Revision 3f5fd161
b/lib/constants.py | ||
---|---|---|
193 | 193 |
SOCAT_USE_COMPRESS = _constants.SOCAT_USE_COMPRESS |
194 | 194 |
SOCAT_ESCAPE_CODE = _constants.SOCAT_ESCAPE_CODE |
195 | 195 |
|
196 |
#: Console as SSH command |
|
197 |
CONS_SSH = "ssh" |
|
198 | 196 |
|
199 |
#: Console as VNC server |
|
200 |
CONS_VNC = "vnc" |
|
197 |
CONS_SSH = _constants.CONS_SSH |
|
198 |
CONS_VNC = _constants.CONS_VNC |
|
199 |
CONS_SPICE = _constants.CONS_SPICE |
|
200 |
CONS_MESSAGE = _constants.CONS_MESSAGE |
|
201 |
CONS_ALL = _constants.CONS_ALL |
|
201 | 202 |
|
202 |
#: Console as SPICE server
|
|
203 |
CONS_SPICE = "spice"
|
|
203 |
RSA_KEY_BITS = _constants.RSA_KEY_BITS
|
|
204 |
OPENSSL_CIPHERS = _constants.OPENSSL_CIPHERS
|
|
204 | 205 |
|
205 |
#: Display a message for console access |
|
206 |
CONS_MESSAGE = "msg" |
|
207 |
|
|
208 |
#: All console types |
|
209 |
CONS_ALL = compat.UniqueFrozenset([ |
|
210 |
CONS_SSH, |
|
211 |
CONS_VNC, |
|
212 |
CONS_SPICE, |
|
213 |
CONS_MESSAGE, |
|
214 |
]) |
|
215 |
|
|
216 |
# For RSA keys more bits are better, but they also make operations more |
|
217 |
# expensive. NIST SP 800-131 recommends a minimum of 2048 bits from the year |
|
218 |
# 2010 on. |
|
219 |
RSA_KEY_BITS = 2048 |
|
220 |
|
|
221 |
# Ciphers allowed for SSL connections. For the format, see ciphers(1). A better |
|
222 |
# way to disable ciphers would be to use the exclamation mark (!), but socat |
|
223 |
# versions below 1.5 can't parse exclamation marks in options properly. When |
|
224 |
# modifying the ciphers, ensure not to accidentially add something after it's |
|
225 |
# been removed. Use the "openssl" utility to check the allowed ciphers, e.g. |
|
226 |
# "openssl ciphers -v HIGH:-DES". |
|
227 |
OPENSSL_CIPHERS = "HIGH:-DES:-3DES:-EXPORT:-ADH" |
|
228 |
|
|
229 |
# Digest used to sign certificates ("openssl x509" uses SHA1 by default) |
|
230 |
X509_CERT_SIGN_DIGEST = "SHA1" |
|
231 |
|
|
232 |
# Default validity of certificates in days |
|
233 |
X509_CERT_DEFAULT_VALIDITY = 365 * 5 |
|
234 |
|
|
235 |
# commonName (CN) used in certificates |
|
236 |
X509_CERT_CN = "ganeti.example.com" |
|
237 |
|
|
238 |
X509_CERT_SIGNATURE_HEADER = "X-Ganeti-Signature" |
|
206 |
X509_CERT_SIGN_DIGEST = _constants.X509_CERT_SIGN_DIGEST |
|
207 |
X509_CERT_DEFAULT_VALIDITY = _constants.X509_CERT_DEFAULT_VALIDITY |
|
208 |
X509_CERT_CN = _constants.X509_CERT_CN |
|
209 |
X509_CERT_SIGNATURE_HEADER = _constants.X509_CERT_SIGNATURE_HEADER |
|
239 | 210 |
|
240 | 211 |
# Import/export daemon mode |
241 |
IEM_IMPORT = "import"
|
|
242 |
IEM_EXPORT = "export"
|
|
212 |
IEM_IMPORT = _constants.IEM_IMPORT
|
|
213 |
IEM_EXPORT = _constants.IEM_EXPORT
|
|
243 | 214 |
|
244 | 215 |
# Import/export transport compression |
245 |
IEC_NONE = "none" |
|
246 |
IEC_GZIP = "gzip" |
|
247 |
IEC_ALL = compat.UniqueFrozenset([ |
|
248 |
IEC_NONE, |
|
249 |
IEC_GZIP, |
|
250 |
]) |
|
216 |
IEC_NONE = _constants.IEC_NONE |
|
217 |
IEC_GZIP = _constants.IEC_GZIP |
|
218 |
