WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH 1/2]Make ssl relocation server listen on different po

To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH 1/2]Make ssl relocation server listen on different port
From: Zhigang Wang <zhigang.x.wang@xxxxxxxxxx>
Date: Fri, 23 May 2008 17:22:48 +0800
Delivery-date: Fri, 23 May 2008 02:23:54 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.14 (X11/20080421)
hi,

This patch makes ssl relocation server listen on 8003 if enabled.

Whether to start ssl relocation server now controlled by
xend-relocation-ssl-server. So ssl and non-ssl relocation server can run
simultaneously. You can also only start ssl server or only start non-ssl
relocation server.

When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers, start
ssl and non-ssl relocation server simultaneously can keep backward 
compatibility.

It's also more reasonable to have separate ports for ssl and non-ssl.

In this patch, also renames xend-relocation-tls to xend-relocation-ssl.

Signed-off-by: Zhigang Wang <zhigang.x.wang@xxxxxxxxxx>

thanks,

zhigang
Make ssl relocation server listen on different port

This patch makes ssl relocation server listen on 8003 if enabled.

Whether to start ssl relocation server now controlled by
xend-relocation-ssl-server. So ssl and non-ssl relocation server can run
simultaneously. You can also only start ssl server or only start non-ssl
relocation server.

When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers, start
ssl and non-ssl relocation server simultaneously can keep backward
compatibility.

It's also more reasonable to have separate ports for ssl and non-ssl.

In this patch, also renames xend-relocation-tls to xend-relocation-ssl.

Signed-off-by: Zhigang Wang <zhigang.x.wang@xxxxxxxxxx>

diff -Nura xen-unstable.orig/tools/examples/xend-config.sxp 
xen-unstable/tools/examples/xend-config.sxp
--- xen-unstable.orig/tools/examples/xend-config.sxp    2008-05-22 
17:28:47.000000000 +0800
+++ xen-unstable/tools/examples/xend-config.sxp 2008-05-23 14:46:35.000000000 
+0800
@@ -59,6 +59,7 @@
 #(xend-unix-xmlrpc-server yes)
 #(xend-relocation-server no)
 (xend-relocation-server yes)
+#(xend-relocation-ssl-server no)
 
 #(xend-unix-path /var/lib/xend/xend-socket)
 
@@ -82,15 +83,18 @@
 # is set.
 #(xend-relocation-port 8002)
 
-# Whether to use tls when relocating.
-#(xend-relocation-tls no)
+# Port xend should use for the ssl relocation interface, if
+# xend-relocation-ssl-server is set.
+#(xend-relocation-ssl-port 8003)
 
-# SSL key and certificate to use for the relocation interface.
-# Setting these will mean that this port serves only SSL connections as
-# opposed to plaintext ones.
+# SSL key and certificate to use for the ssl relocation interface, if
+# xend-relocation-ssl-server is set.
 #(xend-relocation-server-ssl-key-file  /etc/xen/xmlrpc.key)
 #(xend-relocation-server-ssl-cert-file  /etc/xen/xmlrpc.crt)
 
+# Whether to use ssl as default when relocating.
+#(xend-relocation-ssl no)
+
 # Address xend should listen on for HTTP connections, if xend-http-server is
 # set.
 # Specifying 'localhost' prevents remote connections.
diff -Nura xen-unstable.orig/tools/python/xen/xend/server/relocate.py 
xen-unstable/tools/python/xen/xend/server/relocate.py
--- xen-unstable.orig/tools/python/xen/xend/server/relocate.py  2008-05-22 
17:28:51.000000000 +0800
+++ xen-unstable/tools/python/xen/xend/server/relocate.py       2008-05-23 
14:13:42.000000000 +0800
@@ -142,16 +142,22 @@
     if xoptions.get_xend_unix_server():
         path = '/var/lib/xend/relocation-socket'
         unix.UnixListener(path, RelocationProtocol)
+
+    interface = xoptions.get_xend_relocation_address()
+
+    hosts_allow = xoptions.get_xend_relocation_hosts_allow()
+    if hosts_allow == '':
+        hosts_allow = None
+    else:
+        hosts_allow = map(re.compile, hosts_allow.split(" "))
+
     if xoptions.get_xend_relocation_server():
         port = xoptions.get_xend_relocation_port()
-        interface = xoptions.get_xend_relocation_address()
-
-        hosts_allow = xoptions.get_xend_relocation_hosts_allow()
-        if hosts_allow == '':
-            hosts_allow = None
-        else:
-            hosts_allow = map(re.compile, hosts_allow.split(" "))
+        tcp.TCPListener(RelocationProtocol, port, interface = interface,
+                        hosts_allow = hosts_allow)
 
+    if xoptions.get_xend_relocation_ssl_server():
+        port = xoptions.get_xend_relocation_ssl_port()
         ssl_key_file = xoptions.get_xend_relocation_server_ssl_key_file()
         ssl_cert_file = xoptions.get_xend_relocation_server_ssl_cert_file()
 
@@ -161,5 +167,5 @@
                                ssl_key_file = ssl_key_file,
                                ssl_cert_file = ssl_cert_file)
         else:
-            tcp.TCPListener(RelocationProtocol, port, interface = interface,
-                            hosts_allow = hosts_allow)
+            raise XendError("ssl_key_file or ssl_cert_file for ssl relocation 
server is missing.")
+
diff -Nura xen-unstable.orig/tools/python/xen/xend/XendDomain.py 
xen-unstable/tools/python/xen/xend/XendDomain.py
--- xen-unstable.orig/tools/python/xen/xend/XendDomain.py       2008-05-22 
17:28:51.000000000 +0800
+++ xen-unstable/tools/python/xen/xend/XendDomain.py    2008-05-23 
12:51:10.000000000 +0800
@@ -1294,13 +1294,12 @@
             """ Make sure there's memory free for enabling shadow mode """
             dominfo.checkLiveMigrateMemory()
 
-        if port == 0:
-            port = xoptions.get_xend_relocation_port()
-
-        tls = xoptions.get_xend_relocation_tls()
-        if tls:
+        ssl = xoptions.get_xend_relocation_ssl()
+        if ssl:
             from OpenSSL import SSL
             from xen.web import connection
+            if port == 0:
+                port = xoptions.get_xend_relocation_ssl_port()
             try:
                 ctx = SSL.Context(SSL.SSLv23_METHOD)
                 sock = SSL.Connection(ctx,
@@ -1328,6 +1327,8 @@
             os.close(p2cread)
             os.close(p2cwrite)
         else:
+            if port == 0:
+                port = xoptions.get_xend_relocation_port()
             try:
                 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                 # When connecting to our ssl enabled relocation server using a
diff -Nura xen-unstable.orig/tools/python/xen/xend/XendOptions.py 
xen-unstable/tools/python/xen/xend/XendOptions.py
--- xen-unstable.orig/tools/python/xen/xend/XendOptions.py      2008-05-22 
17:28:51.000000000 +0800
+++ xen-unstable/tools/python/xen/xend/XendOptions.py   2008-05-23 
14:04:00.000000000 +0800
@@ -72,6 +72,9 @@
     """Default for the flag indicating whether xend should run a relocation 
server."""
     xend_relocation_server_default = 'no'
 
+    """Default for the flag indicating whether xend should run a ssl 
relocation server."""
+    xend_relocation_ssl_server_default = 'no'
+
     """Default interface address the xend relocation server listens at. """
     xend_relocation_address_default = ''
 
@@ -81,6 +84,9 @@
     """Default port xend serves relocation at. """
     xend_relocation_port_default = 8002
 
+    """Default port xend serves ssl relocation at. """
+    xend_relocation_ssl_port_default = 8003
+
     xend_relocation_hosts_allow_default = ''
 
     """Default for the flag indicating whether xend should run a unix-domain
@@ -192,6 +198,12 @@
         return self.get_config_bool("xend-relocation-server",
                                     self.xend_relocation_server_default)
 
+    def get_xend_relocation_ssl_server(self):
+        """Get the flag indicating whether xend should run a ssl relocation 
server.
+        """
+        return self.get_config_bool("xend-relocation-ssl-server",
+                                    self.xend_relocation_ssl_server_default)
+
     def get_xend_relocation_server_ssl_key_file(self):
         return self.get_config_string("xend-relocation-server-ssl-key-file")
 
@@ -209,10 +221,17 @@
         return self.get_config_int('xend-relocation-port',
                                    self.xend_relocation_port_default)
 
-    def get_xend_relocation_tls(self):
-        """Whether to use tls when relocating.
+    def get_xend_relocation_ssl_port(self):
+       """Get the port xend listens at for ssl connection to its relocation
+        server.
+        """
+        return self.get_config_int('xend-relocation-ssl-port',
+                                   self.xend_relocation_ssl_port_default)
+
+    def get_xend_relocation_ssl(self):
+        """Whether to use ssl when relocating.
         """
-        return self.get_config_bool('xend-relocation-tls', 'no')
+        return self.get_config_bool('xend-relocation-ssl', 'no')
 
     def get_xend_relocation_hosts_allow(self):
         return self.get_config_string("xend-relocation-hosts-allow",
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>