From: Zhigang Wang <zhigang.x.wang@oracle.com>
To: xen-devel <xen-devel@lists.xensource.com>
Subject: [PATCH 1/2]Make ssl relocation server listen on different port
Date: Fri, 23 May 2008 17:22:48 +0800 [thread overview]
Message-ID: <48368CE8.1000705@oracle.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 672 bytes --]
hi,
This patch makes ssl relocation server listen on 8003 if enabled.
Whether to start ssl relocation server now controlled by
xend-relocation-ssl-server. So ssl and non-ssl relocation server can run
simultaneously. You can also only start ssl server or only start non-ssl
relocation server.
When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers, start
ssl and non-ssl relocation server simultaneously can keep backward
compatibility.
It's also more reasonable to have separate ports for ssl and non-ssl.
In this patch, also renames xend-relocation-tls to xend-relocation-ssl.
Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>
thanks,
zhigang
[-- Attachment #2: xen-relocation-ssl-newport.patch --]
[-- Type: text/x-patch, Size: 7783 bytes --]
Make ssl relocation server listen on different port
This patch makes ssl relocation server listen on 8003 if enabled.
Whether to start ssl relocation server now controlled by
xend-relocation-ssl-server. So ssl and non-ssl relocation server can run
simultaneously. You can also only start ssl server or only start non-ssl
relocation server.
When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers, start
ssl and non-ssl relocation server simultaneously can keep backward
compatibility.
It's also more reasonable to have separate ports for ssl and non-ssl.
In this patch, also renames xend-relocation-tls to xend-relocation-ssl.
Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>
diff -Nura xen-unstable.orig/tools/examples/xend-config.sxp xen-unstable/tools/examples/xend-config.sxp
--- xen-unstable.orig/tools/examples/xend-config.sxp 2008-05-22 17:28:47.000000000 +0800
+++ xen-unstable/tools/examples/xend-config.sxp 2008-05-23 14:46:35.000000000 +0800
@@ -59,6 +59,7 @@
#(xend-unix-xmlrpc-server yes)
#(xend-relocation-server no)
(xend-relocation-server yes)
+#(xend-relocation-ssl-server no)
#(xend-unix-path /var/lib/xend/xend-socket)
@@ -82,15 +83,18 @@
# is set.
#(xend-relocation-port 8002)
-# Whether to use tls when relocating.
-#(xend-relocation-tls no)
+# Port xend should use for the ssl relocation interface, if
+# xend-relocation-ssl-server is set.
+#(xend-relocation-ssl-port 8003)
-# SSL key and certificate to use for the relocation interface.
-# Setting these will mean that this port serves only SSL connections as
-# opposed to plaintext ones.
+# SSL key and certificate to use for the ssl relocation interface, if
+# xend-relocation-ssl-server is set.
#(xend-relocation-server-ssl-key-file /etc/xen/xmlrpc.key)
#(xend-relocation-server-ssl-cert-file /etc/xen/xmlrpc.crt)
+# Whether to use ssl as default when relocating.
+#(xend-relocation-ssl no)
+
# Address xend should listen on for HTTP connections, if xend-http-server is
# set.
# Specifying 'localhost' prevents remote connections.
diff -Nura xen-unstable.orig/tools/python/xen/xend/server/relocate.py xen-unstable/tools/python/xen/xend/server/relocate.py
--- xen-unstable.orig/tools/python/xen/xend/server/relocate.py 2008-05-22 17:28:51.000000000 +0800
+++ xen-unstable/tools/python/xen/xend/server/relocate.py 2008-05-23 14:13:42.000000000 +0800
@@ -142,16 +142,22 @@
if xoptions.get_xend_unix_server():
path = '/var/lib/xend/relocation-socket'
unix.UnixListener(path, RelocationProtocol)
+
+ interface = xoptions.get_xend_relocation_address()
+
+ hosts_allow = xoptions.get_xend_relocation_hosts_allow()
+ if hosts_allow == '':
+ hosts_allow = None
+ else:
+ hosts_allow = map(re.compile, hosts_allow.split(" "))
+
if xoptions.get_xend_relocation_server():
port = xoptions.get_xend_relocation_port()
- interface = xoptions.get_xend_relocation_address()
-
- hosts_allow = xoptions.get_xend_relocation_hosts_allow()
- if hosts_allow == '':
- hosts_allow = None
- else:
- hosts_allow = map(re.compile, hosts_allow.split(" "))
+ tcp.TCPListener(RelocationProtocol, port, interface = interface,
+ hosts_allow = hosts_allow)
+ if xoptions.get_xend_relocation_ssl_server():
+ port = xoptions.get_xend_relocation_ssl_port()
ssl_key_file = xoptions.get_xend_relocation_server_ssl_key_file()
ssl_cert_file = xoptions.get_xend_relocation_server_ssl_cert_file()
@@ -161,5 +167,5 @@
ssl_key_file = ssl_key_file,
ssl_cert_file = ssl_cert_file)
else:
- tcp.TCPListener(RelocationProtocol, port, interface = interface,
- hosts_allow = hosts_allow)
+ raise XendError("ssl_key_file or ssl_cert_file for ssl relocation server is missing.")
+
diff -Nura xen-unstable.orig/tools/python/xen/xend/XendDomain.py xen-unstable/tools/python/xen/xend/XendDomain.py
--- xen-unstable.orig/tools/python/xen/xend/XendDomain.py 2008-05-22 17:28:51.000000000 +0800
+++ xen-unstable/tools/python/xen/xend/XendDomain.py 2008-05-23 12:51:10.000000000 +0800
@@ -1294,13 +1294,12 @@
""" Make sure there's memory free for enabling shadow mode """
dominfo.checkLiveMigrateMemory()
- if port == 0:
- port = xoptions.get_xend_relocation_port()
-
- tls = xoptions.get_xend_relocation_tls()
- if tls:
+ ssl = xoptions.get_xend_relocation_ssl()
+ if ssl:
from OpenSSL import SSL
from xen.web import connection
+ if port == 0:
+ port = xoptions.get_xend_relocation_ssl_port()
try:
ctx = SSL.Context(SSL.SSLv23_METHOD)
sock = SSL.Connection(ctx,
@@ -1328,6 +1327,8 @@
os.close(p2cread)
os.close(p2cwrite)
else:
+ if port == 0:
+ port = xoptions.get_xend_relocation_port()
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# When connecting to our ssl enabled relocation server using a
diff -Nura xen-unstable.orig/tools/python/xen/xend/XendOptions.py xen-unstable/tools/python/xen/xend/XendOptions.py
--- xen-unstable.orig/tools/python/xen/xend/XendOptions.py 2008-05-22 17:28:51.000000000 +0800
+++ xen-unstable/tools/python/xen/xend/XendOptions.py 2008-05-23 14:04:00.000000000 +0800
@@ -72,6 +72,9 @@
"""Default for the flag indicating whether xend should run a relocation server."""
xend_relocation_server_default = 'no'
+ """Default for the flag indicating whether xend should run a ssl relocation server."""
+ xend_relocation_ssl_server_default = 'no'
+
"""Default interface address the xend relocation server listens at. """
xend_relocation_address_default = ''
@@ -81,6 +84,9 @@
"""Default port xend serves relocation at. """
xend_relocation_port_default = 8002
+ """Default port xend serves ssl relocation at. """
+ xend_relocation_ssl_port_default = 8003
+
xend_relocation_hosts_allow_default = ''
"""Default for the flag indicating whether xend should run a unix-domain
@@ -192,6 +198,12 @@
return self.get_config_bool("xend-relocation-server",
self.xend_relocation_server_default)
+ def get_xend_relocation_ssl_server(self):
+ """Get the flag indicating whether xend should run a ssl relocation server.
+ """
+ return self.get_config_bool("xend-relocation-ssl-server",
+ self.xend_relocation_ssl_server_default)
+
def get_xend_relocation_server_ssl_key_file(self):
return self.get_config_string("xend-relocation-server-ssl-key-file")
@@ -209,10 +221,17 @@
return self.get_config_int('xend-relocation-port',
self.xend_relocation_port_default)
- def get_xend_relocation_tls(self):
- """Whether to use tls when relocating.
+ def get_xend_relocation_ssl_port(self):
+ """Get the port xend listens at for ssl connection to its relocation
+ server.
+ """
+ return self.get_config_int('xend-relocation-ssl-port',
+ self.xend_relocation_ssl_port_default)
+
+ def get_xend_relocation_ssl(self):
+ """Whether to use ssl when relocating.
"""
- return self.get_config_bool('xend-relocation-tls', 'no')
+ return self.get_config_bool('xend-relocation-ssl', 'no')
def get_xend_relocation_hosts_allow(self):
return self.get_config_string("xend-relocation-hosts-allow",
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next reply other threads:[~2008-05-23 9:22 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-23 9:22 Zhigang Wang [this message]
2008-05-23 10:58 ` [PATCH 1/2]Make ssl relocation server listen ondifferent port Masaki Kanno
2008-05-23 11:00 ` Keir Fraser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48368CE8.1000705@oracle.com \
--to=zhigang.x.wang@oracle.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.