ia64/xen-unstable
changeset 17712:91a9e28aed46
Make ssl relocation server listen on different port
This patch makes ssl relocation server listen on 8003 if enabled.
Whether to start ssl relocation server now controlled by
xend-relocation-ssl-server. So ssl and non-ssl relocation server can
run simultaneously. You can also only start ssl server or only start
non-ssl relocation server.
When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers,
start ssl and non-ssl relocation server simultaneously can keep
backward compatibility.
It's also more reasonable to have separate ports for ssl and non-ssl.
In this patch, also renames xend-relocation-tls to xend-relocation-ssl.
Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>
This patch makes ssl relocation server listen on 8003 if enabled.
Whether to start ssl relocation server now controlled by
xend-relocation-ssl-server. So ssl and non-ssl relocation server can
run simultaneously. You can also only start ssl server or only start
non-ssl relocation server.
When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers,
start ssl and non-ssl relocation server simultaneously can keep
backward compatibility.
It's also more reasonable to have separate ports for ssl and non-ssl.
In this patch, also renames xend-relocation-tls to xend-relocation-ssl.
Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>
| author | Keir Fraser <keir.fraser@citrix.com> |
|---|---|
| date | Fri May 23 10:41:44 2008 +0100 (2008-05-23) |
| parents | 4c8fc8def9b3 |
| children | 33a6590ba948 |
| files | tools/examples/xend-config.sxp tools/python/xen/xend/XendDomain.py tools/python/xen/xend/XendOptions.py tools/python/xen/xend/server/relocate.py |
line diff
1.1 --- a/tools/examples/xend-config.sxp Fri May 23 09:48:44 2008 +0100 1.2 +++ b/tools/examples/xend-config.sxp Fri May 23 10:41:44 2008 +0100 1.3 @@ -59,6 +59,7 @@ 1.4 #(xend-unix-xmlrpc-server yes) 1.5 #(xend-relocation-server no) 1.6 (xend-relocation-server yes) 1.7 +#(xend-relocation-ssl-server no) 1.8 1.9 #(xend-unix-path /var/lib/xend/xend-socket) 1.10 1.11 @@ -82,15 +83,18 @@ 1.12 # is set. 1.13 #(xend-relocation-port 8002) 1.14 1.15 -# Whether to use tls when relocating. 1.16 -#(xend-relocation-tls no) 1.17 +# Port xend should use for the ssl relocation interface, if 1.18 +# xend-relocation-ssl-server is set. 1.19 +#(xend-relocation-ssl-port 8003) 1.20 1.21 -# SSL key and certificate to use for the relocation interface. 1.22 -# Setting these will mean that this port serves only SSL connections as 1.23 -# opposed to plaintext ones. 1.24 +# SSL key and certificate to use for the ssl relocation interface, if 1.25 +# xend-relocation-ssl-server is set. 1.26 #(xend-relocation-server-ssl-key-file /etc/xen/xmlrpc.key) 1.27 #(xend-relocation-server-ssl-cert-file /etc/xen/xmlrpc.crt) 1.28 1.29 +# Whether to use ssl as default when relocating. 1.30 +#(xend-relocation-ssl no) 1.31 + 1.32 # Address xend should listen on for HTTP connections, if xend-http-server is 1.33 # set. 1.34 # Specifying 'localhost' prevents remote connections.
2.1 --- a/tools/python/xen/xend/XendDomain.py Fri May 23 09:48:44 2008 +0100 2.2 +++ b/tools/python/xen/xend/XendDomain.py Fri May 23 10:41:44 2008 +0100 2.3 @@ -1294,13 +1294,12 @@ class XendDomain: 2.4 """ Make sure there's memory free for enabling shadow mode """ 2.5 dominfo.checkLiveMigrateMemory() 2.6 2.7 - if port == 0: 2.8 - port = xoptions.get_xend_relocation_port() 2.9 - 2.10 - tls = xoptions.get_xend_relocation_tls() 2.11 - if tls: 2.12 + ssl = xoptions.get_xend_relocation_ssl() 2.13 + if ssl: 2.14 from OpenSSL import SSL 2.15 from xen.web import connection 2.16 + if port == 0: 2.17 + port = xoptions.get_xend_relocation_ssl_port() 2.18 try: 2.19 ctx = SSL.Context(SSL.SSLv23_METHOD) 2.20 sock = SSL.Connection(ctx, 2.21 @@ -1328,6 +1327,8 @@ class XendDomain: 2.22 os.close(p2cread) 2.23 os.close(p2cwrite) 2.24 else: 2.25 + if port == 0: 2.26 + port = xoptions.get_xend_relocation_port() 2.27 try: 2.28 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 2.29 # When connecting to our ssl enabled relocation server using a
3.1 --- a/tools/python/xen/xend/XendOptions.py Fri May 23 09:48:44 2008 +0100 3.2 +++ b/tools/python/xen/xend/XendOptions.py Fri May 23 10:41:44 2008 +0100 3.3 @@ -72,6 +72,9 @@ class XendOptions: 3.4 """Default for the flag indicating whether xend should run a relocation server.""" 3.5 xend_relocation_server_default = 'no' 3.6 3.7 + """Default for the flag indicating whether xend should run a ssl relocation server.""" 3.8 + xend_relocation_ssl_server_default = 'no' 3.9 + 3.10 """Default interface address the xend relocation server listens at. """ 3.11 xend_relocation_address_default = '' 3.12 3.13 @@ -81,6 +84,9 @@ class XendOptions: 3.14 """Default port xend serves relocation at. """ 3.15 xend_relocation_port_default = 8002 3.16 3.17 + """Default port xend serves ssl relocation at. """ 3.18 + xend_relocation_ssl_port_default = 8003 3.19 + 3.20 xend_relocation_hosts_allow_default = '' 3.21 3.22 """Default for the flag indicating whether xend should run a unix-domain 3.23 @@ -192,6 +198,12 @@ class XendOptions: 3.24 return self.get_config_bool("xend-relocation-server", 3.25 self.xend_relocation_server_default) 3.26 3.27 + def get_xend_relocation_ssl_server(self): 3.28 + """Get the flag indicating whether xend should run a ssl relocation server. 3.29 + """ 3.30 + return self.get_config_bool("xend-relocation-ssl-server", 3.31 + self.xend_relocation_ssl_server_default) 3.32 + 3.33 def get_xend_relocation_server_ssl_key_file(self): 3.34 return self.get_config_string("xend-relocation-server-ssl-key-file") 3.35 3.36 @@ -209,10 +221,17 @@ class XendOptions: 3.37 return self.get_config_int('xend-relocation-port', 3.38 self.xend_relocation_port_default) 3.39 3.40 - def get_xend_relocation_tls(self): 3.41 - """Whether to use tls when relocating. 3.42 + def get_xend_relocation_ssl_port(self): 3.43 + """Get the port xend listens at for ssl connection to its relocation 3.44 + server. 3.45 """ 3.46 - return self.get_config_bool('xend-relocation-tls', 'no') 3.47 + return self.get_config_int('xend-relocation-ssl-port', 3.48 + self.xend_relocation_ssl_port_default) 3.49 + 3.50 + def get_xend_relocation_ssl(self): 3.51 + """Whether to use ssl when relocating. 3.52 + """ 3.53 + return self.get_config_bool('xend-relocation-ssl', 'no') 3.54 3.55 def get_xend_relocation_hosts_allow(self): 3.56 return self.get_config_string("xend-relocation-hosts-allow",
4.1 --- a/tools/python/xen/xend/server/relocate.py Fri May 23 09:48:44 2008 +0100 4.2 +++ b/tools/python/xen/xend/server/relocate.py Fri May 23 10:41:44 2008 +0100 4.3 @@ -142,16 +142,22 @@ def listenRelocation(): 4.4 if xoptions.get_xend_unix_server(): 4.5 path = '/var/lib/xend/relocation-socket' 4.6 unix.UnixListener(path, RelocationProtocol) 4.7 + 4.8 + interface = xoptions.get_xend_relocation_address() 4.9 + 4.10 + hosts_allow = xoptions.get_xend_relocation_hosts_allow() 4.11 + if hosts_allow == '': 4.12 + hosts_allow = None 4.13 + else: 4.14 + hosts_allow = map(re.compile, hosts_allow.split(" ")) 4.15 + 4.16 if xoptions.get_xend_relocation_server(): 4.17 port = xoptions.get_xend_relocation_port() 4.18 - interface = xoptions.get_xend_relocation_address() 4.19 + tcp.TCPListener(RelocationProtocol, port, interface = interface, 4.20 + hosts_allow = hosts_allow) 4.21 4.22 - hosts_allow = xoptions.get_xend_relocation_hosts_allow() 4.23 - if hosts_allow == '': 4.24 - hosts_allow = None 4.25 - else: 4.26 - hosts_allow = map(re.compile, hosts_allow.split(" ")) 4.27 - 4.28 + if xoptions.get_xend_relocation_ssl_server(): 4.29 + port = xoptions.get_xend_relocation_ssl_port() 4.30 ssl_key_file = xoptions.get_xend_relocation_server_ssl_key_file() 4.31 ssl_cert_file = xoptions.get_xend_relocation_server_ssl_cert_file() 4.32 4.33 @@ -161,5 +167,5 @@ def listenRelocation(): 4.34 ssl_key_file = ssl_key_file, 4.35 ssl_cert_file = ssl_cert_file) 4.36 else: 4.37 - tcp.TCPListener(RelocationProtocol, port, interface = interface, 4.38 - hosts_allow = hosts_allow) 4.39 + raise XendError("ssl_key_file or ssl_cert_file for ssl relocation server is missing.") 4.40 +