Statistics
| Branch: | Tag: | Revision:

root / lib / http @ 971bbd84

# Date Author Comment
971bbd84 06/14/2010 07:58 pm Michael Hanselmann

Disallow DES for SSL connections

Older OpenSSL versions include DES-CBC3-* ciphers when specifying the
HIGH group of ciphers. Removing potentially weak ciphers from the list
of allowed ciphers ensures only strong ciphers are considered for SSL
connections....

e0036155 06/04/2010 05:26 pm Iustin Pop

http client: support per-request read timeout

Currently, the read timeout is hardcoded in the
HttpClientRequestExecutor class. The patch changes the timeout so that
it's a per-request property, and makes the rpc.Client class pass one
explicitly in. Furthermore, we modify the rpc.RpcRunner class to support...

716a32cb 06/01/2010 11:34 am Guido Trotter

Move hash functions to the compat module

Since the hash functions' changed their module name between python 2.4
and 2.6, and we have to do an try/import/except trick, we'll do it just
once, for both hash functions, and in compat.py. This also fixes a use...

791f317d 03/18/2010 03:56 pm Guido Trotter

Merge branch 'devel-2.1'

  • devel-2.1:
    burnin: implement basic confd testing
    AsyncUDPSocket.process_next_packet
    WaitForSocketCondition: rename, handle EINTR
    move http.WaitForSocketCondition to utils
    ConfdCountingCallback
    ConfdClient: add synchronous features...
dcd511c8 03/18/2010 01:39 pm Guido Trotter

move http.WaitForSocketCondition to utils

Signed-off-by: Guido Trotter <>
Reviewed-by: Michael Hanselmann <>

dfdc4060 03/18/2010 01:39 pm Guido Trotter

WaitForSocketCondition: rename, handle EINTR

- Rename WaitForSocketCondition to SingleWaitForFdCondition
- Avoid potentially infinite loop, if we continue to get interrupted
- Handle eintr correctly
- Avoid the poller try/finally, as the poller object gets destroyed...

bb3776b4 03/15/2010 04:25 pm Michael Hanselmann

Merge remote branch 'origin/devel-2.1'

  • origin/devel-2.1: (116 commits)
    Implement replacing cluster certs and keys via “gnt-cluster renew-crypto”
    cli: Add helper function to stop and start whole cluster
    cfgupgrade: Use new bootstrap function for certs and keys...
6873a52a 03/10/2010 04:02 pm Michael Hanselmann

http.auth: Disable pylint warnings

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

d44ea6a3 03/10/2010 12:18 pm Michael Hanselmann

http.server: Improve request logging in debug mode

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

a8950eb7 03/10/2010 12:17 pm Michael Hanselmann

Provide unittests for http.auth

To simplify writing unittests, one data structure class in http.server is
also changed. According to the coverage utility, this provides 95%
coverage.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

23ccba04 03/10/2010 12:17 pm Michael Hanselmann

http.auth: Fix bug with checking hashed passwords

When username and password were sent for a resource not requiring
authentication, it wouldn't be accepted if the user in question had a
hashed password. The reason was that the function GetAuthRealm used to...

7b8f3fcd 02/26/2010 03:37 pm Michael Hanselmann

Merge remote branch 'origin/devel-2.0' into devel-2.1

  • origin/devel-2.0:
    Fix two potentially endless loops in http library
    Update NEWS file and bump version to 2.0.6
    ganeti-cleaner: does 'echo 0' instead of 'exit 0'

Conflicts:
NEWS: Trivial
configure.ac: Trivial...

0be13136 02/26/2010 02:39 pm Michael Hanselmann

Fix two potentially endless loops in http library

The first can be problematic if poll(2) returns POLLHUP|POLLERR on a
socket. Before it would be only be respected for SOCKOP_RECV, but since
they can also occur on other socket operations, esp. in combination with...

