Hello Dan Kenigsberg,
I'd like you to do a code review. Please visit
http://gerrit.ovirt.org/24500
to review the following change.
Change subject: Fixing ssl config validation
......................................................................
Fixing ssl config validation
Currently we verify only the config of livbirtd.conf and qemu.conf
when ssl=False in vdsm.conf. If ssl=True we assumed the validation
passes. This patch add a check also to ssl=True.
Except that, the validation function is not general and checks only ssl
configuration. This patch splits to specific test_conflict functions and
allow adding more test_conflict functions in the future.
Change-Id: I3d9ada1b81d275b8cac9391c15ab903ec9552184
Signed-off-by: Yaniv Bronhaim <ybronhei(a)redhat.com>
Reviewed-on:
http://gerrit.ovirt.org/24425
Reviewed-by: Dan Kenigsberg <danken(a)redhat.com>
---
M lib/vdsm/tool/libvirt_configure.sh.in
1 file changed, 32 insertions(+), 15 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/00/24500/1
diff --git a/lib/vdsm/tool/libvirt_configure.sh.in
b/lib/vdsm/tool/libvirt_configure.sh.in
index 8a70be5..f1b70bd 100755
--- a/lib/vdsm/tool/libvirt_configure.sh.in
+++ b/lib/vdsm/tool/libvirt_configure.sh.in
@@ -47,11 +47,16 @@
get_libvirt_conf_item() {
local cfile="$1"
local key="$2"
- @GREP_PATH@ "^\s*"${key}"\s*=" "${cfile}" | \
+ @GREP_PATH@ "^\s*"${key}"\s*=" "${cfile}" >/dev/null
2>&1 | \
tail -1 | @SED_PATH@ "s/\s*$key\s*=\s*//;s/\s*\(#.*\)\?$//"
}
test_conflicting_conf() {
+ test_ssl_conflict_conf
+ # add here additional conf checks
+}
+
+test_ssl_conflict_conf() {
local lconf="$1"
local qconf="$2"
@@ -61,26 +66,38 @@
return 3
fi
- if [ "${ssl}" = "true" ]; then
- echo "SUCCESS: ssl configured to true. No conflicts"
- return 0
- fi
-
local listen_tcp="$(get_libvirt_conf_item "${lconf}"
listen_tcp)"
local auth_tcp="$(get_libvirt_conf_item "${lconf}" auth_tcp)"
local spice_tls="$(get_libvirt_conf_item "${qconf}" spice_tls)"
- if [ "${listen_tcp}" = "1" -a \
- "${auth_tcp}" = '"none"' -a \
- "${spice_tls}" = "0" ]; then
- echo "SUCCESS: No conflicts between configuration files"
+ if [ "${ssl}" = "true" ]; then
+ if [ "${listen_tcp}" != "1" -a \
+ "${auth_tcp}" != '"none"' -a \
+ "${spice_tls}" != "0" ]; then
+ echo "SUCCESS: ssl configured to true. No conflicts"
+ return 0
+ else
+ echo "FAILED: conflicting vdsm and libvirt-qemu tls
configuration."
+ echo "vdsm.conf with ssl=True requires the following changed: "
+ echo "libvirtd.conf: listen_tcp=0, auth_tcp=\"sasl\", "
+ echo "qemu.conf: spice_tls=1."
+ return 1
+ fi
+
return 0
else
- echo "FAILED: conflicting vdsm and libvirt-qemu tls configuration."
- echo "vdsm.conf with ssl=False requires the following changed: "
- echo "libvirtd.conf: listen_tcp=1, auth_tcp=\"none\", "
- echo "qemu.conf: spice_tls=0."
- return 1
+ if [ "${listen_tcp}" = "1" -a \
+ "${auth_tcp}" = '"none"' -a \
+ "${spice_tls}" = "0" ]; then
+ echo "SUCCESS: ssl configured to false. No conflicts."
+ return 0
+ else
+ echo "FAILED: conflicting vdsm and libvirt-qemu tls
configuration."
+ echo "vdsm.conf with ssl=False requires the following changed: "
+ echo "libvirtd.conf: listen_tcp=1, auth_tcp=\"none\", "
+ echo "qemu.conf: spice_tls=0."
+ return 1
+ fi
fi
}
--
To view, visit
http://gerrit.ovirt.org/24500
To unsubscribe, visit
http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3d9ada1b81d275b8cac9391c15ab903ec9552184
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.4
Gerrit-Owner: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>