Sandro Bonazzola has uploaded a new change for review. Change subject: packaging: setup: support vdsmd not encrypted connection ......................................................................
packaging: setup: support vdsmd not encrypted connection support vdsmd running with ssl support disabled. Change-Id: Idc5f2c6b69ab2899c100a35581412d686b1f5254 Signed-off-by: Sandro Bonazzola <[email protected]> --- M src/bin/hosted-engine.in M src/ovirt_hosted_engine_setup/constants.py M src/plugins/ovirt-hosted-engine-setup/core/conf.py M src/plugins/ovirt-hosted-engine-setup/network/bridge.py M src/plugins/ovirt-hosted-engine-setup/system/vdsmenv.py M src/plugins/ovirt-hosted-engine-setup/vdsmd/vdsmconf.py M src/plugins/ovirt-hosted-engine-setup/vm/runvm.py M templates/hosted-engine.conf.in 8 files changed, 99 insertions(+), 59 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-hosted-engine-setup refs/changes/00/17300/1 diff --git a/src/bin/hosted-engine.in b/src/bin/hosted-engine.in index d418031..3510749 100644 --- a/src/bin/hosted-engine.in +++ b/src/bin/hosted-engine.in @@ -42,6 +42,12 @@ usage fi +if [ "${vdsm_use_ssl}" == "true" ] ; then + VDSCOMMAND="vdsClient -s localhost" +else + VDSCOMMAND="vdsClient localhost" +fi + while [ -n "$1" ]; do x="$1" v="${x#*=}" @@ -53,21 +59,21 @@ --vm-start) # TODO: Check first the sanlock status, and if allows: if [ -r "${conf}" ] ; then - vdsClient -s localhost create "${conf}" + ${VDSCOMMAND} create "${conf}" else echo "You must run --deploy first" fi ;; --vm-shutdown) if [ -n "${vmid}" ] ; then - vdsClient -s localhost shutdown "${vmid}" 120 "VM is shutting down!" + ${VDSCOMMAND} shutdown "${vmid}" 120 "VM is shutting down!" else echo "You must run --deploy first" fi ;; --vm-stop) if [ -n "${vmid}" ] ; then - vdsClient -s localhost destroy "${vmid}" + ${VDSCOMMAND} destroy "${vmid}" else echo "You must run --deploy first" fi @@ -77,7 +83,7 @@ ;; --add-console-password=*) if [ -n "${vmid}" ] ; then - vdsClient -s localhost setVmTicket "${vmid}" "${v}" 120 + ${VDSCOMMAND} setVmTicket "${vmid}" "${v}" 120 else echo "You must run --deploy first" fi @@ -95,21 +101,21 @@ exit 1 fi echo "Connecting Storage Server" - vdsClient -s localhost connectStorageServer \ + ${VDSCOMMAND} connectStorageServer \ ${storageType} \ ${spUUID} \ connection=${storage},iqn=,portal=,user=kvm,password=,id=${connectionUUID},port= ;; --start-pool) echo "Connecting Storage Pool" - vdsClient -s localhost connectStoragePool \ + ${VDSCOMMAND} connectStoragePool \ ${spUUID} \ ${host_id} \ ${spUUID} \ ${sdUUID} \ 1 echo "Starting SPM" - vdsClient -s localhost spmStart \ + ${VDSCOMMAND} spmStart \ ${spUUID} \ -1 \ -1 \ @@ -118,7 +124,7 @@ 250 \ 3 echo "Activating Storage Domain" - vdsClient -s localhost activateStorageDomain \ + ${VDSCOMMAND} activateStorageDomain \ ${sdUUID} \ ${spUUID} ;; diff --git a/src/ovirt_hosted_engine_setup/constants.py b/src/ovirt_hosted_engine_setup/constants.py index 5afcd1b..1b3d635 100644 --- a/src/ovirt_hosted_engine_setup/constants.py +++ b/src/ovirt_hosted_engine_setup/constants.py @@ -366,6 +366,7 @@ return 'OVEHOSTED_VDSM/spicePkiSubject' VDSM_CPU = 'OVEHOSTED_VDSM/cpu' + USE_SSL = 'OVEHOSTED_VDSM/useSSL' @util.export @@ -392,6 +393,7 @@ 'ohosted.network.firewallmanager.available' NET_FIREWALL_MANAGER_PROCESS_TEMPLATES = \ 'ohosted.network.firewallmanager.templates.available' + VDSMD_CONF_LOADED = 'ohosted.vdsm.conf.loaded' @util.export diff --git a/src/plugins/ovirt-hosted-engine-setup/core/conf.py