's SSL certificate digest to the configuration. + master_uuid = cfg.GetMasterNode() + master_digest = utils.GetCertificateDigest() + cfg.AddNodeToCandidateCerts(master_uuid, master_digest) + cfg.Update(cfg.GetClusterInfo(), logging.error) + ssconf.WriteSsconfFiles(cfg.GetSsconfValues()) + + # set up the inter-node password and certificate result = utils.RunCmd([pathutils.DAEMON_UTIL, "start", constants.NODED]) if result.failed: raise errors.OpExecError("Could not start the node daemon, command %s" @@ -894,7 +904,7 @@ def InitCluster(cluster_name, mac_prefix, # pylint: disable=R0913, R0914 ssconf.WriteSsconfFiles(cfg.GetSsconfValues()) # set up the inter-node password and certificate - _InitGanetiServerSetup(hostname.name) + _InitGanetiServerSetup(hostname.name, cfg) logging.debug("Starting daemons") result = utils.RunCmd([pathutils.DAEMON_UTIL, "start-all"]) diff --git a/test/py/cmdlib/cluster_unittest.py b/test/py/cmdlib/cluster_unittest.py index ff0d0bb..650d8e1 100644 --- a/test/py/cmdlib/cluster_unittest.py +++ b/test/py/cmdlib/cluster_unittest.py @@ -217,16 +217,7 @@ class TestLUClusterDestroy(CmdlibTestCase): class TestLUClusterPostInit(CmdlibTestCase): - @testutils.patch_object(cluster, "_UpdateMasterClientCert") - def testExecution(self, update_client_cert_mock): - # mock the client certificate creation as it is tested separately - update_client_cert_mock.return_value = None - # For the purpose of this test, return the same certificate digest for all - # nodes - self.rpc.call_node_crypto_tokens = \ - lambda node_uuid, _: self.RpcResultsBuilder() \ - .CreateSuccessfulNodeResult(node_uuid, - [(constants.CRYPTO_TYPE_SSL_DIGEST, "IA:MA:FA:KE:DI:GE:ST")]) + def testExecution(self): op = opcodes.OpClusterPostInit() self.ExecOpCode(op) -- 2.4.3.573.g4eafbef
