mooli tayer has uploaded a new change for review.
Change subject: validate verb: replace libvirt_configure.sh call with python code.
......................................................................
validate verb: replace libvirt_configure.sh call with python code.
Change-Id: I3fe07463fd500cb5720f4e8869e27e2c24d7d4c9
Signed-off-by: Mooli Tayer <mtayer(a)redhat.com>
---
M lib/vdsm/tool/configfile.py
M lib/vdsm/tool/configurator.py
M tests/toolTests.py
3 files changed, 141 insertions(+), 39 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/20/27220/1
diff --git a/lib/vdsm/tool/configfile.py b/lib/vdsm/tool/configfile.py
index 33ab002..358fef8 100644
--- a/lib/vdsm/tool/configfile.py
+++ b/lib/vdsm/tool/configfile.py
@@ -17,10 +17,12 @@
# Refer to the README and COPYING files for full details of the license
#
+import ConfigParser
import os
import tempfile
import re
import selinux
+import StringIO
(
@@ -141,3 +143,29 @@
self.remove = True
else:
raise RuntimeError("Must be called from a managed context.")
+
+
+class ParserWrapper(object):
+ """
+ ConfigParser is for parsing of ini files. Use this
+ class for files with no sections.
+ """
+ def __init__(self, defaults=None):
+ self.wrapped = ConfigParser.RawConfigParser(defaults=defaults)
+
+ def get(self, option):
+ return self.wrapped.get('root', option)
+
+ def getboolean(self, option):
+ return self.wrapped.getboolean('root', option)
+
+ def getfloat(self, option):
+ return self.wrapped.getfloat('root', option)
+
+ def getint(self, option):
+ return self.wrapped.getint('root', option)
+
+ def read(self, path):
+ wrap = '[root]\n' + open(path, 'r').read()
+ wrap = StringIO.StringIO(wrap)
+ return self.wrapped.readfp(wrap)
diff --git a/lib/vdsm/tool/configurator.py b/lib/vdsm/tool/configurator.py
index e782762..349b3a7 100644
--- a/lib/vdsm/tool/configurator.py
+++ b/lib/vdsm/tool/configurator.py
@@ -30,7 +30,7 @@
from .. import utils
from . import service, expose, validate_ovirt_certs
-from .configfile import ConfigFile
+from .configfile import ConfigFile, ParserWrapper
from ..constants import P_VDSM_EXEC, QEMU_PROCESS_GROUP, \
SANLOCK_USER, VDSM_GROUP, SYSCONF_PATH, P_VDSM_CERT, \
SANLOCK_ENABLED, LIBVIRT_SELINUX
@@ -40,6 +40,17 @@
from ovirtnode import ovirtfunctions
except ImportError:
pass
+
+
+def envget(fname):
+ return {
+ 'VDSMM_CONF': os.path.join(SYSCONF_PATH, '/etc/vdsm/vdsm.conf'),
+ 'LCONF': os.path.join(SYSCONF_PATH,
'/etc/libvirt/libvirtd.conf'),
+ 'QCONF': os.path.join(SYSCONF_PATH, 'libvirt/qemu.conf'),
+ 'LDCONF': os.path.join(SYSCONF_PATH, '/sysconfig/libvirtd'),
+ 'QLCONF': os.path.join(SYSCONF_PATH,
'libvirt/qemu-sanlock.conf'),
+ 'LRCONF': os.path.join(SYSCONF_PATH,
'/etc/logrotate.d/libvirtd')
+ }[fname]
CONF_PREFIX = '## beginning of configuration section by vdsm'
CONF_SUFFIX = '## end of configuration section by vdsm'
@@ -51,11 +62,7 @@
KEY_FILE = os.path.join(PKI, 'keys/vdsmkey.pem')
LS_CERT_DIR = os.path.join(PKI, 'libvirt-spice')
-VDSMM_CONF = os.path.join(SYSCONF_PATH, '/etc/vdsm/vdsm.conf')
-
# Libvirt daemon configuration
-LCONF = os.path.join(SYSCONF_PATH, '/etc/libvirt/libvirtd.conf')
-
LCONF_GENERAL = {
'listen_addr': '"0.0.0.0"',
'unix_sock_group': '"qemu"',
@@ -81,8 +88,6 @@
}
# qemu configuration
-QCONF = os.path.join(SYSCONF_PATH, 'libvirt/qemu.conf')
-
QCONF_GENERAL = {
'dynamic_ownership': 0,
'save_image_format': '"lzop"',
@@ -112,24 +117,18 @@
}