b/src/plugins/ovirt-hosted-engine-setup/core/conf.py index b3acbed..9a4741d 100644 --- a/src/plugins/ovirt-hosted-engine-setup/core/conf.py +++ b/src/plugins/ovirt-hosted-engine-setup/core/conf.py @@ -89,6 +89,9 @@ '@CA_SUBJECT@': self.environment[ ohostedcons.VDSMEnv.SPICE_SUBJECT ], + '@VDSM_USE_SSL@': str( + self.environment[ohostedcons.VDSMEnv.USE_SSL] + ).lower(), } ) with transaction.Transaction() as localtransaction: diff --git a/src/plugins/ovirt-hosted-engine-setup/network/bridge.py b/src/plugins/ovirt-hosted-engine-setup/network/bridge.py index 34053a8..c49a08f 100644 --- a/src/plugins/ovirt-hosted-engine-setup/network/bridge.py +++ b/src/plugins/ovirt-hosted-engine-setup/network/bridge.py @@ -136,23 +136,24 @@ self.logger.info(_('Configuring the management bridge')) nic = self.environment[ohostedcons.NetworkEnv.BRIDGE_IF] bridge = self.environment[ohostedcons.NetworkEnv.BRIDGE_NAME] - + cmd = [self.command.get('vdsClient')] + if self.environment[ohostedcons.VDSMEnv.USE_SSL]: + cmd.append('-s') + cmd += [ + 'localhost', + 'addNetwork', + 'bridge=%s' % bridge, + 'vlan=', + 'bond=', + 'nics=%s' % nic, + 'force=False', + 'bridged=True', + 'BOOTPROTO=dhcp', + 'ONBOOT=yes', + 'blockingdhcp=true', + ] self.execute( - ( - self.command.get('vdsClient'), - '-s', - 'localhost', - 'addNetwork', - 'bridge=%s' % bridge, - 'vlan=', - 'bond=', - 'nics=%s' % nic, - 'force=False', - 'bridged=True', - 'BOOTPROTO=dhcp', - 'ONBOOT=yes', - 'blockingdhcp=true', - ), + cmd, raiseOnError=True ) diff --git a/src/plugins/ovirt-hosted-engine-setup/system/vdsmenv.py b/src/plugins/ovirt-hosted-engine-setup/system/vdsmenv.py index 239ad22..0ce29f6 100644 --- a/src/plugins/ovirt-hosted-engine-setup/system/vdsmenv.py +++ b/src/plugins/ovirt-hosted-engine-setup/system/vdsmenv.py @@ -59,7 +59,7 @@ serv = vdsClient.ge.GlusterService() else: serv = vdsClient.service() - serv.useSSL = True + serv.useSSL = self.environment[ohostedcons.VDSMEnv.USE_SSL] server, serverPort = vdscli.cannonizeAddrPort( 'localhost' ).split(':', 1) @@ -98,7 +98,10 @@ ) @plugin.event( - stage=plugin.Stages.STAGE_LATE_SETUP + stage=plugin.Stages.STAGE_LATE_SETUP, + after=[ + ohostedcons.Stages.VDSMD_CONF_LOADED, + ], ) def _late_setup(self): #We need vdsmd up for customization checks diff --git a/src/plugins/ovirt-hosted-engine-setup/vdsmd/vdsmconf.py b/src/plugins/ovirt-hosted-engine-setup/vdsmd/vdsmconf.py index a858174..2807525 100644 --- a/src/plugins/ovirt-hosted-engine-setup/vdsmd/vdsmconf.py +++ b/src/plugins/ovirt-hosted-engine-setup/vdsmd/vdsmconf.py @@ -25,6 +25,7 @@ import configparser import gettext +import os import StringIO # FIXME: May need some otopi magic for python3 compatibility @@ -49,6 +50,31 @@ def __init__(self, context): super(Plugin, self).__init__(context=context) + self.config = configparser.ConfigParser() + self.config.optionxform = str + + @plugin.event( + stage=plugin.Stages.STAGE_INIT + ) + def _init(self): + self.environment.setdefault( + ohostedcons.VDSMEnv.USE_SSL, + True + ) + + @plugin.event( + stage=plugin.Stages.STAGE_LATE_SETUP, + name=ohostedcons.Stages.VDSMD_CONF_LOADED, + ) + def _late_setup(self): + if self.config.read(ohostedcons.FileLocations.VDSM_CONF): + if ( + self.config.has_section('vars') and + self.config.has_option('vars', 'ssl') + ): + self.environment[ + ohostedcons.VDSMEnv.USE_SSL + ] = self.config.getboolean('vars', 'ssl') @plugin.event( stage=plugin.Stages.STAGE_MISC, @@ -56,9 +82,7 @@ ) def _misc(self): self.logger.info(_('Configuring VDSM')) - config = configparser.ConfigParser() - config.optionxform = str - if not config.read(ohostedcons.FileLocations.VDSM_CONF): + if not os.path.exists(ohostedcons.FileLocations.VDSM_CONF): self.logger.warning( _( 'VDSM configuration file not found: ' @@ -66,17 +90,17 @@ ) ) for section in ('irs', 'vars'): - if not config.has_section(section): - config.add_section(section) - config.set('irs', 'use_volume_leases', 'true') - config.set( + if not self.config.has_section(section): + self.config.add_section(section) + self.config.set('irs', 'use_volume_leases', 'true') + self.config.set( 'vars', 'default_bridge', self.environment[ohostedcons.NetworkEnv.BRIDGE_NAME] ) f = StringIO.StringIO() try: - config.write(f) + self.config.write(f) with transaction.Transaction() as localtransaction: localtransaction.append( filetransaction.FileTransaction( diff --git a/src/plugins/ovirt-hosted-engine-setup/vm/runvm.py b/src/plugins/ovirt-hosted-engine-setup/vm/runvm.py index 4715895..770c17c 100644 --- a/src/plugins/ovirt-hosted-engine-setup/vm/runvm.py +++ b/src/plugins/ovirt-hosted-engine-setup/vm/runvm.py @@ -47,6 +47,7 @@ def __init__(self, context): super(Plugin, self).__init__(context=context) + self._vdscommand = [] def _generateTempVncPassword(self): self.logger.info( @@ -98,32 +99,28 @@ waiter = tasks.TaskWaiter(self.environment) waiter.wait() self.logger.info(_('Creating VM')) + cmd = self._vdscommand + [ + 'create', + ohostedcons.FileLocations.ENGINE_VM_CONF, + ] self.execute( - ( - self.command.get('vdsClient'), - '-s', - 'localhost', - 'create', - ohostedcons.FileLocations.ENGINE_VM_CONF - ), + cmd, raiseOnError=True ) password_set = False while not password_set: waiter.wait() try: + cmd = self._vdscommand + [ + 'setVmTicket', + self.environment[ohostedcons.VMEnv.VM_UUID], + self.environment[ohostedcons.VMEnv.VM_PASSWD], + self.environment[ + ohostedcons.VMEnv.VM_PASSWD_VALIDITY_SECS + ], + ] self.execute( - ( - self.command.get('vdsClient'), - '-s', - 'localhost', - 'setVmTicket', - self.environment[ohostedcons.VMEnv.VM_UUID], - self.environment[ohostedcons.VMEnv.VM_PASSWD], - self.environment[ - ohostedcons.VMEnv.VM_PASSWD_VALIDITY_SECS - ], - ), + cmd, raiseOnError=True ) password_set = True @@ -173,6 +170,11 @@ ], ) def _customization(self): + self._vdscommand = [self.command.get('vdsClient')] + if self.environment[ohostedcons.VDSMEnv.USE_SSL]: + self._vdscommand.append('-s') + self._vdscommand.append('localhost') + validConsole = False interactive = self.environment[ ohostedcons.VMEnv.CONSOLE_TYPE @@ -234,14 +236,12 @@ ) if not self._wait_vm_destroyed(): #The VM is down but not destroyed + cmd = self._vdscommand + [ + 'destroy', + self.environment[ohostedcons.VMEnv.VM_UUID], + ] self.execute( - ( - self.command.get('vdsClient'), - '-s', - 'localhost', - 'destroy', - self.environment[ohostedcons.VMEnv.VM_UUID], - ), + cmd, raiseOnError=True ) os_installed = self.dialog.queryString( diff --git a/templates/hosted-engine.conf.in b/templates/hosted-engine.conf.in index 2844f59..b1db8c6 100644 --- a/templates/hosted-engine.conf.in +++ b/templates/hosted-engine.conf.in @@ -12,3 +12,4 @@ connectionUUID=@CONNECTION_UUID@ ca_cert=@CA_CERT@ ca_subject="@CA_SUBJECT@" +vdsm_use_ssl=@VDSM_USE_SSL@ -- To view, visit http://gerrit.ovirt.org/17300 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Idc5f2c6b69ab2899c100a35581412d686b1f5254 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-hosted-engine-setup Gerrit-Branch: master Gerrit-Owner: Sandro Bonazzola <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
