Re: [PATCH master 3/3] Also ship the hmac key with the inital data

Mon, 28 Sep 2015 07:20:15 -0700 

On Mon, Sep 28, 2015 at 12:37:11PM +0200, 'Klaus Aehlig' via ganeti-devel wrote:

On setting up a node, initial data is shipped via ssh to the
target node, so that the node daemon can run properly to take
on the remaining configuration tasks via RPC. At that point, also
other daemons, including the monitoring daemon (if enabled) are
started. Therefore, also ship the hmac key file as part of the
initial data, as the monitoring daemon needs it for confd queries.

Signed-off-by: Klaus Aehlig <[email protected]>
---
lib/bootstrap.py               | 2 ++
lib/tools/node_daemon_setup.py | 8 ++++++++
2 files changed, 10 insertions(+)

diff --git a/lib/bootstrap.py b/lib/bootstrap.py
index a2bc3a6..55a691c 100644
--- a/lib/bootstrap.py
+++ b/lib/bootstrap.py
@@ -933,6 +933,8 @@ def SetupNodeDaemon(opts, cluster_name, node, ssh_port):
    constants.NDS_CLUSTER_NAME: cluster_name,
    constants.NDS_NODE_DAEMON_CERTIFICATE:
      utils.ReadFile(pathutils.NODED_CERT_FILE),
+    constants.NDS_HMAC:
+      utils.ReadFile(pathutils.CONFD_HMAC_KEY),
    constants.NDS_SSCONF: ssconf.SimpleStore().ReadAll(),
    constants.NDS_START_NODE_DAEMON: True,
    constants.NDS_NODE_NAME: node,
diff --git a/lib/tools/node_daemon_setup.py b/lib/tools/node_daemon_setup.py
index e45e2e0..6ade4bd 100644
--- a/lib/tools/node_daemon_setup.py
+++ b/lib/tools/node_daemon_setup.py
@@ -51,6 +51,7 @@ from ganeti.tools import common
_DATA_CHECK = ht.TStrictDict(False, True, {
  constants.NDS_CLUSTER_NAME: ht.TNonEmptyString,
  constants.NDS_NODE_DAEMON_CERTIFICATE: ht.TNonEmptyString,
+  constants.NDS_HMAC: ht.TNonEmptyString,
  constants.NDS_SSCONF: ht.TDictOf(ht.TNonEmptyString, ht.TString),
  constants.NDS_START_NODE_DAEMON: ht.TBool,
  constants.NDS_NODE_NAME: ht.TString,
@@ -127,11 +128,18 @@ def Main():
    cluster_name = common.VerifyClusterName(data, SetupError,
                                            constants.NDS_CLUSTER_NAME)
    cert_pem = common.VerifyCertificateStrong(data, SetupError)
+    hmac_key = common.VerifyHmac(data, SetupError)
    ssdata = VerifySsconf(data, cluster_name)

    logging.info("Writing ssconf files ...")
    ssconf.WriteSsconfFiles(ssdata, dry_run=opts.dry_run)

+    logging.info("Writing hmac.key ...")
+    utils.WriteFile(pathutils.CONFD_HMAC_KEY, data=hmac_key,
+                    mode=pathutils.NODED_CERT_MODE,
+                    uid=getent.masterd_uid, gid=getent.masterd_gid,
+                    dry_run=opts.dry_run)
+
    logging.info("Writing node daemon certificate ...")
    utils.WriteFile(pathutils.NODED_CERT_FILE, data=cert_pem,
                    mode=pathutils.NODED_CERT_MODE,
--
2.6.0.rc2.230.g3dd15c0



LGTM, thanks

Reply via email to