# libvirt sysconfig file
-LDCONF = os.path.join(SYSCONF_PATH, '/sysconfig/libvirtd')
-
LDCONF_GENERAL = {
'LIBVIRTD_ARGS': '--listen',
'DAEMON_COREFILE_LIMIT': 'unlimited',
}
# sanlock configuration file
-QLCONF = os.path.join(SYSCONF_PATH, 'libvirt/qemu-sanlock.conf')
-
QLCONF_SANLOCK = {
'auto_disk_leases': 0,
'require_lease_for_disks': 0,
}
# libvirt log rotate configuration
-LRCONF = os.path.join(SYSCONF_PATH, '/etc/logrotate.d/libvirtd')
-
LLOGR_CONF = """
/var/log/libvirt/libvirtd.log {
rotate 100
@@ -227,7 +226,7 @@
ldconf_maps = [LDCONF_GENERAL]
qlconf_maps = []
# determine configuration
- config.read(VDSMM_CONF)
+ config.read(envget('VDSMM_CONF'))
if config.getboolean('vars', 'ssl'):
qconf_maps.append(QCONF_SSL)
if all(os.path.isfile(f) for f in
@@ -247,8 +246,10 @@
# write configuration
for file_name, configuration_maps in \
- [(LCONF, lconf_maps), (QCONF, qconf_maps),
- (LDCONF, ldconf_maps), (QLCONF, qlconf_maps)]:
+ [(envget('LCONF'), lconf_maps),
+ (envget('QCONF'), qconf_maps),
+ (envget('LDCONF'), ldconf_maps),
+ (envget('QLCONF'), qlconf_maps)]:
with ConfigFile(file_name,
'-'.join((CONF_PREFIX, CONF_VER)),
'-'.join((CONF_SUFFIX, CONF_VER))) as conff:
@@ -257,11 +258,13 @@
os.remove('/etc/libvirt/qemu/networks/autostart/default.xml')
- with ConfigFile(LRCONF, CONF_PREFIX, CONF_SUFFIX) as conf:
+ with ConfigFile(envget('LRCONF'), CONF_PREFIX, CONF_SUFFIX) as conf:
conf.prefixLines('# VDSM backup')
conf.prependSection(LLOGR_CONF)
- for fname in (LCONF, QCONF, LDCONF, QLCONF, LRCONF):
+ for fname in (envget('LCONF'), envget('QCONF'),
+ envget('LDCONF'), envget('QLCONF'),
+ envget('LRCONF')):
if utils.isOvirtNode() and ovirtfunctions:
ovirtfunctions.ovirt_store_config(fname)
sys.stdout.write("Reconfiguration of libvirt is done.")
@@ -301,15 +304,56 @@
raise RuntimeError(
"Failed to reload upstart configuration.")
+ def is_ssl_conflict(self):
+ config.read(envget('VDSMM_CONF'))
+ ssl = config.getboolean('vars', 'ssl')
+
+ lconf_p = ParserWrapper({
+ 'listen_tcp': '0',
+ 'auth_tcp': 'none'
+ })
+ lconf_p.read(envget('LCONF'))
+ listen_tcp = lconf_p.getboolean('listen_tcp')
+ auth_tcp = lconf_p.get('auth_tcp')
+ qconf_p = ParserWrapper({'spice_tls': '0'})
+ qconf_p.read(envget('QCONF'))
+ spice_tls = qconf_p.getboolean('spice_tls')
+ if ssl:
+ if listen_tcp != 1 and auth_tcp != 'none' and spice_tls != 0:
+ sys.stdout.write(
+ "SUCCESS: ssl configured to true. No conflicts\n")
+ return True
+ else:
+ sys.stdout.write(
+ "FAILED: "
+ "conflicting vdsm and libvirt-qemu tls configuration.\n"
+ "vdsm.conf with ssl=True "
+ "requires the following changes:\n"
+ "libvirtd.conf: listen_tcp=0, auth_tcp=\"sasl\",
\n"
+ "qemu.conf: spice_tls=1.\n"
+ )
+ return False
+ else:
+ if listen_tcp == 1 and auth_tcp == 'none' and spice_tls == 0:
+ sys.stdout.write(
+ "SUCCESS: ssl configured to false. No conflicts.\n")
+ return True
+ else:
+ sys.stdout.write(
+ "FAILED: "
+ "conflicting vdsm and libvirt-qemu tls configuration.\n"
+ "vdsm.conf with ssl=False "
+ "requires the following changes:\n"
+ "libvirtd.conf: listen_tcp=1, auth_tcp=\"none\",
\n"
+ "qemu.conf: spice_tls=0.\n"
+ )
+ return False
+
def validate(self):
"""
Validate conflict in configured files
"""
- try:
- self._exec_libvirt_configure("test_conflict_configurations")
- return True
- except RuntimeError:
- return False
+ return self.is_ssl_conflict()
def isconfigured(self):
"""
@@ -324,11 +368,16 @@
