def _CreateRapiUser(rapi_user):
"""RAPI credentials creation, with the secret auto-generated.
"""
rapi_secret = utils.GenerateSecret()
master = qa_config.GetMasterNode()
rapi_users_path = qa_utils.MakeNodePath(master, pathutils.RAPI_USERS_FILE)
rapi_dir = os.path.dirname(rapi_users_path)
fh = tempfile.NamedTemporaryFile(mode="w")
try:
fh.write("%s %s write\n" % (rapi_user, rapi_secret))
fh.flush()
tmpru = qa_utils.UploadFile(master.primary, fh.name)
try:
AssertCommand(["mkdir", "-p", rapi_dir])
AssertCommand(["mv", tmpru, rapi_users_path])
finally:
AssertCommand(["rm", "-f", tmpru])
finally:
fh.close()
# The certificates have to be reloaded now
AssertCommand(["service", "ganeti", "restart"])
return rapi_secret
def _ResetWatcherDaemon():
"""Removes the watcher daemon's state file.
"""
path = \
qa_utils.MakeNodePath(qa_config.GetMasterNode(),
pathutils.WATCHER_GROUP_STATE_FILE % "*-*-*-*")
AssertCommand(["bash", "-c", "rm -vf %s" % path])
def ReloadCertificates(ensure_presence=True):
"""Reloads the client RAPI certificate with the one present on the node.
If the QA is set up to use a specific certificate using the
"rapi-files-location" parameter, it will be put in place prior to retrieving
it.
"""
if ensure_presence:
_EnsureRapiFilesPresence()
if _rapi_username is None or _rapi_password is None:
raise qa_error.Error("RAPI username and password have to be set before"
" attempting to reload a certificate.")
# pylint: disable=W0603
# due to global usage
global _rapi_ca
global _rapi_client
master = qa_config.GetMasterNode()
# Load RAPI certificate from master node
cmd = [
"openssl", "x509", "-in",
qa_utils.MakeNodePath(master, pathutils.RAPI_CERT_FILE)
]
# Write to temporary file
_rapi_ca = tempfile.NamedTemporaryFile(mode="w")
_rapi_ca.write(
qa_utils.GetCommandOutput(master.primary, utils.ShellQuoteArgs(cmd)))
_rapi_ca.flush()
port = qa_config.get("rapi-port", default=constants.DEFAULT_RAPI_PORT)
cfg_curl = rapi.client.GenericCurlConfig(cafile=_rapi_ca.name, proxy="")
if qa_config.UseVirtualCluster():
# TODO: Implement full support for RAPI on virtual clusters
print(
qa_logging.FormatWarning("RAPI tests are not yet supported on"
" virtual clusters and will be disabled"))
assert _rapi_client is None
else:
_rapi_client = rapi.client.GanetiRapiClient(master.primary,
port=port,
username=_rapi_username,
password=_rapi_password,
curl_config_fn=cfg_curl)
print("RAPI protocol version: %s" % _rapi_client.GetVersion())
def _ReadSsconfInstanceList():
"""Reads ssconf_instance_list from the master node.
"""
master = qa_config.GetMasterNode()
ssconf_path = utils.PathJoin(pathutils.DATA_DIR,
"ssconf_%s" % constants.SS_INSTANCE_LIST)
cmd = ["cat", qa_utils.MakeNodePath(master, ssconf_path)]
return qa_utils.GetCommandOutput(master.primary,
utils.ShellQuoteArgs(cmd)).splitlines()
def _LookupRapiSecret(rapi_user):
"""Find the RAPI secret for the given user on the QA machines.
@param rapi_user: Login user
@return: Login secret for the user
"""
CTEXT = "{CLEARTEXT}"
master = qa_config.GetMasterNode()
cmd = ["cat", qa_utils.MakeNodePath(master, pathutils.RAPI_USERS_FILE)]
file_content = qa_utils.GetCommandOutput(master.primary,
utils.ShellQuoteArgs(cmd))
users = ParsePasswordFile(file_content)
entry = users.get(rapi_user)
if not entry:
raise qa_error.Error("User %s not found in RAPI users file" %
rapi_user)
secret = entry.password
if secret.upper().startswith(CTEXT):
secret = secret[len(CTEXT):]
elif secret.startswith("{"):
raise qa_error.Error("Unsupported password schema for RAPI user %s:"
" not a clear text password" % rapi_user)
return secret