69ca2f0b 02/18/2010 02:40 pm Michael Hanselmann

Merge branch 'devel-2.1'

  • devel-2.1:
    Reset tempfile module after fork where useful
    Move RunInSeparateProcess to ganeti.utils
    Add function to reset tempfile module after fork
    Fix ssh host key checking with no-key-check
    Simplify a bit _GetWantedNodes...
82869978 02/18/2010 02:21 pm Michael Hanselmann

Reset tempfile module after fork where useful

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

e7307f08 02/01/2010 03:01 pm Michael Hanselmann

Merge branch 'devel-2.1'

  • devel-2.1:
    Bump version to 2.1.0~rc5
    Makefile.am: Targets used directly should depend on BUILT_SOURCES
    Make the snapshot decision based on disk type
    Three small typos in man pages
    Fix missing bridge for xen instances
    Fix flipping MC flag bug...
4c1a504b 01/26/2010 02:58 pm Iustin Pop

Merge branch 'devel-2.0' into devel-2.1

  • devel-2.0:
    Fix the mocks.py for 2.0 unittests
    LURemoveNode safety in face of wrong node list
    Fix an unsafe formatting bug
    Ensure all int/float conversions are handled right

Conflicts:
lib/backend.py - trivial merge...

691744c4 01/25/2010 06:16 pm Iustin Pop

Ensure all int/float conversions are handled right

int()/float() can raise either ValueError (in case of int("a")), or
TypeError (in case of int(None)). We had many bugs over time due to
this, and a recent one was just diagnosed, so we go over the codebase...

b9f8d18f 01/22/2010 06:38 pm Michael Hanselmann

Merge branch 'devel-2.1'

  • devel-2.1: (38 commits)
    Bump version to 2.1.0~rc4
    Update man page of gnt-instance
    KVM: fix pylint warning
    KVM: be more resilient on broken migration answers
    Allow filtering for (node-)tags
    Add unittests for cli.GenerateTable...
16b037a9 01/22/2010 04:36 pm Michael Hanselmann

Remove http.HttpJsonConverter

With the move of the content-type handling to the various users of the HTTP
layer, this class isn't really useful anymore.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

ab221ddf 01/22/2010 04:17 pm Michael Hanselmann

http.server: No longer enfore JSON encoding for body

The HTTP layer shouldn't care about the contents of the request data or
responses. This requires further changes in the RAPI code to handle client
requests correctly.

Signed-off-by: Michael Hanselmann <>...

200e38ac 01/22/2010 04:17 pm Michael Hanselmann

http.server: Refuse HTTP/1.1 request without Host header

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

580558a3 01/22/2010 04:17 pm Michael Hanselmann

http: Add two new exceptions, one constant

These will be useful in the future in case we don't enfore JSON encoding
anymore in the http.server module. The HTTP 1.1 RFC recommends error 415
(Unsupported Media Type) to be returned in case the client requests an...

231db3a5 01/22/2010 04:17 pm Michael Hanselmann

Factorize LUXI parsing and handling code

Also fix a typo in http/__init__.py and add unittests
for the LUXI parsing and formatting functions.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

9fa2e150 01/13/2010 03:03 pm Michael Hanselmann

Improve logging for workerpool tasks by providing repr

Before it would log something like “starting task
(<ganeti.http.client._HttpClientPendingRequest object at 0x2aaaad176790>,)”,
which isn't really useful for debugging. Now it'll log “[…]
<ganeti.http.client._HttpClientPendingRequest...

89e2b4d2 01/13/2010 03:02 pm Michael Hanselmann

workerpool: Make worker ID alphanumeric

Having a proper name instead of just a number makes debugging
easier.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

24cd3744 01/04/2010 12:55 pm Iustin Pop

Merge remote branch 'devel-2.1'

  • devel-2.1: (40 commits)
    Fix unused imports or add silences where needed
    bdev: Add a TODO and a pylint silence
    confd: add a TODO and a pylint disable
    pylint: Temporarily disable W0201
    Disable R0922 in pylint
    Further pylint disables, mostly for Unused args...
30e4e741 01/04/2010 11:20 am Iustin Pop

Fix unused imports or add silences where needed

In some cases pylint doesn't parse the import correctly, so we add
silences; but there are also many cases of unused imports, which we
simply remove.

