Greg Padgett has uploaded a new change for review. Change subject: agent: use certificate common name to identify host ......................................................................
agent: use certificate common name to identify host The name the host calls itself in the global metadata must match the libvirt certificate's Common Name, else migrations will fail. Use this name when available, and fall back to the hostname in other cases. Change-Id: Ie9de4537685b11f8ecbe55b3c1b6845654f59311 Bug-Url: https://bugzilla.redhat.com/1039614 Signed-off-by: Greg Padgett <gpadg...@redhat.com> --- M ovirt_hosted_engine_ha/agent/constants.py.in M ovirt_hosted_engine_ha/agent/hosted_engine.py 2 files changed, 35 insertions(+), 1 deletion(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-hosted-engine-ha refs/changes/88/23288/1 diff --git a/ovirt_hosted_engine_ha/agent/constants.py.in b/ovirt_hosted_engine_ha/agent/constants.py.in index cf2dba3..5769597 100644 --- a/ovirt_hosted_engine_ha/agent/constants.py.in +++ b/ovirt_hosted_engine_ha/agent/constants.py.in @@ -74,6 +74,8 @@ ENGINE_SETUP_CONF_FILE = '/etc/ovirt-hosted-engine/hosted-engine.conf' VM_CONF_FILE = '/etc/ovirt-hosted-engine/vm.conf' +VDSM_CERT_FILE = '/etc/pki/vdsm/certs/vdsmcert.pem' + HOSTED_ENGINE_BINARY = '@ENGINE_SETUP_BINDIR@/hosted-engine' SD_MOUNT_PARENT = '/rhev/data-center/mnt' diff --git a/ovirt_hosted_engine_ha/agent/hosted_engine.py b/ovirt_hosted_engine_ha/agent/hosted_engine.py index 3f7ec40..8ab2108 100644 --- a/ovirt_hosted_engine_ha/agent/hosted_engine.py +++ b/ovirt_hosted_engine_ha/agent/hosted_engine.py @@ -23,6 +23,7 @@ import json import logging import os +import re import socket import subprocess import time @@ -113,6 +114,7 @@ self._config = config.Config() self._score_cfg = self._get_score_config() + self._hostname = self._get_hostname() self._broker = None self._required_monitors = self._get_required_monitors() @@ -172,6 +174,36 @@ score[k] = int(v) return score + + def _get_hostname(self): + """ + Return the name this host should introduce itself as, which must + match the Common Name in the certificate used by libvirt (usually + the vdsm certificate). + """ + cmd = ['openssl', 'x509', + '-in', constants.VDSM_CERT_FILE, + '-noout', '-subject'] + self._log.debug("Executing: {0}".format(' '.join(cmd))) + p = subprocess.Popen(cmd, stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + output = p.communicate() + + if p.returncode != 0: + self._log.info("Certificate not available (%s)," + " using hostname to identify host", output[1]) + return socket.gethostname() + + self._log.debug("Certificate subject: %s", output[0]) + res = re.findall(r'/CN=([A-Za-z0-9-_\.]+)', output[0]) + + if len(res) and len(res[0]): + self._log.info("Found certificate common name: %s", res[0]) + return res[0] + else: + self._log.info("Certificate common name not found," + " using hostname to identify host") + return socket.gethostname() def _get_required_monitors(self): """ @@ -734,7 +766,7 @@ host_id=self._rinfo['host-id'], score=score, engine_status=lm['engine-health']['status'], - name=socket.gethostname(), + name=self._hostname, maintenance=1 if local_maintenance else 0)) if len(data) > constants.METADATA_BLOCK_BYTES: raise Exception("Output metadata too long ({0} bytes)" -- To view, visit http://gerrit.ovirt.org/23288 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie9de4537685b11f8ecbe55b3c1b6845654f59311 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-hosted-engine-ha Gerrit-Branch: master Gerrit-Owner: Greg Padgett <gpadg...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
