Hello Dan Kenigsberg, I'd like you to do a code review. Please visit http://gerrit.ovirt.org/24500 to review the following change. Change subject: Fixing ssl config validation ...................................................................... Fixing ssl config validation Currently we verify only the config of livbirtd.conf and qemu.conf when ssl=False in vdsm.conf. If ssl=True we assumed the validation passes. This patch add a check also to ssl=True. Except that, the validation function is not general and checks only ssl configuration. This patch splits to specific test_conflict functions and allow adding more test_conflict functions in the future. Change-Id: I3d9ada1b81d275b8cac9391c15ab903ec9552184 Signed-off-by: Yaniv Bronhaim <ybronhei(a)redhat.com&gt; Reviewed-on: http://gerrit.ovirt.org/24425 Reviewed-by: Dan Kenigsberg <danken(a)redhat.com&gt; --- M lib/vdsm/tool/libvirt_configure.sh.in 1 file changed, 32 insertions(+), 15 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/00/24500/1 diff --git a/lib/vdsm/tool/libvirt_configure.sh.in b/lib/vdsm/tool/libvirt_configure.sh.in index 8a70be5..f1b70bd 100755 --- a/lib/vdsm/tool/libvirt_configure.sh.in +++ b/lib/vdsm/tool/libvirt_configure.sh.in @@ -47,11 +47,16 @@ get_libvirt_conf_item() { local cfile="$1" local key="$2" - @GREP_PATH@ "^\s*"${key}"\s*=" "${cfile}" | \ + @GREP_PATH@ "^\s*"${key}"\s*=" "${cfile}" >/dev/null 2>&1 | \ tail -1 | @SED_PATH@ "s/\s*$key\s*=\s*//;s/\s*\(#.*\)\?$//" } test_conflicting_conf() { + test_ssl_conflict_conf + # add here additional conf checks +} + +test_ssl_conflict_conf() { local lconf="$1" local qconf="$2" @@ -61,26 +66,38 @@ return 3 fi - if [ "${ssl}" = "true" ]; then - echo "SUCCESS: ssl configured to true. No conflicts" - return 0 - fi - local listen_tcp="$(get_libvirt_conf_item "${lconf}" listen_tcp)" local auth_tcp="$(get_libvirt_conf_item "${lconf}" auth_tcp)" local spice_tls="$(get_libvirt_conf_item "${qconf}" spice_tls)" - if [ "${listen_tcp}" = "1" -a \ - "${auth_tcp}" = '"none"' -a \ - "${spice_tls}" = "0" ]; then - echo "SUCCESS: No conflicts between configuration files" + if [ "${ssl}" = "true" ]; then + if [ "${listen_tcp}" != "1" -a \ + "${auth_tcp}" != '"none"' -a \ + "${spice_tls}" != "0" ]; then + echo "SUCCESS: ssl configured to true. No conflicts" + return 0 + else + echo "FAILED: conflicting vdsm and libvirt-qemu tls configuration." + echo "vdsm.conf with ssl=True requires the following changed: " + echo "libvirtd.conf: listen_tcp=0, auth_tcp=\"sasl\", " + echo "qemu.conf: spice_tls=1." + return 1 + fi + return 0 else - echo "FAILED: conflicting vdsm and libvirt-qemu tls configuration." - echo "vdsm.conf with ssl=False requires the following changed: " - echo "libvirtd.conf: listen_tcp=1, auth_tcp=\"none\", " - echo "qemu.conf: spice_tls=0." - return 1 + if [ "${listen_tcp}" = "1" -a \ + "${auth_tcp}" = '"none"' -a \ + "${spice_tls}" = "0" ]; then + echo "SUCCESS: ssl configured to false. No conflicts." + return 0 + else + echo "FAILED: conflicting vdsm and libvirt-qemu tls configuration." + echo "vdsm.conf with ssl=False requires the following changed: " + echo "libvirtd.conf: listen_tcp=1, auth_tcp=\"none\", " + echo "qemu.conf: spice_tls=0." + return 1 + fi fi } -- To view, visit http://gerrit.ovirt.org/24500 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I3d9ada1b81d275b8cac9391c15ab903ec9552184 Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: ovirt-3.4 Gerrit-Owner: Yaniv Bronhaim <ybronhei(a)redhat.com&gt; Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com&gt;