We do not need client certificate to work with etcd SSL

Change-Id: I0411618dbe241313d5b7ff239c594dc57dc46884
2017-02-17 14:32:16 +00:00 · 2017-02-17 14:32:16 +00:00 · 3bb9d71a95
parent 702b56a486
commit 3bb9d71a95
3 changed files with 2 additions and 19 deletions
--- a/service/files/galera_checker.py
+++ b/service/files/galera_checker.py
@ -32,10 +32,7 @@ SST_FLAG = os.path.join(DATADIR, "sst_in_progress")
 PID_FILE = os.path.join(DATADIR, "mysqld.pid")
 HOSTNAME = socket.getfqdn()
 IPADDR = socket.gethostbyname(HOSTNAME)
-
 CA_CERT = '/opt/ccp/etc/tls/ca.pem'
-SERVER_CERT = '/opt/ccp/etc/tls/server-cert.pem'
-SERVER_KEY = '/opt/ccp/etc/tls/server-key.pem'

 MONITOR_PASSWORD = None
 CLUSTER_NAME = None
@ -71,18 +68,15 @@ def get_etcd_client():

    if ETCD_TLS:
        protocol = 'https'
-        cert = (SERVER_CERT, SERVER_KEY)
        ca_cert = CA_CERT
    else:
        protocol = 'http'
-        cert = None
        ca_cert = None

    return etcd.Client(host=ETCD_HOST,
                       port=ETCD_PORT,
                       allow_reconnect=True,
                       protocol=protocol,
-                       cert=cert,
                       ca_cert=ca_cert,
                       read_timeout=2)

--- a/service/files/haproxy_entrypoint.py
+++ b/service/files/haproxy_entrypoint.py
@ -17,10 +17,7 @@ IPADDR = socket.gethostbyname(HOSTNAME)
 BACKEND_NAME = "galera-cluster"
 SERVER_NAME = "primary"
 GLOBALS_PATH = '/etc/ccp/globals/globals.json'
-
 CA_CERT = '/opt/ccp/etc/tls/ca.pem'
-SERVER_CERT = '/opt/ccp/etc/tls/server-cert.pem'
-SERVER_KEY = '/opt/ccp/etc/tls/server-key.pem'

 LOG_DATEFMT = "%Y-%m-%d %H:%M:%S"
 LOG_FORMAT = "%(asctime)s.%(msecs)03d - %(levelname)s - %(message)s"
@ -88,18 +85,15 @@ def get_etcd_client():

    if ETCD_TLS:
        protocol = 'https'
-        cert = (SERVER_CERT, SERVER_KEY)
        ca_cert = CA_CERT
    else:
        protocol = 'http'
-        cert = None
        ca_cert = None

    return etcd.Client(host=ETCD_HOST,
                       port=ETCD_PORT,
                       allow_reconnect=True,
                       protocol=protocol,
-                       cert=cert,
                       ca_cert=ca_cert,
                       read_timeout=2)

--- a/service/files/percona_entrypoint.py
+++ b/service/files/percona_entrypoint.py
@ -26,10 +26,7 @@ GRASTATE_FILE = os.path.join(DATADIR, 'grastate.dat')
 SST_FLAG = os.path.join(DATADIR, "sst_in_progress")
 DHPARAM = os.path.join(DATADIR, "dhparams.pem")
 GLOBALS_PATH = '/etc/ccp/globals/globals.json'
-
 CA_CERT = '/opt/ccp/etc/tls/ca.pem'
-SERVER_CERT = '/opt/ccp/etc/tls/server-cert.pem'
-SERVER_KEY = '/opt/ccp/etc/tls/server-key.pem'

 LOG_DATEFMT = "%Y-%m-%d %H:%M:%S"
 LOG_FORMAT = "%(asctime)s.%(msecs)03d - %(levelname)s - %(message)s"
@ -130,18 +127,15 @@ def get_etcd_client():

    if ETCD_TLS:
        protocol = 'https'
-        cert = (SERVER_CERT, SERVER_KEY)
        ca_cert = CA_CERT
    else:
        protocol = 'http'
-        cert = None
        ca_cert = None

    return etcd.Client(host=ETCD_HOST,
                       port=ETCD_PORT,
                       allow_reconnect=True,
                       protocol=protocol,
-                       cert=cert,
                       ca_cert=ca_cert,
                       read_timeout=2)

@ -746,7 +740,8 @@ def main(ttl):
            LOG.info("Recovery is done. Node is ready.")

        wait_for_mysqld(mysqld)
-    except Exception:
+    except Exception as err:
+        LOG.exception(err)
        raise
    finally:
        etcd_deregister_in_path(etcd_client, 'queue')