Back up old client.pem files
authorHelga Velroyen <helgav@google.com>
Mon, 8 Jun 2015 09:43:00 +0000 (11:43 +0200)
committerHelga Velroyen <helgav@google.com>
Mon, 6 Jul 2015 10:45:47 +0000 (12:45 +0200)
For post-mortems, let's make a backup of the client
certificate before renewing them.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

lib/tools/ssl_update.py
lib/utils/x509.py

index 36453d2..3764e2d 100644 (file)
@@ -100,7 +100,6 @@ def RegenerateClientCertificate(
   # The hostname of the node is provided with the input data.
   hostname = data.get(constants.NDS_NODE_NAME)
 
-  # TODO: make backup of the file before regenerating.
   utils.GenerateSignedSslCert(client_cert, serial_no, signing_cert,
                               common_name=hostname)
 
index 63ded07..dde88f9 100644 (file)
@@ -386,7 +386,7 @@ def GenerateSignedSslCert(filename_cert, serial_no,
       common_name, validity * 24 * 60 * 60, serial_no, signing_cert_pem)
 
   utils_io.WriteFile(filename_cert, mode=0440, data=key_pem + cert_pem,
-                     uid=uid, gid=gid)
+                     uid=uid, gid=gid, backup=True)
   return (key_pem, cert_pem)