From Dan Kenigsberg <danken(a)redhat.com>:
Dan Kenigsberg has uploaded a new change for review.
Change subject: sslutils: add info to SSLHandshake errors
......................................................................
sslutils: add info to SSLHandshake errors
Include name of peer and its full certificate if they do not match,
in order to understand which non-legitimate client attempts to connect.
Change-Id: I0cb2d7e0c6c86ca12a34be13b07bc960e3ad313e
Signed-off-by: Dan Kenigsberg <danken(a)redhat.com>
---
M lib/vdsm/sslutils.py
1 file changed, 6 insertions(+), 3 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/21/76221/1
diff --git a/lib/vdsm/sslutils.py b/lib/vdsm/sslutils.py
index 10fc172..8c349ca 100644
--- a/lib/vdsm/sslutils.py
+++ b/lib/vdsm/sslutils.py
@@ -219,9 +219,12 @@
if self._is_handshaking:
self._handshake(dispatcher)
else:
- if not self._verify_host(dispatcher.socket.getpeercert(),
- dispatcher.socket.getpeername()[0]):
- self.log.error("peer certificate does not match host name")
+ peercert = dispatcher.socket.getpeercert()
+ peername = dispatcher.socket.getpeername()[0]
+ if not self._verify_host(peercert, peername):
+ self.log.error(
+ "peer certificate '%s' does not match host name '%s'",
+ peercert, peername)
dispatcher.socket.close()
return
--
To view, visit https://gerrit.ovirt.org/76221
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I0cb2d7e0c6c86ca12a34be13b07bc960e3ad313e
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Dan Kenigsberg <danken(a)redhat.com>
From Yaniv Bronhaim <ybronhei(a)redhat.com>:
Yaniv Bronhaim has uploaded a new change for review.
Change subject: configfile: comment out old configuration when attribute is set by vdsm
......................................................................
configfile: comment out old configuration when attribute is set by vdsm
When vdsm configures a key that already exists in conf file, the new key
will be created in vdsm-config-section. oldentries is a variable that tried to
do the opposite and leave keys instead of overriding with vdsm content if the
attribute is already set - the intention should be to use vdsm configuration
after calling vdsm-tool configure. This patch comment-out fields that
vdsm adds with a comment above those comments.
Change-Id: Id1dba75449b712432e0c2bc5b128cc996ede0153
Related-To: https://bugzilla.redhat.com/917062
Signed-off-by: Yaniv Bronhaim <ybronhei(a)redhat.com>
---
M lib/vdsm/tool/configfile.py
M tests/toolTests.py
2 files changed, 58 insertions(+), 16 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/59/75659/1
diff --git a/lib/vdsm/tool/configfile.py b/lib/vdsm/tool/configfile.py
index bad0759..0121074 100644
--- a/lib/vdsm/tool/configfile.py
+++ b/lib/vdsm/tool/configfile.py
@@ -21,7 +21,6 @@
import functools
import os
import tempfile
-import re
import selinux
from six.moves import configparser
import io
@@ -112,9 +111,7 @@
return self
def _getOldContent(self):
- confpat = re.compile(r'^\s*(?P<key>[^=\s#]*)\s*=')
oldlines = []
- oldentries = set()
with io.open(self._filename, 'r', encoding='utf8') as f:
for line in f:
if self._remove:
@@ -135,13 +132,10 @@
line = line[len(self._prefix):]
if self._prefixAdd:
line = self._prefix + line
- m = confpat.match(line.rstrip())
- if m:
- oldentries.add(m.group('key'))
# remove this if at 4.0. see 'Backward compatibility'
if not self._remove or self._lineComment not in line:
oldlines.append(line)
- return oldlines, oldentries
+ return oldlines
def _start(self):
return u"%s-%s\n" % (self._sectionStart, self._version)
@@ -154,26 +148,33 @@
f.write(self._section)
f.write(self._end())
- def _writeEntries(self, f, oldentries):
+ def _writeEntries(self, f):
f.write(self._start())
for key, val in sorted(self._entries.items()):
- if key not in oldentries:
- f.write(u"{k}={v}\n".format(k=key, v=val))
+ f.write(u"{k}={v}\n".format(k=key, v=val))
f.write(self._end())
def __exit__(self, exec_ty, exec_val, tb):
-
self._context = False
if exec_ty is None:
fd, tname = tempfile.mkstemp(dir=os.path.dirname(self._filename))
try:
- oldlines, oldentries = self._getOldContent()
+ oldlines = self._getOldContent()
with io.open(fd, 'w', encoding='utf8') as f:
if self._section:
self._writeSection(f)
- f.writelines(oldlines)
+ # if oldlines includes something that we have in
+ # self._entries we need to write only the new value!
+ for fullline in oldlines:
+ line = fullline.replace(' ', '')
+ key = line.split("=")[0]
+ if key not in self._entries:
+ f.write(fullline)
+ else:
+ f.write(u'## commented out by vdsm\n')
+ f.write(u'# %s\n' % (fullline))
if self._entries:
- self._writeEntries(f, oldentries)
+ self._writeEntries(f)
os.rename(tname, self._filename)
diff --git a/tests/toolTests.py b/tests/toolTests.py
index 4bf51a8..0f065db 100644
--- a/tests/toolTests.py
+++ b/tests/toolTests.py
@@ -446,7 +446,7 @@
def testAddExistingConf(self):
self._writeConf("key1=val1\n"
- " key2 =val2\n"
+ "key2=val2"
"#key3=val4")
with ConfigFile(self.tname,
version='3.4.4',
@@ -457,9 +457,50 @@
with open(self.tname, 'r') as f:
self.assertEqual(f.read(), "key1=val1\n"
- " key2 =val2\n"
+ "## commented out by vdsm\n"
+ "# key2=val2"
+ "#key3=val4\n"
+ "# start conf-3.4.4\n"
+ "key2=val3\n"
+ "key3=val3\n"
+ "# end conf-3.4.4\n")
+
+ def testAddCommentedoutConf(self):
+ self._writeConf("key1=val1\n"
+ "#key3=val4")
+ with ConfigFile(self.tname,
+ version='3.4.4',
+ sectionStart="# start conf",
+ sectionEnd="# end conf") as conf:
+ conf.addEntry("key3", "val3")
+ conf.addEntry("key2", "val3")
+
+ with open(self.tname, 'r') as f:
+ self.assertEqual(f.read(), "key1=val1\n"
"#key3=val4"
"# start conf-3.4.4\n"
+ "key2=val3\n"
+ "key3=val3\n"
+ "# end conf-3.4.4\n")
+
+ def testAddExistingConfWithWhitespaces(self):
+ self._writeConf("key1=val1\n"
+ " key2 =val2"
+ "#key3=val4")
+ with ConfigFile(self.tname,
+ version='3.4.4',
+ sectionStart="# start conf",
+ sectionEnd="# end conf") as conf:
+ conf.addEntry("key3", "val3")
+ conf.addEntry("key2", "val3")
+
+ with open(self.tname, 'r') as f:
+ self.assertEqual(f.read(), "key1=val1\n"
+ "## commented out by vdsm\n"
+ "# key2 =val2"
+ "#key3=val4\n"
+ "# start conf-3.4.4\n"
+ "key2=val3\n"
"key3=val3\n"
"# end conf-3.4.4\n")
--
To view, visit https://gerrit.ovirt.org/75659
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Id1dba75449b712432e0c2bc5b128cc996ede0153
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-4.1
Gerrit-Owner: Yaniv Bronhaim <ybronhei(a)redhat.com>
From Yaniv Bronhaim <ybronhei(a)redhat.com>:
Yaniv Bronhaim has uploaded a new change for review.
Change subject: Add confutil to manage properties files easily
......................................................................
Add confutil to manage properties files easily
In addition to confmeta [1], this util allows easy to manage files in
the format of
key = value
key2 = value
..
This uses configfile and add functionality for easy add and remove
sections inside the file.
Those function moved from libvirt configurator and are not introduced in
this patch. configurators/libvirt.py was the first usage until
abrt.conf. For later configurators this util might be useful.
See internal comments to understand usages.
[1] https://gerrit.ovirt.org/70583
Related-To: https://bugzilla.redhat.com/917062
Change-Id: Id67a0f51adb2d543c0542a48c020d34a13d1f2ed
Signed-off-by: Yeela Kaplan <ykaplan(a)redhat.com>
Signed-off-by: Yaniv Bronhaim <ybronhei(a)redhat.com>
---
M lib/vdsm/tool/Makefile.am
M lib/vdsm/tool/configurators/libvirt.py
A lib/vdsm/tool/confutils.py
M vdsm.spec.in
4 files changed, 145 insertions(+), 91 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/58/75658/1
diff --git a/lib/vdsm/tool/Makefile.am b/lib/vdsm/tool/Makefile.am
index 45ec477..83cdc73 100644
--- a/lib/vdsm/tool/Makefile.am
+++ b/lib/vdsm/tool/Makefile.am
@@ -24,6 +24,7 @@
dist_vdsmtool_PYTHON = \
__init__.py \
confmeta.py \
+ confutils.py \
dummybr.py \
dump_bonding_opts.py \
dump_volume_chains.py \
diff --git a/lib/vdsm/tool/configurators/libvirt.py b/lib/vdsm/tool/configurators/libvirt.py
index 46e73d5..c756a93 100644
--- a/lib/vdsm/tool/configurators/libvirt.py
+++ b/lib/vdsm/tool/configurators/libvirt.py
@@ -1,4 +1,4 @@
-# Copyright 2014-2016 Red Hat, Inc.
+# Copyright 2014-2017 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -17,7 +17,6 @@
# Refer to the README and COPYING files for full details of the license
#
from __future__ import absolute_import
-import errno
import os
import uuid
import sys
@@ -25,7 +24,9 @@
from vdsm.config import config
from . import NO, MAYBE
-from vdsm.tool.configfile import ConfigFile, ParserWrapper
+
+from vdsm.tool import confutils
+from vdsm.tool.configfile import ParserWrapper
from vdsm import constants
@@ -34,13 +35,9 @@
services = ("vdsmd", "supervdsmd", "libvirtd")
-def _getFile(fname):
- return FILES[fname]['path']
-
-
def configure():
# Remove a previous configuration (if present)
- removeConf()
+ confutils.remove_conf(FILES, CONF_VERSION)
vdsmConfiguration = {
'ssl_enabled': config.getboolean('vars', 'ssl'),
@@ -50,7 +47,7 @@
# write configuration
for cfile, content in FILES.items():
- content['configure'](content, vdsmConfiguration)
+ content['configure'](content, CONF_VERSION, vdsmConfiguration)
def validate():
@@ -65,8 +62,8 @@
Check if libvirt is already configured for vdsm
"""
ret = MAYBE
- for path in (_getPersistedFiles()):
- if not _openConfig(path).hasConf():
+ for path in (confutils.get_persisted_files(FILES)):
+ if not confutils.open_config(path, CONF_VERSION).hasConf():
ret = NO
if ret == MAYBE:
@@ -74,21 +71,6 @@
else:
sys.stdout.write("libvirt is not configured for vdsm yet\n")
return ret
-
-
-def removeConf():
- for cfile, content in FILES.items():
- content['removeConf'](content['path'])
-
-
-def _getPersistedFiles():
- """
- get files where vdsm is expected to add a section.
- """
- return [
- cfile['path'] for cfile in FILES.values()
- if cfile['persisted']
- ]
def _isSslConflict():
@@ -103,12 +85,12 @@
'auth_tcp': 'sasl',
'listen_tls': '1',
})
- lconf_p.read(_getFile('LCONF'))
+ lconf_p.read(confutils.get_file_path('LCONF', FILES))
listen_tcp = lconf_p.getint('listen_tcp')
auth_tcp = lconf_p.get('auth_tcp')
listen_tls = lconf_p.getint('listen_tls')
qconf_p = ParserWrapper({'spice_tls': '0'})
- qconf_p.read(_getFile('QCONF'))
+ qconf_p.read(confutils.get_file_path('QCONF', FILES))
spice_tls = qconf_p.getboolean('spice_tls')
ret = True
if ssl:
@@ -144,59 +126,6 @@
return ret
-def _isApplicable(fragment, vdsmConfiguration):
- """
- Return true if 'fragment' should be included for current
- configuration. An applicable fragment is a fragment who's list
- of conditions are met according to vdsmConfiguration.
- """
- applyFragment = True
- for key, booleanValue in fragment['conditions'].items():
- if vdsmConfiguration[key] != booleanValue:
- applyFragment = False
- return applyFragment
-
-
-def _openConfig(path):
- return ConfigFile(path, CONF_VERSION)
-
-
-def _addSection(content, vdsmConfiguration):
- """
- Add a 'configuration section by vdsm' part to a config file.
- This section contains only keys not originally defined
- The section headers will include the current configuration version.
- """
- configuration = {}
- for fragment in content['fragments']:
- if _isApplicable(fragment, vdsmConfiguration):
- configuration.update(fragment['content'])
- if configuration:
- with _openConfig(content['path']) as conff:
- for key, val in configuration.items():
- conff.addEntry(key, val)
-
-
-def _removeFile(content, vdsmConfiguration):
- """
- delete a file if it exists.
- """
- try:
- os.unlink(content['path'])
- except OSError as e:
- if e.errno != errno.ENOENT:
- raise
-
-
-def _removeSection(path):
- """
- remove entire 'configuration section by vdsm' section.
- section is removed regardless of it's version.
- """
- if os.path.exists(path):
- with _openConfig(path) as conff:
- conff.removeConf()
-
# version != PACKAGE_VERSION since we do not want to update configuration
# on every update. see 'configuration versioning:' at Configfile.py for
# details.
@@ -212,8 +141,8 @@
constants.SYSCONF_PATH,
'libvirt/libvirtd.conf'
),
- 'configure': _addSection,
- 'removeConf': _removeSection,
+ 'configure': confutils.add_section,
+ 'removeConf': confutils.remove_section,
'persisted': True,
'fragments': [
{
@@ -257,8 +186,8 @@
constants.SYSCONF_PATH,
'libvirt/qemu.conf',
),
- 'configure': _addSection,
- 'removeConf': _removeSection,
+ 'configure': confutils.add_section,
+ 'removeConf': confutils.remove_section,
'persisted': True,
'fragments': [
{
@@ -318,8 +247,8 @@
constants.SYSCONF_PATH,
'sysconfig/libvirtd',
),
- 'configure': _addSection,
- 'removeConf': _removeSection,
+ 'configure': confutils.add_section,
+ 'removeConf': confutils.remove_section,
'persisted': True,
'fragments': [
{
@@ -337,8 +266,8 @@
constants.SYSCONF_PATH,
'libvirt/qemu-sanlock.conf',
),
- 'configure': _addSection,
- 'removeConf': _removeSection,
+ 'configure': confutils.add_section,
+ 'removeConf': confutils.remove_section,
'persisted': True,
'fragments': [
{
@@ -367,8 +296,8 @@
constants.SYSCONF_PATH,
'libvirt/qemu/networks/autostart/default.xml',
),
- 'configure': _removeFile,
- 'removeConf': lambda x: True,
+ 'configure': confutils.remove_file,
+ 'removeConf': lambda x, y: True,
'persisted': False,
}
}
diff --git a/lib/vdsm/tool/confutils.py b/lib/vdsm/tool/confutils.py
new file mode 100644
index 0000000..d73ce2e
--- /dev/null
+++ b/lib/vdsm/tool/confutils.py
@@ -0,0 +1,123 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+#
+# Refer to the README and COPYING files for full details of the license
+#
+from __future__ import absolute_import
+import errno
+import os
+
+from vdsm.tool.configfile import ConfigFile
+
+'''
+The following function are being used for property conf file configuration
+For example, in libvirt and abrt configurators we use those helper functions
+to manage the files in the following way:
+
+FILES = {
+ [file_name]: {
+ path: [path_to_file],
+ configure: [function that configures this file],
+ removeConf: [function that removes vdsm config from the file],
+ persisted: [True or False if we want to save changes],
+ fragments: [dict content of the configurations],
+ }
+}
+
+'''
+
+
+def get_file_path(fname, files):
+ """
+ Helper func to get 'path' key for specific file key.
+ """
+ return files[fname]['path']
+
+
+def remove_conf(files, version):
+ """
+ calling removeConf func for all files in dict with conf version to remove
+ """
+ for cfile, content in files.items():
+ content['removeConf'](content['path'], version)
+
+
+def add_section(content, version, vdsmConfiguration={}):
+ """
+ Add a 'configuration section by vdsm' part to a config file.
+ This section contains only keys not originally defined
+ The section headers will include the current configuration version.
+ """
+ configuration = {}
+ for fragment in content['fragments']:
+ if vdsmConfiguration:
+ if is_applicable(fragment, vdsmConfiguration):
+ configuration.update(fragment['content'])
+ else:
+ configuration.update(fragment['content'])
+ if configuration:
+ with open_config(content['path'], version) as conff:
+ for key, val in configuration.items():
+ conff.addEntry(key, val)
+
+
+def remove_section(path, version):
+ """
+ remove entire 'configuration section by vdsm' section.
+ section is removed regardless of it's version.
+ """
+ if os.path.exists(path):
+ with open_config(path, version) as conff:
+ conff.removeConf()
+
+
+def remove_file(content, version, vdsmConfiguration):
+ """
+ Helper configure func that removes a file if exists.
+ This being used once - TODO: consider if to leave it in libvirt.py
+ """
+ try:
+ os.unlink(content['path'])
+ except OSError as e:
+ if e.errno != errno.ENOENT:
+ raise
+
+
+def get_persisted_files(files):
+ """
+ get files where vdsm is expected to add a section.
+ """
+ return [
+ cfile['path'] for cfile in files.values()
+ if cfile['persisted']
+ ]
+
+
+def open_config(path, conf_version):
+ return ConfigFile(path, conf_version)
+
+
+def is_applicable(fragment, vdsmConfiguration):
+ """
+ Return true if 'fragment' should be included for current
+ configuration. An applicable fragment is a fragment who's list
+ of conditions are met according to vdsmConfiguration.
+ """
+ applyFragment = True
+ for key, booleanValue in fragment['conditions'].items():
+ if vdsmConfiguration[key] != booleanValue:
+ applyFragment = False
+ return applyFragment
diff --git a/vdsm.spec.in b/vdsm.spec.in
index 2a26d24..2cd7c92 100644
--- a/vdsm.spec.in
+++ b/vdsm.spec.in
@@ -1276,6 +1276,7 @@
%{python_sitelib}/%{vdsm_name}/tool/__init__.py*
%{python_sitelib}/%{vdsm_name}/tool/configfile.py*
%{python_sitelib}/%{vdsm_name}/tool/confmeta.py*
+%{python_sitelib}/%{vdsm_name}/tool/confutils.py*
%{python_sitelib}/%{vdsm_name}/tool/dummybr.py*
%{python_sitelib}/%{vdsm_name}/tool/dump_bonding_opts.py*
%{python_sitelib}/%{vdsm_name}/tool/nwfilter.py*
--
To view, visit https://gerrit.ovirt.org/75658
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Id67a0f51adb2d543c0542a48c020d34a13d1f2ed
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-4.1
Gerrit-Owner: Yaniv Bronhaim <ybronhei(a)redhat.com>
From Dan Kenigsberg <danken(a)redhat.com>:
Dan Kenigsberg has posted comments on this change.
Change subject: net, virt net: Relocate network.libvirt to virt.libvirtnetwork
......................................................................
Patch Set 3: Code-Review+1
--
To view, visit https://gerrit.ovirt.org/76164
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I6d910f8313f7fb6abcc966e7e0419a720809bdb7
Gerrit-PatchSet: 3
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Edward Haas <edwardh(a)redhat.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Edward Haas <edwardh(a)redhat.com>
Gerrit-Reviewer: Francesco Romani <fromani(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Petr Horáček <phoracek(a)redhat.com>
Gerrit-Reviewer: gerrit-hooks <automation(a)ovirt.org>
Gerrit-HasComments: No