tools: Move (Re)GenerateClientCert to common
[ganeti-github.git] / lib / tools / ssl_update.py
1 #
2 #
3
4 # Copyright (C) 2015 Google Inc.
5 # All rights reserved.
6 #
7 # Redistribution and use in source and binary forms, with or without
8 # modification, are permitted provided that the following conditions are
9 # met:
10 #
11 # 1. Redistributions of source code must retain the above copyright notice,
12 # this list of conditions and the following disclaimer.
13 #
14 # 2. Redistributions in binary form must reproduce the above copyright
15 # notice, this list of conditions and the following disclaimer in the
16 # documentation and/or other materials provided with the distribution.
17 #
18 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
19 # IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
20 # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
21 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
22 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23 # EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24 # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25 # PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29
30 """Script to recreate and sign the client SSL certificates.
31
32 """
33
34 import os
35 import os.path
36 import optparse
37 import sys
38 import logging
39
40 from ganeti import cli
41 from ganeti import constants
42 from ganeti import errors
43 from ganeti import utils
44 from ganeti import ht
45 from ganeti.tools import common
46
47
48 _DATA_CHECK = ht.TStrictDict(False, True, {
49 constants.NDS_CLUSTER_NAME: ht.TNonEmptyString,
50 constants.NDS_NODE_DAEMON_CERTIFICATE: ht.TNonEmptyString,
51 constants.NDS_NODE_NAME: ht.TNonEmptyString,
52 })
53
54
55 class SslSetupError(errors.GenericError):
56 """Local class for reporting errors.
57
58 """
59
60
61 def ParseOptions():
62 """Parses the options passed to the program.
63
64 @return: Options and arguments
65
66 """
67 parser = optparse.OptionParser(usage="%prog [--dry-run]",
68 prog=os.path.basename(sys.argv[0]))
69 parser.add_option(cli.DEBUG_OPT)
70 parser.add_option(cli.VERBOSE_OPT)
71 parser.add_option(cli.DRY_RUN_OPT)
72
73 (opts, args) = parser.parse_args()
74
75 return common.VerifyOptions(parser, opts, args)
76
77
78 def Main():
79 """Main routine.
80
81 """
82 opts = ParseOptions()
83
84 utils.SetupToolLogging(opts.debug, opts.verbose)
85
86 try:
87 data = common.LoadData(sys.stdin.read(), _DATA_CHECK)
88
89 common.VerifyClusterName(data, SslSetupError)
90
91 # Verifies whether the server certificate of the caller
92 # is the same as on this node.
93 common.VerifyCertificate(data, SslSetupError)
94
95 common.GenerateClientCertificate(data, SslSetupError)
96
97 except Exception, err: # pylint: disable=W0703
98 logging.debug("Caught unhandled exception", exc_info=True)
99
100 (retcode, message) = cli.FormatError(err)
101 logging.error(message)
102
103 return retcode
104 else:
105 return constants.EXIT_SUCCESS