hi,
This patch makes ssl relocation server listen on 8003 if enabled.
Whether to start ssl relocation server now controlled by
xend-relocation-ssl-server. So ssl and non-ssl relocation server can run
simultaneously. You can also only start ssl server or only start non-ssl
relocation server.
When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers, start
ssl and non-ssl relocation server simultaneously can keep backward
compatibility.
It's also more reasonable to have separate ports for ssl and non-ssl.
In this patch, also renames xend-relocation-tls to xend-relocation-ssl.
Signed-off-by: Zhigang Wang <zhigang.x.wang@xxxxxxxxxx>
thanks,
zhigang
Make ssl relocation server listen on different port
This patch makes ssl relocation server listen on 8003 if enabled.
Whether to start ssl relocation server now controlled by
xend-relocation-ssl-server. So ssl and non-ssl relocation server can run
simultaneously. You can also only start ssl server or only start non-ssl
relocation server.
When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers, start
ssl and non-ssl relocation server simultaneously can keep backward
compatibility.
It's also more reasonable to have separate ports for ssl and non-ssl.
In this patch, also renames xend-relocation-tls to xend-relocation-ssl.
Signed-off-by: Zhigang Wang <zhigang.x.wang@xxxxxxxxxx>
diff -Nura xen-unstable.orig/tools/examples/xend-config.sxp
xen-unstable/tools/examples/xend-config.sxp
--- xen-unstable.orig/tools/examples/xend-config.sxp 2008-05-22
17:28:47.000000000 +0800
+++ xen-unstable/tools/examples/xend-config.sxp 2008-05-23 14:46:35.000000000
+0800
@@ -59,6 +59,7 @@
#(xend-unix-xmlrpc-server yes)
#(xend-relocation-server no)
(xend-relocation-server yes)
+#(xend-relocation-ssl-server no)
#(xend-unix-path /var/lib/xend/xend-socket)
@@ -82,15 +83,18 @@
# is set.
#(xend-relocation-port 8002)
-# Whether to use tls when relocating.
-#(xend-relocation-tls no)
+# Port xend should use for the ssl relocation interface, if
+# xend-relocation-ssl-server is set.
+#(xend-relocation-ssl-port 8003)
-# SSL key and certificate to use for the relocation interface.
-# Setting these will mean that this port serves only SSL connections as
-# opposed to plaintext ones.
+# SSL key and certificate to use for the ssl relocation interface, if
+# xend-relocation-ssl-server is set.
#(xend-relocation-server-ssl-key-file /etc/xen/xmlrpc.key)
#(xend-relocation-server-ssl-cert-file /etc/xen/xmlrpc.crt)
+# Whether to use ssl as default when relocating.
+#(xend-relocation-ssl no)
+
# Address xend should listen on for HTTP connections, if xend-http-server is
# set.
# Specifying 'localhost' prevents remote connections.
diff -Nura xen-unstable.orig/tools/python/xen/xend/server/relocate.py
xen-unstable/tools/python/xen/xend/server/relocate.py
--- xen-unstable.orig/tools/python/xen/xend/server/relocate.py 2008-05-22
17:28:51.000000000 +0800
+++ xen-unstable/tools/python/xen/xend/server/relocate.py 2008-05-23
14:13:42.000000000 +0800
@@ -142,16 +142,22 @@
if xoptions.get_xend_unix_server():
path = '/var/lib/xend/relocation-socket'
unix.UnixListener(path, RelocationProtocol)
+
+ interface = xoptions.get_xend_relocation_address()
+
+ hosts_allow = xoptions.get_xend_relocation_hosts_allow()
+ if hosts_allow == '':
+ hosts_allow = None
+ else:
+ hosts_allow = map(re.compile, hosts_allow.split(" "))
+
if xoptions.get_xend_relocation_server():
port = xoptions.get_xend_relocation_port()
- interface = xoptions.get_xend_relocation_address()
-
- hosts_allow = xoptions.get_xend_relocation_hosts_allow()
- if hosts_allow == '':
- hosts_allow = None
- else:
- hosts_allow = map(re.compile, hosts_allow.split(" "))
+ tcp.TCPListener(RelocationProtocol, port, interface = interface,
+ hosts_allow = hosts_allow)
+ if xoptions.get_xend_relocation_ssl_server():
+ port = xoptions.get_xend_relocation_ssl_port()
ssl_key_file = xoptions.get_xend_relocation_server_ssl_key_file()
ssl_cert_file = xoptions.get_xend_relocation_server_ssl_cert_file()
@@ -161,5 +167,5 @@
ssl_key_file = ssl_key_file,
ssl_cert_file = ssl_cert_file)
else:
- tcp.TCPListener(RelocationProtocol, port, interface = interface,
- hosts_allow = hosts_allow)
+ raise XendError("ssl_key_file or ssl_cert_file for ssl relocation
server is missing.")
+
diff -Nura xen-unstable.orig/tools/python/xen/xend/XendDomain.py
xen-unstable/tools/python/xen/xend/XendDomain.py
--- xen-unstable.orig/tools/python/xen/xend/XendDomain.py 2008-05-22
17:28:51.000000000 +0800
+++ xen-unstable/tools/python/xen/xend/XendDomain.py 2008-05-23
12:51:10.000000000 +0800
@@ -1294,13 +1294,12 @@
""" Make sure there's memory free for enabling shadow mode """
dominfo.checkLiveMigrateMemory()
- if port == 0:
- port = xoptions.get_xend_relocation_port()
-
- tls = xoptions.get_xend_relocation_tls()
- if tls:
+ ssl = xoptions.get_xend_relocation_ssl()
+ if ssl:
from OpenSSL import SSL
from xen.web import connection
+ if port == 0:
+ port = xoptions.get_xend_relocation_ssl_port()
try:
ctx = SSL.Context(SSL.SSLv23_METHOD)
sock = SSL.Connection(ctx,
@@ -1328,6 +1327,8 @@
os.close(p2cread)
os.close(p2cwrite)
else:
+ if port == 0:
+ port = xoptions.get_xend_relocation_port()
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# When connecting to our ssl enabled relocation server using a
diff -Nura xen-unstable.orig/tools/python/xen/xend/XendOptions.py
xen-unstable/tools/python/xen/xend/XendOptions.py
--- xen-unstable.orig/tools/python/xen/xend/XendOptions.py 2008-05-22
17:28:51.000000000 +0800
+++ xen-unstable/tools/python/xen/xend/XendOptions.py 2008-05-23
14:04:00.000000000 +0800
@@ -72,6 +72,9 @@
"""Default for the flag indicating whether xend should run a relocation
server."""
xend_relocation_server_default = 'no'
+ """Default for the flag indicating whether xend should run a ssl
relocation server."""
+ xend_relocation_ssl_server_default = 'no'
+
"""Default interface address the xend relocation server listens at. """
xend_relocation_address_default = ''
@@ -81,6 +84,9 @@
"""Default port xend serves relocation at. """
xend_relocation_port_default = 8002
+ """Default port xend serves ssl relocation at. """
+ xend_relocation_ssl_port_default = 8003
+
xend_relocation_hosts_allow_default = ''
"""Default for the flag indicating whether xend should run a unix-domain
@@ -192,6 +198,12 @@
return self.get_config_bool("xend-relocation-server",
self.xend_relocation_server_default)
+ def get_xend_relocation_ssl_server(self):
+ """Get the flag indicating whether xend should run a ssl relocation
server.
+ """
+ return self.get_config_bool("xend-relocation-ssl-server",
+ self.xend_relocation_ssl_server_default)
+
def get_xend_relocation_server_ssl_key_file(self):
return self.get_config_string("xend-relocation-server-ssl-key-file")
@@ -209,10 +221,17 @@
return self.get_config_int('xend-relocation-port',
self.xend_relocation_port_default)
- def get_xend_relocation_tls(self):
- """Whether to use tls when relocating.
+ def get_xend_relocation_ssl_port(self):
+ """Get the port xend listens at for ssl connection to its relocation
+ server.
+ """
+ return self.get_config_int('xend-relocation-ssl-port',
+ self.xend_relocation_ssl_port_default)
+
+ def get_xend_relocation_ssl(self):
+ """Whether to use ssl when relocating.
"""
- return self.get_config_bool('xend-relocation-tls', 'no')
+ return self.get_config_bool('xend-relocation-ssl', 'no')
def get_xend_relocation_hosts_allow(self):
return self.get_config_string("xend-relocation-hosts-allow",
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home