This patch makes ssl relocation server listen on 8003 if enabled.
Whether to start ssl relocation server now controlled by
xend-relocation-ssl-server. So ssl and non-ssl relocation server can
run simultaneously. You can also only start ssl server or only start
non-ssl relocation server.
When mix deploy xen 3.2 server (has no ssl support) and 3.3 servers,
start ssl and non-ssl relocation server simultaneously can keep
backward compatibility.
It's also more reasonable to have separate ports for ssl and non-ssl.
In this patch, also renames xend-relocation-tls to xend-relocation-ssl.
Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>
#(xend-unix-xmlrpc-server yes)
#(xend-relocation-server no)
(xend-relocation-server yes)
+#(xend-relocation-ssl-server no)
#(xend-unix-path /var/lib/xend/xend-socket)
# is set.
#(xend-relocation-port 8002)
-# Whether to use tls when relocating.
-#(xend-relocation-tls no)
+# Port xend should use for the ssl relocation interface, if
+# xend-relocation-ssl-server is set.
+#(xend-relocation-ssl-port 8003)
-# SSL key and certificate to use for the relocation interface.
-# Setting these will mean that this port serves only SSL connections as
-# opposed to plaintext ones.
+# SSL key and certificate to use for the ssl relocation interface, if
+# xend-relocation-ssl-server is set.
#(xend-relocation-server-ssl-key-file /etc/xen/xmlrpc.key)
#(xend-relocation-server-ssl-cert-file /etc/xen/xmlrpc.crt)
+# Whether to use ssl as default when relocating.
+#(xend-relocation-ssl no)
+
# Address xend should listen on for HTTP connections, if xend-http-server is
# set.
# Specifying 'localhost' prevents remote connections.
""" Make sure there's memory free for enabling shadow mode """
dominfo.checkLiveMigrateMemory()
- if port == 0:
- port = xoptions.get_xend_relocation_port()
-
- tls = xoptions.get_xend_relocation_tls()
- if tls:
+ ssl = xoptions.get_xend_relocation_ssl()
+ if ssl:
from OpenSSL import SSL
from xen.web import connection
+ if port == 0:
+ port = xoptions.get_xend_relocation_ssl_port()
try:
ctx = SSL.Context(SSL.SSLv23_METHOD)
sock = SSL.Connection(ctx,
os.close(p2cread)
os.close(p2cwrite)
else:
+ if port == 0:
+ port = xoptions.get_xend_relocation_port()
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# When connecting to our ssl enabled relocation server using a
"""Default for the flag indicating whether xend should run a relocation server."""
xend_relocation_server_default = 'no'
+ """Default for the flag indicating whether xend should run a ssl relocation server."""
+ xend_relocation_ssl_server_default = 'no'
+
"""Default interface address the xend relocation server listens at. """
xend_relocation_address_default = ''
"""Default port xend serves relocation at. """
xend_relocation_port_default = 8002
+ """Default port xend serves ssl relocation at. """
+ xend_relocation_ssl_port_default = 8003
+
xend_relocation_hosts_allow_default = ''
"""Default for the flag indicating whether xend should run a unix-domain
return self.get_config_bool("xend-relocation-server",
self.xend_relocation_server_default)
+ def get_xend_relocation_ssl_server(self):
+ """Get the flag indicating whether xend should run a ssl relocation server.
+ """
+ return self.get_config_bool("xend-relocation-ssl-server",
+ self.xend_relocation_ssl_server_default)
+
def get_xend_relocation_server_ssl_key_file(self):
return self.get_config_string("xend-relocation-server-ssl-key-file")
return self.get_config_int('xend-relocation-port',
self.xend_relocation_port_default)
- def get_xend_relocation_tls(self):
- """Whether to use tls when relocating.
+ def get_xend_relocation_ssl_port(self):
+ """Get the port xend listens at for ssl connection to its relocation
+ server.
+ """
+ return self.get_config_int('xend-relocation-ssl-port',
+ self.xend_relocation_ssl_port_default)
+
+ def get_xend_relocation_ssl(self):
+ """Whether to use ssl when relocating.
"""
- return self.get_config_bool('xend-relocation-tls', 'no')
+ return self.get_config_bool('xend-relocation-ssl', 'no')
def get_xend_relocation_hosts_allow(self):
return self.get_config_string("xend-relocation-hosts-allow",
if xoptions.get_xend_unix_server():
path = '/var/lib/xend/relocation-socket'
unix.UnixListener(path, RelocationProtocol)
+
+ interface = xoptions.get_xend_relocation_address()
+
+ hosts_allow = xoptions.get_xend_relocation_hosts_allow()
+ if hosts_allow == '':
+ hosts_allow = None
+ else:
+ hosts_allow = map(re.compile, hosts_allow.split(" "))
+
if xoptions.get_xend_relocation_server():
port = xoptions.get_xend_relocation_port()
- interface = xoptions.get_xend_relocation_address()
-
- hosts_allow = xoptions.get_xend_relocation_hosts_allow()
- if hosts_allow == '':
- hosts_allow = None
- else:
- hosts_allow = map(re.compile, hosts_allow.split(" "))
+ tcp.TCPListener(RelocationProtocol, port, interface = interface,
+ hosts_allow = hosts_allow)
+ if xoptions.get_xend_relocation_ssl_server():
+ port = xoptions.get_xend_relocation_ssl_port()
ssl_key_file = xoptions.get_xend_relocation_server_ssl_key_file()
ssl_cert_file = xoptions.get_xend_relocation_server_ssl_cert_file()
ssl_key_file = ssl_key_file,
ssl_cert_file = ssl_cert_file)
else:
- tcp.TCPListener(RelocationProtocol, port, interface = interface,
- hosts_allow = hosts_allow)
+ raise XendError("ssl_key_file or ssl_cert_file for ssl relocation server is missing.")
+
projects / xen.git / commitdiff