Received: by 10.14.210.133 with SMTP id u5mr8345953eeo.2.1349402149802;
        Thu, 04 Oct 2012 18:55:49 -0700 (PDT)
X-BeenThere: ganeti-devel@googlegroups.com
Received: by 10.14.198.197 with SMTP id v45ls2186172een.3.gmail; Thu, 04 Oct
 2012 18:55:45 -0700 (PDT)
Received: by 10.14.210.133 with SMTP id u5mr8345908eeo.2.1349402145695;
        Thu, 04 Oct 2012 18:55:45 -0700 (PDT)
Received: by 10.14.210.133 with SMTP id u5mr8345907eeo.2.1349402145686;
        Thu, 04 Oct 2012 18:55:45 -0700 (PDT)
Return-Path: <han...@google.com>
Received: from mail-ee0-f74.google.com (mail-ee0-f74.google.com [74.125.83.74])
        by gmr-mx.google.com with ESMTPS id d5si3609405eep.0.2012.10.04.18.55.45
        (version=TLSv1/SSLv3 cipher=OTHER);
        Thu, 04 Oct 2012 18:55:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of han...@google.com designates 74.125.83.74 as permitted sender) client-ip=74.125.83.74;
Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of han...@google.com designates 74.125.83.74 as permitted sender) smtp.mail=han...@google.com; dkim=pass header...@google.com
Received: by mail-ee0-f74.google.com with SMTP id b57so78256eek.1
        for <ganeti-devel@googlegroups.com>; Thu, 04 Oct 2012 18:55:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=from:to:subject:date:message-id:x-mailer:in-reply-to:references
         :mime-version:content-type:content-transfer-encoding;
        bh=9YiTVmzbUPjWdwZDIQookVXt/BDlnlDR8ZESPmPROB4=;
        b=cRvmKU9df1DHwYdbrZXWxI7YrwyGIDqxiNWw/+JlA3rxhkJzcFgtK8Om+2Tjn6HamZ
         mW7YBIZuKFs9GeAQyMt2zlAeXkd6ay1ymPmhaomQ8EDaFV8JTFvJScFfSYg+ZCxFqo6G
         9WRy1m8ZKy9nWBhKCosF37GViMQq2ktg2rbJYVgNwynIxzEGxvAMeXpvQISuKLX6EW50
         pOYeOzKDVyDAJXU4VjuykRrlZWHtYZejhUVxu9z7/UIJd02beVPhBa1LmLnc9mc+15pH
         964nGWMq7xIkWmHRq98Om23PrQ0AOtalXLG104d/RaZ+Tb8UvrCLv5Go7yAJNB+m6+G8
         DY+g==
        d=google.com; s=20120113;
        h=from:to:subject:date:message-id:x-mailer:in-reply-to:references
         :mime-version:content-type:content-transfer-encoding
         :x-gm-message-state;
        bh=9YiTVmzbUPjWdwZDIQookVXt/BDlnlDR8ZESPmPROB4=;
        b=YBZGQ3KHfFpNMr8y41fgsGJMMvuLDtU+CmQybA6dpchHG/VMKMRyYWxnirbro5W5ak
         7Qr6xl8HUY5Nsby9y/xIUjg9wWv39HxaziVTjx6gbInkd8FX+itgPTLQ//+TGRqO6xD2
         IIzLsj3HcdYWIGCBB93410rNbaD4YbyzHLd2QVbXdLMBpDrLTpNvOPMpuqMvsR5Vy3aJ
         iwPRniJkM4nUG9h/+tbHQBrm7/NHeGujfEHxcx+3kQ8//rFkomw+f9GKsB4irdRRhKu2
         2vFm0YyWUfwkmKRghWQrWdUlihCjL2WKxCAIW5rP2ljzGVsCAS3Ea8J3uxU452S5Ze4A
         MrZw==
Received: by 10.216.216.131 with SMTP id g3mr417639wep.10.1349402145424;
        Thu, 04 Oct 2012 18:55:45 -0700 (PDT)
Return-Path: <han...@google.com>
Received: from hpza10.eem.corp.google.com ([74.125.121.33])
        by gmr-mx.google.com with ESMTPS id b5si1899405wie.2.2012.10.04.18.55.45
        (version=TLSv1/SSLv3 cipher=AES128-SHA);
        Thu, 04 Oct 2012 18:55:45 -0700 (PDT)
Received: from hpgntaa-ubiq38.eem.corp.google.com (hpgntaa-ubiq38.eem.corp.google.com [172.25.129.80])
	by hpza10.eem.corp.google.com (Postfix) with ESMTP id 2EEA2200061
	for <ganeti-devel@googlegroups.com>; Thu,  4 Oct 2012 18:55:45 -0700 (PDT)
Received: by hpgntaa-ubiq38.eem.corp.google.com (Postfix, from userid 55155)
	id E1E08A395F; Fri,  5 Oct 2012 03:55:44 +0200 (CEST)
From: Michael Hanselmann <han...@google.com>
To: ganeti-devel@googlegroups.com
Subject: [PATCH master 4/8] Check fingerprint of file with allowed file storage paths
Date: Fri,  5 Oct 2012 03:55:40 +0200
Message-Id: <7a614cd30d68f92a705cd5020b5b2211b6616d05.1349401991.git.han...@google.com>
X-Mailer: git-send-email 1.7.7.3
In-Reply-To: <cover.1349401991.git.han...@google.com>
References: <cover.1349401991.git.han...@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Gm-Message-State: ALoCoQmyTiaG1yCJL0vLWvkyzpPx6SAQLOHFvWnmw+kpxySNFxiJQz2XRj9ExR719GxPZwa16YziTSr/UfiuZY6sR5joLzIHAvjsZwOWrNt8odLYlG3iW9ON2MxvYIyAz5098CKoB7GlfIgPwL4KVzPiD6DlCGVfA47crqvh4ki3E/d6x+jkUVoZ3KUWelA94XmvRSwWd6GdUM7UZy3VQVPoMP7rjossz88MDoazyYm41H9u9TdqQ1k=

