[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] Make ssl relocation server listen on different port
# HG changeset patch # User Keir Fraser <keir.fraser@xxxxxxxxxx> # Date 1211535704 -3600 # Node ID 91a9e28aed468d6548b3a4aac9d80988093cc91e # Parent 4c8fc8def9b30d4d72a418960d168c77d3325ce1 Make ssl relocation server listen on different port This patch makes ssl relocation server listen on 8003 if enabled. Whether to start ssl relocation server now controlled by xend-relocation-ssl-server. So ssl and non-ssl relocation server can run simultaneously. You can also only start ssl server or only start non-ssl relocation server. When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers, start ssl and non-ssl relocation server simultaneously can keep backward compatibility. It's also more reasonable to have separate ports for ssl and non-ssl. In this patch, also renames xend-relocation-tls to xend-relocation-ssl. Signed-off-by: Zhigang Wang <zhigang.x.wang@xxxxxxxxxx> --- tools/examples/xend-config.sxp | 16 ++++++++++------ tools/python/xen/xend/XendDomain.py | 11 ++++++----- tools/python/xen/xend/XendOptions.py | 27 +++++++++++++++++++++++---- tools/python/xen/xend/server/relocate.py | 24 +++++++++++++++--------- 4 files changed, 54 insertions(+), 24 deletions(-) diff -r 4c8fc8def9b3 -r 91a9e28aed46 tools/examples/xend-config.sxp --- a/tools/examples/xend-config.sxp Fri May 23 09:48:44 2008 +0100 +++ b/tools/examples/xend-config.sxp Fri May 23 10:41:44 2008 +0100 @@ -59,6 +59,7 @@ #(xend-unix-xmlrpc-server yes) #(xend-relocation-server no) (xend-relocation-server yes) +#(xend-relocation-ssl-server no) #(xend-unix-path /var/lib/xend/xend-socket) @@ -82,14 +83,17 @@ # is set. #(xend-relocation-port 8002) -# Whether to use tls when relocating. -#(xend-relocation-tls no) - -# SSL key and certificate to use for the relocation interface. -# Setting these will mean that this port serves only SSL connections as -# opposed to plaintext ones. +# Port xend should use for the ssl relocation interface, if +# xend-relocation-ssl-server is set. +#(xend-relocation-ssl-port 8003) + +# SSL key and certificate to use for the ssl relocation interface, if +# xend-relocation-ssl-server is set. #(xend-relocation-server-ssl-key-file /etc/xen/xmlrpc.key) #(xend-relocation-server-ssl-cert-file /etc/xen/xmlrpc.crt) + +# Whether to use ssl as default when relocating. +#(xend-relocation-ssl no) # Address xend should listen on for HTTP connections, if xend-http-server is # set. diff -r 4c8fc8def9b3 -r 91a9e28aed46 tools/python/xen/xend/XendDomain.py --- a/tools/python/xen/xend/XendDomain.py Fri May 23 09:48:44 2008 +0100 +++ b/tools/python/xen/xend/XendDomain.py Fri May 23 10:41:44 2008 +0100 @@ -1294,13 +1294,12 @@ class XendDomain: """ Make sure there's memory free for enabling shadow mode """ dominfo.checkLiveMigrateMemory() - if port == 0: - port = xoptions.get_xend_relocation_port() - - tls = xoptions.get_xend_relocation_tls() - if tls: + ssl = xoptions.get_xend_relocation_ssl() + if ssl: from OpenSSL import SSL from xen.web import connection + if port == 0: + port = xoptions.get_xend_relocation_ssl_port() try: ctx = SSL.Context(SSL.SSLv23_METHOD) sock = SSL.Connection(ctx, @@ -1328,6 +1327,8 @@ class XendDomain: os.close(p2cread) os.close(p2cwrite) else: + if port == 0: + port = xoptions.get_xend_relocation_port() try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # When connecting to our ssl enabled relocation server using a diff -r 4c8fc8def9b3 -r 91a9e28aed46 tools/python/xen/xend/XendOptions.py --- a/tools/python/xen/xend/XendOptions.py Fri May 