From 9849cec7a0bf072f49472ae9b852894cc920f30e Mon Sep 17 00:00:00 2001
From: Guido Trotter <ultrotter@google.com>
Date: Mon, 17 Oct 2011 16:47:00 +0100
Subject: [PATCH] Revert "Added SPICE TLS option and related cert paths"
This reverts commit bfe86c763a9ff1b481d799537ff0f0cf6740dfd1.
This commit will be readded on master.
Signed-off-by: Guido Trotter <ultrotter@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
---
lib/backend.py | 4 ----
lib/bootstrap.py | 2 --
lib/constants.py | 12 +-----------
lib/hypervisor/hv_kvm.py | 12 +-----------
lib/tools/ensure_dirs.py | 4 ----
5 files changed, 2 insertions(+), 32 deletions(-)
diff --git a/lib/backend.py b/lib/backend.py
index 6a7efd69d..98d61ef10 100644
--- a/lib/backend.py
+++ b/lib/backend.py
@@ -196,8 +196,6 @@ def _BuildUploadFileList():
constants.SSH_KNOWN_HOSTS_FILE,
constants.VNC_PASSWORD_FILE,
constants.RAPI_CERT_FILE,
- constants.SPICE_CERT_FILE,
- constants.SPICE_CACERT_FILE,
constants.RAPI_USERS_FILE,
constants.CONFD_HMAC_KEY,
constants.CLUSTER_DOMAIN_SECRET_FILE,
@@ -410,8 +408,6 @@ def LeaveCluster(modify_ssh_setup):
try:
utils.RemoveFile(constants.CONFD_HMAC_KEY)
utils.RemoveFile(constants.RAPI_CERT_FILE)
- utils.RemoveFile(constants.SPICE_CERT_FILE)
- utils.RemoveFile(constants.SPICE_CACERT_FILE)
utils.RemoveFile(constants.NODED_CERT_FILE)
except: # pylint: disable=W0702
logging.exception("Error while removing cluster secrets")
diff --git a/lib/bootstrap.py b/lib/bootstrap.py
index 417cc8b6f..75f580878 100644
--- a/lib/bootstrap.py
+++ b/lib/bootstrap.py
@@ -557,8 +557,6 @@ def SetupNodeDaemon(cluster_name, node, ssh_key_check):
# either by being constants or by the checks above
sshrunner.CopyFileToNode(node, constants.NODED_CERT_FILE)
sshrunner.CopyFileToNode(node, constants.RAPI_CERT_FILE)
- sshrunner.CopyFileToNode(node, constants.SPICE_CERT_FILE)
- sshrunner.CopyFileToNode(node, constants.SPICE_CACERT_FILE)
sshrunner.CopyFileToNode(node, constants.CONFD_HMAC_KEY)
mycommand = ("%s stop-all; %s start %s -b %s" %
(constants.DAEMON_UTIL, constants.DAEMON_UTIL, constants.NODED,
diff --git a/lib/constants.py b/lib/constants.py
index 013476665..51cb8ee8a 100644
--- a/lib/constants.py
+++ b/lib/constants.py
@@ -139,8 +139,6 @@ CLUSTER_CONF_FILE = DATA_DIR + "/config.data"
NODED_CERT_FILE = DATA_DIR + "/server.pem"
RAPI_CERT_FILE = DATA_DIR + "/rapi.pem"
CONFD_HMAC_KEY = DATA_DIR + "/hmac.key"
-SPICE_CERT_FILE = DATA_DIR + "/spice.pem"
-SPICE_CACERT_FILE = DATA_DIR + "/spice-ca.pem"
CLUSTER_DOMAIN_SECRET_FILE = DATA_DIR + "/cluster-domain-secret"
INSTANCE_STATUS_FILE = RUN_GANETI_DIR + "/instance-status"
SSH_KNOWN_HOSTS_FILE = DATA_DIR + "/known_hosts"
@@ -174,12 +172,7 @@ WATCHER_GROUP_INSTANCE_STATUS_FILE = DATA_DIR + "/watcher.%s.instance-status"
#: File containing Unix timestamp until which watcher should be paused
WATCHER_PAUSEFILE = DATA_DIR + "/watcher.pause"
-ALL_CERT_FILES = frozenset([
- NODED_CERT_FILE,
- RAPI_CERT_FILE,
- SPICE_CERT_FILE,
- SPICE_CACERT_FILE,
- ])
+ALL_CERT_FILES = frozenset([NODED_CERT_FILE, RAPI_CERT_FILE])
MASTER_SOCKET = SOCKET_DIR + "/ganeti-master"
@@ -687,7 +680,6 @@ HV_KVM_SPICE_JPEG_IMG_COMPR = "spice_jpeg_wan_compression"
HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR = "spice_zlib_glz_wan_compression"
HV_KVM_SPICE_STREAMING_VIDEO_DETECTION = "spice_streaming_video"
HV_KVM_SPICE_AUDIO_COMPR = "spice_playback_compression"
-HV_KVM_SPICE_USE_TLS = "spice_use_tls"
HV_ACPI = "acpi"
HV_PAE = "pae"
HV_USE_BOOTLOADER = "use_bootloader"
@@ -739,7 +731,6 @@ HVS_PARAMETER_TYPES = {
HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR: VTYPE_STRING,
HV_KVM_SPICE_STREAMING_VIDEO_DETECTION: VTYPE_STRING,
HV_KVM_SPICE_AUDIO_COMPR: VTYPE_BOOL,
- HV_KVM_SPICE_USE_TLS: VTYPE_BOOL,
HV_ACPI: VTYPE_BOOL,
HV_PAE: VTYPE_BOOL,
HV_USE_BOOTLOADER: VTYPE_BOOL,
@@ -1368,7 +1359,6 @@ HVC_DEFAULTS = {
HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR: "",
HV_KVM_SPICE_STREAMING_VIDEO_DETECTION: "",
HV_KVM_SPICE_AUDIO_COMPR: True,
- HV_KVM_SPICE_USE_TLS: False,
HV_KVM_FLOPPY_IMAGE_PATH: "",
HV_CDROM_IMAGE_PATH: "",
HV_KVM_CDROM2_IMAGE_PATH: "",
diff --git a/lib/hypervisor/hv_kvm.py b/lib/hypervisor/hv_kvm.py
index 40b7b2efc..c4b05b117 100644
--- a/lib/hypervisor/hv_kvm.py
+++ b/lib/hypervisor/hv_kvm.py
@@ -432,7 +432,6 @@ class KVMHypervisor(hv_base.BaseHypervisor):
hv_base.ParamInSet(False,
constants.HT_KVM_SPICE_VALID_VIDEO_STREAM_DETECTION_OPTIONS),
constants.HV_KVM_SPICE_AUDIO_COMPR: hv_base.NO_CHECK,
- constants.HV_KVM_SPICE_USE_TLS: hv_base.NO_CHECK,
constants.HV_KVM_FLOPPY_IMAGE_PATH: hv_base.OPT_FILE_CHECK,
constants.HV_CDROM_IMAGE_PATH: hv_base.OPT_FILE_CHECK,
constants.HV_KVM_CDROM2_IMAGE_PATH: hv_base.OPT_FILE_CHECK,
@@ -1031,15 +1030,7 @@ class KVMHypervisor(hv_base.BaseHypervisor):
# ValidateParameters checked it.
spice_address = spice_bind
- spice_arg = "addr=%s" % spice_address
- if hvp[constants.HV_KVM_SPICE_USE_TLS]:
- spice_arg = "%s,tls-port=%s,x509-cacert-file=%s" % (spice_arg,
- instance.network_port, constants.SPICE_CACERT_FILE)
- spice_arg = "%s,x509-key-file=%s,x509-cert-file=%s" % (spice_arg,
- constants.SPICE_CERT_FILE, constants.SPICE_CERT_FILE)
- else:
- spice_arg = "%s,port=%s" % (spice_arg, instance.network_port)
-
+ spice_arg = "addr=%s,port=%s" % (spice_address, instance.network_port)
if not hvp[constants.HV_KVM_SPICE_PASSWORD_FILE]:
spice_arg = "%s,disable-ticketing" % spice_arg
@@ -1663,7 +1654,6 @@ class KVMHypervisor(hv_base.BaseHypervisor):
constants.HV_KVM_SPICE_JPEG_IMG_COMPR,
constants.HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR,
constants.HV_KVM_SPICE_STREAMING_VIDEO_DETECTION,
- constants.HV_KVM_SPICE_USE_TLS,
])
for param in spice_additional_params:
if hvparams[param]:
diff --git a/lib/tools/ensure_dirs.py b/lib/tools/ensure_dirs.py
index 3d65c8c69..7abcce2a2 100644
--- a/lib/tools/ensure_dirs.py
+++ b/lib/tools/ensure_dirs.py
@@ -209,10 +209,6 @@ def GetPaths():
getent.masterd_gid, False),
(constants.RAPI_CERT_FILE, FILE, 0440, getent.rapi_uid,
getent.masterd_gid, False),
- (constants.SPICE_CERT_FILE, FILE, 0440, getent.noded_uid,
- getent.masterd_gid, False),
- (constants.SPICE_CACERT_FILE, FILE, 0440, getent.noded_uid,
- getent.masterd_gid, False),
(constants.NODED_CERT_FILE, FILE, 0440, getent.masterd_uid,
getent.masterd_gid, False),
]
--
GitLab