From 3bb9d71a950f7ddb29924b16a69cb375bb625164 Mon Sep 17 00:00:00 2001 From: Proskurin Kirill Date: Fri, 17 Feb 2017 14:32:16 +0000 Subject: [PATCH] We do not need client certificate to work with etcd SSL Change-Id: I0411618dbe241313d5b7ff239c594dc57dc46884 --- service/files/galera_checker.py | 6 ------ service/files/haproxy_entrypoint.py | 6 ------ service/files/percona_entrypoint.py | 9 ++------- 3 files changed, 2 insertions(+), 19 deletions(-) diff --git a/service/files/galera_checker.py b/service/files/galera_checker.py index 9cc2ddc..185d1d7 100644 --- a/service/files/galera_checker.py +++ b/service/files/galera_checker.py @@ -32,10 +32,7 @@ SST_FLAG = os.path.join(DATADIR, "sst_in_progress") PID_FILE = os.path.join(DATADIR, "mysqld.pid") HOSTNAME = socket.getfqdn() IPADDR = socket.gethostbyname(HOSTNAME) - CA_CERT = '/opt/ccp/etc/tls/ca.pem' -SERVER_CERT = '/opt/ccp/etc/tls/server-cert.pem' -SERVER_KEY = '/opt/ccp/etc/tls/server-key.pem' MONITOR_PASSWORD = None CLUSTER_NAME = None @@ -71,18 +68,15 @@ def get_etcd_client(): if ETCD_TLS: protocol = 'https' - cert = (SERVER_CERT, SERVER_KEY) ca_cert = CA_CERT else: protocol = 'http' - cert = None ca_cert = None return etcd.Client(host=ETCD_HOST, port=ETCD_PORT, allow_reconnect=True, protocol=protocol, - cert=cert, ca_cert=ca_cert, read_timeout=2) diff --git a/service/files/haproxy_entrypoint.py b/service/files/haproxy_entrypoint.py index 2d6f21e..21319cc 100644 --- a/service/files/haproxy_entrypoint.py +++ b/service/files/haproxy_entrypoint.py @@ -17,10 +17,7 @@ IPADDR = socket.gethostbyname(HOSTNAME) BACKEND_NAME = "galera-cluster" SERVER_NAME = "primary" GLOBALS_PATH = '/etc/ccp/globals/globals.json' - CA_CERT = '/opt/ccp/etc/tls/ca.pem' -SERVER_CERT = '/opt/ccp/etc/tls/server-cert.pem' -SERVER_KEY = '/opt/ccp/etc/tls/server-key.pem' LOG_DATEFMT = "%Y-%m-%d %H:%M:%S" LOG_FORMAT = "%(asctime)s.%(msecs)03d - %(levelname)s - %(message)s" @@ -88,18 +85,15 @@ def get_etcd_client(): if ETCD_TLS: protocol = 'https' - cert = (SERVER_CERT, SERVER_KEY) ca_cert = CA_CERT else: protocol = 'http' - cert = None ca_cert = None return etcd.Client(host=ETCD_HOST, port=ETCD_PORT, allow_reconnect=True, protocol=protocol, - cert=cert, ca_cert=ca_cert, read_timeout=2) diff --git a/service/files/percona_entrypoint.py b/service/files/percona_entrypoint.py index 1c32ce6..2a55906 100644 --- a/service/files/percona_entrypoint.py +++ b/service/files/percona_entrypoint.py @@ -26,10 +26,7 @@ GRASTATE_FILE = os.path.join(DATADIR, 'grastate.dat') SST_FLAG = os.path.join(DATADIR, "sst_in_progress") DHPARAM = os.path.join(DATADIR, "dhparams.pem") GLOBALS_PATH = '/etc/ccp/globals/globals.json' - CA_CERT = '/opt/ccp/etc/tls/ca.pem' -SERVER_CERT = '/opt/ccp/etc/tls/server-cert.pem' -SERVER_KEY = '/opt/ccp/etc/tls/server-key.pem' LOG_DATEFMT = "%Y-%m-%d %H:%M:%S" LOG_FORMAT = "%(asctime)s.%(msecs)03d - %(levelname)s - %(message)s" @@ -130,18 +127,15 @@ def get_etcd_client(): if ETCD_TLS: protocol = 'https' - cert = (SERVER_CERT, SERVER_KEY) ca_cert = CA_CERT else: protocol = 'http' - cert = None ca_cert = None return etcd.Client(host=ETCD_HOST, port=ETCD_PORT, allow_reconnect=True, protocol=protocol, - cert=cert, ca_cert=ca_cert, read_timeout=2) @@ -746,7 +740,8 @@ def main(ttl): LOG.info("Recovery is done. Node is ready.") wait_for_mysqld(mysqld) - except Exception: + except Exception as err: + LOG.exception(err) raise finally: etcd_deregister_in_path(etcd_client, 'queue')