ia64/xen-unstable

changeset 17712:91a9e28aed46

Make ssl relocation server listen on different port

This patch makes ssl relocation server listen on 8003 if enabled.

Whether to start ssl relocation server now controlled by
xend-relocation-ssl-server. So ssl and non-ssl relocation server can
run simultaneously. You can also only start ssl server or only start
non-ssl relocation server.

When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers,
start ssl and non-ssl relocation server simultaneously can keep
backward compatibility.

It's also more reasonable to have separate ports for ssl and non-ssl.

In this patch, also renames xend-relocation-tls to xend-relocation-ssl.

Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>
author Keir Fraser <keir.fraser@citrix.com>
date Fri May 23 10:41:44 2008 +0100 (2008-05-23)
parents 4c8fc8def9b3
children 33a6590ba948
files tools/examples/xend-config.sxp tools/python/xen/xend/XendDomain.py tools/python/xen/xend/XendOptions.py tools/python/xen/xend/server/relocate.py
line diff
     1.1 --- a/tools/examples/xend-config.sxp	Fri May 23 09:48:44 2008 +0100
     1.2 +++ b/tools/examples/xend-config.sxp	Fri May 23 10:41:44 2008 +0100
     1.3 @@ -59,6 +59,7 @@
     1.4  #(xend-unix-xmlrpc-server yes)
     1.5  #(xend-relocation-server no)
     1.6  (xend-relocation-server yes)
     1.7 +#(xend-relocation-ssl-server no)
     1.8  
     1.9  #(xend-unix-path /var/lib/xend/xend-socket)
    1.10  
    1.11 @@ -82,15 +83,18 @@
    1.12  # is set.
    1.13  #(xend-relocation-port 8002)
    1.14  
    1.15 -# Whether to use tls when relocating.
    1.16 -#(xend-relocation-tls no)
    1.17 +# Port xend should use for the ssl relocation interface, if
    1.18 +# xend-relocation-ssl-server is set.
    1.19 +#(xend-relocation-ssl-port 8003)
    1.20  
    1.21 -# SSL key and certificate to use for the relocation interface.
    1.22 -# Setting these will mean that this port serves only SSL connections as
    1.23 -# opposed to plaintext ones.
    1.24 +# SSL key and certificate to use for the ssl relocation interface, if
    1.25 +# xend-relocation-ssl-server is set.
    1.26  #(xend-relocation-server-ssl-key-file  /etc/xen/xmlrpc.key)
    1.27  #(xend-relocation-server-ssl-cert-file  /etc/xen/xmlrpc.crt)
    1.28  
    1.29 +# Whether to use ssl as default when relocating.
    1.30 +#(xend-relocation-ssl no)
    1.31 +
    1.32  # Address xend should listen on for HTTP connections, if xend-http-server is
    1.33  # set.
    1.34  # Specifying 'localhost' prevents remote connections.
     2.1 --- a/tools/python/xen/xend/XendDomain.py	Fri May 23 09:48:44 2008 +0100
     2.2 +++ b/tools/python/xen/xend/XendDomain.py	Fri May 23 10:41:44 2008 +0100
     2.3 @@ -1294,13 +1294,12 @@ class XendDomain:
     2.4              """ Make sure there's memory free for enabling shadow mode """
     2.5              dominfo.checkLiveMigrateMemory()
     2.6  
     2.7 -        if port == 0:
     2.8 -            port = xoptions.get_xend_relocation_port()
     2.9 -
    2.10 -        tls = xoptions.get_xend_relocation_tls()
    2.11 -        if tls:
    2.12 +        ssl = xoptions.get_xend_relocation_ssl()
    2.13 +        if ssl:
    2.14              from OpenSSL import SSL
    2.15              from xen.web import connection
    2.16 +            if port == 0:
    2.17 +                port = xoptions.get_xend_relocation_ssl_port()
    2.18              try:
    2.19                  ctx = SSL.Context(SSL.SSLv23_METHOD)
    2.20                  sock = SSL.Connection(ctx,
    2.21 @@ -1328,6 +1327,8 @@ class XendDomain:
    2.22              os.close(p2cread)
    2.23              os.close(p2cwrite)
    2.24          else:
    2.25 +            if port == 0:
    2.26 +                port = xoptions.get_xend_relocation_port()
    2.27              try:
    2.28                  sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    2.29                  # When connecting to our ssl enabled relocation server using a
     3.1 --- a/tools/python/xen/xend/XendOptions.py	Fri May 23 09:48:44 2008 +0100
     3.2 +++ b/tools/python/xen/xend/XendOptions.py	Fri May 23 10:41:44 2008 +0100
     3.3 @@ -72,6 +72,9 @@ class XendOptions:
     3.4      """Default for the flag indicating whether xend should run a relocation server."""
     3.5      xend_relocation_server_default = 'no'
     3.6  
     3.7 +    """Default for the flag indicating whether xend should run a ssl relocation server."""
     3.8 +    xend_relocation_ssl_server_default = 'no'
     3.9 +
    3.10      """Default interface address the xend relocation server listens at. """
    3.11      xend_relocation_address_default = ''
    3.12  
    3.13 @@ -81,6 +84,9 @@ class XendOptions:
    3.14      """Default port xend serves relocation at. """
    3.15      xend_relocation_port_default = 8002
    3.16  
    3.17 +    """Default port xend serves ssl relocation at. """
    3.18 +    xend_relocation_ssl_port_default = 8003
    3.19 +
    3.20      xend_relocation_hosts_allow_default = ''
    3.21  
    3.22      """Default for the flag indicating whether xend should run a unix-domain
    3.23 @@ -192,6 +198,12 @@ class XendOptions:
    3.24          return self.get_config_bool("xend-relocation-server",
    3.25                                      self.xend_relocation_server_default)
    3.26  
    3.27 +    def get_xend_relocation_ssl_server(self):
    3.28 +        """Get the flag indicating whether xend should run a ssl relocation server.
    3.29 +        """
    3.30 +        return self.get_config_bool("xend-relocation-ssl-server",
    3.31 +                                    self.xend_relocation_ssl_server_default)
    3.32 +
    3.33      def get_xend_relocation_server_ssl_key_file(self):
    3.34          return self.get_config_string("xend-relocation-server-ssl-key-file")
    3.35  
    3.36 @@ -209,10 +221,17 @@ class XendOptions:
    3.37          return self.get_config_int('xend-relocation-port',
    3.38                                     self.xend_relocation_port_default)
    3.39  
    3.40 -    def get_xend_relocation_tls(self):
    3.41 -        """Whether to use tls when relocating.
    3.42 +    def get_xend_relocation_ssl_port(self):
    3.43 +	"""Get the port xend listens at for ssl connection to its relocation
    3.44 +        server.
    3.45          """
    3.46 -        return self.get_config_bool('xend-relocation-tls', 'no')
    3.47 +        return self.get_config_int('xend-relocation-ssl-port',
    3.48 +                                   self.xend_relocation_ssl_port_default)
    3.49 +
    3.50 +    def get_xend_relocation_ssl(self):
    3.51 +        """Whether to use ssl when relocating.
    3.52 +        """
    3.53 +        return self.get_config_bool('xend-relocation-ssl', 'no')
    3.54  
    3.55      def get_xend_relocation_hosts_allow(self):
    3.56          return self.get_config_string("xend-relocation-hosts-allow",
     4.1 --- a/tools/python/xen/xend/server/relocate.py	Fri May 23 09:48:44 2008 +0100
     4.2 +++ b/tools/python/xen/xend/server/relocate.py	Fri May 23 10:41:44 2008 +0100
     4.3 @@ -142,16 +142,22 @@ def listenRelocation():
     4.4      if xoptions.get_xend_unix_server():
     4.5          path = '/var/lib/xend/relocation-socket'
     4.6          unix.UnixListener(path, RelocationProtocol)
     4.7 +
     4.8 +    interface = xoptions.get_xend_relocation_address()
     4.9 +
    4.10 +    hosts_allow = xoptions.get_xend_relocation_hosts_allow()
    4.11 +    if hosts_allow == '':
    4.12 +        hosts_allow = None
    4.13 +    else:
    4.14 +        hosts_allow = map(re.compile, hosts_allow.split(" "))
    4.15 +
    4.16      if xoptions.get_xend_relocation_server():
    4.17          port = xoptions.get_xend_relocation_port()
    4.18 -        interface = xoptions.get_xend_relocation_address()
    4.19 +        tcp.TCPListener(RelocationProtocol, port, interface = interface,
    4.20 +                        hosts_allow = hosts_allow)
    4.21  
    4.22 -        hosts_allow = xoptions.get_xend_relocation_hosts_allow()
    4.23 -        if hosts_allow == '':
    4.24 -            hosts_allow = None
    4.25 -        else:
    4.26 -            hosts_allow = map(re.compile, hosts_allow.split(" "))
    4.27 -
    4.28 +    if xoptions.get_xend_relocation_ssl_server():
    4.29 +        port = xoptions.get_xend_relocation_ssl_port()
    4.30          ssl_key_file = xoptions.get_xend_relocation_server_ssl_key_file()
    4.31          ssl_cert_file = xoptions.get_xend_relocation_server_ssl_cert_file()
    4.32  
    4.33 @@ -161,5 +167,5 @@ def listenRelocation():
    4.34                                 ssl_key_file = ssl_key_file,
    4.35                                 ssl_cert_file = ssl_cert_file)
    4.36          else:
    4.37 -            tcp.TCPListener(RelocationProtocol, port, interface = interface,
    4.38 -                            hosts_allow = hosts_allow)
    4.39 +            raise XendError("ssl_key_file or ssl_cert_file for ssl relocation server is missing.")
    4.40 +