[PATCH stable-2.12 18/29] Renew-crypto: propagate verbose and debug option

'Helga Velroyen' via ganeti-devel Thu, 25 Jun 2015 08:32:41 -0700

This patch enables the user to add --debug and/or --verbose
to the call of 'renew-crypto'. This way, more output is
shown to debug SSL problems easier.


Signed-off-by: Helga Velroyen <[email protected]>
---
 lib/cli.py                     | 16 +++++++++++++---
 lib/client/gnt_cluster.py      | 26 +++++++++++++++-----------
 src/Ganeti/OpCodes.hs          |  4 +++-
 src/Ganeti/OpParams.hs         |  6 ++++++
 test/hs/Test/Ganeti/OpCodes.hs |  3 ++-
 5 files changed, 39 insertions(+), 16 deletions(-)

diff --git a/lib/cli.py b/lib/cli.py
index 195a77b..8578639 100644
--- a/lib/cli.py
+++ b/lib/cli.py
@@ -2941,7 +2941,8 @@ class _RunWhileDaemonsStoppedHelper(object):
 
   """
   def __init__(self, feedback_fn, cluster_name, master_node,
-               online_nodes, ssh_ports, exclude_daemons):
+               online_nodes, ssh_ports, exclude_daemons, debug,
+               verbose):
     """Initializes this class.
 
     @type feedback_fn: callable
@@ -2956,6 +2957,10 @@ class _RunWhileDaemonsStoppedHelper(object):
     @param ssh_ports: List of SSH ports of online nodes
     @type exclude_daemons: list of string
     @param exclude_daemons: list of daemons to shutdown
+    @type debug: boolean
+    @param debug: show debug output
+    @type verbose: boolesn
+    @param verbose: show verbose output
 
     """
     self.feedback_fn = feedback_fn
@@ -2970,6 +2975,8 @@ class _RunWhileDaemonsStoppedHelper(object):
                             if name != master_node]
 
     self.exclude_daemons = exclude_daemons
+    self.debug = debug
+    self.verbose = verbose
 
     assert self.master_node not in self.nonmaster_nodes
 
@@ -3058,7 +3065,7 @@ class _RunWhileDaemonsStoppedHelper(object):
       watcher_block.Close()
 
 
-def RunWhileDaemonsStopped(feedback_fn, exclude_daemons, fn, *args):
+def RunWhileDaemonsStopped(feedback_fn, exclude_daemons, fn, *args, **kwargs):
   """Calls a function while all cluster daemons are stopped.
 
   @type feedback_fn: callable
@@ -3088,9 +3095,12 @@ def RunWhileDaemonsStopped(feedback_fn, exclude_daemons, 
fn, *args):
   if exclude_daemons is None:
     exclude_daemons = []
 
+  debug = kwargs.get("debug", False)
+  verbose = kwargs.get("verbose", False)
+
   return _RunWhileDaemonsStoppedHelper(
       feedback_fn, cluster_name, master_node, online_nodes, ssh_ports,
-      exclude_daemons).Call(fn, *args)
+      exclude_daemons, debug, verbose).Call(fn, *args)
 
 
 def RunWhileClusterStopped(feedback_fn, fn, *args):
diff --git a/lib/client/gnt_cluster.py b/lib/client/gnt_cluster.py
index e673273..549d218 100644
--- a/lib/client/gnt_cluster.py
+++ b/lib/client/gnt_cluster.py
@@ -941,7 +941,7 @@ def _ReadAndVerifyCert(cert_filename, 
verify_private_key=False):
 def _RenewCrypto(new_cluster_cert, new_rapi_cert, # pylint: disable=R0911
                  rapi_cert_filename, new_spice_cert, spice_cert_filename,
                  spice_cacert_filename, new_confd_hmac_key, new_cds,
-                 cds_filename, force, new_node_cert):
+                 cds_filename, force, new_node_cert, verbose, debug):
   """Renews cluster certificates, keys and secrets.
 
   @type new_cluster_cert: bool
@@ -967,6 +967,10 @@ def _RenewCrypto(new_cluster_cert, new_rapi_cert, # 
pylint: disable=R0911
   @param force: Whether to ask user for confirmation
   @type new_node_cert: string
   @param new_node_cert: Whether to generate new node certificates
+  @type verbose: boolean
+  @param verbose: show verbose output
+  @type debug: boolean
+  @param debug: show debug output
 
   """
   if new_rapi_cert and rapi_cert_filename:
@@ -1061,10 +1065,6 @@ def _RenewCrypto(new_cluster_cert, new_rapi_cert, # 
pylint: disable=R0911
   def _RenewClientCerts(ctx):
     ctx.feedback_fn("Updating client SSL certificates.")
 
-    # TODO: transport those options outside.
-    debug = True
-    verbose = True
-
     cluster_name = ssconf.SimpleStore().GetClusterName()
 
     for node_name in ctx.nonmaster_nodes + [ctx.master_node]:
@@ -1080,8 +1080,8 @@ def _RenewCrypto(new_cluster_cert, new_rapi_cert, # 
pylint: disable=R0911
           cluster_name,
           node_name,
           pathutils.SSL_UPDATE,
-          debug,
-          verbose,
+          ctx.debug,
+          ctx.verbose,
           True, # use cluster key
           False, # ask key
           True, # strict host check
@@ -1137,13 +1137,15 @@ def _RenewCrypto(new_cluster_cert, new_rapi_cert, # 
pylint: disable=R0911
 
   # If only node certficates are recreated, call _RenewClientCerts only.
   if new_node_cert and not new_cluster_cert:
-    RunWhileDaemonsStopped(ToStdout, [constants.WCONFD], _RenewClientCerts)
+    RunWhileDaemonsStopped(ToStdout, [constants.WCONFD], _RenewClientCerts,
+                           verbose=verbose, debug=debug)
 
   # If the cluster certificate are renewed, the client certificates need
   # to be renewed too.
   if new_cluster_cert:
     RunWhileDaemonsStopped(ToStdout, [constants.WCONFD],
-                           _RenewServerAndClientCerts)
+                           _RenewServerAndClientCerts, verbose=verbose,
+                           debug=debug)
 
   ToStdout("All requested certificates and keys have been replaced."
            " Running \"gnt-cluster verify\" now is recommended.")
@@ -1170,7 +1172,9 @@ def RenewCrypto(opts, args):
                       opts.new_cluster_domain_secret,
                       opts.cluster_domain_secret,
                       opts.force,
-                      opts.new_node_cert)
+                      opts.new_node_cert,
+                      opts.verbose,
+                      opts.debug > 0)
 
 
 def _GetEnabledDiskTemplates(opts):
@@ -2388,7 +2392,7 @@ commands = {
      NEW_CONFD_HMAC_KEY_OPT, FORCE_OPT,
      NEW_CLUSTER_DOMAIN_SECRET_OPT, CLUSTER_DOMAIN_SECRET_OPT,
      NEW_SPICE_CERT_OPT, SPICE_CERT_OPT, SPICE_CACERT_OPT,
-     NEW_NODE_CERT_OPT],
+     NEW_NODE_CERT_OPT, VERBOSE_OPT],
     "[opts...]",
     "Renews cluster certificates, keys and secrets"),
   "epo": (
diff --git a/src/Ganeti/OpCodes.hs b/src/Ganeti/OpCodes.hs
index 1238f97..b274a84 100644
--- a/src/Ganeti/OpCodes.hs
+++ b/src/Ganeti/OpCodes.hs
@@ -275,7 +275,9 @@ $(genOpCode "OpCode"
   , ("OpClusterRenewCrypto",
      [t| () |],
      OpDoc.opClusterRenewCrypto,
-     [],
+     [ pVerbose
+     , pDebug
+     ],
      [])
   , ("OpQuery",
      [t| QueryResponse |],
diff --git a/src/Ganeti/OpParams.hs b/src/Ganeti/OpParams.hs
index 3b1aab0..a09f9a9 100644
--- a/src/Ganeti/OpParams.hs
+++ b/src/Ganeti/OpParams.hs
@@ -99,6 +99,7 @@ module Ganeti.OpParams
   , pBackupCompress
   , pStartupPaused
   , pVerbose
+  , pDebug
   , pDebugSimulateErrors
   , pErrorCodes
   , pSkipChecks
@@ -554,6 +555,11 @@ pVerbose =
   withDoc "Verbose mode" $
   defaultFalse "verbose"
 
+pDebug :: Field
+pDebug =
+  withDoc "Debug mode" $
+  defaultFalse "debug"
+
 pOptGroupName :: Field
 pOptGroupName =
   withDoc "Optional group name" .
diff --git a/test/hs/Test/Ganeti/OpCodes.hs b/test/hs/Test/Ganeti/OpCodes.hs
index 5d84edd..167b28b 100644
--- a/test/hs/Test/Ganeti/OpCodes.hs
+++ b/test/hs/Test/Ganeti/OpCodes.hs
@@ -157,7 +157,8 @@ instance Arbitrary OpCodes.OpCode where
       "OP_TAGS_DEL" ->
         arbitraryOpTagsDel
       "OP_CLUSTER_POST_INIT" -> pure OpCodes.OpClusterPostInit
-      "OP_CLUSTER_RENEW_CRYPTO" -> pure OpCodes.OpClusterRenewCrypto
+      "OP_CLUSTER_RENEW_CRYPTO" -> OpCodes.OpClusterRenewCrypto <$>
+         arbitrary <*> arbitrary
       "OP_CLUSTER_DESTROY" -> pure OpCodes.OpClusterDestroy
       "OP_CLUSTER_QUERY" -> pure OpCodes.OpClusterQuery
       "OP_CLUSTER_VERIFY" ->
-- 
2.4.3.573.g4eafbef

[PATCH stable-2.12 18/29] Renew-crypto: propagate verbose and debug option

Reply via email to