Trees       Indices       Help   
Ganeti
Package ganeti :: Package utils :: Module security
[hide private]
[frames] | no frames]

Module security

source code

Utility functions for security features of Ganeti.

Functions [hide private]
 
UuidToInt(uuid) source code
 
AddNodeToCandidateCerts(node_uuid, cert_digest, candidate_certs, info_fn=logging.info, warn_fn=logging.warn)
Adds an entry to the candidate certificate map.		 source code
 
RemoveNodeFromCandidateCerts(node_uuid, candidate_certs, warn_fn=logging.warn)
Removes the entry of the given node in the certificate map.		 source code
 
GetCertificateDigest(cert_filename=pathutils.NODED_CLIENT_CERT_FILE)
Reads the SSL certificate and returns the sha1 digest.		 source code
 
GenerateNewSslCert(new_cert, cert_filename, serial_no, log_msg, uid=-1, gid=-1)
Creates a new SSL certificate and backups the old one.		 source code
 
VerifyCertificate(filename)
Verifies a SSL certificate.		 source code

Imports: logging, OpenSSL, os, uuid_module, io, x509, constants, errors, pathutils


Function Details [hide private]

AddNodeToCandidateCerts(node_uuid, cert_digest, candidate_certs, info_fn=logging.info, warn_fn=logging.warn)

source code 

Adds an entry to the candidate certificate map.

Parameters:
  • node_uuid (string) - the node's UUID
  • cert_digest (string) - the digest of the node's client SSL certificate
  • candidate_certs (dict of strings to strings) - map of node UUIDs to the digests of their client SSL certificates, will be manipulated in this function
  • info_fn (function) - logging function for information messages
  • warn_fn (function) - logging function for warning messages

RemoveNodeFromCandidateCerts(node_uuid, candidate_certs, warn_fn=logging.warn)

source code 

Removes the entry of the given node in the certificate map.

Parameters:
  • node_uuid (string) - the node's UUID
  • candidate_certs (dict of strings to strings) - map of node UUIDs to the digests of their client SSL certificates, will be manipulated in this function
  • warn_fn (function) - logging function for warning messages

GenerateNewSslCert(new_cert, cert_filename, serial_no, log_msg, uid=-1, gid=-1)

source code 

Creates a new SSL certificate and backups the old one.

Parameters:
  • new_cert (boolean) - whether a new certificate should be created
  • cert_filename (string) - filename of the certificate file
  • serial_no (int) - serial number of the certificate
  • log_msg (string) - log message to be written on certificate creation
  • uid (int) - the user ID of the user who will be owner of the certificate file
  • gid (int) - the group ID of the group who will own the certificate file

VerifyCertificate(filename)

source code 

Verifies a SSL certificate.

Parameters:
  • filename (string) - Path to PEM file

   Trees       Indices       Help   
Ganeti
Generated by Epydoc 3.0.1 on Mon Jan 11 11:57:45 2016 http://epydoc.sourceforge.net