def removeConf(self):
for path in self._get_conf_files():
if os.path.exists(path):
- with ConfigFile(path, CONF_PREFIX, CONF_SUFFIX) as conff:
+ with ConfigFile(path,
+ CONF_PREFIX,
+ CONF_SUFFIX) as conff:
conff.removeConf()
def _get_conf_files(self):
- return LCONF, QCONF, QLCONF, LDCONF
+ return (envget('LCONF'),
+ envget('QCONF'),
+ envget('QLCONF'),
+ envget('LDCONF'))
class SanlockModuleConfigure(_ModuleConfigure):
diff --git a/tests/toolTests.py b/tests/toolTests.py
index 3552c9a..8359879 100644
--- a/tests/toolTests.py
+++ b/tests/toolTests.py
@@ -18,14 +18,14 @@
# Refer to the README and COPYING files for full details of the license
#
from vdsm.tool import configurator
-from vdsm.tool.configfile import ConfigFile
+from vdsm.tool.configfile import ConfigFile, ParserWrapper
from vdsm import utils
import monkeypatch
+
from unittest import TestCase
from functools import partial
import tempfile
import os
-
test_env = {}
srcPath = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
@@ -49,16 +49,18 @@
sample_config['libvirt_conf'] = """
## beginning of configuration section by vdsm-4.13.0
-listen_addr="0.0.0.0"
-unix_sock_group="qemu"
-unix_sock_rw_perms="0770"
-auth_unix_rw="sasl"
-host_uuid="72d18a98-8d96-4687-967a-72d989d3b65f"
-keepalive_interval=-1
-log_outputs="1:file:/var/log/libvirt/libvirtd.log"
-ca_file="/etc/pki/vdsm/certs/cacert.pem"
-cert_file="/etc/pki/vdsm/certs/vdsmcert.pem"
-key_file="/etc/pki/vdsm/keys/vdsmkey.pem"
+listen_tcp=0
+auth_tcp="sasl"
+#listen_addr="0.0.0.0"
+#unix_sock_group="qemu"
+#unix_sock_rw_perms="0770"
+#auth_unix_rw="sasl"
+#host_uuid="72d18a98-8d96-4687-967a-72d989d3b65f"
+#keepalive_interval=-1
+#log_outputs="1:file:/var/log/libvirt/libvirtd.log"
+#ca_file="/etc/pki/vdsm/certs/cacert.pem"
+#cert_file="/etc/pki/vdsm/certs/vdsmcert.pem"
+#key_file="/etc/pki/vdsm/keys/vdsmkey.pem"
## end of configuration section by vdsm-4.13.0
"""
@@ -127,7 +129,6 @@
utils.touchFile(test_env['LIBVIRT_LOGROTATE'])
self._setConfig('QLCONF', 'libvirtd')
self._setConfig('QCONF', 'qemu')
- self._setConfig('LDCONF', 'qemu-sanlock')
self.patch = monkeypatch.Patch([
(os, 'getuid', lambda: 0),
(configurator.LibvirtModuleConfigure,
@@ -135,8 +136,18 @@
get_libvirt_exec),
(configurator.LibvirtModuleConfigure,
'_get_conf_files',
- partial(get_conf_files, self._test_dir))
+ partial(get_conf_files, self._test_dir)),
+ (configurator,
+ 'envget',
+ lambda x: {
+ 'VDSMM_CONF': test_env['VDSM_CONF_FILE'],
+ 'LCONF': test_env['LCONF'],
+ 'QCONF': test_env['QCONF'],
+ 'LDCONF': test_env['LDCONF'],
+ 'QLCONF': test_env['QLCONF'],
+ }[x])
])
+ self._setConfig('LDCONF', 'qemu-sanlock')
self.patch.apply()
def tearDown(self):
@@ -235,3 +246,17 @@
with open(self.tname, 'r') as f:
self.assertEqual(f.read(), "key=val\n"
"kay=val\n")
+
+ def testConfRead(self):
+ self.writeConf("key=val\n"
+ "key1=val1\n")
+ conff = ParserWrapper(None)
+ conff.read(self.tname)
+ self.assertEqual(conff.get('key'), 'val')
+
+ def testConfDefaults(self):
+ self.writeConf("key=val\n"
+ "key1=val1\n")
+ conff = ParserWrapper({'key2': 'val2'})
+ conff.read(self.tname)
+ self.assertEqual(conff.get('key2'), 'val2')
--
To view, visit
http://gerrit.ovirt.org/27220
To unsubscribe, visit
http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3fe07463fd500cb5720f4e8869e27e2c24d7d4c9
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: mooli tayer <mtayer(a)redhat.com>