Commit 9849cec7 authored by Guido Trotter's avatar Guido Trotter
Browse files

Revert "Added SPICE TLS option and related cert paths"

This reverts commit bfe86c76

.
This commit will be readded on master.
Signed-off-by: default avatarGuido Trotter <ultrotter@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
parent 0aee8ee9
......@@ -196,8 +196,6 @@ def _BuildUploadFileList():
constants.SSH_KNOWN_HOSTS_FILE,
constants.VNC_PASSWORD_FILE,
constants.RAPI_CERT_FILE,
constants.SPICE_CERT_FILE,
constants.SPICE_CACERT_FILE,
constants.RAPI_USERS_FILE,
constants.CONFD_HMAC_KEY,
constants.CLUSTER_DOMAIN_SECRET_FILE,
......@@ -410,8 +408,6 @@ def LeaveCluster(modify_ssh_setup):
try:
utils.RemoveFile(constants.CONFD_HMAC_KEY)
utils.RemoveFile(constants.RAPI_CERT_FILE)
utils.RemoveFile(constants.SPICE_CERT_FILE)
utils.RemoveFile(constants.SPICE_CACERT_FILE)
utils.RemoveFile(constants.NODED_CERT_FILE)
except: # pylint: disable=W0702
logging.exception("Error while removing cluster secrets")
......
......@@ -557,8 +557,6 @@ def SetupNodeDaemon(cluster_name, node, ssh_key_check):
# either by being constants or by the checks above
sshrunner.CopyFileToNode(node, constants.NODED_CERT_FILE)
sshrunner.CopyFileToNode(node, constants.RAPI_CERT_FILE)
sshrunner.CopyFileToNode(node, constants.SPICE_CERT_FILE)
sshrunner.CopyFileToNode(node, constants.SPICE_CACERT_FILE)
sshrunner.CopyFileToNode(node, constants.CONFD_HMAC_KEY)
mycommand = ("%s stop-all; %s start %s -b %s" %
(constants.DAEMON_UTIL, constants.DAEMON_UTIL, constants.NODED,
......
......@@ -139,8 +139,6 @@ CLUSTER_CONF_FILE = DATA_DIR + "/config.data"
NODED_CERT_FILE = DATA_DIR + "/server.pem"
RAPI_CERT_FILE = DATA_DIR + "/rapi.pem"
CONFD_HMAC_KEY = DATA_DIR + "/hmac.key"
SPICE_CERT_FILE = DATA_DIR + "/spice.pem"
SPICE_CACERT_FILE = DATA_DIR + "/spice-ca.pem"
CLUSTER_DOMAIN_SECRET_FILE = DATA_DIR + "/cluster-domain-secret"
INSTANCE_STATUS_FILE = RUN_GANETI_DIR + "/instance-status"
SSH_KNOWN_HOSTS_FILE = DATA_DIR + "/known_hosts"
......@@ -174,12 +172,7 @@ WATCHER_GROUP_INSTANCE_STATUS_FILE = DATA_DIR + "/watcher.%s.instance-status"
#: File containing Unix timestamp until which watcher should be paused
WATCHER_PAUSEFILE = DATA_DIR + "/watcher.pause"
ALL_CERT_FILES = frozenset([
NODED_CERT_FILE,
RAPI_CERT_FILE,
SPICE_CERT_FILE,
SPICE_CACERT_FILE,
])
ALL_CERT_FILES = frozenset([NODED_CERT_FILE, RAPI_CERT_FILE])
MASTER_SOCKET = SOCKET_DIR + "/ganeti-master"
......@@ -687,7 +680,6 @@ HV_KVM_SPICE_JPEG_IMG_COMPR = "spice_jpeg_wan_compression"
HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR = "spice_zlib_glz_wan_compression"
HV_KVM_SPICE_STREAMING_VIDEO_DETECTION = "spice_streaming_video"
HV_KVM_SPICE_AUDIO_COMPR = "spice_playback_compression"
HV_KVM_SPICE_USE_TLS = "spice_use_tls"
HV_ACPI = "acpi"
HV_PAE = "pae"
HV_USE_BOOTLOADER = "use_bootloader"
......@@ -739,7 +731,6 @@ HVS_PARAMETER_TYPES = {
HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR: VTYPE_STRING,
HV_KVM_SPICE_STREAMING_VIDEO_DETECTION: VTYPE_STRING,
HV_KVM_SPICE_AUDIO_COMPR: VTYPE_BOOL,
HV_KVM_SPICE_USE_TLS: VTYPE_BOOL,
HV_ACPI: VTYPE_BOOL,
HV_PAE: VTYPE_BOOL,
HV_USE_BOOTLOADER: VTYPE_BOOL,
......@@ -1368,7 +1359,6 @@ HVC_DEFAULTS = {
HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR: "",
HV_KVM_SPICE_STREAMING_VIDEO_DETECTION: "",
HV_KVM_SPICE_AUDIO_COMPR: True,
HV_KVM_SPICE_USE_TLS: False,
HV_KVM_FLOPPY_IMAGE_PATH: "",
HV_CDROM_IMAGE_PATH: "",
HV_KVM_CDROM2_IMAGE_PATH: "",
......
......@@ -432,7 +432,6 @@ class KVMHypervisor(hv_base.BaseHypervisor):
hv_base.ParamInSet(False,
constants.HT_KVM_SPICE_VALID_VIDEO_STREAM_DETECTION_OPTIONS),
constants.HV_KVM_SPICE_AUDIO_COMPR: hv_base.NO_CHECK,
constants.HV_KVM_SPICE_USE_TLS: hv_base.NO_CHECK,
constants.HV_KVM_FLOPPY_IMAGE_PATH: hv_base.OPT_FILE_CHECK,
constants.HV_CDROM_IMAGE_PATH: hv_base.OPT_FILE_CHECK,
constants.HV_KVM_CDROM2_IMAGE_PATH: hv_base.OPT_FILE_CHECK,
......@@ -1031,15 +1030,7 @@ class KVMHypervisor(hv_base.BaseHypervisor):
# ValidateParameters checked it.
spice_address = spice_bind
spice_arg = "addr=%s" % spice_address
if hvp[constants.HV_KVM_SPICE_USE_TLS]:
spice_arg = "%s,tls-port=%s,x509-cacert-file=%s" % (spice_arg,
instance.network_port, constants.SPICE_CACERT_FILE)
spice_arg = "%s,x509-key-file=%s,x509-cert-file=%s" % (spice_arg,
constants.SPICE_CERT_FILE, constants.SPICE_CERT_FILE)
else:
spice_arg = "%s,port=%s" % (spice_arg, instance.network_port)
spice_arg = "addr=%s,port=%s" % (spice_address, instance.network_port)
if not hvp[constants.HV_KVM_SPICE_PASSWORD_FILE]:
spice_arg = "%s,disable-ticketing" % spice_arg
......@@ -1663,7 +1654,6 @@ class KVMHypervisor(hv_base.BaseHypervisor):
constants.HV_KVM_SPICE_JPEG_IMG_COMPR,
constants.HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR,
constants.HV_KVM_SPICE_STREAMING_VIDEO_DETECTION,
constants.HV_KVM_SPICE_USE_TLS,
])
for param in spice_additional_params:
if hvparams[param]:
......
......@@ -209,10 +209,6 @@ def GetPaths():
getent.masterd_gid, False),
(constants.RAPI_CERT_FILE, FILE, 0440, getent.rapi_uid,
getent.masterd_gid, False),
(constants.SPICE_CERT_FILE, FILE, 0440, getent.noded_uid,
getent.masterd_gid, False),
(constants.SPICE_CACERT_FILE, FILE, 0440, getent.noded_uid,
getent.masterd_gid, False),
(constants.NODED_CERT_FILE, FILE, 0440, getent.masterd_uid,
getent.masterd_gid, False),
]
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment