vdsm-patches May 2017

vdsm-patches@lists.fedorahosted.org

1 participants
304 discussions

Change in vdsm[master]: sslutils: add info to SSLHandshake errors
by Code Review 24 Jul '17

24 Jul '17

From Dan Kenigsberg <danken(a)redhat.com>: Dan Kenigsberg has uploaded a new change for review. Change subject: sslutils: add info to SSLHandshake errors ...................................................................... sslutils: add info to SSLHandshake errors Include name of peer and its full certificate if they do not match, in order to understand which non-legitimate client attempts to connect. Change-Id: I0cb2d7e0c6c86ca12a34be13b07bc960e3ad313e Signed-off-by: Dan Kenigsberg <danken(a)redhat.com> --- M lib/vdsm/sslutils.py 1 file changed, 6 insertions(+), 3 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/21/76221/1 diff --git a/lib/vdsm/sslutils.py b/lib/vdsm/sslutils.py index 10fc172..8c349ca 100644 --- a/lib/vdsm/sslutils.py +++ b/lib/vdsm/sslutils.py @@ -219,9 +219,12 @@ if self._is_handshaking: self._handshake(dispatcher) else: - if not self._verify_host(dispatcher.socket.getpeercert(), - dispatcher.socket.getpeername()[0]): - self.log.error("peer certificate does not match host name") + peercert = dispatcher.socket.getpeercert() + peername = dispatcher.socket.getpeername()[0] + if not self._verify_host(peercert, peername): + self.log.error( + "peer certificate '%s' does not match host name '%s'", + peercert, peername) dispatcher.socket.close() return -- To view, visit https://gerrit.ovirt.org/76221 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I0cb2d7e0c6c86ca12a34be13b07bc960e3ad313e Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Dan Kenigsberg <danken(a)redhat.com>

1 2

Change in vdsm[master]: janitorial: drop once-used P_VDSM_KEYS
by Code Review 24 Jul '17

24 Jul '17

From Dan Kenigsberg <danken(a)redhat.com>: Dan Kenigsberg has uploaded a new change for review. Change subject: janitorial: drop once-used P_VDSM_KEYS ...................................................................... janitorial: drop once-used P_VDSM_KEYS We have another name for the same constant, PKI_DIR. Change-Id: I588a94534d2813bc9ffdd1688364cea0e7516170 Signed-off-by: Dan Kenigsberg <danken(a)redhat.com> --- M lib/vdsm/constants.py.in M lib/vdsm/tool/configurators/passwd.py 2 files changed, 1 insertion(+), 2 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/68/77468/1 diff --git a/lib/vdsm/constants.py.in b/lib/vdsm/constants.py.in index 7c0d209..1891a49 100644 --- a/lib/vdsm/constants.py.in +++ b/lib/vdsm/constants.py.in @@ -82,7 +82,6 @@ P_VDSM_RUN = '@VDSMRUNDIR@/' # NOQA: E501 (potentially long line) P_VDSM_STORAGE = os.path.join(P_VDSM_RUN, 'storage/') P_VDSM_CONF = '@CONFDIR@/' # NOQA: E501 (potentially long line) -P_VDSM_KEYS = '/etc/pki/vdsm/keys/' P_VDSM_CLIENT_LOG = '@VDSMRUNDIR@/client.log' # NOQA: E501 (potentially long line) P_VDSM_LOG = '@VDSMLOGDIR@' # NOQA: E501 (potentially long line) diff --git a/lib/vdsm/tool/configurators/passwd.py b/lib/vdsm/tool/configurators/passwd.py index 9a3b793..fe62860 100644 --- a/lib/vdsm/tool/configurators/passwd.py +++ b/lib/vdsm/tool/configurators/passwd.py @@ -35,7 +35,7 @@ "/usr/sbin/saslpasswd2", ) SASL_USERNAME = "vdsm@ovirt" -LIBVIRT_PASSWORD_PATH = constants.P_VDSM_KEYS + 'libvirt_password' +LIBVIRT_PASSWORD_PATH = constants.PKI_DIR + 'libvirt_password' def isconfigured(): -- To view, visit https://gerrit.ovirt.org/77468 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I588a94534d2813bc9ffdd1688364cea0e7516170 Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Dan Kenigsberg <danken(a)redhat.com>

1 7

Change in vdsm[master]: storage: move storageServer to lib/vdsm
by Code Review 21 Jun '17

21 Jun '17

From Dan Kenigsberg <danken(a)redhat.com>: Dan Kenigsberg has uploaded a new change for review. Change subject: storage: move storageServer to lib/vdsm ...................................................................... storage: move storageServer to lib/vdsm Change-Id: I0fba9e9da91354a2e28fdf0ce754836ae61c7094 Signed-off-by: Dan Kenigsberg <danken(a)redhat.com> --- M lib/vdsm/storage/Makefile.am R lib/vdsm/storage/storageServer.py M tests/storage_storageserver_test.py M vdsm.spec.in M vdsm/storage/Makefile.am M vdsm/storage/hsm.py 6 files changed, 10 insertions(+), 8 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/16/73116/1 diff --git a/lib/vdsm/storage/Makefile.am b/lib/vdsm/storage/Makefile.am index 47bb7fb..096d903 100644 --- a/lib/vdsm/storage/Makefile.am +++ b/lib/vdsm/storage/Makefile.am @@ -52,6 +52,7 @@ resourceManager.py \ rwlock.py \ securable.py \ + storageServer.py \ task.py \ taskManager.py \ threadPool.py \ diff --git a/vdsm/storage/storageServer.py b/lib/vdsm/storage/storageServer.py similarity index 99% rename from vdsm/storage/storageServer.py rename to lib/vdsm/storage/storageServer.py index 28c93d1..e6e80d4 100644 --- a/vdsm/storage/storageServer.py +++ b/lib/vdsm/storage/storageServer.py @@ -17,6 +17,7 @@ # # Refer to the README and COPYING files for full details of the license # +from __future__ import absolute_import import errno import logging diff --git a/tests/storage_storageserver_test.py b/tests/storage_storageserver_test.py index ce0a8e7..40fba98 100644 --- a/tests/storage_storageserver_test.py +++ b/tests/storage_storageserver_test.py @@ -21,13 +21,13 @@ from monkeypatch import MonkeyPatch from testlib import permutations, expandPermutations from testlib import VdsmTestCase -from storage.storageServer import GlusterFSConnection -from storage.storageServer import IscsiConnection -from storage.storageServer import MountConnection -from storage import storageServer from vdsm.gluster import cli as gluster_cli from vdsm.gluster import exception as ge +from vdsm.storage.storageServer import GlusterFSConnection +from vdsm.storage.storageServer import IscsiConnection +from vdsm.storage.storageServer import MountConnection +from vdsm.storage import storageServer class FakeSupervdsm(object): diff --git a/vdsm.spec.in b/vdsm.spec.in index b832882..7109533 100644 --- a/vdsm.spec.in +++ b/vdsm.spec.in @@ -941,7 +941,6 @@ %{_datadir}/%{vdsm_name}/storage/sd.py* %{_datadir}/%{vdsm_name}/storage/sp.py* %{_datadir}/%{vdsm_name}/storage/spbackends.py* -%{_datadir}/%{vdsm_name}/storage/storageServer.py* %{_datadir}/%{vdsm_name}/storage/volume.py* %{_datadir}/%{vdsm_name}/storage/imageRepository/__init__.py* %{_datadir}/%{vdsm_name}/storage/imageRepository/formatConverter.py* @@ -1208,6 +1207,7 @@ %{python_sitelib}/%{vdsm_name}/storage/resourceManager.py* %{python_sitelib}/%{vdsm_name}/storage/rwlock.py* %{python_sitelib}/%{vdsm_name}/storage/securable.py* +%{python_sitelib}/%{vdsm_name}/storage/storageServer.py* %{python_sitelib}/%{vdsm_name}/storage/task.py* %{python_sitelib}/%{vdsm_name}/storage/taskManager.py* %{python_sitelib}/%{vdsm_name}/storage/threadPool.py* diff --git a/vdsm/storage/Makefile.am b/vdsm/storage/Makefile.am index 29a45a4..29450dc 100644 --- a/vdsm/storage/Makefile.am +++ b/vdsm/storage/Makefile.am @@ -42,8 +42,8 @@ sd.py \ sp.py \ spbackends.py \ - storageServer.py \ - volume.py + volume.py \ + $(NULL) dist_vdsmexec_SCRIPTS = \ curl-img-wrap \ diff --git a/vdsm/storage/hsm.py b/vdsm/storage/hsm.py index 216dfd3..ccce68e 100644 --- a/vdsm/storage/hsm.py +++ b/vdsm/storage/hsm.py @@ -58,6 +58,7 @@ from vdsm.storage import multipath from vdsm.storage import outOfProcess as oop from vdsm.storage import resourceManager as rm +from vdsm.storage import storageServer from vdsm.storage import taskManager from vdsm.storage import types from vdsm.storage.constants import STORAGE @@ -78,7 +79,6 @@ from sdc import sdCache import image import merge -import storageServer import sdm.api.create_volume -- To view, visit https://gerrit.ovirt.org/73116 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I0fba9e9da91354a2e28fdf0ce754836ae61c7094 Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Dan Kenigsberg <danken(a)redhat.com>

1 7

Change in vdsm[master]: storage: validateDirAccess: move to fileUtils
by Code Review 21 Jun '17

21 Jun '17

From Dan Kenigsberg <danken(a)redhat.com>: Dan Kenigsberg has uploaded a new change for review. Change subject: storage: validateDirAccess: move to fileUtils ...................................................................... storage: validateDirAccess: move to fileUtils validateDirAccess is the only thing keeping storageServer out of lib/vdsm. fileUtils is not a perfect location for it, but I did not find a better place. Change-Id: I21ead1cb635f8224cb09f7319ffcb55eebe2a9e3 Signed-off-by: Dan Kenigsberg <danken(a)redhat.com> --- M lib/vdsm/storage/fileUtils.py M vdsm/storage/fileSD.py M vdsm/storage/localFsSD.py M vdsm/storage/nfsSD.py M vdsm/storage/storageServer.py 5 files changed, 27 insertions(+), 28 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/15/73115/1 diff --git a/lib/vdsm/storage/fileUtils.py b/lib/vdsm/storage/fileUtils.py index 2e84d5f..71c7bef 100644 --- a/lib/vdsm/storage/fileUtils.py +++ b/lib/vdsm/storage/fileUtils.py @@ -37,7 +37,11 @@ import six from vdsm import constants +from vdsm import supervdsm from vdsm.common.network import address + +from . import exception as se +from . import outOfProcess log = logging.getLogger('storage.fileUtils') @@ -139,6 +143,25 @@ raise OSError(errno.EACCES, os.strerror(errno.EACCES)) +def validateDirAccess(dirPath): + try: + outOfProcess.getGlobalProcPool().fileUtils.validateAccess(dirPath) + supervdsm.getProxy().validateAccess( + constants.VDSM_USER, + (constants.VDSM_GROUP,), dirPath, + (os.R_OK | os.W_OK | os.X_OK)) + supervdsm.getProxy().validateAccess( + constants.QEMU_PROCESS_USER, + (constants.DISKIMAGE_GROUP, constants.METADATA_GROUP), dirPath, + (os.R_OK | os.X_OK)) + except OSError as e: + if e.errno == errno.EACCES: + raise se.StorageServerAccessPermissionError(dirPath) + raise + + return True + + def validateQemuReadable(targetPath): """ Validate that qemu process can read file diff --git a/vdsm/storage/fileSD.py b/vdsm/storage/fileSD.py index ab9ae21..9d76c3c 100644 --- a/vdsm/storage/fileSD.py +++ b/vdsm/storage/fileSD.py @@ -41,7 +41,6 @@ from vdsm import constants from vdsm.utils import stripNewLines from vdsm.storage.constants import LEASE_FILEEXT -from vdsm import supervdsm REMOTE_PATH = "REMOTE_PATH" @@ -64,27 +63,6 @@ ST_BYTES_PER_BLOCK = 512 _MOUNTLIST_IGNORE = ('/' + sd.BLOCKSD_DIR, '/' + sd.GLUSTERSD_DIR) - -getProcPool = oop.getGlobalProcPool - - -def validateDirAccess(dirPath): - try: - getProcPool().fileUtils.validateAccess(dirPath) - supervdsm.getProxy().validateAccess( - constants.VDSM_USER, - (constants.VDSM_GROUP,), dirPath, - (os.R_OK | os.W_OK | os.X_OK)) - supervdsm.getProxy().validateAccess( - constants.QEMU_PROCESS_USER, - (constants.DISKIMAGE_GROUP, constants.METADATA_GROUP), dirPath, - (os.R_OK | os.X_OK)) - except OSError as e: - if e.errno == errno.EACCES: - raise se.StorageServerAccessPermissionError(dirPath) - raise - - return True def validateFileSystemFeatures(sdUUID, mountDir): diff --git a/vdsm/storage/localFsSD.py b/vdsm/storage/localFsSD.py index 94db70d..a724a3d 100644 --- a/vdsm/storage/localFsSD.py +++ b/vdsm/storage/localFsSD.py @@ -59,7 +59,7 @@ if os.path.abspath(typeSpecificArg) != typeSpecificArg: raise se.StorageDomainIllegalRemotePath(typeSpecificArg) - fileSD.validateDirAccess(domPath) + fileUtils.validateDirAccess(domPath) fileSD.validateFileSystemFeatures(sdUUID, domPath) sd.validateDomainVersion(version) diff --git a/vdsm/storage/nfsSD.py b/vdsm/storage/nfsSD.py index 8c41952..fc020de 100644 --- a/vdsm/storage/nfsSD.py +++ b/vdsm/storage/nfsSD.py @@ -46,7 +46,7 @@ if not mount.isMounted(domPath): raise se.StorageDomainFSNotMounted(domPath) - fileSD.validateDirAccess(domPath) + fileUtils.validateDirAccess(domPath) fileSD.validateFileSystemFeatures(sdUUID, domPath) # Make sure there are no remnants of other domain diff --git a/vdsm/storage/storageServer.py b/vdsm/storage/storageServer.py index dc3fd80..28c93d1 100644 --- a/vdsm/storage/storageServer.py +++ b/vdsm/storage/storageServer.py @@ -40,8 +40,6 @@ from vdsm.storage import mount from vdsm.storage.mount import MountError -import fileSD - IscsiConnectionParameters = namedtuple("IscsiConnectionParameters", "target, iface, credentials") @@ -163,7 +161,7 @@ six.reraise(t, v, tb) else: try: - fileSD.validateDirAccess( + fileUtils.validateDirAccess( self.getMountObj().getRecord().fs_file) except se.StorageServerAccessPermissionError: t, v, tb = sys.exc_info() @@ -566,7 +564,7 @@ def checkTarget(self): if not os.path.isdir(self._path): raise se.StorageServerLocalNotDirError(self._path) - fileSD.validateDirAccess(self._path) + fileUtils.validateDirAccess(self._path) return True def checkLink(self): -- To view, visit https://gerrit.ovirt.org/73115 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I21ead1cb635f8224cb09f7319ffcb55eebe2a9e3 Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Dan Kenigsberg <danken(a)redhat.com>

1 6

Change in vdsm[master]: Adding libvirt_sasl_isconfigured test
by Code Review 10 Jun '17

