mooli tayer has uploaded a new change for review. Change subject: validate verb: replace libvirt_configure.sh call with python code. ...................................................................... validate verb: replace libvirt_configure.sh call with python code. Change-Id: I3fe07463fd500cb5720f4e8869e27e2c24d7d4c9 Signed-off-by: Mooli Tayer <mtayer(a)redhat.com&gt; --- M lib/vdsm/tool/configfile.py M lib/vdsm/tool/configurator.py M tests/toolTests.py 3 files changed, 141 insertions(+), 39 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/20/27220/1 diff --git a/lib/vdsm/tool/configfile.py b/lib/vdsm/tool/configfile.py index 33ab002..358fef8 100644 --- a/lib/vdsm/tool/configfile.py +++ b/lib/vdsm/tool/configfile.py @@ -17,10 +17,12 @@ # Refer to the README and COPYING files for full details of the license # +import ConfigParser import os import tempfile import re import selinux +import StringIO ( @@ -141,3 +143,29 @@ self.remove = True else: raise RuntimeError("Must be called from a managed context.") + + +class ParserWrapper(object): + """ + ConfigParser is for parsing of ini files. Use this + class for files with no sections. + """ + def __init__(self, defaults=None): + self.wrapped = ConfigParser.RawConfigParser(defaults=defaults) + + def get(self, option): + return self.wrapped.get('root', option) + + def getboolean(self, option): + return self.wrapped.getboolean('root', option) + + def getfloat(self, option): + return self.wrapped.getfloat('root', option) + + def getint(self, option): + return self.wrapped.getint('root', option) + + def read(self, path): + wrap = '[root]\n' + open(path, 'r').read() + wrap = StringIO.StringIO(wrap) + return self.wrapped.readfp(wrap) diff --git a/lib/vdsm/tool/configurator.py b/lib/vdsm/tool/configurator.py index e782762..349b3a7 100644 --- a/lib/vdsm/tool/configurator.py +++ b/lib/vdsm/tool/configurator.py @@ -30,7 +30,7 @@ from .. import utils from . import service, expose, validate_ovirt_certs -from .configfile import ConfigFile +from .configfile import ConfigFile, ParserWrapper from ..constants import P_VDSM_EXEC, QEMU_PROCESS_GROUP, \ SANLOCK_USER, VDSM_GROUP, SYSCONF_PATH, P_VDSM_CERT, \ SANLOCK_ENABLED, LIBVIRT_SELINUX @@ -40,6 +40,17 @@ from ovirtnode import ovirtfunctions except ImportError: pass + + +def envget(fname): + return { + 'VDSMM_CONF': os.path.join(SYSCONF_PATH, '/etc/vdsm/vdsm.conf'), + 'LCONF': os.path.join(SYSCONF_PATH, '/etc/libvirt/libvirtd.conf'), + 'QCONF': os.path.join(SYSCONF_PATH, 'libvirt/qemu.conf'), + 'LDCONF': os.path.join(SYSCONF_PATH, '/sysconfig/libvirtd'), + 'QLCONF': os.path.join(SYSCONF_PATH, 'libvirt/qemu-sanlock.conf'), + 'LRCONF': os.path.join(SYSCONF_PATH, '/etc/logrotate.d/libvirtd') + }[fname] CONF_PREFIX = '## beginning of configuration section by vdsm' CONF_SUFFIX = '## end of configuration section by vdsm' @@ -51,11 +62,7 @@ KEY_FILE = os.path.join(PKI, 'keys/vdsmkey.pem') LS_CERT_DIR = os.path.join(PKI, 'libvirt-spice') -VDSMM_CONF = os.path.join(SYSCONF_PATH, '/etc/vdsm/vdsm.conf') - # Libvirt daemon configuration -LCONF = os.path.join(SYSCONF_PATH, '/etc/libvirt/libvirtd.conf') - LCONF_GENERAL = { 'listen_addr': '"0.0.0.0"', 'unix_sock_group': '"qemu"', @@ -81,8 +88,6 @@ } # qemu configuration -QCONF = os.path.join(SYSCONF_PATH, 'libvirt/qemu.conf') - QCONF_GENERAL = { 'dynamic_ownership': 0, 'save_image_format': '"lzop"', @@ -112,24 +117,18 @@ } # libvirt sysconfig file -LDCONF = os.path.join(SYSCONF_PATH, '/sysconfig/libvirtd') - LDCONF_GENERAL = { 'LIBVIRTD_ARGS': '--listen', 'DAEMON_COREFILE_LIMIT': 'unlimited', } # sanlock configuration file -QLCONF = os.path.join(SYSCONF_PATH, 'libvirt/qemu-sanlock.conf') - QLCONF_SANLOCK = { 'auto_disk_leases': 0, 'require_lease_for_disks': 0, } # libvirt log rotate configuration -LRCONF = os.path.join(SYSCONF_PATH, '/etc/logrotate.d/libvirtd') - LLOGR_CONF = """ /var/log/libvirt/libvirtd.log { rotate 100 @@ -227,7 +226,7 @@ ldconf_maps = [LDCONF_GENERAL] qlconf_maps = [] # determine configuration - config.read(VDSMM_CONF) + config.read(envget('VDSMM_CONF')) if config.getboolean('vars', 'ssl'): qconf_maps.append(QCONF_SSL) if all(os.path.isfile(f) for f in @@ -247,8 +246,10 @@ # write configuration for file_name, configuration_maps in \ - [(LCONF, lconf_maps), (QCONF, qconf_maps), - (LDCONF, ldconf_maps), (QLCONF, qlconf_maps)]: + [(envget('LCONF'), lconf_maps), + (envget('QCONF'), qconf_maps), + (envget('LDCONF'), ldconf_maps), + (envget('QLCONF'), qlconf_maps)]: with ConfigFile(file_name, '-'.join((CONF_PREFIX, CONF_VER)), '-'.join((CONF_SUFFIX, CONF_VER))) as conff: @@ -257,11 +258,13 @@ os.remove('/etc/libvirt/qemu/networks/autostart/default.xml') - with ConfigFile(LRCONF, CONF_PREFIX, CONF_SUFFIX) as conf: + with ConfigFile(envget('LRCONF'), CONF_PREFIX, CONF_SUFFIX) as conf: conf.prefixLines('# VDSM backup') conf.prependSection(LLOGR_CONF) - for fname in (LCONF, QCONF, LDCONF, QLCONF, LRCONF): + for fname in (envget('LCONF'), envget('QCONF'), + envget('LDCONF'), envget('QLCONF'), + envget('LRCONF')): if utils.isOvirtNode() and ovirtfunctions: ovirtfunctions.ovirt_store_config(fname) sys.stdout.write("Reconfiguration of libvirt is done.") @@ -301,15 +304,56 @@ raise RuntimeError( "Failed to reload upstart configuration.") + def is_ssl_conflict(self): + config.read(envget('VDSMM_CONF')) + ssl = config.getboolean('vars', 'ssl') + + lconf_p = ParserWrapper({ + 'listen_tcp': '0', + 'auth_tcp': 'none' + }) + lconf_p.read(envget('LCONF')) + listen_tcp = lconf_p.getboolean('listen_tcp') + auth_tcp = lconf_p.get('auth_tcp') + qconf_p = ParserWrapper({'spice_tls': '0'}) + qconf_p.read(envget('QCONF')) + spice_tls = qconf_p.getboolean('spice_tls') + if ssl: + if listen_tcp != 1 and auth_tcp != 'none' and spice_tls != 0: + sys.stdout.write( + "SUCCESS: ssl configured to true. No conflicts\n") + return True + else: + sys.stdout.write( + "FAILED: " + "conflicting vdsm and libvirt-qemu tls configuration.\n" + "vdsm.conf with ssl=True " + "requires the following changes:\n" + "libvirtd.conf: listen_tcp=0, auth_tcp=\"sasl\", \n" + "qemu.conf: spice_tls=1.\n" + ) + return False + else: + if listen_tcp == 1 and auth_tcp == 'none' and spice_tls == 0: + sys.stdout.write( + "SUCCESS: ssl configured to false. No conflicts.\n") + return True + else: + sys.stdout.write( + "FAILED: " + "conflicting vdsm and libvirt-qemu tls configuration.\n" + "vdsm.conf with ssl=False " + "requires the following changes:\n" + "libvirtd.conf: listen_tcp=1, auth_tcp=\"none\", \n" + "qemu.conf: spice_tls=0.\n" + ) + return False + def validate(self): """ Validate conflict in configured files """ - try: - self._exec_libvirt_configure("test_conflict_configurations") - return True - except RuntimeError: - return False + return self.is_ssl_conflict() def isconfigured(self): """ @@ -324,11 +368,16 @@ def removeConf(self): for path in self._get_conf_files(): if os.path.exists(path): - with ConfigFile(path, CONF_PREFIX, CONF_SUFFIX) as conff: + with ConfigFile(path, + CONF_PREFIX, + CONF_SUFFIX) as conff: conff.removeConf() def _get_conf_files(self): - return LCONF, QCONF, QLCONF, LDCONF + return (envget('LCONF'), + envget('QCONF'), + envget('QLCONF'), + envget('LDCONF')) class SanlockModuleConfigure(_ModuleConfigure): diff --git a/tests/toolTests.py b/tests/toolTests.py index 3552c9a..8359879 100644 --- a/tests/toolTests.py +++ b/tests/toolTests.py @@ -18,14 +18,14 @@ # Refer to the README and COPYING files for full details of the license # from vdsm.tool import configurator -from vdsm.tool.configfile import ConfigFile +from vdsm.tool.configfile import ConfigFile, ParserWrapper from vdsm import utils import monkeypatch + from unittest import TestCase from functools import partial import tempfile import os - test_env = {} srcPath = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) @@ -49,16 +49,18 @@ sample_config['libvirt_conf'] = """ ## beginning of configuration section by vdsm-4.13.0 -listen_addr="0.0.0.0" -unix_sock_group="qemu" -unix_sock_rw_perms="0770" -auth_unix_rw="sasl" -host_uuid="72d18a98-8d96-4687-967a-72d989d3b65f" -keepalive_interval=-1 -log_outputs="1:file:/var/log/libvirt/libvirtd.log" -ca_file="/etc/pki/vdsm/certs/cacert.pem" -cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" -key_file="/etc/pki/vdsm/keys/vdsmkey.pem" +listen_tcp=0 +auth_tcp="sasl" +#listen_addr="0.0.0.0" +#unix_sock_group="qemu" +#unix_sock_rw_perms="0770" +#auth_unix_rw="sasl" +#host_uuid="72d18a98-8d96-4687-967a-72d989d3b65f" +#keepalive_interval=-1 +#log_outputs="1:file:/var/log/libvirt/libvirtd.log" +#ca_file="/etc/pki/vdsm/certs/cacert.pem" +#cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" +#key_file="/etc/pki/vdsm/keys/vdsmkey.pem" ## end of configuration section by vdsm-4.13.0 """ @@ -127,7 +129,6 @@ utils.touchFile(test_env['LIBVIRT_LOGROTATE']) self._setConfig('QLCONF', 'libvirtd') self._setConfig('QCONF', 'qemu') - self._setConfig('LDCONF', 'qemu-sanlock') self.patch = monkeypatch.Patch([ (os, 'getuid', lambda: 0), (configurator.LibvirtModuleConfigure, @@ -135,8 +136,18 @@ get_libvirt_exec), (configurator.LibvirtModuleConfigure, '_get_conf_files', - partial(get_conf_files, self._test_dir)) + partial(get_conf_files, self._test_dir)), + (configurator, + 'envget', + lambda x: { + 'VDSMM_CONF': test_env['VDSM_CONF_FILE'], + 'LCONF': test_env['LCONF'], + 'QCONF': test_env['QCONF'], + 'LDCONF': test_env['LDCONF'], + 'QLCONF': test_env['QLCONF'], + }[x]) ]) + self._setConfig('LDCONF', 'qemu-sanlock') self.patch.apply() def tearDown(self): @@ -235,3 +246,17 @@ with open(self.tname, 'r') as f: self.assertEqual(f.read(), "key=val\n" "kay=val\n") + + def testConfRead(self): + self.writeConf("key=val\n" + "key1=val1\n") + conff = ParserWrapper(None) + conff.read(self.tname) + self.assertEqual(conff.get('key'), 'val') + + def testConfDefaults(self): + self.writeConf("key=val\n" + "key1=val1\n") + conff = ParserWrapper({'key2': 'val2'}) + conff.read(self.tname) + self.assertEqual(conff.get('key2'), 'val2') -- To view, visit http://gerrit.ovirt.org/27220 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I3fe07463fd500cb5720f4e8869e27e2c24d7d4c9 Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: mooli tayer <mtayer(a)redhat.com&gt;