This makes differences show up in “gnt-cluster verify†.
---
 lib/cmdlib.py |   18 ++++++++++++++----
 1 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/lib/cmdlib.py b/lib/cmdlib.py
index b72276c..5e6d5e9 100644
--- a/lib/cmdlib.py
+++ b/lib/cmdlib.py
@@ -4292,12 +4292,12 @@ def _ComputeAncillaryFiles(cluster, redist):
     pathutils.RAPI_USERS_FILE,
     ])
 
-  if not redist:
-    files_all.update(pathutils.ALL_CERT_FILES)
-    files_all.update(ssconf.SimpleStore().GetFileList())
-  else:
+  if redist:
     # we need to ship at least the RAPI certificate
     files_all.add(pathutils.RAPI_CERT_FILE)
+  else:
+    files_all.update(pathutils.ALL_CERT_FILES)
+    files_all.update(ssconf.SimpleStore().GetFileList())
 
   if cluster.modify_etc_hosts:
     files_all.add(constants.ETC_HOSTS)
@@ -4318,6 +4318,12 @@ def _ComputeAncillaryFiles(cluster, redist):
   if not redist:
     files_mc.add(pathutils.CLUSTER_CONF_FILE)
 
+  # File storage
+  if (not redist and
+      (constants.ENABLE_FILE_STORAGE or constants.ENABLE_SHARED_FILE_STORAGE)):
+    files_all.add(pathutils.FILE_STORAGE_PATHS_FILE)
+    files_opt.add(pathutils.FILE_STORAGE_PATHS_FILE)
+
   # Files which should only be on VM-capable nodes
   files_vm = set(
     filename
@@ -4339,6 +4345,10 @@ def _ComputeAncillaryFiles(cluster, redist):
   assert all_files_set.issuperset(files_opt), \
          "Optional file not in a different required list"
 
+  # This one file should never ever be re-distributed via RPC
+  assert not (redist and
+              pathutils.FILE_STORAGE_PATHS_FILE in all_files_set)
+
   return (files_all, files_opt, files_mc, files_vm)
 
 
-- 
1.7.7.3