10 Jun '17

From Yaniv Bronhaim <ybronhei(a)redhat.com>: Yaniv Bronhaim has uploaded a new change for review. Change subject: Adding libvirt_sasl_isconfigured test ...................................................................... Adding libvirt_sasl_isconfigured test This test checks if isconfigured works as expected. for latest libvirt configure, the isconfigured should check for specific string in the sasl2 conf file. The test validates that. Change-Id: Ifb7aa1dfd579e2e0bf6493c06c164b6a42626d3f Signed-off-by: Yaniv Bronhaim <ybronhei(a)redhat.com> --- M tests/tool_test.py 1 file changed, 17 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/06/77506/1 diff --git a/tests/tool_test.py b/tests/tool_test.py index 901b17b..a9ce0ef 100644 --- a/tests/tool_test.py +++ b/tests/tool_test.py @@ -23,6 +23,7 @@ from vdsm.tool.configfile import ConfigFile, ParserWrapper from vdsm.tool.configurators import abrt from vdsm.tool.configurators import libvirt +from vdsm.tool.configurators import passwd from vdsm.tool import UsageError from vdsm.tool import upgrade import monkeypatch @@ -95,6 +96,22 @@ dict((m.name, m) for m in mockConfigurers)) +class PasswdConfiguratorTest(VdsmTestCase): + def testCheckIsConfigured(self): + first = tempfile.mktemp() + second = tempfile.mktemp() + with open(first, 'w') as f: + f.write("\n") + f.write("\n") + f.write("mech_list: gssapi\n") + with open(second, 'w') as f: + f.write("\n") + passwd._SASL2_CONF = first + self.assertEqual(passwd.libvirt_sasl_isconfigured(), NO) + passwd._SASL2_CONF = second + self.assertEqual(passwd.libvirt_sasl_isconfigured(), MAYBE) + + @expandPermutations class PatchConfiguratorsTests(VdsmTestCase): -- To view, visit https://gerrit.ovirt.org/77506 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ifb7aa1dfd579e2e0bf6493c06c164b6a42626d3f Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Yaniv Bronhaim <ybronhei(a)redhat.com>

1 2

Change in vdsm[master]: janitorial: drop another never-used constant
by Code Review 01 Jun '17

01 Jun '17

From Dan Kenigsberg <danken(a)redhat.com>: Dan Kenigsberg has uploaded a new change for review. Change subject: janitorial: drop another never-used constant ...................................................................... janitorial: drop another never-used constant Change-Id: I46c34fa5b05fbe568db99bee9afed466dcb63f5c Signed-off-by: Dan Kenigsberg <danken(a)redhat.com> --- M lib/vdsm/storage/constants.py 1 file changed, 0 insertions(+), 1 deletion(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/67/77467/1 diff --git a/lib/vdsm/storage/constants.py b/lib/vdsm/storage/constants.py index 62a1cbf..85fc536 100644 --- a/lib/vdsm/storage/constants.py +++ b/lib/vdsm/storage/constants.py @@ -73,7 +73,6 @@ VOL_TYPE = [PREALLOCATED_VOL, SPARSE_VOL] VOL_FORMAT = [COW_FORMAT, RAW_FORMAT] -VOL_ROLE = [SHARED_VOL, INTERNAL_VOL, LEAF_VOL] VOLUME_TYPES = {UNKNOWN_VOL: 'UNKNOWN', PREALLOCATED_VOL: 'PREALLOCATED', SPARSE_VOL: 'SPARSE', -- To view, visit https://gerrit.ovirt.org/77467 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I46c34fa5b05fbe568db99bee9afed466dcb63f5c Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Dan Kenigsberg <danken(a)redhat.com>

1 2

Change in vdsm[master]: network: use provide __repr__ and __str__ by route and rule
by Code Review 31 May '17

