Refactor TLS cert fetching for config
* No longer generate Key,CSR and sign cert if use_keystone is set. * Break complex section into smaller functions. Change-Id: I500d9421d188c98daa685aaff79968a935ce8371
This commit is contained in:
parent
260925ec64
commit
3833c46ba4
@ -438,30 +438,63 @@ class ConfigCluster(command.Command):
|
|||||||
|
|
||||||
cluster_template = mag_client.cluster_templates.get(
|
cluster_template = mag_client.cluster_templates.get(
|
||||||
cluster.cluster_template_id)
|
cluster.cluster_template_id)
|
||||||
opts = {
|
|
||||||
'cluster_uuid': cluster.uuid,
|
|
||||||
}
|
|
||||||
|
|
||||||
tls = None
|
tls = self._fetch_tls(
|
||||||
if not cluster_template.tls_disabled:
|
mag_client=mag_client,
|
||||||
tls = magnum_utils.generate_csr_and_key()
|
cluster_uuid=cluster.uuid,
|
||||||
tls['ca'] = mag_client.certificates.get(**opts).pem
|
tls_required=(not cluster_template.tls_disabled),
|
||||||
opts['csr'] = tls['csr']
|
certkey_required=(not parsed_args.use_keystone)
|
||||||
tls['cert'] = mag_client.certificates.create(**opts).pem
|
)
|
||||||
if parsed_args.output_certs:
|
|
||||||
for k in ('key', 'cert', 'ca'):
|
if parsed_args.output_certs:
|
||||||
fname = "%s/%s.pem" % (parsed_args.dir, k)
|
self._write_certs(
|
||||||
if os.path.exists(fname) and not parsed_args.force:
|
certs=tls,
|
||||||
raise Exception("File %s exists, aborting." % fname)
|
path=parsed_args.dir,
|
||||||
else:
|
force=parsed_args.force
|
||||||
with open(fname, "w") as f:
|
)
|
||||||
f.write(tls[k])
|
|
||||||
|
|
||||||
print(magnum_utils.config_cluster(
|
print(magnum_utils.config_cluster(
|
||||||
cluster, cluster_template, parsed_args.dir,
|
cluster, cluster_template, parsed_args.dir,
|
||||||
force=parsed_args.force, certs=tls,
|
force=parsed_args.force, certs=tls,
|
||||||
use_keystone=parsed_args.use_keystone))
|
use_keystone=parsed_args.use_keystone))
|
||||||
|
|
||||||
|
def _fetch_tls(
|
||||||
|
self,
|
||||||
|
mag_client,
|
||||||
|
cluster_uuid,
|
||||||
|
tls_required,
|
||||||
|
certkey_required=True,
|
||||||
|
):
|
||||||
|
if not tls_required:
|
||||||
|
return {}
|
||||||
|
opts = {
|
||||||
|
'cluster_uuid': cluster_uuid,
|
||||||
|
}
|
||||||
|
tls = {
|
||||||
|
'ca': mag_client.certificates.get(**opts).pem
|
||||||
|
}
|
||||||
|
|
||||||
|
if certkey_required:
|
||||||
|
csr = magnum_utils.generate_csr_and_key()
|
||||||
|
opts['csr'] = csr['csr']
|
||||||
|
tls['cert'] = mag_client.certificates.create(**opts).pem
|
||||||
|
tls['key'] = csr['key']
|
||||||
|
return tls
|
||||||
|
|
||||||
|
def _write_certs(self, certs, path, force):
|
||||||
|
for k in ('key', 'cert', 'ca'):
|
||||||
|
fname = "%s/%s.pem" % (path, k)
|
||||||
|
if os.path.exists(fname):
|
||||||
|
if not force:
|
||||||
|
raise Exception("File %s exists, aborting." % fname)
|
||||||
|
os.remove(fname)
|
||||||
|
|
||||||
|
if k not in certs:
|
||||||
|
# key and cert aren't always generated
|
||||||
|
continue
|
||||||
|
with open(fname, "w") as f:
|
||||||
|
f.write(certs[k])
|
||||||
|
|
||||||
|
|
||||||
class ResizeCluster(command.Command):
|
class ResizeCluster(command.Command):
|
||||||
_description = _("Resize a Cluster")
|
_description = _("Resize a Cluster")
|
||||||
|
@ -269,6 +269,7 @@ def do_cluster_config(cs, args):
|
|||||||
'cluster_uuid': cluster.uuid,
|
'cluster_uuid': cluster.uuid,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Create a new Certificate and Key, sign it
|
||||||
if not cluster_template.tls_disabled:
|
if not cluster_template.tls_disabled:
|
||||||
tls = magnum_utils.generate_csr_and_key()
|
tls = magnum_utils.generate_csr_and_key()
|
||||||
tls['ca'] = cs.certificates.get(**opts).pem
|
tls['ca'] = cs.certificates.get(**opts).pem
|
||||||
|
Loading…
Reference in New Issue
Block a user