[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 1/2]Make ssl relocation server listen on different port
hi, This patch makes ssl relocation server listen on 8003 if enabled. Whether to start ssl relocation server now controlled by xend-relocation-ssl-server. So ssl and non-ssl relocation server can run simultaneously. You can also only start ssl server or only start non-ssl relocation server. When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers, start ssl and non-ssl relocation server simultaneously can keep backward compatibility. It's also more reasonable to have separate ports for ssl and non-ssl. In this patch, also renames xend-relocation-tls to xend-relocation-ssl. Signed-off-by: Zhigang Wang <zhigang.x.wang@xxxxxxxxxx> thanks, zhigang Make ssl relocation server listen on different port This patch makes ssl relocation server listen on 8003 if enabled. Whether to start ssl relocation server now controlled by xend-relocation-ssl-server. So ssl and non-ssl relocation server can run simultaneously. You can also only start ssl server or only start non-ssl relocation server. When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers, start ssl and non-ssl relocation server simultaneously can keep backward compatibility. It's also more reasonable to have separate ports for ssl and non-ssl. In this patch, also renames xend-relocation-tls to xend-relocation-ssl. Signed-off-by: Zhigang Wang <zhigang.x.wang@xxxxxxxxxx> diff -Nura xen-unstable.orig/tools/examples/xend-config.sxp xen-unstable/tools/examples/xend-config.sxp --- xen-unstable.orig/tools/examples/xend-config.sxp 2008-05-22 17:28:47.000000000 +0800 +++ xen-unstable/tools/examples/xend-config.sxp 2008-05-23 14:46:35.000000000 +0800 @@ -59,6 +59,7 @@ #(xend-unix-xmlrpc-server yes) #(xend-relocation-server no) (xend-relocation-server yes) +#(xend-relocation-ssl-server no) #(xend-unix-path /var/lib/xend/xend-socket) @@ -82,15 +83,18 @@ # is set. #(xend-relocation-port 8002) -# Whether to use tls when relocating. -#(xend-relocation-tls no) +# Port xend should use for the ssl relocation interface, if +# xend-relocation-ssl-server is set. +#(xend-relocation-ssl-port 8003) -# SSL key and certificate to use for the relocation interface. -# Setting these will mean that this port serves only SSL connections as -# opposed to plaintext ones. +# SSL key and certificate to use for the ssl relocation interface, if +# xend-relocation-ssl-server is set. #(xend-relocation-server-ssl-key-file /etc/xen/xmlrpc.key) #(xend-relocation-server-ssl-cert-file /etc/xen/xmlrpc.crt) +# Whether to use ssl as default when relocating. +#(xend-relocation-ssl no) + # Address xend should listen on for HTTP connections, if xend-http-server is # set. # Specifying 'localhost' prevents remote connections. diff -Nura xen-unstable.orig/tools/python/xen/xend/server/relocate.py xen-unstable/tools/python/xen/xend/server/relocate.py --- xen-unstable.orig/tools/python/xen/xend/server/relocate.py 2008-05-22 17:28:51.000000000 +0800 +++ xen-unstable/tools/python/xen/xend/server/relocate.py 2008-05-23 14:13:42.000000000 +0800 @@ -142,16 +142,22 @@ if xoptions.get_xend_unix_server(): path = '/var/lib/xend/relocation-socket' unix.UnixListener(path, RelocationProtocol) + + interface = xoptions.get_xend_relocation_address() + + hosts_allow = xoptions.get_xend_relocation_hosts_allow() + if hosts_allow == '': + hosts_allow = None + else: + hosts_allow = map(re.compile, hosts_allow.split(" ")) + if xoptions.get_xend_relocation_server(): port = xoptions.get_xend_relocation_port() - interface = xoptions.get_xend_relocation_address() - - hosts_allow = xoptions.get_xend_relocation_hosts_allow() - if hosts_allow == '': - hosts_allow = None - else: - hosts_allow = map(re.compile, hosts_allow.split(" ")) + tcp.TCPListener(RelocationProtocol, port, interface = interface, + hosts_allow = hosts_allow) + if xoptions.get_xend_relocation_ssl_server(): + port = xoptions.get_xend_relocation_ssl_port() ssl_key_file = xoptions.get_xend_relocation_server_ssl_key_file() ssl_cert_file = xoptions.get_xend_relocation_server_ssl_cert_file() @@ -161,5 +167,5 @@ ssl_key_file = ssl_key_file, ssl_cert_file = ssl_cert_file) else: - tcp.TCPListener(RelocationProtocol, port, interface = interface, - hosts_allow = hosts_allow) + raise XendError("ssl_key_file or ssl_cert_file for ssl relocation server is missing.") + diff -Nura xen-unstable.orig/tools/python/xen/xend/XendDomain.py xen-unstable/tools/python/xen/xend/XendDomain.py --- xen-unstable.orig/tools/python/xen/xend/XendDomain.py 2008-05-22 17:28:51.000000000 +0800 +++ xen-unstable/tools/python/xen/xend/XendDomain.py 2008-05-23 12:51:10.000000000 +0800 @@ -1294,13 +1294,12 @@ """ Make sure there's memory free for enabling shadow mode """ dominfo.checkLiveMigrateMemory() - if port == 0: - port = xoptions.get_xend_relocation_port() - - tls = xoptions.get_xend_relocation_tls() - if tls: + ssl = xoptions.get_xend_relocation_ssl() + if ssl: from OpenSSL import SSL from xen.web import connection + if port == 0: + port = xoptions.get_xend_relocation_ssl_port() try: ctx = SSL.Context(SSL.SSLv23_METHOD) sock = SSL.Connection(ctx, @@ -1328,6 +1327,8 @@ os.close(p2cread) os.close(p2cwrite) else: + if port == 0: + port = xoptions.get_xend_relocation_port() try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # When connecting to our ssl enabled relocation server using a diff -Nura xen-unstable.orig/tools/python/xen/xend/XendOptions.py xen-unstable/tools/python/xen/xend/XendOptions.py --- xen-unstable.orig/tools/python/xen/xend/XendOptions.py 2008-05-22 17:28:51.000000000 +0800 +++ xen-unstable/tools/python/xen/xend/XendOptions.py 2008-05-23 14:04:00.000000000 +0800 @@ -72,6 +72,9 @@ """Default for the flag indicating whether xend should run a relocation server.""" xend_relocation_server_default = 'no' + """Default for the flag indicating whether xend should run a ssl relocation server.""" + xend_relocation_ssl_server_default = 'no' + """Default interface address the xend relocation server listens at. """ xend_relocation_address_default = '' @@ -81,6 +84,9 @@ """Default port xend serves relocation at. """ xend_relocation_port_default = 8002 + """Default port xend serves ssl relocation at. """ + xend_relocation_ssl_port_default = 8003 + xend_relocation_hosts_allow_default = '' """Default for the flag indicating whether xend should run a unix-domain @@ -192,6 +198,12 @@ return self.get_config_bool("xend-relocation-server", self.xend_relocation_server_default) + def get_xend_relocation_ssl_server(self): + """Get the flag indicating whether xend should run a ssl relocation server. + """ + return self.get_config_bool("xend-relocation-ssl-server", + self.xend_relocation_ssl_server_default) + def get_xend_relocation_server_ssl_key_file(self): return self.get_config_string("xend-relocation-server-ssl-key-file") @@ -209,10 +221,17 @@ return self.get_config_int('xend-relocation-port', self.xend_relocation_port_default) - def get_xend_relocation_tls(self): - """Whether to use tls when relocating. + def get_xend_relocation_ssl_port(self): + """Get the port xend listens at for ssl connection to its relocation + server. + """ + return self.get_config_int('xend-relocation-ssl-port', + self.xend_relocation_ssl_port_default) + + def get_xend_relocation_ssl(self): + """Whether to use ssl when relocating. """ - return self.get_config_bool('xend-relocation-tls', 'no') + return self.get_config_bool('xend-relocation-ssl', 'no') def get_xend_relocation_hosts_allow(self): return self.get_config_string("xend-relocation-hosts-allow", _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |