# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1211535704 -3600
# Node ID 91a9e28aed468d6548b3a4aac9d80988093cc91e
# Parent 4c8fc8def9b30d4d72a418960d168c77d3325ce1
Make ssl relocation server listen on different port
This patch makes ssl relocation server listen on 8003 if enabled.
Whether to start ssl relocation server now controlled by
xend-relocation-ssl-server. So ssl and non-ssl relocation server can
run simultaneously. You can also only start ssl server or only start
non-ssl relocation server.
When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers,
start ssl and non-ssl relocation server simultaneously can keep
backward compatibility.
It's also more reasonable to have separate ports for ssl and non-ssl.
In this patch, also renames xend-relocation-tls to xend-relocation-ssl.
Signed-off-by: Zhigang Wang <zhigang.x.wang@xxxxxxxxxx>
---
tools/examples/xend-config.sxp | 16 ++++++++++------
tools/python/xen/xend/XendDomain.py | 11 ++++++-----
tools/python/xen/xend/XendOptions.py | 27 +++++++++++++++++++++++----
tools/python/xen/xend/server/relocate.py | 24 +++++++++++++++---------
4 files changed, 54 insertions(+), 24 deletions(-)
diff -r 4c8fc8def9b3 -r 91a9e28aed46 tools/examples/xend-config.sxp
--- a/tools/examples/xend-config.sxp Fri May 23 09:48:44 2008 +0100
+++ b/tools/examples/xend-config.sxp Fri May 23 10:41:44 2008 +0100
@@ -59,6 +59,7 @@
#(xend-unix-xmlrpc-server yes)
#(xend-relocation-server no)
(xend-relocation-server yes)
+#(xend-relocation-ssl-server no)
#(xend-unix-path /var/lib/xend/xend-socket)
@@ -82,14 +83,17 @@
# is set.
#(xend-relocation-port 8002)
-# Whether to use tls when relocating.
-#(xend-relocation-tls no)
-
-# SSL key and certificate to use for the relocation interface.
-# Setting these will mean that this port serves only SSL connections as
-# opposed to plaintext ones.
+# Port xend should use for the ssl relocation interface, if
+# xend-relocation-ssl-server is set.
+#(xend-relocation-ssl-port 8003)
+
+# SSL key and certificate to use for the ssl relocation interface, if
+# xend-relocation-ssl-server is set.
#(xend-relocation-server-ssl-key-file /etc/xen/xmlrpc.key)
#(xend-relocation-server-ssl-cert-file /etc/xen/xmlrpc.crt)
+
+# Whether to use ssl as default when relocating.
+#(xend-relocation-ssl no)
# Address xend should listen on for HTTP connections, if xend-http-server is
# set.
diff -r 4c8fc8def9b3 -r 91a9e28aed46 tools/python/xen/xend/XendDomain.py
--- a/tools/python/xen/xend/XendDomain.py Fri May 23 09:48:44 2008 +0100
+++ b/tools/python/xen/xend/XendDomain.py Fri May 23 10:41:44 2008 +0100
@@ -1294,13 +1294,12 @@ class XendDomain:
""" Make sure there's memory free for enabling shadow mode """
dominfo.checkLiveMigrateMemory()
- if port == 0:
- port = xoptions.get_xend_relocation_port()
-
- tls = xoptions.get_xend_relocation_tls()
- if tls:
+ ssl = xoptions.get_xend_relocation_ssl()
+ if ssl:
from OpenSSL import SSL
from xen.web import connection
+ if port == 0:
+ port = xoptions.get_xend_relocation_ssl_port()
try:
ctx = SSL.Context(SSL.SSLv23_METHOD)
sock = SSL.Connection(ctx,
@@ -1328,6 +1327,8 @@ class XendDomain:
os.close(p2cread)
os.close(p2cwrite)
else:
+ if port == 0:
+ port = xoptions.get_xend_relocation_port()
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# When connecting to our ssl enabled relocation server using a
diff -r 4c8fc8def9b3 -r 91a9e28aed46 tools/python/xen/xend/XendOptions.py
--- a/tools/python/xen/xend/XendOptions.py Fri May 23 09:48:44 2008 +0100
+++ b/tools/python/xen/xend/XendOptions.py Fri May 23 10:41:44 2008 +0100
@@ -72,6 +72,9 @@ class XendOptions:
"""Default for the flag indicating whether xend should run a relocation
server."""
xend_relocation_server_default = 'no'
+ """Default for the flag indicating whether xend should run a ssl
relocation server."""
+ xend_relocation_ssl_server_default = 'no'
+
"""Default interface address the xend relocation server listens at. """
xend_relocation_address_default = ''
@@ -80,6 +83,9 @@ class XendOptions:
"""Default port xend serves relocation at. """
xend_relocation_port_default = 8002
+
+ """Default port xend serves ssl relocation at. """
+ xend_relocation_ssl_port_default = 8003
xend_relocation_hosts_allow_default = ''
@@ -192,6 +198,12 @@ class XendOptions:
return self.get_config_bool("xend-relocation-server",
self.xend_relocation_server_default)
+ def get_xend_relocation_ssl_server(self):
+ """Get the flag indicating whether xend should run a ssl relocation
server.
+ """
+ return self.get_config_bool("xend-relocation-ssl-server",
+ self.xend_relocation_ssl_server_default)
+
def get_xend_relocation_server_ssl_key_file(self):
return self.get_config_string("xend-relocation-server-ssl-key-file")
@@ -209,10 +221,17 @@ class XendOptions:
return self.get_config_int('xend-relocation-port',
self.xend_relocation_port_default)
- def get_xend_relocation_tls(self):
- """Whether to use tls when relocating.
- """
- return self.get_config_bool('xend-relocation-tls', 'no')
+ def get_xend_relocation_ssl_port(self):
+ """Get the port xend listens at for ssl connection to its relocation
+ server.
+ """
+ return self.get_config_int('xend-relocation-ssl-port',
+ self.xend_relocation_ssl_port_default)
+
+ def get_xend_relocation_ssl(self):
+ """Whether to use ssl when relocating.
+ """
+ return self.get_config_bool('xend-relocation-ssl', 'no')
def get_xend_relocation_hosts_allow(self):
return self.get_config_string("xend-relocation-hosts-allow",
diff -r 4c8fc8def9b3 -r 91a9e28aed46 tools/python/xen/xend/server/relocate.py
--- a/tools/python/xen/xend/server/relocate.py Fri May 23 09:48:44 2008 +0100
+++ b/tools/python/xen/xend/server/relocate.py Fri May 23 10:41:44 2008 +0100
@@ -142,16 +142,22 @@ def listenRelocation():
if xoptions.get_xend_unix_server():
path = '/var/lib/xend/relocation-socket'
unix.UnixListener(path, RelocationProtocol)
+
+ interface = xoptions.get_xend_relocation_address()
+
+ hosts_allow = xoptions.get_xend_relocation_hosts_allow()
+ if hosts_allow == '':
+ hosts_allow = None
+ else:
+ hosts_allow = map(re.compile, hosts_allow.split(" "))
+
if xoptions.get_xend_relocation_server():
port = xoptions.get_xend_relocation_port()
- interface = xoptions.get_xend_relocation_address()
+ tcp.TCPListener(RelocationProtocol, port, interface = interface,
+ hosts_allow = hosts_allow)
- hosts_allow = xoptions.get_xend_relocation_hosts_allow()
- if hosts_allow == '':
- hosts_allow = None
- else:
- hosts_allow = map(re.compile, hosts_allow.split(" "))
-
+ if xoptions.get_xend_relocation_ssl_server():
+ port = xoptions.get_xend_relocation_ssl_port()
ssl_key_file = xoptions.get_xend_relocation_server_ssl_key_file()
ssl_cert_file = xoptions.get_xend_relocation_server_ssl_cert_file()
@@ -161,5 +167,5 @@ def listenRelocation():
ssl_key_file = ssl_key_file,
ssl_cert_file = ssl_cert_file)
else:
- tcp.TCPListener(RelocationProtocol, port, interface = interface,
- hosts_allow = hosts_allow)
+ raise XendError("ssl_key_file or ssl_cert_file for ssl relocation
server is missing.")
+
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|