Init: add master client certificate to configuration

This patch adds a few steps to bootstrap.py. After the
creation of the server (cluster) certificate and the
master node's client certificate, the digest of that
client certificate is added to the configuration and
by an update of the configuraiton written to the
ssconf_master_candidates_certs file.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

diff --git a/lib/bootstrap.py b/lib/bootstrap.py
index fa6ae19..910ea63 100644 (file)
--- a/lib/bootstrap.py
+++ b/lib/bootstrap.py
@@ -214,7 +214,7 @@ def GenerateClusterCrypto(new_cluster_cert, new_rapi_cert, new_spice_cert,
     GenerateHmacKey(cds_file)
 
 
-def _InitGanetiServerSetup(master_name):
+def _InitGanetiServerSetup(master_name, cfg):
   """Setup the necessary configuration for the initial node daemon.
 
   This creates the nodepass file containing the shared password for
@@ -222,11 +222,21 @@ def _InitGanetiServerSetup(master_name):
 
   @type master_name: str
   @param master_name: Name of the master node
+  @type cfg: ConfigWriter
+  @param cfg: the configuration writer
 
   """
   # Generate cluster secrets
   GenerateClusterCrypto(True, False, False, False, False, False, master_name)
 
+  # Add the master's SSL certificate digest to the configuration.
+  master_uuid = cfg.GetMasterNode()
+  master_digest = utils.GetCertificateDigest()
+  cfg.AddNodeToCandidateCerts(master_uuid, master_digest)
+  cfg.Update(cfg.GetClusterInfo(), logging.error)
+  ssconf.WriteSsconfFiles(cfg.GetSsconfValues())
+
+  # set up the inter-node password and certificate
   result = utils.RunCmd([pathutils.DAEMON_UTIL, "start", constants.NODED])
   if result.failed:
     raise errors.OpExecError("Could not start the node daemon, command %s"
@@ -894,7 +904,7 @@ def InitCluster(cluster_name, mac_prefix, # pylint: disable=R0913, R0914
   ssconf.WriteSsconfFiles(cfg.GetSsconfValues())
 
   # set up the inter-node password and certificate
-  _InitGanetiServerSetup(hostname.name)
+  _InitGanetiServerSetup(hostname.name, cfg)
 
   logging.debug("Starting daemons")
   result = utils.RunCmd([pathutils.DAEMON_UTIL, "start-all"])

diff --git a/test/py/cmdlib/cluster_unittest.py b/test/py/cmdlib/cluster_unittest.py
index ff0d0bb..650d8e1 100644 (file)
--- a/test/py/cmdlib/cluster_unittest.py
+++ b/test/py/cmdlib/cluster_unittest.py
@@ -217,16 +217,7 @@ class TestLUClusterDestroy(CmdlibTestCase):
 
 class TestLUClusterPostInit(CmdlibTestCase):
 
-  @testutils.patch_object(cluster, "_UpdateMasterClientCert")
-  def testExecution(self, update_client_cert_mock):
-    # mock the client certificate creation as it is tested separately
-    update_client_cert_mock.return_value = None
-    # For the purpose of this test, return the same certificate digest for all
-    # nodes
-    self.rpc.call_node_crypto_tokens = \
-      lambda node_uuid, _: self.RpcResultsBuilder() \
-        .CreateSuccessfulNodeResult(node_uuid,
-          [(constants.CRYPTO_TYPE_SSL_DIGEST, "IA:MA:FA:KE:DI:GE:ST")])
+  def testExecution(self):
     op = opcodes.OpClusterPostInit()
 
     self.ExecOpCode(op)