Alon Bar-Lev has uploaded a new change for review.
Change subject: host-deploy: support serial console
......................................................................
host-deploy: support serial console
Change-Id: I4692f73dc388794ed0b3e1ee8732f2916d9591d2
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/hostdeploy/VdsDeploy.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/hostdeploy/VdsDeployBase.java
M
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java
M packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
M packaging/firewalld/aio/ovirt-aio.xml.in
5 files changed, 125 insertions(+), 0 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/95/38095/10
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/hostdeploy/VdsDeploy.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/hostdeploy/VdsDeploy.java
index 8e3a101..81dc52c 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/hostdeploy/VdsDeploy.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/hostdeploy/VdsDeploy.java
@@ -39,6 +39,7 @@
import org.ovirt.ovirt_host_deploy.constants.TuneEnv;
import org.ovirt.ovirt_host_deploy.constants.KdumpEnv;
import org.ovirt.ovirt_host_deploy.constants.OpenStackEnv;
+import org.ovirt.ovirt_host_deploy.constants.VMConsoleEnv;
import org.ovirt.ovirt_host_deploy.constants.VdsmEnv;
import org.ovirt.ovirt_host_deploy.constants.VirtEnv;
import org.slf4j.Logger;
@@ -84,6 +85,8 @@
private String _certificate;
private String _iptables = "";
+
+ private String _sercon_certificate;
private OpenstackNetworkProviderProperties _openStackAgentProperties =
null;
private MessagingConfiguration _messagingConfiguration = null;
@@ -570,6 +573,34 @@
Config.<Integer>getValue(ConfigValues.FenceKdumpMessageInterval)
);
return true;
+ }},
+ new Callable<Boolean>() {@CallWhen("VMCONSOLE_ENABLE")
+ public Boolean call() throws Exception {
+ Integer support = (Integer)_parser.cliEnvironmentGet(
+ VMConsoleEnv.SUPPORT
+ );
+ if (support == null || support != Const.VMCONSOLE_SUPPORT_V1) {
+ removeCustomizationCondition("VMCONSOLE_ENABLE");
+ }
+ return true;
+ }},
+ new Callable<Boolean>() {@CallWhen("VMCONSOLE_ENABLE")
+ public Boolean call() throws Exception {
+ _parser.cliEnvironmentSet(
+ VMConsoleEnv.ENABLE,
+ true
+ );
+ return true;
+ }},
+ new Callable<Boolean>() {@CallWhen("VMCONSOLE_ENABLE")
+ public Boolean call() throws Exception {
+ _parser.cliEnvironmentSet(
+ VMConsoleEnv.CAKEY,
+ PKIResources.Resource.CACertificate.toString(
+ PKIResources.Format.OPENSSH_PUBKEY
+ ).replace("\n", "")
+ );
+ return true;
}}
);
@@ -647,6 +678,14 @@
unknown = false;
}
}
+ else if (bevent instanceof Event.QueryValue) {
+ Event.QueryValue event = (Event.QueryValue)bevent;
+
+ if
(org.ovirt.ovirt_host_deploy.constants.Queries.VMCONSOLE_CERTIFICATE.equals(event.name))
{
+ event.value = _sercon_certificate.replace("\n", "");
+ unknown = false;
+ }
+ }
else if (bevent instanceof Event.QueryMultiString) {
Event.QueryMultiString event = (Event.QueryMultiString)bevent;
@@ -668,6 +707,22 @@
);
_certificate = OpenSslCAWrapper.signCertificateRequest(
StringUtils.join(event.value, "\n"),
+ _vds.getHostName()
+ );
+ unknown = false;
+ }
+ else if
(Displays.VMCONSOLE_CERTIFICATE_REQUEST.equals(event.name)) {
+ _messages.post(
+ InstallerMessages.Severity.INFO,
+ "Enrolling serial console certificate"
+ );
+ String name = String.format("%s-ssh", _vds.getHostName());
+ String cer = OpenSslCAWrapper.signCertificateRequest(
+ StringUtils.join(event.value, "\n"),
+ name
+ );
+ _sercon_certificate = OpenSslCAWrapper.signOpenSSHCertificate(
+ name,
_vds.getHostName()
);
unknown = false;
@@ -728,6 +783,16 @@
}
/**
+ * Enable serial console setup.
+ * @param doVMConsole enable.
+ */
+ public void setVMConsole(boolean doVMConsole) {
+ if (doVMConsole) {
+ addCustomizationCondition("VMCONSOLE_ENABLE");
+ }
+ }
+
+ /**
* Returns the installation status
*
* @return the installation status
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/hostdeploy/VdsDeployBase.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/hostdeploy/VdsDeployBase.java
index 054355c..6272b1c 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/hostdeploy/VdsDeployBase.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/hostdeploy/VdsDeployBase.java
@@ -225,6 +225,9 @@
protected void addCustomizationCondition(String cond) {
_customizationConditions.add(cond);
}
+ protected void removeCustomizationCondition(String cond) {
+ _customizationConditions.remove(cond);
+ }
/*
* Termination dialog.
diff --git
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java
index 2c9a225..cd2e220 100644
---
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java
+++
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java
@@ -64,6 +64,28 @@
).getPath());
}
+ public static String signOpenSSHCertificate(
+ String hostname,
+ String principal
+ ) throws IOException {
+ EngineLocalConfig config = EngineLocalConfig.getInstance();
+
+ if (
+ !new OpenSslCAWrapper().signOpenSSHCertificate(
+ new File(new File(config.getUsrDir(), "bin"),
"pki-enroll-openssh-cert.sh"),
+ hostname,
+ principal
+ )
+ ) {
+ throw new RuntimeException("OpenSSH certificate enrollment
failed");
+ }
+
+ return FileUtil.readAllText(
+ new File(new File(config.getPKIDir(), "certs"),
+ String.format("%s-cert.pub", hostname)
+ ).getPath());
+ }
+
public final boolean signCertificateRequest(
File executable,
String hostname
@@ -92,6 +114,34 @@
return returnValue;
}
+ public final boolean signOpenSSHCertificate(
+ File executable,
+ String hostname,
+ String principal
+ ) {
+ log.debug("Entered signOpenSSHCertificate");
+ boolean returnValue = true;
+ if (executable.exists()) {
+ int days = Config.<Integer>
getValue(ConfigValues.VdsCertificateValidityInYears) * 365;
+ returnValue = runCommandArray(
+ new String[] {
+ executable.getAbsolutePath(),
+ String.format("--name=%s", hostname),
+ "--host",
+ String.format("--id=%s", hostname),
+ String.format("--principals=%s", principal),
+ String.format("--days=%s", days)
+ },
+ Config.<Integer>
getValue(ConfigValues.SignCertTimeoutInSeconds)
+ );
+ } else {
+ log.error("Sign certificate request file '{}' not found",
executable.getPath());
+ returnValue = false;
+ }
+ log.debug("End of signOpenSSHCertificate");
+ return returnValue;
+ }
+
/**
* Runs the SignReq.sh script
* @param command_array
diff --git a/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
b/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
index eeb3e66..754ad2e 100644
--- a/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
+++ b/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
@@ -362,6 +362,9 @@
# libvirt tls
-A INPUT -p tcp --dport 16514 -j ACCEPT
+# serial consoles
+-A INPUT -p tcp -m multiport --dports 2223 -j ACCEPT
+
# guest consoles
-A INPUT -p tcp -m multiport --dports 5900:6923 -j ACCEPT
@@ -812,6 +815,9 @@
# libvirt tls
-A INPUT -p tcp --dport 16514 -j ACCEPT
+# serial consoles
+-A INPUT -p tcp -m multiport --dports 2223 -j ACCEPT
+
# guest consoles
-A INPUT -p tcp -m multiport --dports 5900:6923 -j ACCEPT
diff --git a/packaging/firewalld/aio/ovirt-aio.xml.in
b/packaging/firewalld/aio/ovirt-aio.xml.in
index 3a73080..478c521 100644
--- a/packaging/firewalld/aio/ovirt-aio.xml.in
+++ b/packaging/firewalld/aio/ovirt-aio.xml.in
@@ -2,6 +2,7 @@
<service>
<short>ovirt-aio</short>
<description>oVirt configured aio service</description>
+ <port protocol="tcp" port="2222-2223"/>
<port protocol="tcp" port="5900-6923"/>
<port protocol="tcp" port="49152-49216"/>
</service>
--
To view, visit https://gerrit.ovirt.org/38095
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I4692f73dc388794ed0b3e1ee8732f2916d9591d2
Gerrit-PatchSet: 10
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com>
Gerrit-Reviewer: Eli Mesika <emes...@redhat.com>
Gerrit-Reviewer: Francesco Romani <from...@redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Michal Skrivanek <michal.skriva...@redhat.com>
Gerrit-Reviewer: Sandro Bonazzola <sbona...@redhat.com>
Gerrit-Reviewer: automat...@ovirt.org
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