23 09:48:44 2008 +0100 +++ b/tools/python/xen/xend/XendOptions.py Fri May 23 10:41:44 2008 +0100 @@ -72,6 +72,9 @@ class XendOptions: """Default for the flag indicating whether xend should run a relocation server.""" xend_relocation_server_default = 'no' + """Default for the flag indicating whether xend should run a ssl relocation server.""" + xend_relocation_ssl_server_default = 'no' + """Default interface address the xend relocation server listens at. """ xend_relocation_address_default = '' @@ -80,6 +83,9 @@ class XendOptions: """Default port xend serves relocation at. """ xend_relocation_port_default = 8002 + + """Default port xend serves ssl relocation at. """ + xend_relocation_ssl_port_default = 8003 xend_relocation_hosts_allow_default = '' @@ -192,6 +198,12 @@ class XendOptions: return self.get_config_bool("xend-relocation-server", self.xend_relocation_server_default) + def get_xend_relocation_ssl_server(self): + """Get the flag indicating whether xend should run a ssl relocation server. + """ + return self.get_config_bool("xend-relocation-ssl-server", + self.xend_relocation_ssl_server_default) + def get_xend_relocation_server_ssl_key_file(self): return self.get_config_string("xend-relocation-server-ssl-key-file") @@ -209,10 +221,17 @@ class XendOptions: return self.get_config_int('xend-relocation-port', self.xend_relocation_port_default) - def get_xend_relocation_tls(self): - """Whether to use tls when relocating. - """ - return self.get_config_bool('xend-relocation-tls', 'no') + def get_xend_relocation_ssl_port(self): + """Get the port xend listens at for ssl connection to its relocation + server. + """ + return self.get_config_int('xend-relocation-ssl-port', + self.xend_relocation_ssl_port_default) + + def get_xend_relocation_ssl(self): + """Whether to use ssl when relocating. + """ + return self.get_config_bool('xend-relocation-ssl', 'no') def get_xend_relocation_hosts_allow(self): return self.get_config_string("xend-relocation-hosts-allow", diff -r 4c8fc8def9b3 -r 91a9e28aed46 tools/python/xen/xend/server/relocate.py --- a/tools/python/xen/xend/server/relocate.py Fri May 23 09:48:44 2008 +0100 +++ b/tools/python/xen/xend/server/relocate.py Fri May 23 10:41:44 2008 +0100 @@ -142,16 +142,22 @@ def listenRelocation(): if xoptions.get_xend_unix_server(): path = '/var/lib/xend/relocation-socket' unix.UnixListener(path, RelocationProtocol) + + interface = xoptions.get_xend_relocation_address() + + hosts_allow = xoptions.get_xend_relocation_hosts_allow() + if hosts_allow == '': + hosts_allow = None + else: + hosts_allow = map(re.compile, hosts_allow.split(" ")) + if xoptions.get_xend_relocation_server(): port = xoptions.get_xend_relocation_port() - interface = xoptions.get_xend_relocation_address() + tcp.TCPListener(RelocationProtocol, port, interface = interface, + hosts_allow = hosts_allow) - hosts_allow = xoptions.get_xend_relocation_hosts_allow() - if hosts_allow == '': - hosts_allow = None - else: - hosts_allow = map(re.compile, hosts_allow.split(" ")) - + if xoptions.get_xend_relocation_ssl_server(): + port = xoptions.get_xend_relocation_ssl_port() ssl_key_file = xoptions.get_xend_relocation_server_ssl_key_file() ssl_cert_file = xoptions.get_xend_relocation_server_ssl_cert_file() @@ -161,5 +167,5 @@ def listenRelocation(): ssl_key_file = ssl_key_file, ssl_cert_file = ssl_cert_file) else: - tcp.TCPListener(RelocationProtocol, port, interface = interface, - hosts_allow = hosts_allow) + raise XendError("ssl_key_file or ssl_cert_file for ssl relocation server is missing.") + _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |