[Engine-patches] Change in ovirt-engine[master]: pki: use relative lock file

Wed, 13 Mar 2013 14:37:36 -0700 

Alon Bar-Lev has uploaded a new change for review.

Change subject: pki: use relative lock file
......................................................................

pki: use relative lock file

Current implementation uses /var/lock/ovirt-engine/* to perform lock of
pki operations.

Problem in current implementation is that /var/lock may be cleared on
distributions so no ovirt-engine exists. Also, in development mode there
is no access to /var directory.

The new implementation uses persistent SignReq.lock file which is
relative to SignReq.sh at PREFIX/etc, which is a valid location.

Change-Id: I4274778254167db8f632908a9bdcc0d6ad284b3e
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M Makefile
A backend/manager/conf/ca/SignReq.lock
M backend/manager/conf/ca/SignReq.sh
M 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/Backend.java
M 
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
M 
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java
M packaging/fedora/spec/ovirt-engine.spec.in
7 files changed, 6 insertions(+), 40 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/30/13030/1

diff --git a/Makefile b/Makefile
index 3c67858..095f0ae 100644
--- a/Makefile
+++ b/Makefile
@@ -320,6 +320,7 @@
 
        # Scripts:
        install -m 755 backend/manager/conf/ca/*.sh $(DESTDIR)$(PKG_PKI_DIR)
+       install -m 644 backend/manager/conf/ca/*.lock $(DESTDIR)$(PKG_PKI_DIR)
 
 install_config:
        @echo "*** Deploying engine-config & engine-manage-domains"
diff --git a/backend/manager/conf/ca/SignReq.lock 
b/backend/manager/conf/ca/SignReq.lock
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/backend/manager/conf/ca/SignReq.lock
diff --git a/backend/manager/conf/ca/SignReq.sh 
b/backend/manager/conf/ca/SignReq.sh
index 20e0981..43a20a4 100755
--- a/backend/manager/conf/ca/SignReq.sh
+++ b/backend/manager/conf/ca/SignReq.sh
@@ -18,13 +18,8 @@
         printf "\tPass                        = Certificate password\n"
         printf "\tHost                        = CN\n"
         printf "\tOrganization                = O\n"
-        printf "\tlock file                   = Name of file to be used for 
locking\n"
         printf "\tlocking timeout             = Amount of seconds to wait for 
locking\n"
         return 0
-}
-
-rollback () {
-       [[ $step -eq 1 ]] && rm -f $lock_file
 }
 
 sign () {
@@ -46,7 +41,6 @@
         die "Error: wrong argument number: $#.\n"
 fi
 
-step=0
 result=9
 req_file=$1
 out_file=$2
@@ -57,30 +51,17 @@
 req_name=$7
 req_org=$8
 
-shift
-lock_file=$8
-if [ -z "$lock_file" ]; then
-        lock_file=/var/lock/ovirt-engine/.openssl.exclusivelock
-fi
-
+lock_file="$(dirname "$0")/SignReq.lock"
 shift
 timeout=$8
 if [ -z "$timeout" ]; then
         timeout=20
 fi
 
-trap "rollback; exit $result" HUP KILL INT QUIT TERM
-
 {
         # Wait for lock on $lock_file (fd 200) for $timeout seconds
-        flock -e -w $timeout 200
-        if [ $? -eq 0 ];
-        then
-                step=1
-                sign
-        else
-                die "Timeout waiting for lock. Giving up"
-        fi
+        flock -e -w $timeout 200 || die "Timeout waiting for lock. Giving up"
+       sign
         result=$?
 
 } 200>$lock_file
diff --git 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/Backend.java
 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/Backend.java
index 53c7fba..3c43211 100644
--- 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/Backend.java
+++ 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/Backend.java
@@ -1,6 +1,5 @@
 package org.ovirt.engine.core.bll;
 
-import java.io.File;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
@@ -223,17 +222,6 @@
         
SchedulerUtilQuartzImpl.getInstance().scheduleAFixedDelayJob(QuotaManager.getInstance(),
                 "updateQuotaCache",  new Class[] {}, new Object[] {},
                 1, quotaCacheIntervalInMinutes, TimeUnit.MINUTES);
-
-        try {
-            File fLock = new File(Config.<String> 
GetValue(ConfigValues.SignLockFile));
-            if (fLock.exists()) {
-                if (!fLock.delete()) {
-                    log.error("Cleanup lockfile failed to delete the locking 
file.");
-                }
-            }
-        } catch (SecurityException se) {
-            log.error("Cleanup lockfile failed!", se);
-        }
     }
 
     private void initJobRepository() {
diff --git 
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
 
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
index 803e1e1..ae4908b 100644
--- 
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
+++ 
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
@@ -799,10 +799,6 @@
     LdapServers(305),
 
     @TypeConverterAttribute(String.class)
-    @DefaultValueAttribute("/var/lock/ovirt-engine/.openssl.exclusivelock")
-    SignLockFile(306),
-
-    @TypeConverterAttribute(String.class)
     @DefaultValueAttribute("3.0.0.0")
     ProductRPMVersion(307),
 
diff --git 
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java
 
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java
index 0913045..210a102 100644
--- 
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java
+++ 
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java
@@ -226,7 +226,6 @@
         log.debug("Building command array for Sign Certificate request 
script");
         String baseDirectoryPath = Config.resolveCABasePath();
         String keystorePass = Config.<String> 
GetValue(ConfigValues.keystorePass);
-        String lockfileName = Config.<String> 
GetValue(ConfigValues.SignLockFile);
         Calendar yesterday = Calendar.getInstance();
         yesterday.add(Calendar.DATE, -1);
         SimpleDateFormat format = new SimpleDateFormat("yyMMddHHmmssZ");
@@ -234,7 +233,7 @@
         String[] command_array = { signRequestBatch, requestFileName, 
signedCertificateFileName, "" + days,
                 baseDirectoryPath, format.format(yesterday.getTime()), 
keystorePass,
                 hostname, organization,
-                lockfileName, "" + (signatureTimeout / 2) };
+                "" + (signatureTimeout / 2) };
         log.debug("Finished building command array for Sign Certificate 
request script");
         return command_array;
     }
diff --git a/packaging/fedora/spec/ovirt-engine.spec.in 
b/packaging/fedora/spec/ovirt-engine.spec.in
index 3ef06f7..cf4d435 100644
--- a/packaging/fedora/spec/ovirt-engine.spec.in
+++ b/packaging/fedora/spec/ovirt-engine.spec.in
@@ -527,6 +527,7 @@
 
 # PKI scripts:
 %{engine_pki}/*.sh
+%attr(-, %{engine_user}, %{engine_group}) %{engine_pki}/*.lock
 
 # PKI configuration files:
 %config(noreplace) %{engine_pki}/openssl.conf


--
To view, visit http://gerrit.ovirt.org/13030
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I4274778254167db8f632908a9bdcc0d6ad284b3e
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to