From: rmccabe@sourceware.org <rmccabe@sourceware.org>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] conga luci/cluster/form-macros luci/homebase/f ...
Date: 4 Jan 2007 00:22:15 -0000 [thread overview]
Message-ID: <20070104002215.23999.qmail@sourceware.org> (raw)
CVSROOT: /cvs/cluster
Module name: conga
Branch: RHEL5
Changes by: rmccabe at sourceware.org 2007-01-04 00:22:13
Modified files:
luci/cluster : form-macros
luci/homebase : form-macros
luci/site/luci/Extensions: homebase_adapters.py ricci_bridge.py
ricci_communicator.py
ricci/ricci : Ricci.cpp
Log message:
fix for bugs found while testing the fix for bz201394
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/cluster/form-macros.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.90.2.12&r2=1.90.2.13
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/homebase/form-macros.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.44.2.6&r2=1.44.2.7
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/Extensions/homebase_adapters.py.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.34.2.8&r2=1.34.2.9
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/Extensions/ricci_bridge.py.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.30.2.15&r2=1.30.2.16
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/Extensions/ricci_communicator.py.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.9.2.8&r2=1.9.2.9
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Ricci.cpp.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.18.2.3&r2=1.18.2.4
--- conga/luci/cluster/form-macros 2007/01/02 20:21:25 1.90.2.12
+++ conga/luci/cluster/form-macros 2007/01/04 00:22:13 1.90.2.13
@@ -243,6 +243,8 @@
<tfoot class="systemsTable">
<tr class="systemsTable"><td colspan="2" class="systemsTable">
+ <input type="hidden" name="trust_shown" value="1"
+ tal:condition="add_cluster" />
<ul class="vanilla deploy">
<li class="vanilla">
<input type="radio" name="download_pkgs"
@@ -332,6 +334,7 @@
src python: 'trusted' in sys and '/luci/lock-ok.png' or ('fp' in sys and '/luci/lock-closed.png' or '/luci/lock-open.png');
title sys/fp | string:no key fingerprint available" />
<input type="hidden"
+ tal:condition="exists: sys/fp"
tal:attributes="
id python: '__SYSTEM%dFingerprint' % cur_sysnum;
name python: '__SYSTEM%dFingerprint' % cur_sysnum;
@@ -2900,6 +2903,8 @@
<tfoot class="systemsTable">
<tr class="systemsTable"><td colspan="2" class="systemsTable">
+ <input type="hidden" name="trust_shown" value="1"
+ tal:condition="add_cluster" />
<ul class="vanilla deploy">
<li class="vanilla">
<input type="radio" name="download_pkgs" value="1"
@@ -2994,6 +2999,7 @@
src python: 'trusted' in sys and '/luci/lock-ok.png' or ('fp' in sys and '/luci/lock-closed.png' or '/luci/lock-open.png');
title sys/fp | string:no key fingerprint available" />
<input type="hidden"
+ tal:condition="exists: sys/fp"
tal:attributes="
id python: '__SYSTEM%dFingerprint' % cur_sysnum;
name python: '__SYSTEM%dFingerprint' % cur_sysnum;
--- conga/luci/homebase/form-macros 2007/01/02 20:21:26 1.44.2.6
+++ conga/luci/homebase/form-macros 2007/01/04 00:22:13 1.44.2.7
@@ -353,6 +353,8 @@
tal:define="sys python: new_systems[cur_sys]">
<td class="systemsTable">
+ <input type="hidden" name="trust_shown" value="1" />
+
<input class="hbInputSys" type="text"
tal:attributes="
id python: '__SYSTEM%d:Addr' % cur_sysnum;
@@ -376,6 +378,7 @@
title sys/fp | string:no key fingerprint available"
/>
<input type="hidden"
+ tal:condition="exists: sys/fp"
tal:attributes="
id python: '__SYSTEM%dFingerprint' % cur_sysnum;
name python: '__SYSTEM%dFingerprint' % cur_sysnum;
@@ -639,6 +642,8 @@
tal:define="sys python: new_systems[cur_sys]">
<td class="systemsTable">
+ <input type="hidden" name="trust_shown" value="1" />
+
<input class="hbInputSys" type="text"
tal:attributes="
id python: '__SYSTEM%d:Addr' % cur_sysnum;
@@ -663,6 +668,7 @@
title sys/fp | string:no key fingerprint available"
/>
<input type="hidden"
+ tal:condition="exists: sys/fp"
tal:attributes="
id python: '__SYSTEM%dFingerprint' % cur_sysnum;
name python: '__SYSTEM%dFingerprint' % cur_sysnum;
@@ -761,7 +767,7 @@
tal:attributes="value add_cluster/pass | string:0" />
<input name="cluster_os" type="hidden"
- tal:attributes="value add_cluster/cluster_os | string:rhel5" />
+ tal:attributes="value add_cluster/cluster_os | nothing" />
<table id="systemsTable" class="systemsTable" border="0" cellspacing="0">
<thead class="systemsTable">
@@ -786,6 +792,7 @@
<tfoot class="systemsTable">
<tr class="systemsTable"><td colspan="2" class="systemsTable">
+ <input type="hidden" name="trust_shown" value="1" />
<ul class="vanilla">
<li class="vanilla">
<input name="check_certs" type="checkbox"
@@ -854,6 +861,7 @@
src python: 'trusted' in sys and '/luci/lock-ok.png' or ('fp' in sys and '/luci/lock-closed.png' or '/luci/lock-open.png');
title sys/fp | string:no key fingerprint available" />
<input type="hidden"
+ tal:condition="exists: sys/fp"
tal:attributes="
id python: '__SYSTEM%dFingerprint' % cur_sysnum;
name python: '__SYSTEM%dFingerprint' % cur_sysnum;
@@ -936,6 +944,9 @@
<tfoot class="systemsTable">
<tr class="systemsTable"><td colspan="2" class="systemsTable">
+ <input type="hidden" name="trust_shown" value="1"
+ tal:condition="cur_sys" />
+
<ul class="vanilla">
<li class="vanilla"><input name="check_certs" type="checkbox">View system certificates before sending any passwords.</li>
<li class="vanilla"><input type="checkbox" name="allSameCheckBox" id="allSameCheckBox" onClick="allPasswdsSame(this.form);"/>Authenticate to all cluster nodes using the password provided above.</li>
--- conga/luci/site/luci/Extensions/homebase_adapters.py 2007/01/02 20:21:26 1.34.2.8
+++ conga/luci/site/luci/Extensions/homebase_adapters.py 2007/01/04 00:22:13 1.34.2.9
@@ -174,6 +174,12 @@
except:
cur_host_trusted = False
+ trust_shown = False
+ try:
+ trust_shown = request.form.has_key('trust_shown')
+ except:
+ trust_shown = False
+
cur_host_fp = None
try:
cur_host_fp = request.form['host_fingerprint'].strip()
@@ -183,7 +189,7 @@
cur_host_fp = None
try:
- rc = RicciCommunicator(cur_host)
+ rc = RicciCommunicator(cur_host, enforce_trust=False)
if not rc:
raise Exception, 'rc is None'
cur_fp = rc.fingerprint()
@@ -194,7 +200,7 @@
except Exception, e:
luci_log.debug_verbose('vACI2: %s: %s' % (cur_host, str(e)))
request.SESSION.set('add_cluster_initial', cur_entry)
- return (False, { 'errors': [ 'Unable to establish a secure connection to the ricci agent on %s: %s' \
+ return (False, { 'errors': [ 'Unable to establish a connection to the ricci agent on %s: %s' \
% (cur_host, str(e)) ] })
if not check_certs or cur_host_trusted:
@@ -205,6 +211,10 @@
request.SESSION.set('add_cluster_initial', cur_entry)
luci_log.info('SECURITY: %s' % errmsg)
return (False, { 'errors': [ errmsg ] })
+ if trust_shown is True and cur_host_trusted is False:
+ errmsg = 'You must elect to trust \"%s\" or abort the addition of the cluster to Luci.' % cur_host
+ request.SESSION.set('add_cluster_initial', cur_entry)
+ return (False, { 'errors': [ errmsg ] })
rc.trust()
except Exception, e:
luci_log.debug_verbose('vACI3: %s %s' % (cur_host, str(e)))
@@ -224,11 +234,11 @@
return (True, { 'messages': [ msg ] })
try:
- del rc
request.SESSION.delete('add_cluster_initial')
except:
pass
+ rc = None
try:
rc = RicciCommunicator(cur_host, enforce_trust=True)
if not rc:
@@ -272,7 +282,11 @@
return (False, { 'errors': [ errmsg ] })
cluster_name = cluster_info[0]
+
cluster_os = resolveOSType(rc.os())
+ luci_log.debug_verbose('vACI5a: cluster os is %s (%s)' \
+ % (cluster_os, rc.os()))
+
try:
cluster_conf = getClusterConf(rc)
except:
@@ -340,6 +354,12 @@
luci_log.debug_verbose('PHF1: numStorage field missing: %s' % str(e))
errors.append('The number of systems entered could not be determined.')
+ trust_shown = False
+ try:
+ trust_shown = request.form.has_key('trust_shown')
+ except:
+ trust_shown = False
+
incomplete = False
i = 0
while i < num_storage:
@@ -385,10 +405,10 @@
cur_system['prev_auth'] = rc.authed()
fp = rc.fingerprint()
- if cur_set_trust is True:
+ if cur_set_trust is True and cur_fp is not None:
cur_system['fp'] = cur_fp
if cur_fp != fp[1]:
- errmsg = 'The key fingerprint for %s has changed from under us. It was \"%s\" and is now \"%s\".' % (cur_host, cur_fp, fp[1])
+ errmsg = '1The key fingerprint for %s has changed from under us. It was \"%s\" and is now \"%s\".' % (cur_host, cur_fp, fp[1])
errors.append(errmsg)
luci_log.info('SECURITY: %s' % errmsg)
cur_system['error'] = True
@@ -418,14 +438,20 @@
luci_log.debug_verbose('PHF2: %s: %s' \
% (cur_host, str(e)))
else:
- # The user doesn't care. Trust the system.
try:
- rc = RicciCommunicator(cur_host)
+ rc = RicciCommunicator(cur_host, enforce_trust=False)
if not rc:
raise Exception, 'rc is None'
- rc.trust()
- cur_system['trusted'] = True
- cur_system['prev_auth'] = rc.authed()
+
+ if not rc.trusted() and (trust_shown is True and cur_set_trust is False):
+ incomplete = True
+ cur_system['error'] = True
+ errors.append('You must either trust \"%s\" or remove it.' % cur_host)
+ else:
+ # The user doesn't care. Trust the system.
+ rc.trust()
+ cur_system['trusted'] = True
+ cur_system['prev_auth'] = rc.authed()
except Exception, e:
incomplete = True
cur_system['error'] = True
@@ -503,14 +529,15 @@
if (cur_host_trusted or not check_certs) and cur_passwd:
try:
- rc = RicciCommunicator(cur_host, enforce_trust=False)
+ rc = RicciCommunicator(cur_host)
prev_auth = rc.authed()
except Exception, e:
errors.append('Unable to connect to the ricci agent on %s: %s' \
% (cur_host, str(e)))
incomplete = True
cur_system['errors'] = True
- luci_log.debug_verbose('VAC2: %s: %s' % cur_host, str(e))
+ luci_log.debug_verbose('VAC2: %s: %s' \
+ % (cur_host, str(e)))
continue
try:
@@ -553,6 +580,8 @@
cur_os = resolveOSType(rc.os())
if cur_os != cluster_os:
+ luci_log.debug_verbose('VAC5a: \"%s\" / \"%s\" -> \"%s\"' \
+ % (cluster_os, rc.os(), cur_os))
incomplete = True
cur_system['errors'] = True
@@ -563,7 +592,7 @@
luci_log.debug_verbose('VAC6: %s: %s' % (cur_host, str(e)))
err_msg = 'Node %s reports its cluster version is %s and we expect %s' \
- % (cur_os, cluster_os)
+ % (cur_host, cur_os, cluster_os)
errors.append(err_msg)
luci_log.debug_verbose('VAC7: %s' % err_msg)
@@ -1415,7 +1444,7 @@
return 'Unable to find storage system %s: %s' % (systemName, str(e))
try:
- rc = RicciCommunicator(systemName)
+ rc = RicciCommunicator(systemName, enforce_trust=False)
if rc is None:
raise Exception, 'rc is None'
except Exception, e:
@@ -1486,7 +1515,7 @@
except:
# It's not a storage system, so unauthenticate.
try:
- rc = RicciCommunicator(systemName)
+ rc = RicciCommunicator(systemName, enforce_trust=False)
rc.unauth()
except Exception, e:
luci_log.debug_verbose('delClusterSystem0: ricci error for %s: %s' \
--- conga/luci/site/luci/Extensions/ricci_bridge.py 2006/12/22 17:50:16 1.30.2.15
+++ conga/luci/site/luci/Extensions/ricci_bridge.py 2007/01/04 00:22:13 1.30.2.16
@@ -597,8 +597,6 @@
# temporary workaround for ricci bug
system_info = rc.hostname()
try:
-# FIXME
-# rc = RicciCommunicator(system_info, enforce_trust=True)
rc = RicciCommunicator(system_info)
if rc is None:
raise Exception, 'unknown error'
--- conga/luci/site/luci/Extensions/ricci_communicator.py 2006/12/22 17:50:16 1.9.2.8
+++ conga/luci/site/luci/Extensions/ricci_communicator.py 2007/01/04 00:22:13 1.9.2.9
@@ -15,7 +15,7 @@
pass
class RicciCommunicator:
- def __init__(self, hostname, enforce_trust=False, port=11111):
+ def __init__(self, hostname, enforce_trust=True, port=11111):
self.__hostname = hostname
self.__port = port
@@ -57,8 +57,7 @@
self.__dom0 = hello.firstChild.getAttribute('xen_host') == 'true'
pass
-
-
+
def hostname(self):
luci_log.debug_verbose('RC:hostname: [auth %d] reported hostname = %s' \
% (self.__authed, self.__hostname))
@@ -76,16 +75,16 @@
% (self.__authed, self.__cluname, self.__clualias, self.__hostname))
return (self.__cluname, self.__clualias)
def os(self):
- luci_log.debug_verbose('RC:os: [auth %d] reported system_name = %s for %s' \
+ luci_log.debug_verbose('RC:os: [auth %d] reported os = %s for %s' \
% (self.__authed, self.__os, self.__hostname))
return self.__os
def dom0(self):
- luci_log.debug_verbose('RC:dom0: [auth %d] reported system_name = %s for %s' \
+ luci_log.debug_verbose('RC:dom0: [auth %d] reported dom0 = %s for %s' \
% (self.__authed, self.__dom0, self.__hostname))
return self.__dom0
def fingerprint(self):
- return self.ss.peer_fingerprint()
+ return self.ss.peer_fingerprint()
def trust(self):
return self.ss.trust()
@@ -115,11 +114,19 @@
resp = self.__receive(self.__timeout_auth)
self.__authed = resp.firstChild.getAttribute('authenticated') == 'true'
+ if self.__authed:
+ try:
+ self.__cluname = resp.firstChild.getAttribute('clustername')
+ self.__clualias = resp.firstChild.getAttribute('clusteralias')
+ self.__reported_hostname = resp.firstChild.getAttribute('hostname')
+ self.__os = resp.firstChild.getAttribute('os')
+ self.__dom0 = resp.firstChild.getAttribute('xen_host') == 'true'
+ except:
+ pass
luci_log.debug_verbose('RC:auth1: auth call returning %d' \
- % self.__authed)
+ % self.__authed)
return self.__authed
-
def unauth(self):
doc = minidom.Document()
ricci = doc.createElement('ricci')
--- conga/ricci/ricci/Ricci.cpp 2006/11/20 23:15:04 1.18.2.3
+++ conga/ricci/ricci/Ricci.cpp 2007/01/04 00:22:13 1.18.2.4
@@ -134,7 +134,6 @@
String function = req.get_attr("function");
if (function == "") {
success = RRC_MISSING_FUNCTION;
-
} else if (function == "authenticate") {
String passwd = req.get_attr("password");
bool passwd_ok = false;
@@ -145,7 +144,7 @@
}
if (passwd_ok) {
- resp = ricci_header(true);
+ resp = ricci_header(true, true);
success = RRC_SUCCESS;
save_cert = true;
} else {
next reply other threads:[~2007-01-04 0:22 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-04 0:22 rmccabe [this message]
-- strict thread matches above, loose matches on Subject: below --
2007-01-04 0:19 [Cluster-devel] conga luci/cluster/form-macros luci/homebase/f rmccabe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070104002215.23999.qmail@sourceware.org \
--to=rmccabe@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.