Signed-off-by: Iustin Pop <>
Reviewed-by: Olivier Tharan <>

2d54e29c 01/04/2010 11:17 am Iustin Pop

Further pylint disables, mostly for Unused args

Many of our functions have to follow a given API, and thus we have to
keep a given signature, but pylint doesn't understand this. Therefore,
we silence this warning.

The patch does a few other cleanups.

Signed-off-by: Iustin Pop <>...

7e950d31 01/04/2010 11:16 am Iustin Pop

Convert to static methods (where appropriate)

Many methods are simple pure functions, and not depending on the object
state. We convert these to staticmethods.

Signed-off-by: Iustin Pop <>
Reviewed-by: Olivier Tharan <>

7260cfbe 01/04/2010 11:15 am Iustin Pop

Add targeted pylint disables

This patch should have only:

- pylint disables
- docstring changes
- whitespace changes

Signed-off-by: Iustin Pop <>
Reviewed-by: Olivier Tharan <>

1122eb25 01/04/2010 11:10 am Iustin Pop

Remove many 'Unused variable' warnings

Note there are some cases left which need extra cleanup.

Signed-off-by: Iustin Pop <>
Reviewed-by: Olivier Tharan <>

d984846d 12/28/2009 02:05 pm Iustin Pop

Merge branch 'devel-2.0' into devel-2.1

  • devel-2.0:
    Fix indentation in hv_kvm
    Implement BuildHooksEnv for NoHooksLU
    Clarifiy some more wide pylint disables
    Fix two bugs in seldom-used codepaths
    Update pylintrc
    Add targetted pylint disables
    Partial cherry-pick of 6c881c5 from the 2.1 branch...
fe267188 12/28/2009 12:43 pm Iustin Pop

Add targetted pylint disables

This patch adds targeted pylint disables, where it makes sense (either
due to limitations in pylint or due to historical usage), and also a few
blanket ones in rapi where all the names are… “different”.

Signed-off-by: Iustin Pop <>...

57fd6d0b 11/30/2009 04:43 pm Michael Hanselmann

A few style updates

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Guido Trotter <>

8d0a4f99 11/25/2009 01:08 pm Michael Hanselmann

Add check for OpenSSL entropy status

By checking for this explicitly, the errors (SSLEAY_RAND_BYTES, “PRNG
not seeded”) will happen in the start-up phase of the daemon and not
only when executing remote procedure calls.

Signed-off-by: Michael Hanselmann <>...

6c881c52 11/06/2009 03:48 pm Iustin Pop

Fix pylint 'E' (error) codes

This patch adds some silences and tweaks the code slightly so that
“pylint --rcfile pylintrc -e ganeti” doesn't give any errors.

The biggest change is in jqueue.py, the move of _RequireOpenQueue out of
the JobQueue class. Since that is actually a function and not a method...

23057d29 11/02/2009 02:05 pm Michael Hanselmann

Epydoc fixes

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Guido Trotter <>

bf9bd8dd 10/29/2009 11:33 am Michael Hanselmann

http.auth: Add new function to verify passwords

This new function supports two schemes for passwords:
- Old-style cleartext passwords
- Hashed passwords according to RFC2617 (H(A1))

Schemes are differentiated by their prefix, a concept also
used in OpenLDAP. Cleartext passwords can no longer start...

bcb1a39e 08/25/2009 06:53 pm Michael Hanselmann

ganeti-noded: Close listening socket in child

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

112d240d 08/20/2009 05:04 pm Guido Trotter

Convert the http server/mainloop to asyncore

We can avoid most of the Mainloop.Run() code if we use asyncore
for delivering I/O events, and just concentrate on what's missing in
asyncore: singnal handling and timers. This way confd can be ported to
use Mainloop as well....

7c4d6c7b 07/07/2009 03:54 pm Michael Hanselmann

Fix pylint warnings

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

5bbd3f7f 07/07/2009 03:51 pm Michael Hanselmann

Fix some typos

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

81b59aaf 06/23/2009 03:19 pm Iustin Pop

Fix HTTP server library handling of credentials

Currently the http library only checks credentials when authentication
is required. This means that any credentials are accepted on the root
resource, for example, which makes problems hard to diagnose - the...

8a088b79 03/20/2009 03:07 pm Guido Trotter

Fix _NOQUOTE regexp

Allow expressions longer than one character to match.

Reviewed-by: imsnah

5fcc718f 02/27/2009 03:06 pm Iustin Pop

Fix some epydoc style issues

99% of the epydoc return tags are "@return:", but each of the modified files
had one "@returns:" line. We fix this for consistency.

Reviewed-by: imsnah

1f8588f6 02/13/2009 01:38 pm Iustin Pop

RAPI: format error messages as JSON

This patch changes the format of the HTTP error messages from text/html, which
is hard to parse from RAPI clients, to JSON which can be automatically parsed.

The error message is an object, which contains always three keys:...

77e1d753 02/13/2009 01:38 pm Iustin Pop

Make RAPI return 502/504 errors for luxi errors

This changes the RAPI error codes for luxi errors; a timeout error is
now reported properly as 504, while any other luxi error is reported as
502.

It would be good to convert even more errors into proper return codes in...

85414b69 02/04/2009 05:11 pm Iustin Pop

rapi: fix authentication and queries

For queries, we don't want to require authentication. We fix this by adding an
override GetAuthRealm in the rapi daemon.

We also fix a method name.

Reviewed-by: imsnah

25e7b43f 01/15/2009 12:00 pm Iustin Pop

Some docstring updates

This patch rewraps some comments to shorter lengths, changes
double-quotes to single-quotes inside triple-quoted docstrings for
better editor handling.

It also fixes some epydoc errors, namely invalid crossreferences (after
method rename), documentation for inexistent (removed) parameters, etc....

14d57a8b 01/15/2009 12:00 pm Iustin Pop

ganeti-noded: reduce log noise

The source port/addr is currently logged three times for each
connection, and this is unnecessary. We change two log entries to debug,
since they are useful for precise timing, and we keep only one at INFO
level.

Reviewed-by: imsnah

e09fdcfa 01/06/2009 11:57 am Iustin Pop

Fix some pylint-detected issues

Two bad indentation cases and a missing variable.

Reviewed-by: imsnah

e6e94655 12/19/2008 02:57 pm Michael Hanselmann

ganeti.http: Function to read password file

Lines in the password file are of the following format:

&lt;username&gt; &lt;password&gt; [options]

Fields are separated by whitespace. Username and password are
mandatory, options are optional and separated by comma (",")....

68fa9caf 12/19/2008 02:57 pm Michael Hanselmann

ganeti.http: Add support for private data in HTTP requests

Reviewed-by: amishchenko

be500c29 12/19/2008 02:57 pm Michael Hanselmann

ganeti.http: Add support for basic HTTP authentication

As per RFC2617.

Reviewed-by: amishchenko

f8bd7df3 12/19/2008 02:57 pm Michael Hanselmann

ganeti.http: Prepare authentication for HTTP server

The authentication class will override PreHandleRequest.

Reviewed-by: amishchenko

aea0ed67 12/18/2008 06:21 pm Michael Hanselmann

ganeti.http: Don't pass poller object around

They're cheap to instantiate and doing this changes makes the code
a bit simpler.

Reviewed-by: ultrotter

79589f25 12/18/2008 03:45 pm Michael Hanselmann

Rename http.HttpInternalError to HttpInternalServerError

All other exceptions are named after the error name in RFC2616 (HTTP/1.1).

Reviewed-by: amishchenko

b3660886 12/18/2008 03:45 pm Michael Hanselmann

ganeti.http: Add more constants and errors

Reviewed-by: amishchenko

45eac583 12/18/2008 03:45 pm Michael Hanselmann

ganeti.http: Ignore ENOTCONN when shutting down the connection

Reviewed-by: amishchenko

a8e01e9f 12/18/2008 03:44 pm Michael Hanselmann

Implement support for additional headers with HTTP errors

Reviewed-by: amishchenko

f30ca1e6 12/17/2008 04:30 pm Michael Hanselmann

Add simple unittests for ganeti.http

More complex unittests will need some refactoring in the HTTP code.

Reviewed-by: amishchenko

f088165d 12/15/2008 12:06 pm Michael Hanselmann

ganeti.http: Add three TODOs for improvements

Reviewed-by: iustinp

f2e13d55 12/15/2008 11:48 am Michael Hanselmann

ganeti.http: Explicitly initiate handshake

Otherwise it would be done on the first read/write operation, making
error handling more difficult (such as EOF during handshake).

Reviewed-by: iustinp

d7fa9982 12/15/2008 11:40 am Michael Hanselmann

ganeti.http: Implement handshake socket operation

Reviewed-by: iustinp

39cfc25b 12/15/2008 11:40 am Michael Hanselmann

ganeti.http: Handle SSL_ERROR_ZERO_RETURN

Also add a comment next to the place where the SSL connection is shut
down.

Reviewed-by: iustinp

3f3dfc15 12/14/2008 02:05 pm Iustin Pop

cleanup: http server, line too long

Reviewed-by: amishchenko

5a9c3f46 12/14/2008 02:05 pm Iustin Pop

cleanup: http client, line too long

Reviewed-by: amishchenko

22692e48 12/12/2008 06:50 pm Michael Hanselmann

ganeti.http: Rename HttpBase._using_ssl to HttpBase.using_ssl

It'll be queried from other classes.

Reviewed-by: iustinp

f4322a1e 12/12/2008 06:50 pm Michael Hanselmann

ganeti.http: Rename HttpSocketBase to HttpBase

It's more appropriate.

Reviewed-by: iustinp

c41eea6e 12/11/2008 07:13 pm Iustin Pop

Fix epydoc format warnings

This patch should fix all outstanding epydoc parsing errors; as such, we
switch epydoc into verbose mode so that any new errors will be visible.

Reviewed-by: imsnah

358a8811 12/10/2008 02:06 pm Michael Hanselmann

ganeti.http: Docstring updates

Reviewed-by: iustinp

13b63666 12/09/2008 08:42 pm Michael Hanselmann

ganeti.http: Remove _HttpClientError

This is a leftover from old code.

Reviewed-by: iustinp

59305197 12/09/2008 07:35 pm Michael Hanselmann

ganeti.http.server: Increase connection backlog to 1024

This solves a problem with many concurrent requests. By default, 1024
is the maximum backlog on Linux kernels. We limit the number of clients
through MAX_CHILDREN, too. The idea of just increasing the backlog is...

b18dd019 12/05/2008 12:12 pm Iustin Pop

http: use slicing instead of string modification

The combination of the current buffer splitting method and (4KB) buffer
size is very inefficient when writing big amounts of data. Just walking
over a 16 megabyte string using a 4K buffer takes (on a random computer)...

99b5ef90 12/04/2008 05:25 pm Michael Hanselmann

ganeti.http: Add constant for DELETE

Reviewed-by: amishchenko

9501323b 12/04/2008 05:25 pm Michael Hanselmann

Remove old HTTP code

Reviewed-by: amishchenko

02cab3e7 12/04/2008 05:23 pm Michael Hanselmann

ganeti.http: Split HTTP server and client into separate files

This includes a large rewrite of the HTTP server code. The handling of
OpenSSL errors had some problems that were hard to fix with its
structure. When preparing all of this, I realized that actually HTTP...

84f2756e 12/04/2008 05:23 pm Michael Hanselmann

Rename all HTTP classes to camel case

It should be consistent.

Reviewed-by: amishchenko

c9d0fa8a 12/04/2008 05:22 pm Michael Hanselmann

ganeti.http: Remove underline from two classes

This is a preparation step for splitting the HTTP client and server code
into two separate modules.

Reviewed-by: amishchenko

ff9efc03 12/04/2008 05:22 pm Michael Hanselmann

Move HTTP code to subpackage

This is a preparation step for splitting the HTTP client and server code
into two separate modules.

Reviewed-by: amishchenko