[PATCH 1/2]Make ssl relocation server listen on different port

[PATCH 1/2]Make ssl relocation server listen on different port

[Zhigang Wang]

[-- Attachment #1: Type: text/plain, Size: 672 bytes --]

hi,

This patch makes ssl relocation server listen on 8003 if enabled.

Whether to start ssl relocation server now controlled by
xend-relocation-ssl-server. So ssl and non-ssl relocation server can run
simultaneously. You can also only start ssl server or only start non-ssl
relocation server.

When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers, start
ssl and non-ssl relocation server simultaneously can keep backward 
compatibility.

It's also more reasonable to have separate ports for ssl and non-ssl.

In this patch, also renames xend-relocation-tls to xend-relocation-ssl.

Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>

thanks,

zhigang

[-- Attachment #2: xen-relocation-ssl-newport.patch --]
[-- Type: text/x-patch, Size: 7783 bytes --]

Make ssl relocation server listen on different port

This patch makes ssl relocation server listen on 8003 if enabled.

Whether to start ssl relocation server now controlled by
xend-relocation-ssl-server. So ssl and non-ssl relocation server can run
simultaneously. You can also only start ssl server or only start non-ssl
relocation server.

When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers, start
ssl and non-ssl relocation server simultaneously can keep backward
compatibility.

It's also more reasonable to have separate ports for ssl and non-ssl.

In this patch, also renames xend-relocation-tls to xend-relocation-ssl.

Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>

diff -Nura xen-unstable.orig/tools/examples/xend-config.sxp xen-unstable/tools/examples/xend-config.sxp
--- xen-unstable.orig/tools/examples/xend-config.sxp	2008-05-22 17:28:47.000000000 +0800
+++ xen-unstable/tools/examples/xend-config.sxp	2008-05-23 14:46:35.000000000 +0800
@@ -59,6 +59,7 @@
 #(xend-unix-xmlrpc-server yes)
 #(xend-relocation-server no)
 (xend-relocation-server yes)
+#(xend-relocation-ssl-server no)
 
 #(xend-unix-path /var/lib/xend/xend-socket)
 
@@ -82,15 +83,18 @@
 # is set.
 #(xend-relocation-port 8002)
 
-# Whether to use tls when relocating.
-#(xend-relocation-tls no)
+# Port xend should use for the ssl relocation interface, if
+# xend-relocation-ssl-server is set.
+#(xend-relocation-ssl-port 8003)
 
-# SSL key and certificate to use for the relocation interface.
-# Setting these will mean that this port serves only SSL connections as
-# opposed to plaintext ones.
+# SSL key and certificate to use for the ssl relocation interface, if
+# xend-relocation-ssl-server is set.
 #(xend-relocation-server-ssl-key-file  /etc/xen/xmlrpc.key)
 #(xend-relocation-server-ssl-cert-file  /etc/xen/xmlrpc.crt)
 
+# Whether to use ssl as default when relocating.
+#(xend-relocation-ssl no)
+
 # Address xend should listen on for HTTP connections, if xend-http-server is
 # set.
 # Specifying 'localhost' prevents remote connections.
diff -Nura xen-unstable.orig/tools/python/xen/xend/server/relocate.py xen-unstable/tools/python/xen/xend/server/relocate.py
--- xen-unstable.orig/tools/python/xen/xend/server/relocate.py	2008-05-22 17:28:51.000000000 +0800
+++ xen-unstable/tools/python/xen/xend/server/relocate.py	2008-05-23 14:13:42.000000000 +0800
@@ -142,16 +142,22 @@
     if xoptions.get_xend_unix_server():
         path = '/var/lib/xend/relocation-socket'
         unix.UnixListener(path, RelocationProtocol)
+
+    interface = xoptions.get_xend_relocation_address()
+
+    hosts_allow = xoptions.get_xend_relocation_hosts_allow()
+    if hosts_allow == '':
+        hosts_allow = None
+    else:
+        hosts_allow = map(re.compile, hosts_allow.split(" "))
+
     if xoptions.get_xend_relocation_server():
         port = xoptions.get_xend_relocation_port()
-        interface = xoptions.get_xend_relocation_address()
-
-        hosts_allow = xoptions.get_xend_relocation_hosts_allow()
-        if hosts_allow == '':
-            hosts_allow = None
-        else:
-            hosts_allow = map(re.compile, hosts_allow.split(" "))
+        tcp.TCPListener(RelocationProtocol, port, interface = interface,
+                        hosts_allow = hosts_allow)
 
+    if xoptions.get_xend_relocation_ssl_server():
+        port = xoptions.get_xend_relocation_ssl_port()
         ssl_key_file = xoptions.get_xend_relocation_server_ssl_key_file()
         ssl_cert_file = xoptions.get_xend_relocation_server_ssl_cert_file()
 
@@ -161,5 +167,5 @@
                                ssl_key_file = ssl_key_file,
                                ssl_cert_file = ssl_cert_file)
         else:
-            tcp.TCPListener(RelocationProtocol, port, interface = interface,
-                            hosts_allow = hosts_allow)
+            raise XendError("ssl_key_file or ssl_cert_file for ssl relocation server is missing.")
+
diff -Nura xen-unstable.orig/tools/python/xen/xend/XendDomain.py xen-unstable/tools/python/xen/xend/XendDomain.py
--- xen-unstable.orig/tools/python/xen/xend/XendDomain.py	2008-05-22 17:28:51.000000000 +0800
+++ xen-unstable/tools/python/xen/xend/XendDomain.py	2008-05-23 12:51:10.000000000 +0800
@@ -1294,13 +1294,12 @@
             """ Make sure there's memory free for enabling shadow mode """
             dominfo.checkLiveMigrateMemory()
 
-        if port == 0:
-            port = xoptions.get_xend_relocation_port()
-
-        tls = xoptions.get_xend_relocation_tls()
-        if tls:
+        ssl = xoptions.get_xend_relocation_ssl()
+        if ssl:
             from OpenSSL import SSL
             from xen.web import connection
+            if port == 0:
+                port = xoptions.get_xend_relocation_ssl_port()
             try:
                 ctx = SSL.Context(SSL.SSLv23_METHOD)
                 sock = SSL.Connection(ctx,
@@ -1328,6 +1327,8 @@
             os.close(p2cread)
             os.close(p2cwrite)
         else:
+            if port == 0:
+                port = xoptions.get_xend_relocation_port()
             try:
                 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                 # When connecting to our ssl enabled relocation server using a
diff -Nura xen-unstable.orig/tools/python/xen/xend/XendOptions.py xen-unstable/tools/python/xen/xend/XendOptions.py
--- xen-unstable.orig/tools/python/xen/xend/XendOptions.py	2008-05-22 17:28:51.000000000 +0800
+++ xen-unstable/tools/python/xen/xend/XendOptions.py	2008-05-23 14:04:00.000000000 +0800
@@ -72,6 +72,9 @@
     """Default for the flag indicating whether xend should run a relocation server."""
     xend_relocation_server_default = 'no'
 
+    """Default for the flag indicating whether xend should run a ssl relocation server."""
+    xend_relocation_ssl_server_default = 'no'
+
     """Default interface address the xend relocation server listens at. """
     xend_relocation_address_default = ''
 
@@ -81,6 +84,9 @@
     """Default port xend serves relocation at. """
     xend_relocation_port_default = 8002
 
+    """Default port xend serves ssl relocation at. """
+    xend_relocation_ssl_port_default = 8003
+
     xend_relocation_hosts_allow_default = ''
 
     """Default for the flag indicating whether xend should run a unix-domain
@@ -192,6 +198,12 @@
         return self.get_config_bool("xend-relocation-server",
                                     self.xend_relocation_server_default)
 
+    def get_xend_relocation_ssl_server(self):
+        """Get the flag indicating whether xend should run a ssl relocation server.
+        """
+        return self.get_config_bool("xend-relocation-ssl-server",
+                                    self.xend_relocation_ssl_server_default)
+
     def get_xend_relocation_server_ssl_key_file(self):
         return self.get_config_string("xend-relocation-server-ssl-key-file")
 
@@ -209,10 +221,17 @@
         return self.get_config_int('xend-relocation-port',
                                    self.xend_relocation_port_default)
 
-    def get_xend_relocation_tls(self):
-        """Whether to use tls when relocating.
+    def get_xend_relocation_ssl_port(self):
+	"""Get the port xend listens at for ssl connection to its relocation
+        server.
+        """
+        return self.get_config_int('xend-relocation-ssl-port',
+                                   self.xend_relocation_ssl_port_default)
+
+    def get_xend_relocation_ssl(self):
+        """Whether to use ssl when relocating.
         """
-        return self.get_config_bool('xend-relocation-tls', 'no')
+        return self.get_config_bool('xend-relocation-ssl', 'no')
 
     def get_xend_relocation_hosts_allow(self):
         return self.get_config_string("xend-relocation-hosts-allow",

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: [PATCH 1/2]Make ssl relocation server listen ondifferent port

[Masaki Kanno]

Hi Zhigang,

+    def get_xend_relocation_ssl_port(self):

The following line includes Tab-indent.

+	"""Get the port xend listens at for ssl connection to its relocation
+        server.
+        """
+        return self.get_config_int('xend-relocation-ssl-port',
+                                   self.xend_relocation_ssl_port_default)
+

Best regards,
 Kan

Fri, 23 May 2008 17:22:48 +0800, Zhigang Wang wrote:

>hi,
>
>This patch makes ssl relocation server listen on 8003 if enabled.
>
>Whether to start ssl relocation server now controlled by
>xend-relocation-ssl-server. So ssl and non-ssl relocation server can run
>simultaneously. You can also only start ssl server or only start non-ssl
>relocation server.
>
>When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers, start
>ssl and non-ssl relocation server simultaneously can keep backward 
>compatibility.
>
>It's also more reasonable to have separate ports for ssl and non-ssl.
>
>In this patch, also renames xend-relocation-tls to xend-relocation-ssl.
>
>Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>
>
>thanks,
>
>zhigang
>
>-------------------------------text/plain-------------------------------
>_______________________________________________
>Xen-devel mailing list
>Xen-devel@lists.xensource.com
>http://lists.xensource.com/xen-devel

Re: [PATCH 1/2]Make ssl relocation server listen ondifferent port

[Keir Fraser]

Zhigang, These patches are now applied. So please send a fixup patch to
apply on top to fix these issues.

 -- Keir

On 23/5/08 11:58, "Masaki Kanno" <kanno.masaki@jp.fujitsu.com> wrote:

> Hi Zhigang,
> 
> +    def get_xend_relocation_ssl_port(self):
> 
> The following line includes Tab-indent.
> 
> + """Get the port xend listens at for ssl connection to its relocation
> +        server.
> +        """
> +        return self.get_config_int('xend-relocation-ssl-port',
> +                                   self.xend_relocation_ssl_port_default)
> +
> 
> Best regards,
>  Kan
> 
> Fri, 23 May 2008 17:22:48 +0800, Zhigang Wang wrote:
> 
>> hi,
>> 
>> This patch makes ssl relocation server listen on 8003 if enabled.
>> 
>> Whether to start ssl relocation server now controlled by
>> xend-relocation-ssl-server. So ssl and non-ssl relocation server can run
>> simultaneously. You can also only start ssl server or only start non-ssl
>> relocation server.
>> 
>> When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers, start
>> ssl and non-ssl relocation server simultaneously can keep backward
>> compatibility.
>> 
>> It's also more reasonable to have separate ports for ssl and non-ssl.
>> 
>> In this patch, also renames xend-relocation-tls to xend-relocation-ssl.
>> 
>> Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>
>> 
>> thanks,
>> 
>> zhigang
>> 
>> -------------------------------text/plain-------------------------------
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xensource.com
>> http://lists.xensource.com/xen-devel
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel