Bootstrap: validate SSL setup before starting noded
authorHelga Velroyen <helgav@google.com>
Mon, 22 Jun 2015 13:01:04 +0000 (15:01 +0200)
committerHelga Velroyen <helgav@google.com>
Mon, 6 Jul 2015 10:46:34 +0000 (12:46 +0200)
This patch adds a few checks which ensure that all
files necessary for proper SSL communication are
in place before noded is started on the master node.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

lib/bootstrap.py

index 910ea63..3beefa0 100644 (file)
@@ -236,6 +236,20 @@ def _InitGanetiServerSetup(master_name, cfg):
   cfg.Update(cfg.GetClusterInfo(), logging.error)
   ssconf.WriteSsconfFiles(cfg.GetSsconfValues())
 
+  if not os.path.exists(
+      os.path.join(pathutils.DATA_DIR,
+      "%s%s" % (constants.SSCONF_FILEPREFIX,
+                constants.SS_MASTER_CANDIDATES_CERTS))):
+    raise errors.OpExecError("Ssconf file for master candidate certificates"
+                             " was not written.")
+
+  if not os.path.exists(pathutils.NODED_CERT_FILE):
+    raise errors.OpExecError("The server certficate was not created properly.")
+
+  if not os.path.exists(pathutils.NODED_CLIENT_CERT_FILE):
+    raise errors.OpExecError("The client certificate was not created"
+                             " properly.")
+
   # set up the inter-node password and certificate
   result = utils.RunCmd([pathutils.DAEMON_UTIL, "start", constants.NODED])
   if result.failed: