in cars/v1/x_pack/base/config.py [0:0]
def install_certificates(config_names, variables, **kwargs):
if "x-pack-security" not in config_names:
return False
logger = logging.getLogger(LOGGER_NAME)
cert_binary = "elasticsearch-certutil"
node_name = variables["node_name"]
node_ip = variables["node_ip"]
install_root = variables["install_root_path"]
bundled_ca_path = os.path.join(os.path.dirname(__file__), "ca")
x_pack_config_path = os.path.join(install_root, "config", "x-pack")
logger.info("Installing certificates for node [%s].", node_name)
instances_yml = os.path.join(tempfile.mkdtemp(), "instances.yml")
with open(instances_yml, "w") as f:
f.write(instances_yml_template.format(node_name=node_name, node_ip=node_ip))
# Generate instance certificates based on a CA that is pre-bundled with Rally
certutil = resolve_binary(install_root, cert_binary)
cert_bundle = os.path.join(install_root, "node-cert.zip")
return_code = process.run_subprocess_with_logging(
'{certutil} cert --silent --in "{instances_yml}" --out="{cert_bundle}" --ca-cert="{ca_path}/ca.crt" '
'--ca-key="{ca_path}/ca.key" --pass ""'.format(
certutil=certutil,
ca_path=bundled_ca_path,
instances_yml=instances_yml,
cert_bundle=cert_bundle), env=kwargs.get("env"))
if return_code != 0:
logger.error("%s has exited with code [%d]", cert_binary, return_code)
raise exceptions.SystemSetupError(
"Could not create certificate bundle for node [{}]. Please see the log for details.".format(node_name))
io.decompress(cert_bundle, x_pack_config_path)
# Success
return True