Simone Tiraboschi has uploaded a new change for review. Change subject: WebSocketProxy on a separate host ......................................................................
WebSocketProxy on a separate host The aim of this feature is to enhance the engine setup being able to install and configure the WebSocketProxy on a second machine, where engine does not run, as proposed at: http://www.ovirt.org/Features/WebSocketProxy_on_a_separate_host Change-Id: Ifceddd5aa44a77f67a3b6b30c6678d9a3b485f9c Bug-Url: https://bugzilla.redhat.com/1080992 Bug-Url: https://bugzilla.redhat.com/985945 Signed-off-by: Simone Tiraboschi <stira...@redhat.com> --- M Makefile M ovirt-engine.spec.in M packaging/setup/ovirt_engine_setup/constants.py M packaging/setup/ovirt_engine_setup/engine/engineconfig.py.in M packaging/setup/ovirt_engine_setup/engine/engineconstants.py A packaging/setup/ovirt_engine_setup/websocket_proxy/__init__.py A packaging/setup/ovirt_engine_setup/websocket_proxy/wspconfig.py.in A packaging/setup/ovirt_engine_setup/websocket_proxy/wspconstants.py M packaging/setup/plugins/ovirt-engine-common/websocket_proxy/core.py M packaging/setup/plugins/ovirt-engine-remove/websocket_proxy/misc.py M packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/options.py M packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/pki/__init__.py A packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/pki/localwsp.py M packaging/setup/plugins/ovirt-engine-setup/websocket_proxy/config.py 14 files changed, 377 insertions(+), 117 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/34/28534/1 diff --git a/Makefile b/Makefile index 1e6e91e..ca1fe78 100644 --- a/Makefile +++ b/Makefile @@ -191,6 +191,7 @@ packaging/setup/ovirt_engine_setup/config.py \ packaging/setup/ovirt_engine_setup/engine/engineconfig.py \ packaging/setup/ovirt_engine_setup/engine_common/enginecommonconfig.py \ + packaging/setup/ovirt_engine_setup/websocket_proxy/wspconfig.py \ packaging/sys-etc/logrotate.d/ovirt-engine \ packaging/sys-etc/logrotate.d/ovirt-engine-notifier \ packaging/sys-etc/logrotate.d/ovirt-engine-setup \ diff --git a/ovirt-engine.spec.in b/ovirt-engine.spec.in index a80526c..0d90e10 100644 --- a/ovirt-engine.spec.in +++ b/ovirt-engine.spec.in @@ -194,7 +194,6 @@ Requires: %{name}-tools = %{version}-%{release} Requires: %{name}-userportal = %{version}-%{release} Requires: %{name}-webadmin-portal = %{version}-%{release} -Requires: %{name}-websocket-proxy >= %{version}-%{release} Requires: java Requires: java-1.7.0-openjdk >= 1:1.7.0.9-2.3.3.2 Requires: jpackage-utils @@ -974,6 +973,7 @@ %files setup-plugin-websocket-proxy %{engine_data}/firewalld/websocket-proxy/ +%{engine_data}/setup/ovirt_engine_setup/websocket_proxy/ %{engine_data}/setup/plugins/*/websocket_proxy/ %files setup-plugin-allinone diff --git a/packaging/setup/ovirt_engine_setup/constants.py b/packaging/setup/ovirt_engine_setup/constants.py index 862b49f..4ec7a3e 100644 --- a/packaging/setup/ovirt_engine_setup/constants.py +++ b/packaging/setup/ovirt_engine_setup/constants.py @@ -175,6 +175,7 @@ class Defaults(object): DEFAULT_SYSTEM_USER_ENGINE = 'ovirt' DEFAULT_SYSTEM_GROUP_ENGINE = 'ovirt' + DEFAULT_WEBSOCKET_PROXY_PORT = 6100 @util.export diff --git a/packaging/setup/ovirt_engine_setup/engine/engineconfig.py.in b/packaging/setup/ovirt_engine_setup/engine/engineconfig.py.in index abfa315..27505bd 100644 --- a/packaging/setup/ovirt_engine_setup/engine/engineconfig.py.in +++ b/packaging/setup/ovirt_engine_setup/engine/engineconfig.py.in @@ -21,7 +21,6 @@ ENGINE_SYSCONFDIR = '@ENGINE_ETC@' ENGINE_SERVICE_CONFIG = '@ENGINE_VARS@' ENGINE_SERVICE_CONFIG_DEFAULTS = '@ENGINE_DEFAULTS@' -ENGINE_WEBSOCKET_PROXY_CONFIG = '@ENGINE_WSPROXY_VARS@' ENGINE_NOTIFIER_SERVICE_CONFIG = '@ENGINE_NOTIFIER_VARS@' ENGINE_PKIDIR = '@ENGINE_PKI@' ENGINE_DATADIR = '@ENGINE_USR@' diff --git a/packaging/setup/ovirt_engine_setup/engine/engineconstants.py b/packaging/setup/ovirt_engine_setup/engine/engineconstants.py index 99a7f28..821f48f 100644 --- a/packaging/setup/ovirt_engine_setup/engine/engineconstants.py +++ b/packaging/setup/ovirt_engine_setup/engine/engineconstants.py @@ -49,8 +49,6 @@ OVIRT_ENGINE_SERVICE_CONFIG = engineconfig.ENGINE_SERVICE_CONFIG OVIRT_ENGINE_SERVICE_CONFIG_DEFAULTS = \ engineconfig.ENGINE_SERVICE_CONFIG_DEFAULTS - OVIRT_ENGINE_WEBSOCKET_PROXY_CONFIG = \ - engineconfig.ENGINE_WEBSOCKET_PROXY_CONFIG OVIRT_ENGINE_NOTIFIER_SERVICE_CONFIG = \ engineconfig.ENGINE_NOTIFIER_SERVICE_CONFIG @@ -148,11 +146,11 @@ OVIRT_ENGINE_PKIKEYSDIR, 'apache.key.nopass', ) - OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_STORE = os.path.join( + OVIRT_ENGINE_PKI_LOCAL_WEBSOCKET_PROXY_STORE = os.path.join( OVIRT_ENGINE_PKIKEYSDIR, 'websocket-proxy.p12', ) - OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_KEY = os.path.join( + OVIRT_ENGINE_PKI_LOCAL_WEBSOCKET_PROXY_KEY = os.path.join( OVIRT_ENGINE_PKIKEYSDIR, 'websocket-proxy.key.nopass', ) @@ -172,7 +170,7 @@ OVIRT_ENGINE_PKICERTSDIR, 'apache.cer', ) - OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_CERT = os.path.join( + OVIRT_ENGINE_PKI_LOCAL_WEBSOCKET_PROXY_CERT = os.path.join( OVIRT_ENGINE_PKICERTSDIR, 'websocket-proxy.cer', ) @@ -275,14 +273,6 @@ '10-setup-pki.conf', ) - OVIRT_ENGINE_WEBSOCKET_PROXY_CONFIGD = ( - '%s.d' % OVIRT_ENGINE_WEBSOCKET_PROXY_CONFIG - ) - OVIRT_ENGINE_WEBSOCKET_PROXY_CONFIG_SETUP = os.path.join( - OVIRT_ENGINE_WEBSOCKET_PROXY_CONFIGD, - '10-setup.conf', - ) - OVIRT_ENGINE_NOTIFIER_SERVICE_CONFIGD = ( '%s.d' % OVIRT_ENGINE_NOTIFIER_SERVICE_CONFIG ) @@ -316,8 +306,6 @@ DEFAULT_SYSTEM_MEMCHECK_RECOMMENDED_MB = 16384 DEFAULT_SYSTEM_MEMCHECK_THRESHOLD = 90 - DEFAULT_WEBSOCKET_PROXY_PORT = 6100 - DEFAULT_CONFIG_APPLICATION_MODE = 'Both' DEFAULT_CONFIG_STORAGE_TYPE = 'NFS' @@ -328,8 +316,6 @@ @util.export class Stages(object): - CONFIG_WEBSOCKET_PROXY_CUSTOMIZATION = \ - 'setup.config.websocket-proxy.customization' SYSTEM_NFS_CONFIG_AVAILABLE = 'osetup.system.nfs.available' @@ -346,6 +332,8 @@ MEMORY_CHECK = 'osetup.memory.check' + LOCAL_WSP_CERTS_AVAILABLE = 'osetup.pki.localwsp.available' + @util.export @util.codegen @@ -357,7 +345,6 @@ ENGINE_SERVICE_NAME = 'ovirt-engine' - WEBSOCKET_PROXY_SERVICE_NAME = 'ovirt-websocket-proxy' PKI_PASSWORD = 'mypass' MINIMUM_SPACE_ISODOMAIN_MB = 350 ISO_DOMAIN_IMAGE_UID = '11111111-1111-1111-1111-111111111111' @@ -457,10 +444,6 @@ @osetupattrsclass class ConfigEnv(object): - WEBSOCKET_PROXY_HOST = 'OVESETUP_CONFIG/websocketProxyHost' - - WEBSOCKET_PROXY_PORT = 'OVESETUP_CONFIG/websocketProxyPort' - @osetupattrs( postinstallfile=True, ) @@ -507,15 +490,6 @@ 'OVESETUP_CONFIG/isoDomainDefaultMountPoint' MAC_RANGE_POOL = 'OVESETUP_CONFIG/macRangePool' - - @osetupattrs( - answerfile=True, - summary=True, - description=_('Configure WebSocket Proxy'), - postinstallfile=True, - ) - def WEBSOCKET_PROXY_CONFIG(self): - return 'OVESETUP_CONFIG/websocketProxyConfig' @util.export diff --git a/packaging/setup/ovirt_engine_setup/websocket_proxy/__init__.py b/packaging/setup/ovirt_engine_setup/websocket_proxy/__init__.py new file mode 100644 index 0000000..74cb8e6 --- /dev/null +++ b/packaging/setup/ovirt_engine_setup/websocket_proxy/__init__.py @@ -0,0 +1,25 @@ +# +# ovirt-engine-setup -- ovirt engine setup +# Copyright (C) 2014 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + + +"""ovirt_engine_setup module.""" + + +__all__ = [] + + +# vim: expandtab tabstop=4 shiftwidth=4 diff --git a/packaging/setup/ovirt_engine_setup/websocket_proxy/wspconfig.py.in b/packaging/setup/ovirt_engine_setup/websocket_proxy/wspconfig.py.in new file mode 100644 index 0000000..9ee0e50 --- /dev/null +++ b/packaging/setup/ovirt_engine_setup/websocket_proxy/wspconfig.py.in @@ -0,0 +1,24 @@ +# +# ovirt-engine-setup -- ovirt engine setup +# Copyright (C) 2013-2014 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + + +"""Engine Config.""" + +ENGINE_WEBSOCKET_PROXY_CONFIG = '@ENGINE_WSPROXY_VARS@' +ENGINE_PKIDIR = '@ENGINE_PKI@' + +# vim: expandtab tabstop=4 shiftwidth=4 diff --git a/packaging/setup/ovirt_engine_setup/websocket_proxy/wspconstants.py b/packaging/setup/ovirt_engine_setup/websocket_proxy/wspconstants.py new file mode 100644 index 0000000..da9188b --- /dev/null +++ b/packaging/setup/ovirt_engine_setup/websocket_proxy/wspconstants.py @@ -0,0 +1,111 @@ +# +# ovirt-engine-setup -- ovirt engine setup +# Copyright (C) 2014 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + + +"""Constants.""" + + +import os +import gettext +_ = lambda m: gettext.dgettext(message=m, domain='ovirt-engine-setup') + + +from otopi import util + + +from ovirt_engine_setup.constants import osetupattrsclass +from ovirt_engine_setup.constants import osetupattrs + + +from . import wspconfig + + +@util.export +class FileLocations(object): + + OVIRT_ENGINE_WEBSOCKET_PROXY_CONFIG = \ + wspconfig.ENGINE_WEBSOCKET_PROXY_CONFIG + + OVIRT_ENGINE_WEBSOCKET_PROXY_CONFIGD = ( + '%s.d' % OVIRT_ENGINE_WEBSOCKET_PROXY_CONFIG + ) + OVIRT_ENGINE_WEBSOCKET_PROXY_CONFIG_SETUP = os.path.join( + OVIRT_ENGINE_WEBSOCKET_PROXY_CONFIGD, + '10-setup.conf', + ) + + OVIRT_ENGINE_PKIDIR = wspconfig.ENGINE_PKIDIR + + OVIRT_ENGINE_PKIKEYSDIR = os.path.join( + OVIRT_ENGINE_PKIDIR, + 'keys', + ) + OVIRT_ENGINE_PKICERTSDIR = os.path.join( + OVIRT_ENGINE_PKIDIR, + 'certs', + ) + + OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_STORE = os.path.join( + OVIRT_ENGINE_PKIKEYSDIR, + 'websocket-proxy.p12', + ) + OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_KEY = os.path.join( + OVIRT_ENGINE_PKIKEYSDIR, + 'websocket-proxy.key.nopass', + ) + OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_CERT = os.path.join( + OVIRT_ENGINE_PKICERTSDIR, + 'websocket-proxy.cer', + ) + OVIRT_ENGINE_PKI_ENGINE_CERT = os.path.join( + OVIRT_ENGINE_PKICERTSDIR, + 'engine.cer', + ) + + +@util.export +class Stages(object): + CONFIG_WEBSOCKET_PROXY_CUSTOMIZATION = \ + 'setup.config.websocket-proxy.customization' + + +@util.export +@util.codegen +class Const(object): + WEBSOCKET_PROXY_SERVICE_NAME = 'ovirt-websocket-proxy' + + +@util.export +@util.codegen +@osetupattrsclass +class ConfigEnv(object): + + WEBSOCKET_PROXY_HOST = 'OVESETUP_CONFIG/websocketProxyHost' + + WEBSOCKET_PROXY_PORT = 'OVESETUP_CONFIG/websocketProxyPort' + + @osetupattrs( + answerfile=True, + summary=True, + description=_('Configure WebSocket Proxy'), + postinstallfile=True, + ) + def WEBSOCKET_PROXY_CONFIG(self): + return 'OVESETUP_CONFIG/websocketProxyConfig' + + +# vim: expandtab tabstop=4 shiftwidth=4 diff --git a/packaging/setup/plugins/ovirt-engine-common/websocket_proxy/core.py b/packaging/setup/plugins/ovirt-engine-common/websocket_proxy/core.py index 54d1188..ae6c83d 100644 --- a/packaging/setup/plugins/ovirt-engine-common/websocket_proxy/core.py +++ b/packaging/setup/plugins/ovirt-engine-common/websocket_proxy/core.py @@ -28,7 +28,7 @@ from ovirt_engine_setup import constants as osetupcons -from ovirt_engine_setup.engine import engineconstants as oenginecons +from ovirt_engine_setup.websocket_proxy import wspconstants as owspcons @util.export @@ -46,11 +46,11 @@ ) def _transactionBegin(self): if self.services.exists( - name=oenginecons.Const.WEBSOCKET_PROXY_SERVICE_NAME, + name=owspcons.Const.WEBSOCKET_PROXY_SERVICE_NAME, ): self.logger.info(_('Stopping websocket-proxy service')) self.services.state( - name=oenginecons.Const.WEBSOCKET_PROXY_SERVICE_NAME, + name=owspcons.Const.WEBSOCKET_PROXY_SERVICE_NAME, state=False ) diff --git a/packaging/setup/plugins/ovirt-engine-remove/websocket_proxy/misc.py b/packaging/setup/plugins/ovirt-engine-remove/websocket_proxy/misc.py index 486c715..2e13ba4 100644 --- a/packaging/setup/plugins/ovirt-engine-remove/websocket_proxy/misc.py +++ b/packaging/setup/plugins/ovirt-engine-remove/websocket_proxy/misc.py @@ -28,7 +28,7 @@ from ovirt_engine_setup import constants as osetupcons -from ovirt_engine_setup.engine import engineconstants as oenginecons +from ovirt_engine_setup.websocket_proxy import wspconstants as owspcons @util.export @@ -43,10 +43,10 @@ ) def _misc(self): if self.services.exists( - name=oenginecons.Const.WEBSOCKET_PROXY_SERVICE_NAME + name=owspcons.Const.WEBSOCKET_PROXY_SERVICE_NAME ): self.services.startup( - name=oenginecons.Const.WEBSOCKET_PROXY_SERVICE_NAME, + name=owspcons.Const.WEBSOCKET_PROXY_SERVICE_NAME, state=False, ) diff --git a/packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/options.py b/packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/options.py index 55744d5..8e3169d 100644 --- a/packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/options.py +++ b/packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/options.py @@ -197,7 +197,7 @@ 'name': 'WebSocketProxy', 'value': '%s:%s' % ( 'localhost', - oenginecons.Defaults.DEFAULT_WEBSOCKET_PROXY_PORT, + osetupcons.Defaults.DEFAULT_WEBSOCKET_PROXY_PORT, ), }, { diff --git a/packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/pki/__init__.py b/packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/pki/__init__.py index f51d0a7..8529e90 100644 --- a/packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/pki/__init__.py +++ b/packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/pki/__init__.py @@ -23,12 +23,14 @@ from . import ca +from . import localwsp from . import ssh @util.export def createPlugins(context): ca.Plugin(context=context) + localwsp.Plugin(context=context) ssh.Plugin(context=context) diff --git a/packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/pki/localwsp.py b/packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/pki/localwsp.py new file mode 100644 index 0000000..4e212ca --- /dev/null +++ b/packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/pki/localwsp.py @@ -0,0 +1,112 @@ +# +# ovirt-engine-setup -- ovirt engine setup +# Copyright (C) 2014 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + + +"""local websocket proxy plugin.""" + + +import gettext +_ = lambda m: gettext.dgettext(message=m, domain='ovirt-engine-setup') + + +from otopi import constants as otopicons +from otopi import filetransaction +from otopi import util +from otopi import plugin + + +from ovirt_engine_setup import constants as osetupcons +from ovirt_engine_setup.engine import engineconstants as oenginecons + + +@util.export +class Plugin(plugin.PluginBase): + """local websocket proxy plugin.""" + + def __init__(self, context): + super(Plugin, self).__init__(context=context) + self._enabled = True + + @plugin.event( + stage=plugin.Stages.STAGE_MISC, + condition=lambda self: self._enabled, + name=osetupcons.Stages.LOCAL_WSP_CERTS_AVAILABLE, + after=( + osetupcons.Stages.CA_AVAILABLE, + ), + ) + def _misc(self): + + self.logger.info(_('Creating certs for a local WebSocket Proxy')) + + self.execute( + args=( + oenginecons.FileLocations.OVIRT_ENGINE_PKI_CA_ENROLL, + '--name=%s' % 'websocket-proxy', + '--password=%s' % ( + self.environment[oenginecons.PKIEnv.STORE_PASS], + ), + '--subject=/C=%s/O=%s/CN=%s' % ( + self.environment[oenginecons.PKIEnv.COUNTRY], + self.environment[oenginecons.PKIEnv.ORG], + self.environment[osetupcons.ConfigEnv.FQDN], + ), + ), + ) + self.environment[ + otopicons.CoreEnv.MODIFIED_FILES + ].extend( + ( + ( + oenginecons.FileLocations. + OVIRT_ENGINE_PKI_LOCAL_WEBSOCKET_PROXY_CERT + ), + ( + oenginecons.FileLocations. + OVIRT_ENGINE_PKI_LOCAL_WEBSOCKET_PROXY_STORE + ), + ) + ) + + rc, stdout, stderr = self.execute( + args=( + oenginecons.FileLocations.OVIRT_ENGINE_PKI_PKCS12_EXTRACT, + '--name=websocket-proxy', + '--passin=%s' % self.environment[ + oenginecons.PKIEnv.STORE_PASS + ], + '--key=-', + ), + logStreams=False, + ) + + self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( + filetransaction.FileTransaction( + oenginecons.FileLocations. + OVIRT_ENGINE_PKI_LOCAL_WEBSOCKET_PROXY_KEY, + mode=0o600, + owner=self.environment[osetupcons.SystemEnv.USER_ENGINE], + enforcePermissions=True, + content=stdout, + modifiedList=self.environment[ + otopicons.CoreEnv.MODIFIED_FILES + ], + ) + ) + + +# vim: expandtab tabstop=4 shiftwidth=4 diff --git a/packaging/setup/plugins/ovirt-engine-setup/websocket_proxy/config.py b/packaging/setup/plugins/ovirt-engine-setup/websocket_proxy/config.py index 8b14191..b87875f 100644 --- a/packaging/setup/plugins/ovirt-engine-setup/websocket_proxy/config.py +++ b/packaging/setup/plugins/ovirt-engine-setup/websocket_proxy/config.py @@ -31,9 +31,7 @@ from ovirt_engine_setup import constants as osetupcons -from ovirt_engine_setup.engine import engineconstants as oenginecons -from ovirt_engine_setup.engine_common \ - import enginecommonconstants as oengcommcons +from ovirt_engine_setup.websocket_proxy import wspconstants as owspcons from ovirt_engine_setup import dialog @@ -51,15 +49,15 @@ ) def _init(self): self.environment.setdefault( - oenginecons.ConfigEnv.WEBSOCKET_PROXY_CONFIG, + owspcons.ConfigEnv.WEBSOCKET_PROXY_CONFIG, None ) self.environment.setdefault( - oenginecons.ConfigEnv.WEBSOCKET_PROXY_PORT, - oenginecons.Defaults.DEFAULT_WEBSOCKET_PROXY_PORT + owspcons.ConfigEnv.WEBSOCKET_PROXY_PORT, + osetupcons.Defaults.DEFAULT_WEBSOCKET_PROXY_PORT ) self.environment.setdefault( - oenginecons.ConfigEnv.WEBSOCKET_PROXY_HOST, + owspcons.ConfigEnv.WEBSOCKET_PROXY_HOST, 'localhost' ) @@ -69,7 +67,7 @@ def _late_setup(self): if ( not os.path.exists( - oenginecons.FileLocations. + owspcons.FileLocations. OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_STORE ) # Do not check if service exists. when upgrading from @@ -92,23 +90,22 @@ @plugin.event( stage=plugin.Stages.STAGE_CUSTOMIZATION, - name=oenginecons.Stages.CONFIG_WEBSOCKET_PROXY_CUSTOMIZATION, + name=owspcons.Stages.CONFIG_WEBSOCKET_PROXY_CUSTOMIZATION, condition=lambda self: self._enabled, before=( osetupcons.Stages.DIALOG_TITLES_E_SYSTEM, ), after=( - oengcommcons.Stages.DB_CONNECTION_STATUS, osetupcons.Stages.DIALOG_TITLES_S_SYSTEM, ), ) def _customization(self): if self.environment[ - oenginecons.ConfigEnv.WEBSOCKET_PROXY_CONFIG + owspcons.ConfigEnv.WEBSOCKET_PROXY_CONFIG ] is None: self.environment[ - oenginecons.ConfigEnv.WEBSOCKET_PROXY_CONFIG + owspcons.ConfigEnv.WEBSOCKET_PROXY_CONFIG ] = dialog.queryBoolean( dialog=self.dialog, name='OVESETUP_CONFIG_WEBSOCKET_PROXY', @@ -120,21 +117,20 @@ default=True, ) self._enabled = self.environment[ - oenginecons.ConfigEnv.WEBSOCKET_PROXY_CONFIG + owspcons.ConfigEnv.WEBSOCKET_PROXY_CONFIG ] @plugin.event( stage=plugin.Stages.STAGE_CUSTOMIZATION, condition=lambda self: self.environment[ - oenginecons.ConfigEnv.WEBSOCKET_PROXY_CONFIG + owspcons.ConfigEnv.WEBSOCKET_PROXY_CONFIG ], before=( osetupcons.Stages.DIALOG_TITLES_E_SYSTEM, ), after=( - oengcommcons.Stages.DB_CONNECTION_STATUS, osetupcons.Stages.DIALOG_TITLES_S_SYSTEM, - oenginecons.Stages.CONFIG_WEBSOCKET_PROXY_CUSTOMIZATION, + owspcons.Stages.CONFIG_WEBSOCKET_PROXY_CUSTOMIZATION, ), ) def _customization_firewall(self): @@ -148,7 +144,7 @@ osetupcons.NetEnv.FIREWALLD_SUBST ].update({ '@WEBSOCKET_PROXY_PORT@': self.environment[ - oenginecons.ConfigEnv.WEBSOCKET_PROXY_PORT + owspcons.ConfigEnv.WEBSOCKET_PROXY_PORT ], }) @@ -156,72 +152,87 @@ stage=plugin.Stages.STAGE_MISC, condition=lambda self: self._enabled, after=( - oengcommcons.Stages.DB_CONNECTION_AVAILABLE, - osetupcons.Stages.CA_AVAILABLE, + osetupcons.Stages.LOCAL_WSP_CERTS_AVAILABLE, ), ) def _misc(self): self.logger.info(_('Configuring WebSocket Proxy')) - self.execute( - args=( - oenginecons.FileLocations.OVIRT_ENGINE_PKI_CA_ENROLL, - '--name=%s' % 'websocket-proxy', - '--password=%s' % ( - self.environment[oenginecons.PKIEnv.STORE_PASS], - ), - '--subject=/C=%s/O=%s/CN=%s' % ( - self.environment[oenginecons.PKIEnv.COUNTRY], - self.environment[oenginecons.PKIEnv.ORG], - self.environment[osetupcons.ConfigEnv.FQDN], - ), - ), - ) - self.environment[ - otopicons.CoreEnv.MODIFIED_FILES - ].extend( - ( - ( - oenginecons.FileLocations. - OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_CERT - ), - ( - oenginecons.FileLocations. - OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_STORE + _on_separate_h = False + if ( + not os.path.exists( + owspcons.FileLocations. + OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_STORE + ) + ): + _on_separate_h = True + + if _on_separate_h: + self.dialog.note( + text=_( + "\n" + "ATTENTION\n" + "\n" + "Manual actions are required on the engine host and on " + "this host\n in order to enroll certs for this host " + "and configure the engine about it.\n" + "Please execute this command on the engine host: \n" + "engine-config -s WebSocketProxy={fqdn}:{port}\n" + "\n" + "Than, still on the engine host: \n" + "/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh \\\n" + " --name=websocket-proxy-standalone \\\n" + " --password=<password> \\\n" + " --subject=\"/C=<country>/O=<organization>/CN={fqdn}\"\n" + "\n" + "Substitute <country>, <organization> to suite your " + "environment\n(i.e. the values must match values in the " + "certificate authority of your engine), <password> with " + "a password of you choice\n" + "\n" + "Than copy /etc/pki/ovirt-engine/keys/" + "websocket-proxy-standalone.p12\n" + "from the engine host to this host at " + "{wsp_store}\n" + "And copy /etc/pki/ovirt-engine/certs/engine.cer\n" + "from the engine host to this host at " + "{engine_cer}\n" + "\n" + "Than, at last, on this host:\n" + "openssl pkcs12 -in {wsp_store} -nokeys -out {wsp_cert}\n" + "openssl pkcs12 -in {wsp_store} -nocerts -nodes " + "-out {wsp_keycert}\n" + "using the password you provided before on " + "the engine host\n" + "\n" + ).format( + fqdn=self.environment[osetupcons.ConfigEnv.FQDN], + port=self.environment[ + owspcons.ConfigEnv.WEBSOCKET_PROXY_PORT + ], + wsp_store=self.environment[ + owspcons.FileLocations. + OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_STORE + ], + wsp_cert=self.environment[ + owspcons.FileLocations. + OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_CERT + ], + wsp_key=self.environment[ + owspcons.FileLocations. + OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_KEY + ], + engine_cer=self.environment[ + owspcons.FileLocations.OVIRT_ENGINE_PKI_ENGINE_CERT + ] ), ) - ) - - rc, stdout, stderr = self.execute( - args=( - oenginecons.FileLocations.OVIRT_ENGINE_PKI_PKCS12_EXTRACT, - '--name=websocket-proxy', - '--passin=%s' % self.environment[ - oenginecons.PKIEnv.STORE_PASS - ], - '--key=-', - ), - logStreams=False, - ) - - self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( - filetransaction.FileTransaction( - oenginecons.FileLocations.OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_KEY, - mode=0o600, - owner=self.environment[osetupcons.SystemEnv.USER_ENGINE], - enforcePermissions=True, - content=stdout, - modifiedList=self.environment[ - otopicons.CoreEnv.MODIFIED_FILES - ], - ) - ) self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( filetransaction.FileTransaction( name=( - oenginecons.FileLocations. + owspcons.FileLocations. OVIRT_ENGINE_WEBSOCKET_PROXY_CONFIG_SETUP ), content=( @@ -233,18 +244,18 @@ "SSL_ONLY=True\n" ).format( port=self.environment[ - oenginecons.ConfigEnv.WEBSOCKET_PROXY_PORT + owspcons.ConfigEnv.WEBSOCKET_PROXY_PORT ], certificate=( - oenginecons.FileLocations. + owspcons.FileLocations. OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_CERT ), key=( - oenginecons.FileLocations. + owspcons.FileLocations. OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_KEY ), engine_cert=( - oenginecons.FileLocations. + owspcons.FileLocations. OVIRT_ENGINE_PKI_ENGINE_CERT ), ), @@ -268,11 +279,11 @@ def _closeup(self): for state in (False, True): self.services.state( - name=oenginecons.Const.WEBSOCKET_PROXY_SERVICE_NAME, + name=owspcons.Const.WEBSOCKET_PROXY_SERVICE_NAME, state=state, ) self.services.startup( - name=oenginecons.Const.WEBSOCKET_PROXY_SERVICE_NAME, + name=owspcons.Const.WEBSOCKET_PROXY_SERVICE_NAME, state=True, ) -- To view, visit http://gerrit.ovirt.org/28534 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ifceddd5aa44a77f67a3b6b30c6678d9a3b485f9c Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Simone Tiraboschi <stira...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
