Renew-crypto: propagate verbose and debug option
authorHelga Velroyen <helgav@google.com>
Fri, 19 Jun 2015 11:36:06 +0000 (13:36 +0200)
committerHelga Velroyen <helgav@google.com>
Mon, 6 Jul 2015 10:46:25 +0000 (12:46 +0200)
This patch enables the user to add --debug and/or --verbose
to the call of 'renew-crypto'. This way, more output is
shown to debug SSL problems easier.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

lib/cli.py
lib/client/gnt_cluster.py
src/Ganeti/OpCodes.hs
src/Ganeti/OpParams.hs
test/hs/Test/Ganeti/OpCodes.hs

index 657308e..c1785f3 100644 (file)
@@ -2941,7 +2941,8 @@ class _RunWhileDaemonsStoppedHelper(object):
 
   """
   def __init__(self, feedback_fn, cluster_name, master_node,
-               online_nodes, ssh_ports, exclude_daemons):
+               online_nodes, ssh_ports, exclude_daemons, debug,
+               verbose):
     """Initializes this class.
 
     @type feedback_fn: callable
@@ -2958,6 +2959,10 @@ class _RunWhileDaemonsStoppedHelper(object):
     @param exclude_daemons: list of daemons to shutdown
     @param exclude_daemons: list of daemons that will be restarted after
                             all others are shutdown
+    @type debug: boolean
+    @param debug: show debug output
+    @type verbose: boolesn
+    @param verbose: show verbose output
 
     """
     self.feedback_fn = feedback_fn
@@ -2972,6 +2977,8 @@ class _RunWhileDaemonsStoppedHelper(object):
                             if name != master_node]
 
     self.exclude_daemons = exclude_daemons
+    self.debug = debug
+    self.verbose = verbose
 
     assert self.master_node not in self.nonmaster_nodes
 
@@ -3060,7 +3067,7 @@ class _RunWhileDaemonsStoppedHelper(object):
       watcher_block.Close()
 
 
-def RunWhileDaemonsStopped(feedback_fn, exclude_daemons, fn, *args):
+def RunWhileDaemonsStopped(feedback_fn, exclude_daemons, fn, *args, **kwargs):
   """Calls a function while all cluster daemons are stopped.
 
   @type feedback_fn: callable
@@ -3090,9 +3097,12 @@ def RunWhileDaemonsStopped(feedback_fn, exclude_daemons, fn, *args):
   if exclude_daemons is None:
     exclude_daemons = []
 
+  debug = kwargs.get("debug", False)
+  verbose = kwargs.get("verbose", False)
+
   return _RunWhileDaemonsStoppedHelper(
       feedback_fn, cluster_name, master_node, online_nodes, ssh_ports,
-      exclude_daemons).Call(fn, *args)
+      exclude_daemons, debug, verbose).Call(fn, *args)
 
 
 def RunWhileClusterStopped(feedback_fn, fn, *args):
index e46c136..2378f5d 100644 (file)
@@ -941,7 +941,7 @@ def _ReadAndVerifyCert(cert_filename, verify_private_key=False):
 def _RenewCrypto(new_cluster_cert, new_rapi_cert, # pylint: disable=R0911
                  rapi_cert_filename, new_spice_cert, spice_cert_filename,
                  spice_cacert_filename, new_confd_hmac_key, new_cds,
-                 cds_filename, force, new_node_cert):
+                 cds_filename, force, new_node_cert, verbose, debug):
   """Renews cluster certificates, keys and secrets.
 
   @type new_cluster_cert: bool
@@ -967,6 +967,10 @@ def _RenewCrypto(new_cluster_cert, new_rapi_cert, # pylint: disable=R0911
   @param force: Whether to ask user for confirmation
   @type new_node_cert: string
   @param new_node_cert: Whether to generate new node certificates
+  @type verbose: boolean
+  @param verbose: show verbose output
+  @type debug: boolean
+  @param debug: show debug output
 
   """
   if new_rapi_cert and rapi_cert_filename:
@@ -1061,10 +1065,6 @@ def _RenewCrypto(new_cluster_cert, new_rapi_cert, # pylint: disable=R0911
   def _RenewClientCerts(ctx):
     ctx.feedback_fn("Updating client SSL certificates.")
 