31 May '17

From Dan Kenigsberg <danken(a)redhat.com>: Dan Kenigsberg has posted comments on this change. Change subject: network: use provide __repr__ and __str__ by route and rule ...................................................................... Patch Set 2: (1 comment) https://gerrit.ovirt.org/#/c/77415/2//COMMIT_MSG Commit Message: Line 6: Line 7: network: use provide __repr__ and __str__ by route and rule Line 8: Line 9: IPRuleData and IPRouteData now provides __str__ and __repr__ Line 10: methods in a more Pythonic way. I don't see the benefit of defining both functions; your __str__ is not much more human readable, so how about defining only __repr__? Line 11: Line 12: Change-Id: I68bed024a52e8f0de9369be0b2f6b2d0153165b1 -- To view, visit https://gerrit.ovirt.org/77415 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I68bed024a52e8f0de9369be0b2f6b2d0153165b1 Gerrit-PatchSet: 2 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Petr Horáček <phoracek(a)redhat.com> Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Petr Horacek <phoracek(a)redhat.com> Gerrit-Reviewer: gerrit-hooks <automation(a)ovirt.org> Gerrit-HasComments: Yes

1 0

Change in vdsm[master]: ssl: update ssl protocol info
by Code Review 31 May '17

31 May '17

From Yaniv Bronhaim <ybronhei(a)redhat.com>: Yaniv Bronhaim has posted comments on this change. Change subject: ssl: update ssl protocol info ...................................................................... Patch Set 20: Code-Review-1 -- To view, visit https://gerrit.ovirt.org/72284 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I8cc83d8cc08349a0ca47ed7d021bb3fc6d1408a6 Gerrit-PatchSet: 20 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com> Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com> Gerrit-Reviewer: Francesco Romani <fromani(a)redhat.com> Gerrit-Reviewer: Irit Goihman <igoihman(a)redhat.com> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Martin Peřina <mperina(a)redhat.com> Gerrit-Reviewer: Michal Skrivanek <michal.skrivanek(a)redhat.com> Gerrit-Reviewer: Nir Soffer <nsoffer(a)redhat.com> Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com> Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com> Gerrit-Reviewer: gerrit-hooks <automation(a)ovirt.org> Gerrit-HasComments: No

1 0

Change in vdsm[ovirt-4.1]: Configure sasl2 libvirt to use scram-sha-1
by Code Review 30 May '17

30 May '17

From Yaniv Bronhaim <ybronhei(a)redhat.com>: Yaniv Bronhaim has uploaded a new change for review. Change subject: Configure sasl2 libvirt to use scram-sha-1 ...................................................................... Configure sasl2 libvirt to use scram-sha-1 The default of mech_list was changed in libvirt 3.2 to gssapi. This patch adds to isconfigured a check if the new value exists. If so, configure will replace the content to mech_list: scram-sha-1 Change-Id: I589e7de6df46ebb2f971701cf99a313b3c4a2f8e Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1444426 Signed-off-by: Yaniv Bronhaim <ybronhei(a)redhat.com> --- M lib/vdsm/tool/configurators/passwd.py M vdsm.spec.in 2 files changed, 38 insertions(+), 6 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/34/77534/1 diff --git a/lib/vdsm/tool/configurators/passwd.py b/lib/vdsm/tool/configurators/passwd.py index b75228e..1584d39 100644 --- a/lib/vdsm/tool/configurators/passwd.py +++ b/lib/vdsm/tool/configurators/passwd.py @@ -23,13 +23,14 @@ from vdsm import utils -from . import YES, NO +from . import YES, NO, MAYBE _SASLDBLISTUSERS2 = utils.CommandPath("sasldblistusers2", "/usr/sbin/sasldblistusers2", ) _LIBVIRT_SASLDB = "/etc/libvirt/passwd.db" +_SASL2_CONF = "/etc/sasl2/libvirt.conf" _SASLPASSWD2 = utils.CommandPath("saslpasswd2", "/usr/sbin/saslpasswd2", ) @@ -38,6 +39,22 @@ def isconfigured(): + ret = passwd_isconfigured() + if ret == NO: + return ret + return libvirt_sasl_isconfigured() + + +def libvirt_sasl_isconfigured(): + with open(_SASL2_CONF, 'r') as f: + lines = f.readlines() + # check for new default configuration - since libvirt 3.2 + if 'mech_list: gssapi\n' in lines: + return NO + return MAYBE + + +def passwd_isconfigured(): script = (str(_SASLDBLISTUSERS2), '-f', _LIBVIRT_SASLDB) _, out, _ = commands.execCmd(script) for user in out: @@ -47,14 +64,12 @@ def configure(): - script = (str(_SASLPASSWD2), '-p', '-a', 'libvirt', SASL_USERNAME) - rc, _, err = commands.execCmd(script, data=libvirt_password()) - if rc != 0: - raise RuntimeError("Set password failed: %s" % (err,)) + configure_libvirt_sasl() + configure_passwd() def removeConf(): - if isconfigured() == YES: + if passwd_isconfigured() == YES: rc, out, err = commands.execCmd( ( str(_SASLPASSWD2), @@ -67,6 +82,22 @@ raise RuntimeError("Remove password failed: %s" % (err,)) +def configure_libvirt_sasl(): + with open(_SASL2_CONF, 'w') as f: + f.writelines(['## start vdsm-4.20.0 configuration\n', + 'mech_list: scram-sha-1\n', + 'sasldb_path: %s\n' % (_LIBVIRT_SASLDB), + '## end vdsm configuration'] + ) + + +def configure_passwd(): + script = (str(_SASLPASSWD2), '-p', '-a', 'libvirt', SASL_USERNAME) + rc, _, err = commands.execCmd(script, data=libvirt_password()) + if rc != 0: + raise RuntimeError("Set password failed: %s" % (err,)) + + @utils.memoized def libvirt_password(): with open(LIBVIRT_PASSWORD_PATH) as passwd_file: diff --git a/vdsm.spec.in b/vdsm.spec.in index 173216d..120a70e 100644 --- a/vdsm.spec.in +++ b/vdsm.spec.in @@ -89,6 +89,7 @@ %endif Requires: chrony +Requires: cyrus-sasl-scram Requires: dbus-python Requires: ethtool Requires: which -- To view, visit https://gerrit.ovirt.org/77534 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I589e7de6df46ebb2f971701cf99a313b3c4a2f8e Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: ovirt-4.1 Gerrit-Owner: Yaniv Bronhaim <ybronhei(a)redhat.com>

1 1

Change in vdsm[master]: net test: Use cmd.exec_* in network tests
by Code Review 30 May '17

30 May '17

From Dan Kenigsberg <danken(a)redhat.com>: Dan Kenigsberg has submitted this change and it was merged. Change subject: net test: Use cmd.exec_* in network tests ...................................................................... net test: Use cmd.exec_* in network tests Change-Id: Ic2efe3145f5d40474afd3eac95023636f5ed35ad Signed-off-by: Edward Haas <edwardh(a)redhat.com> --- M tests/network/dhcp.py M tests/network/firewall.py M tests/network/nettestlib.py M tests/network/nmnettestlib.py M tests/network/ovsnettestlib.py 5 files changed, 62 insertions(+), 63 deletions(-) Approvals: Jenkins CI: Passed CI tests Petr Horáček: Looks good to me, but someone else must approve Dan Kenigsberg: Looks good to me, approved Edward Haas: Verified -- To view, visit https://gerrit.ovirt.org/77443 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ic2efe3145f5d40474afd3eac95023636f5ed35ad Gerrit-PatchSet: 4 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Edward Haas <edwardh(a)redhat.com> Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com> Gerrit-Reviewer: Edward Haas <edwardh(a)redhat.com> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Petr Horáček <phoracek(a)redhat.com> Gerrit-Reviewer: gerrit-hooks <automation(a)ovirt.org>

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

vdsm-patches May 2017