[Cluster-devel] conga luci/cluster/form-macros luci/homebase/f ...
rmccabe at sourceware.org
rmccabe at sourceware.org
Thu Jan 4 00:19:50 UTC 2007
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2007-01-04 00:19:49
Modified files:
luci/cluster : form-macros
luci/homebase : form-macros
luci/site/luci/Extensions: homebase_adapters.py ricci_bridge.py
ricci_communicator.py
ricci/ricci : Makefile Ricci.cpp
Log message:
fix for bugs found while testing the fix for bz201394
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/cluster/form-macros.diff?cvsroot=cluster&r1=1.139&r2=1.140
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/homebase/form-macros.diff?cvsroot=cluster&r1=1.51&r2=1.52
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/Extensions/homebase_adapters.py.diff?cvsroot=cluster&r1=1.43&r2=1.44
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/Extensions/ricci_bridge.py.diff?cvsroot=cluster&r1=1.52&r2=1.53
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/Extensions/ricci_communicator.py.diff?cvsroot=cluster&r1=1.23&r2=1.24
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Makefile.diff?cvsroot=cluster&r1=1.17&r2=1.18
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Ricci.cpp.diff?cvsroot=cluster&r1=1.21&r2=1.22
--- conga/luci/cluster/form-macros 2007/01/02 20:12:22 1.139
+++ conga/luci/cluster/form-macros 2007/01/04 00:19:48 1.140
@@ -243,6 +243,8 @@
<tfoot class="systemsTable">
<tr class="systemsTable"><td colspan="2" class="systemsTable">
+ <input type="hidden" name="trust_shown" value="1"
+ tal:condition="add_cluster" />
<ul class="vanilla deploy">
<li class="vanilla">
<input type="radio" name="download_pkgs"
@@ -332,6 +334,7 @@
src python: 'trusted' in sys and '/luci/lock-ok.png' or ('fp' in sys and '/luci/lock-closed.png' or '/luci/lock-open.png');
title sys/fp | string:no key fingerprint available" />
<input type="hidden"
+ tal:condition="exists: sys/fp"
tal:attributes="
id python: '__SYSTEM%dFingerprint' % cur_sysnum;
name python: '__SYSTEM%dFingerprint' % cur_sysnum;
@@ -2900,6 +2903,8 @@
<tfoot class="systemsTable">
<tr class="systemsTable"><td colspan="2" class="systemsTable">
+ <input type="hidden" name="trust_shown" value="1"
+ tal:condition="add_cluster" />
<ul class="vanilla deploy">
<li class="vanilla">
<input type="radio" name="download_pkgs" value="1"
@@ -2994,6 +2999,7 @@
src python: 'trusted' in sys and '/luci/lock-ok.png' or ('fp' in sys and '/luci/lock-closed.png' or '/luci/lock-open.png');
title sys/fp | string:no key fingerprint available" />
<input type="hidden"
+ tal:condition="exists: sys/fp"
tal:attributes="
id python: '__SYSTEM%dFingerprint' % cur_sysnum;
name python: '__SYSTEM%dFingerprint' % cur_sysnum;
--- conga/luci/homebase/form-macros 2007/01/02 20:12:22 1.51
+++ conga/luci/homebase/form-macros 2007/01/04 00:19:48 1.52
@@ -353,6 +353,8 @@
tal:define="sys python: new_systems[cur_sys]">
<td class="systemsTable">
+ <input type="hidden" name="trust_shown" value="1" />
+
<input class="hbInputSys" type="text"
tal:attributes="
id python: '__SYSTEM%d:Addr' % cur_sysnum;
@@ -376,6 +378,7 @@
title sys/fp | string:no key fingerprint available"
/>
<input type="hidden"
+ tal:condition="exists: sys/fp"
tal:attributes="
id python: '__SYSTEM%dFingerprint' % cur_sysnum;
name python: '__SYSTEM%dFingerprint' % cur_sysnum;
@@ -639,6 +642,8 @@
tal:define="sys python: new_systems[cur_sys]">
<td class="systemsTable">
+ <input type="hidden" name="trust_shown" value="1" />
+
<input class="hbInputSys" type="text"
tal:attributes="
id python: '__SYSTEM%d:Addr' % cur_sysnum;
@@ -663,6 +668,7 @@
title sys/fp | string:no key fingerprint available"
/>
<input type="hidden"
+ tal:condition="exists: sys/fp"
tal:attributes="
id python: '__SYSTEM%dFingerprint' % cur_sysnum;
name python: '__SYSTEM%dFingerprint' % cur_sysnum;
@@ -761,7 +767,7 @@
tal:attributes="value add_cluster/pass | string:0" />
<input name="cluster_os" type="hidden"
- tal:attributes="value add_cluster/cluster_os | string:rhel5" />
+ tal:attributes="value add_cluster/cluster_os | nothing" />
<table id="systemsTable" class="systemsTable" border="0" cellspacing="0">
<thead class="systemsTable">
@@ -786,6 +792,7 @@
<tfoot class="systemsTable">
<tr class="systemsTable"><td colspan="2" class="systemsTable">
+ <input type="hidden" name="trust_shown" value="1" />
<ul class="vanilla">
<li class="vanilla">
<input name="check_certs" type="checkbox"
@@ -854,6 +861,7 @@
src python: 'trusted' in sys and '/luci/lock-ok.png' or ('fp' in sys and '/luci/lock-closed.png' or '/luci/lock-open.png');
title sys/fp | string:no key fingerprint available" />
<input type="hidden"
+ tal:condition="exists: sys/fp"
tal:attributes="
id python: '__SYSTEM%dFingerprint' % cur_sysnum;
name python: '__SYSTEM%dFingerprint' % cur_sysnum;
@@ -936,6 +944,9 @@
<tfoot class="systemsTable">
<tr class="systemsTable"><td colspan="2" class="systemsTable">
+ <input type="hidden" name="trust_shown" value="1"
+ tal:condition="cur_sys" />
+
<ul class="vanilla">
<li class="vanilla"><input name="check_certs" type="checkbox">View system certificates before sending any passwords.</li>
<li class="vanilla"><input type="checkbox" name="allSameCheckBox" id="allSameCheckBox" onClick="allPasswdsSame(this.form);"/>Authenticate to all cluster nodes using the password provided above.</li>
--- conga/luci/site/luci/Extensions/homebase_adapters.py 2007/01/02 20:12:22 1.43
+++ conga/luci/site/luci/Extensions/homebase_adapters.py 2007/01/04 00:19:49 1.44
@@ -174,6 +174,12 @@
except:
cur_host_trusted = False
+ trust_shown = False
+ try:
+ trust_shown = request.form.has_key('trust_shown')
+ except:
+ trust_shown = False
+
cur_host_fp = None
try:
cur_host_fp = request.form['host_fingerprint'].strip()
@@ -183,7 +189,7 @@
cur_host_fp = None
try:
- rc = RicciCommunicator(cur_host)
+ rc = RicciCommunicator(cur_host, enforce_trust=False)
if not rc:
raise Exception, 'rc is None'
cur_fp = rc.fingerprint()
@@ -194,7 +200,7 @@
except Exception, e:
luci_log.debug_verbose('vACI2: %s: %s' % (cur_host, str(e)))
request.SESSION.set('add_cluster_initial', cur_entry)
- return (False, { 'errors': [ 'Unable to establish a secure connection to the ricci agent on %s: %s' \
+ return (False, { 'errors': [ 'Unable to establish a connection to the ricci agent on %s: %s' \
% (cur_host, str(e)) ] })
if not check_certs or cur_host_trusted:
@@ -205,6 +211,10 @@
request.SESSION.set('add_cluster_initial', cur_entry)
luci_log.info('SECURITY: %s' % errmsg)
return (False, { 'errors': [ errmsg ] })
+ if trust_shown is True and cur_host_trusted is False:
+ errmsg = 'You must elect to trust \"%s\" or abort the addition of the cluster to Luci.' % cur_host
+ request.SESSION.set('add_cluster_initial', cur_entry)
+ return (False, { 'errors': [ errmsg ] })
rc.trust()
except Exception, e:
luci_log.debug_verbose('vACI3: %s %s' % (cur_host, str(e)))
@@ -224,11 +234,11 @@
return (True, { 'messages': [ msg ] })
try:
- del rc
request.SESSION.delete('add_cluster_initial')
except:
pass
+ rc = None
try:
rc = RicciCommunicator(cur_host, enforce_trust=True)
if not rc:
@@ -272,7 +282,11 @@
return (False, { 'errors': [ errmsg ] })
cluster_name = cluster_info[0]
+
cluster_os = resolveOSType(rc.os())
+ luci_log.debug_verbose('vACI5a: cluster os is %s (%s)' \
+ % (cluster_os, rc.os()))
+
try:
cluster_conf = getClusterConf(rc)
except:
@@ -340,6 +354,12 @@
luci_log.debug_verbose('PHF1: numStorage field missing: %s' % str(e))
errors.append('The number of systems entered could not be determined.')
+ trust_shown = False
+ try:
+ trust_shown = request.form.has_key('trust_shown')
+ except:
+ trust_shown = False
+
incomplete = False
i = 0
while i < num_storage:
@@ -385,10 +405,10 @@
cur_system['prev_auth'] = rc.authed()
fp = rc.fingerprint()
- if cur_set_trust is True:
+ if cur_set_trust is True and cur_fp is not None:
cur_system['fp'] = cur_fp
if cur_fp != fp[1]:
- errmsg = 'The key fingerprint for %s has changed from under us. It was \"%s\" and is now \"%s\".' % (cur_host, cur_fp, fp[1])
+ errmsg = '1The key fingerprint for %s has changed from under us. It was \"%s\" and is now \"%s\".' % (cur_host, cur_fp, fp[1])
errors.append(errmsg)
luci_log.info('SECURITY: %s' % errmsg)
cur_system['error'] = True
@@ -418,14 +438,20 @@
luci_log.debug_verbose('PHF2: %s: %s' \
% (cur_host, str(e)))
else:
- # The user doesn't care. Trust the system.
try:
- rc = RicciCommunicator(cur_host)
+ rc = RicciCommunicator(cur_host, enforce_trust=False)
if not rc:
raise Exception, 'rc is None'
- rc.trust()
- cur_system['trusted'] = True
- cur_system['prev_auth'] = rc.authed()
+
+ if not rc.trusted() and (trust_shown is True and cur_set_trust is False):
+ incomplete = True
+ cur_system['error'] = True
+ errors.append('You must either trust \"%s\" or remove it.' % cur_host)
+ else:
+ # The user doesn't care. Trust the system.
+ rc.trust()
+ cur_system['trusted'] = True
+ cur_system['prev_auth'] = rc.authed()
except Exception, e:
incomplete = True
cur_system['error'] = True
@@ -503,14 +529,15 @@
if (cur_host_trusted or not check_certs) and cur_passwd:
try:
- rc = RicciCommunicator(cur_host, enforce_trust=False)
+ rc = RicciCommunicator(cur_host)
prev_auth = rc.authed()
except Exception, e:
errors.append('Unable to connect to the ricci agent on %s: %s' \
% (cur_host, str(e)))
incomplete = True
cur_system['errors'] = True
- luci_log.debug_verbose('VAC2: %s: %s' % cur_host, str(e))
+ luci_log.debug_verbose('VAC2: %s: %s' \
+ % (cur_host, str(e)))
continue
try:
@@ -553,6 +580,8 @@
cur_os = resolveOSType(rc.os())
if cur_os != cluster_os:
+ luci_log.debug_verbose('VAC5a: \"%s\" / \"%s\" -> \"%s\"' \
+ % (cluster_os, rc.os(), cur_os))
incomplete = True
cur_system['errors'] = True
@@ -563,7 +592,7 @@
luci_log.debug_verbose('VAC6: %s: %s' % (cur_host, str(e)))
err_msg = 'Node %s reports its cluster version is %s and we expect %s' \
- % (cur_os, cluster_os)
+ % (cur_host, cur_os, cluster_os)
errors.append(err_msg)
luci_log.debug_verbose('VAC7: %s' % err_msg)
@@ -1415,7 +1444,7 @@
return 'Unable to find storage system %s: %s' % (systemName, str(e))
try:
- rc = RicciCommunicator(systemName)
+ rc = RicciCommunicator(systemName, enforce_trust=False)
if rc is None:
raise Exception, 'rc is None'
except Exception, e:
@@ -1486,7 +1515,7 @@
except:
# It's not a storage system, so unauthenticate.
try:
- rc = RicciCommunicator(systemName)
+ rc = RicciCommunicator(systemName, enforce_trust=False)
rc.unauth()
except Exception, e:
luci_log.debug_verbose('delClusterSystem0: ricci error for %s: %s' \
--- conga/luci/site/luci/Extensions/ricci_bridge.py 2006/12/21 05:08:49 1.52
+++ conga/luci/site/luci/Extensions/ricci_bridge.py 2007/01/04 00:19:49 1.53
@@ -597,8 +597,6 @@
# temporary workaround for ricci bug
system_info = rc.hostname()
try:
-# FIXME
-# rc = RicciCommunicator(system_info, enforce_trust=True)
rc = RicciCommunicator(system_info)
if rc is None:
raise Exception, 'unknown error'
--- conga/luci/site/luci/Extensions/ricci_communicator.py 2006/12/21 05:08:49 1.23
+++ conga/luci/site/luci/Extensions/ricci_communicator.py 2007/01/04 00:19:49 1.24
@@ -15,7 +15,7 @@
pass
class RicciCommunicator:
- def __init__(self, hostname, enforce_trust=False, port=11111):
+ def __init__(self, hostname, enforce_trust=True, port=11111):
self.__hostname = hostname
self.__port = port
@@ -57,8 +57,7 @@
self.__dom0 = hello.firstChild.getAttribute('xen_host') == 'true'
pass
-
-
+
def hostname(self):
luci_log.debug_verbose('RC:hostname: [auth %d] reported hostname = %s' \
% (self.__authed, self.__hostname))
@@ -76,16 +75,16 @@
% (self.__authed, self.__cluname, self.__clualias, self.__hostname))
return (self.__cluname, self.__clualias)
def os(self):
- luci_log.debug_verbose('RC:os: [auth %d] reported system_name = %s for %s' \
+ luci_log.debug_verbose('RC:os: [auth %d] reported os = %s for %s' \
% (self.__authed, self.__os, self.__hostname))
return self.__os
def dom0(self):
- luci_log.debug_verbose('RC:dom0: [auth %d] reported system_name = %s for %s' \
+ luci_log.debug_verbose('RC:dom0: [auth %d] reported dom0 = %s for %s' \
% (self.__authed, self.__dom0, self.__hostname))
return self.__dom0
def fingerprint(self):
- return self.ss.peer_fingerprint()
+ return self.ss.peer_fingerprint()
def trust(self):
return self.ss.trust()
@@ -115,11 +114,19 @@
resp = self.__receive(self.__timeout_auth)
self.__authed = resp.firstChild.getAttribute('authenticated') == 'true'
+ if self.__authed:
+ try:
+ self.__cluname = resp.firstChild.getAttribute('clustername')
+ self.__clualias = resp.firstChild.getAttribute('clusteralias')
+ self.__reported_hostname = resp.firstChild.getAttribute('hostname')
+ self.__os = resp.firstChild.getAttribute('os')
+ self.__dom0 = resp.firstChild.getAttribute('xen_host') == 'true'
+ except:
+ pass
luci_log.debug_verbose('RC:auth1: auth call returning %d' \
- % self.__authed)
+ % self.__authed)
return self.__authed
-
def unauth(self):
doc = minidom.Document()
ricci = doc.createElement('ricci')
--- conga/ricci/ricci/Makefile 2006/10/24 21:54:29 1.17
+++ conga/ricci/ricci/Makefile 2007/01/04 00:19:49 1.18
@@ -40,7 +40,8 @@
INCLUDE += `pkg-config --cflags dbus-1`
CFLAGS +=
-CXXFLAGS += -DDBUS_MAJOR_VERSION="${dbus_major_version}" -DDBUS_MINOR_VERSION="${dbus_minor_version}"
+CXXFLAGS += -DDBUS_MAJOR_VERSION="${dbus_major_version}" -DDBUS_MINOR_VERSIO
+N="${dbus_minor_version}"
LDFLAGS += `pkg-config --libs dbus-1`
--- conga/ricci/ricci/Ricci.cpp 2006/11/20 23:10:58 1.21
+++ conga/ricci/ricci/Ricci.cpp 2007/01/04 00:19:49 1.22
@@ -134,7 +134,6 @@
String function = req.get_attr("function");
if (function == "") {
success = RRC_MISSING_FUNCTION;
-
} else if (function == "authenticate") {
String passwd = req.get_attr("password");
bool passwd_ok = false;
@@ -145,7 +144,7 @@
}
if (passwd_ok) {
- resp = ricci_header(true);
+ resp = ricci_header(true, true);
success = RRC_SUCCESS;
save_cert = true;
} else {
More information about the Cluster-devel
mailing list