-    # TODO: transport those options outside.
-    debug = True
-    verbose = True
-
     cluster_name = ssconf.SimpleStore().GetClusterName()
 
     for node_name in ctx.nonmaster_nodes + [ctx.master_node]:
@@ -1080,8 +1080,8 @@ def _RenewCrypto(new_cluster_cert, new_rapi_cert, # pylint: disable=R0911
           cluster_name,
           node_name,
           pathutils.SSL_UPDATE,
-          debug,
-          verbose,
+          ctx.debug,
+          ctx.verbose,
           True, # use cluster key
           False, # ask key
           True, # strict host check
@@ -1138,13 +1138,14 @@ def _RenewCrypto(new_cluster_cert, new_rapi_cert, # pylint: disable=R0911
   # If only node certficates are recreated, call _RenewClientCerts only.
   if new_node_cert and not new_cluster_cert:
     RunWhileDaemonsStopped(ToStdout, [constants.NODED, constants.WCONFD],
-                           _RenewClientCerts)
+                           _RenewClientCerts, verbose=verbose, debug=debug)
 
   # If the cluster certificate are renewed, the client certificates need
   # to be renewed too.
   if new_cluster_cert:
     RunWhileDaemonsStopped(ToStdout, [constants.NODED, constants.WCONFD],
-                           _RenewServerAndClientCerts)
+                           _RenewServerAndClientCerts, verbose=verbose,
+                           debug=debug)
 
   ToStdout("All requested certificates and keys have been replaced."
            " Running \"gnt-cluster verify\" now is recommended.")
@@ -1171,7 +1172,9 @@ def RenewCrypto(opts, args):
                       opts.new_cluster_domain_secret,
                       opts.cluster_domain_secret,
                       opts.force,
-                      opts.new_node_cert)
+                      opts.new_node_cert,
+                      opts.verbose,
+                      opts.debug > 0)
 
 
 def _GetEnabledDiskTemplates(opts):
@@ -2389,7 +2392,7 @@ commands = {
      NEW_CONFD_HMAC_KEY_OPT, FORCE_OPT,
      NEW_CLUSTER_DOMAIN_SECRET_OPT, CLUSTER_DOMAIN_SECRET_OPT,
      NEW_SPICE_CERT_OPT, SPICE_CERT_OPT, SPICE_CACERT_OPT,
-     NEW_NODE_CERT_OPT],
+     NEW_NODE_CERT_OPT, VERBOSE_OPT],
     "[opts...]",
     "Renews cluster certificates, keys and secrets"),
   "epo": (
index 1238f97..b274a84 100644 (file)
@@ -275,7 +275,9 @@ $(genOpCode "OpCode"
   , ("OpClusterRenewCrypto",
      [t| () |],
      OpDoc.opClusterRenewCrypto,
-     [],
+     [ pVerbose
+     , pDebug
+     ],
      [])
   , ("OpQuery",
      [t| QueryResponse |],
index 3b1aab0..a09f9a9 100644 (file)
@@ -99,6 +99,7 @@ module Ganeti.OpParams
   , pBackupCompress
   , pStartupPaused
   , pVerbose
+  , pDebug
   , pDebugSimulateErrors
   , pErrorCodes
   , pSkipChecks
@@ -554,6 +555,11 @@ pVerbose =
   withDoc "Verbose mode" $
   defaultFalse "verbose"
 
+pDebug :: Field
+pDebug =
+  withDoc "Debug mode" $
+  defaultFalse "debug"
+
 pOptGroupName :: Field
 pOptGroupName =
   withDoc "Optional group name" .
index 5d84edd..167b28b 100644 (file)
@@ -157,7 +157,8 @@ instance Arbitrary OpCodes.OpCode where
       "OP_TAGS_DEL" ->
         arbitraryOpTagsDel
       "OP_CLUSTER_POST_INIT" -> pure OpCodes.OpClusterPostInit
-      "OP_CLUSTER_RENEW_CRYPTO" -> pure OpCodes.OpClusterRenewCrypto
+      "OP_CLUSTER_RENEW_CRYPTO" -> OpCodes.OpClusterRenewCrypto <$>
+         arbitrary <*> arbitrary
       "OP_CLUSTER_DESTROY" -> pure OpCodes.OpClusterDestroy
       "OP_CLUSTER_QUERY" -> pure OpCodes.OpClusterQuery
       "OP_CLUSTER_VERIFY" ->