Statistics
| Branch: | Tag: | Revision:

root / lib / http / __init__.py @ 31d3b918

History | View | Annotate | Download (27.7 kB)

# Date Author Comment
45f75526 01/24/2014 05:06 pm Helga Velroyen

Disabling client certificate usage

This patch temporarily disables the usage of the client
SSL certificates. The handling of RPC connections had a
conceptional flaw, because the certificates lack a proper
signature. For this, Ganeti needs to implement a CA,...

b3cc1646 12/20/2013 03:15 pm Helga Velroyen

Verify incoming RPCs against candidate map

From this patch on, incoming RPC calls are checked against
the map of valid master candidate certificates. If no map
is present, the cluster is assumed to be in
bootstrap/upgrade mode and compares the incoming call...

45317e3a 12/19/2012 03:45 pm Iustin Pop

Remove some unused Python code

This patch removes code which is no longer used due to refactoring:

- http.InitSsl, last usage removed in commit 33231500 (“Convert RPC
client to PycURL”)
- rapi.baserlib.MakeParamsDict, last usage remove in commit 4e5a68f8...

e080072c 11/08/2012 03:53 pm Michael Hanselmann

http/__init__.py: Remove extraneous argument

pylint complained, I fixed it, and unfortunately pushed too early.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

0e632cbd 11/08/2012 03:19 pm Michael Hanselmann

http: Add wrapper for mimetools.Message

A newly added piece of code will also have to parse headers, so having
this wrapper saves us from copying this part of code.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

b459a848 08/30/2011 11:24 am Andrea Spadaccini

DeprecationWarning fixes for pylint

In version 0.21, pylint unified all the disable-* (and enable-*)
directives to disable (resp. enable). This leads to a lot of
DeprecationWarning being emitted even if one uses the recommended
version of pylint (0.21.1, as stated in devnotes.rst)....

744061f3 10/14/2010 03:44 pm Iustin Pop

Merge branch 'stable-2.2'

  • stable-2.2:
    Release 2.2.1~rc1
    Require aclocal 1.11.1 or above for devel/release
    Revert "Require aclocal 1.11.1 or above for autogen.sh"
    Add mising --units in gnt-instance list man page
    Set list of trusted SSL CAs for client to verify...
2d93a6a7 10/12/2010 07:09 pm Apollon Oikonomopoulos

Set list of trusted SSL CAs for client to verify

As per SSL_CTX_set_client_CA_list(3SSL), set the list of acceptable CAs
advertised to SSL clients to include the server's own certificate. This
evidently fixes the pycurl/gnutls RPC client.

During the TLS Handshake, when client verification is requested, the...

a68fe106 09/10/2010 03:11 pm Michael Hanselmann

Merge branch 'devel-2.2'

  • devel-2.2:
    Fix pylint warning in http/__init__.py
    Allow SSL ciphers to be overridden in HTTP server
    jqueue: Resume jobs from “waitlock” status
    jqueue: Move queue inspection into separate function
    jqueue: Don't update file in MarkUnfinishedOps...
5117f822 09/10/2010 02:54 pm Michael Hanselmann

Fix pylint warning in http/__init__.py

My bad for not seeing this before:
R0201:614:HttpBase.GetSslCiphers: Method could be a function

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

91c69613 09/10/2010 02:43 pm Michael Hanselmann

Allow SSL ciphers to be overridden in HTTP server

Users of this class, such as the RAPI server, might want to override or adjust
the default SSL cipher defined in a constant.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

db4e138b 08/18/2010 11:27 am Manuel Franceschini

Support IPv6 in lib/http/server.py

Signed-off-by: Manuel Franceschini <>
Reviewed-by: Michael Hanselmann <>

971bbd84 06/14/2010 07:58 pm Michael Hanselmann

Disallow DES for SSL connections

Older OpenSSL versions include DES-CBC3-* ciphers when specifying the
HIGH group of ciphers. Removing potentially weak ciphers from the list
of allowed ciphers ensures only strong ciphers are considered for SSL
connections....

791f317d 03/18/2010 03:56 pm Guido Trotter

Merge branch 'devel-2.1'

  • devel-2.1:
    burnin: implement basic confd testing
    AsyncUDPSocket.process_next_packet
    WaitForSocketCondition: rename, handle EINTR
    move http.WaitForSocketCondition to utils
    ConfdCountingCallback
    ConfdClient: add synchronous features...
dcd511c8 03/18/2010 01:39 pm Guido Trotter

move http.WaitForSocketCondition to utils

Signed-off-by: Guido Trotter <>
Reviewed-by: Michael Hanselmann <>

dfdc4060 03/18/2010 01:39 pm Guido Trotter

WaitForSocketCondition: rename, handle EINTR

- Rename WaitForSocketCondition to SingleWaitForFdCondition
- Avoid potentially infinite loop, if we continue to get interrupted
- Handle eintr correctly
- Avoid the poller try/finally, as the poller object gets destroyed...

bb3776b4 03/15/2010 04:25 pm Michael Hanselmann

Merge remote branch 'origin/devel-2.1'

  • origin/devel-2.1: (116 commits)
    Implement replacing cluster certs and keys via “gnt-cluster renew-crypto”
    cli: Add helper function to stop and start whole cluster
    cfgupgrade: Use new bootstrap function for certs and keys...
7b8f3fcd 02/26/2010 03:37 pm Michael Hanselmann

Merge remote branch 'origin/devel-2.0' into devel-2.1

  • origin/devel-2.0:
    Fix two potentially endless loops in http library
    Update NEWS file and bump version to 2.0.6
    ganeti-cleaner: does 'echo 0' instead of 'exit 0'

Conflicts:
NEWS: Trivial
configure.ac: Trivial...

0be13136 02/26/2010 02:39 pm Michael Hanselmann

Fix two potentially endless loops in http library

The first can be problematic if poll(2) returns POLLHUP|POLLERR on a
socket. Before it would be only be respected for SOCKOP_RECV, but since
they can also occur on other socket operations, esp. in combination with...

e7307f08 02/01/2010 03:01 pm Michael Hanselmann

Merge branch 'devel-2.1'

  • devel-2.1:
    Bump version to 2.1.0~rc5
    Makefile.am: Targets used directly should depend on BUILT_SOURCES
    Make the snapshot decision based on disk type
    Three small typos in man pages
    Fix missing bridge for xen instances
    Fix flipping MC flag bug...
4c1a504b 01/26/2010 02:58 pm Iustin Pop

Merge branch 'devel-2.0' into devel-2.1

  • devel-2.0:
    Fix the mocks.py for 2.0 unittests
    LURemoveNode safety in face of wrong node list
    Fix an unsafe formatting bug
    Ensure all int/float conversions are handled right

Conflicts:
lib/backend.py - trivial merge...

691744c4 01/25/2010 06:16 pm Iustin Pop

Ensure all int/float conversions are handled right

int()/float() can raise either ValueError (in case of int("a")), or
TypeError (in case of int(None)). We had many bugs over time due to
this, and a recent one was just diagnosed, so we go over the codebase...

16b037a9 01/22/2010 04:36 pm Michael Hanselmann

Remove http.HttpJsonConverter

With the move of the content-type handling to the various users of the HTTP
layer, this class isn't really useful anymore.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

ab221ddf 01/22/2010 04:17 pm Michael Hanselmann

http.server: No longer enfore JSON encoding for body

The HTTP layer shouldn't care about the contents of the request data or
responses. This requires further changes in the RAPI code to handle client
requests correctly.

Signed-off-by: Michael Hanselmann <>...

580558a3 01/22/2010 04:17 pm Michael Hanselmann

http: Add two new exceptions, one constant

These will be useful in the future in case we don't enfore JSON encoding
anymore in the http.server module. The HTTP 1.1 RFC recommends error 415
(Unsupported Media Type) to be returned in case the client requests an...

231db3a5 01/22/2010 04:17 pm Michael Hanselmann

Factorize LUXI parsing and handling code

Also fix a typo in http/__init__.py and add unittests
for the LUXI parsing and formatting functions.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

2d54e29c 01/04/2010 11:17 am Iustin Pop

Further pylint disables, mostly for Unused args

Many of our functions have to follow a given API, and thus we have to
keep a given signature, but pylint doesn't understand this. Therefore,
we silence this warning.

The patch does a few other cleanups.

Signed-off-by: Iustin Pop <>...

7e950d31 01/04/2010 11:16 am Iustin Pop

Convert to static methods (where appropriate)

Many methods are simple pure functions, and not depending on the object
state. We convert these to staticmethods.

Signed-off-by: Iustin Pop <>
Reviewed-by: Olivier Tharan <>

7260cfbe 01/04/2010 11:15 am Iustin Pop

Add targeted pylint disables

This patch should have only:

- pylint disables
- docstring changes
- whitespace changes

Signed-off-by: Iustin Pop <>
Reviewed-by: Olivier Tharan <>

1122eb25 01/04/2010 11:10 am Iustin Pop

Remove many 'Unused variable' warnings

Note there are some cases left which need extra cleanup.

Signed-off-by: Iustin Pop <>
Reviewed-by: Olivier Tharan <>

8d0a4f99 11/25/2009 01:08 pm Michael Hanselmann

Add check for OpenSSL entropy status

By checking for this explicitly, the errors (SSLEAY_RAND_BYTES, “PRNG
not seeded”) will happen in the start-up phase of the daemon and not
only when executing remote procedure calls.

Signed-off-by: Michael Hanselmann <>...

7c4d6c7b 07/07/2009 03:54 pm Michael Hanselmann

Fix pylint warnings

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

5bbd3f7f 07/07/2009 03:51 pm Michael Hanselmann

Fix some typos

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

77e1d753 02/13/2009 01:38 pm Iustin Pop

Make RAPI return 502/504 errors for luxi errors

This changes the RAPI error codes for luxi errors; a timeout error is
now reported properly as 504, while any other luxi error is reported as
502.

It would be good to convert even more errors into proper return codes in...

25e7b43f 01/15/2009 12:00 pm Iustin Pop

Some docstring updates

This patch rewraps some comments to shorter lengths, changes
double-quotes to single-quotes inside triple-quoted docstrings for
better editor handling.

It also fixes some epydoc errors, namely invalid crossreferences (after
method rename), documentation for inexistent (removed) parameters, etc....

aea0ed67 12/18/2008 06:21 pm Michael Hanselmann

ganeti.http: Don't pass poller object around

They're cheap to instantiate and doing this changes makes the code
a bit simpler.

Reviewed-by: ultrotter

79589f25 12/18/2008 03:45 pm Michael Hanselmann

Rename http.HttpInternalError to HttpInternalServerError

All other exceptions are named after the error name in RFC2616 (HTTP/1.1).

Reviewed-by: amishchenko

b3660886 12/18/2008 03:45 pm Michael Hanselmann

ganeti.http: Add more constants and errors

Reviewed-by: amishchenko

45eac583 12/18/2008 03:45 pm Michael Hanselmann

ganeti.http: Ignore ENOTCONN when shutting down the connection

Reviewed-by: amishchenko

a8e01e9f 12/18/2008 03:44 pm Michael Hanselmann

Implement support for additional headers with HTTP errors

Reviewed-by: amishchenko

f088165d 12/15/2008 12:06 pm Michael Hanselmann

ganeti.http: Add three TODOs for improvements

Reviewed-by: iustinp

d7fa9982 12/15/2008 11:40 am Michael Hanselmann

ganeti.http: Implement handshake socket operation

Reviewed-by: iustinp

39cfc25b 12/15/2008 11:40 am Michael Hanselmann

ganeti.http: Handle SSL_ERROR_ZERO_RETURN

Also add a comment next to the place where the SSL connection is shut
down.

Reviewed-by: iustinp

22692e48 12/12/2008 06:50 pm Michael Hanselmann

ganeti.http: Rename HttpBase._using_ssl to HttpBase.using_ssl

It'll be queried from other classes.

Reviewed-by: iustinp

f4322a1e 12/12/2008 06:50 pm Michael Hanselmann

ganeti.http: Rename HttpSocketBase to HttpBase

It's more appropriate.

Reviewed-by: iustinp

358a8811 12/10/2008 02:06 pm Michael Hanselmann

ganeti.http: Docstring updates

Reviewed-by: iustinp

13b63666 12/09/2008 08:42 pm Michael Hanselmann

ganeti.http: Remove _HttpClientError

This is a leftover from old code.

Reviewed-by: iustinp

b18dd019 12/05/2008 12:12 pm Iustin Pop

http: use slicing instead of string modification

The combination of the current buffer splitting method and (4KB) buffer
size is very inefficient when writing big amounts of data. Just walking
over a 16 megabyte string using a 4K buffer takes (on a random computer)...

99b5ef90 12/04/2008 05:25 pm Michael Hanselmann

ganeti.http: Add constant for DELETE

Reviewed-by: amishchenko

9501323b 12/04/2008 05:25 pm Michael Hanselmann

Remove old HTTP code

Reviewed-by: amishchenko

02cab3e7 12/04/2008 05:23 pm Michael Hanselmann

ganeti.http: Split HTTP server and client into separate files

This includes a large rewrite of the HTTP server code. The handling of
OpenSSL errors had some problems that were hard to fix with its
structure. When preparing all of this, I realized that actually HTTP...

84f2756e 12/04/2008 05:23 pm Michael Hanselmann

Rename all HTTP classes to camel case

It should be consistent.

Reviewed-by: amishchenko

c9d0fa8a 12/04/2008 05:22 pm Michael Hanselmann

ganeti.http: Remove underline from two classes

This is a preparation step for splitting the HTTP client and server code
into two separate modules.

Reviewed-by: amishchenko

ff9efc03 12/04/2008 05:22 pm Michael Hanselmann

Move HTTP code to subpackage

This is a preparation step for splitting the HTTP client and server code
into two separate modules.

Reviewed-by: amishchenko