IEC_ALL = _constants.IEC_ALL |
|
251 | 219 |
|
252 |
IE_CUSTOM_SIZE = "fd"
|
|
220 |
IE_CUSTOM_SIZE = _constants.IE_CUSTOM_SIZE
|
|
253 | 221 |
|
254 | 222 |
IE_MAGIC_RE = re.compile(r"^[-_.a-zA-Z0-9]{5,100}$") |
255 | 223 |
|
256 |
# Import/export I/O |
|
257 |
# Direct file I/O, equivalent to a shell's I/O redirection using '<' or '>' |
|
258 |
IEIO_FILE = "file" |
|
259 |
# Raw block device I/O using "dd" |
|
260 |
IEIO_RAW_DISK = "raw" |
|
261 |
# OS definition import/export script |
|
262 |
IEIO_SCRIPT = "script" |
|
224 |
IEIO_FILE = _constants.IEIO_FILE |
|
225 |
IEIO_RAW_DISK = _constants.IEIO_RAW_DISK |
|
226 |
IEIO_SCRIPT = _constants.IEIO_SCRIPT |
|
263 | 227 |
|
264 | 228 |
VALUE_DEFAULT = "default" |
265 | 229 |
VALUE_AUTO = "auto" |
... | ... | |
273 | 237 |
# External script validation mask |
274 | 238 |
EXT_PLUGIN_MASK = re.compile("^[a-zA-Z0-9_-]+$") |
275 | 239 |
|
276 |
# hooks-related constants |
|
277 |
HOOKS_PHASE_PRE = "pre" |
|
278 |
HOOKS_PHASE_POST = "post" |
|
279 |
HOOKS_NAME_CFGUPDATE = "config-update" |
|
280 |
HOOKS_NAME_WATCHER = "watcher" |
|
281 |
HOOKS_VERSION = 2 |
|
282 |
HOOKS_PATH = "/sbin:/bin:/usr/sbin:/usr/bin" |
|
283 |
|
|
284 |
# hooks subject type (what object type does the LU deal with) |
|
285 |
HTYPE_CLUSTER = "CLUSTER" |
|
286 |
HTYPE_NODE = "NODE" |
|
287 |
HTYPE_GROUP = "GROUP" |
|
288 |
HTYPE_INSTANCE = "INSTANCE" |
|
289 |
HTYPE_NETWORK = "NETWORK" |
|
290 |
|
|
291 |
HKR_SKIP = 0 |
|
292 |
HKR_FAIL = 1 |
|
293 |
HKR_SUCCESS = 2 |
|
240 |
HOOKS_PHASE_PRE = _constants.HOOKS_PHASE_PRE |
|
241 |
HOOKS_PHASE_POST = _constants.HOOKS_PHASE_POST |
|
242 |
HOOKS_NAME_CFGUPDATE = _constants.HOOKS_NAME_CFGUPDATE |
|
243 |
HOOKS_NAME_WATCHER = _constants.HOOKS_NAME_WATCHER |
|
244 |
HOOKS_VERSION = _constants.HOOKS_VERSION |
|
245 |
HOOKS_PATH = _constants.HOOKS_PATH |
|
246 |
|
|
247 |
HTYPE_CLUSTER = _constants.HTYPE_CLUSTER |
|
248 |
HTYPE_NODE = _constants.HTYPE_NODE |
|
249 |
HTYPE_GROUP = _constants.HTYPE_GROUP |
|
250 |
HTYPE_INSTANCE = _constants.HTYPE_INSTANCE |
|
251 |
HTYPE_NETWORK = _constants.HTYPE_NETWORK |
|
252 |
|
|
253 |
HKR_SKIP = _constants.HKR_SKIP |
|
254 |
HKR_FAIL = _constants.HKR_FAIL |
|
255 |
HKR_SUCCESS = _constants.HKR_SUCCESS |
|
294 | 256 |
|
295 | 257 |
# Storage types |
296 | 258 |
ST_BLOCK = _constants.ST_BLOCK |
b/src/Ganeti/HsConstants.hs | ||
---|---|---|
471 | 471 |
socatUseEscape :: Bool |
472 | 472 |
socatUseEscape = AutoConf.socatUseEscape |
473 | 473 |
|
474 |
-- * Console types |
|
475 |
|
|
476 |
-- | Display a message for console access |
|
477 |
consMessage :: String |
|
478 |
consMessage = "msg" |
|
479 |
|
|
480 |
-- | Console as SPICE server |
|
481 |
consSpice :: String |
|
482 |
consSpice = "spice" |
|
483 |
|
|
484 |
-- | Console as SSH command |
|
485 |
consSsh :: String |
|
486 |
consSsh = "ssh" |
|
487 |
|
|
488 |
-- | Console as VNC server |
|
489 |
consVnc :: String |
|
490 |
consVnc = "vnc" |
|
491 |
|
|
492 |
consAll :: FrozenSet String |
|
493 |
consAll = ConstantUtils.mkSet [consMessage, consSpice, consSsh, consVnc] |
|
494 |
|
|
495 |
-- | RSA key bit length |
|
496 |
-- |
|
497 |
-- For RSA keys more bits are better, but they also make operations |
|
498 |
-- more expensive. NIST SP 800-131 recommends a minimum of 2048 bits |
|
499 |
-- from the year 2010 on. |
|
500 |
rsaKeyBits :: Int |
|
501 |
rsaKeyBits = 2048 |
|
502 |
|
|
503 |
-- | Ciphers allowed for SSL connections. |
|
504 |
-- |
|
505 |
-- For the format, see ciphers(1). A better way to disable ciphers |
|
506 |
-- would be to use the exclamation mark (!), but socat versions below |
|
507 |
-- 1.5 can't parse exclamation marks in options properly. When |
|
508 |
-- modifying the ciphers, ensure not to accidentially add something |
|
509 |
-- after it's been removed. Use the "openssl" utility to check the |
|
510 |
-- allowed ciphers, e.g. "openssl ciphers -v HIGH:-DES". |
|
511 |
opensslCiphers :: String |
|
512 |
opensslCiphers = "HIGH:-DES:-3DES:-EXPORT:-ADH" |
|
513 |
|
|
514 |
-- * X509 |
|
515 |
|
|
516 |
-- | commonName (CN) used in certificates |
|
517 |
x509CertCn :: String |
|
518 |
x509CertCn = "ganeti.example.com" |
|
519 |
|
|
520 |
-- | Default validity of certificates in days |
|
521 |
x509CertDefaultValidity :: Int |
|
522 |
x509CertDefaultValidity = 365 * 5 |
|
523 |
|
|
524 |
x509CertSignatureHeader :: String |
|
525 |
x509CertSignatureHeader = "X-Ganeti-Signature" |
|
526 |
|
|
527 |
-- | Digest used to sign certificates ("openssl x509" uses SHA1 by default) |
|
528 |
x509CertSignDigest :: String |
|
529 |
x509CertSignDigest = "SHA1" |
|
530 |
|
|
531 |
-- * Import/export daemon mode |
|
532 |
|
|
533 |
iemExport :: String |
|
534 |
iemExport = "export" |
|
535 |
|
|
536 |
iemImport :: String |
|
537 |
iemImport = "import" |
|
538 |
|
|
539 |
-- * Import/export transport compression |
|
540 |
|
|
541 |
iecGzip :: String |
|
542 |
iecGzip = "gzip" |
|
543 |
|
|
544 |
iecNone :: String |
|
545 |
iecNone = "none" |
|
546 |
|
|
547 |
iecAll :: [String] |
|
548 |
iecAll = [iecGzip, iecNone] |
|
549 |
|
|
550 |
ieCustomSize :: String |
|
551 |
ieCustomSize = "fd" |
|
552 |
|
|
553 |
-- * Import/export I/O |
|
554 |
|
|
555 |
-- | Direct file I/O, equivalent to a shell's I/O redirection using |
|
556 |
-- '<' or '>' |
|
557 |
ieioFile :: String |
|
558 |
ieioFile = "file" |
|
559 |
|
|
560 |
-- | Raw block device I/O using "dd" |
|
561 |
ieioRawDisk :: String |
|
562 |
ieioRawDisk = "raw" |
|
563 |
|
|
564 |
-- | OS definition import/export script |
|
565 |
ieioScript :: String |
|
566 |
ieioScript = "script" |
|
567 |
|
|
568 |
-- * Hooks |
|
569 |
|
|
570 |
hooksNameCfgupdate :: String |
|
571 |
hooksNameCfgupdate = "config-update" |
|
572 |
|
|
573 |
hooksNameWatcher :: String |
|
574 |
hooksNameWatcher = "watcher" |
|
575 |
|
|
576 |
hooksPath :: String |
|
577 |
hooksPath = "/sbin:/bin:/usr/sbin:/usr/bin" |
|
578 |
|
|
579 |
hooksPhasePost :: String |
|
580 |
hooksPhasePost = "post" |
|
581 |
|
|
582 |
hooksPhasePre :: String |
|
583 |
hooksPhasePre = "pre" |
|
584 |
|
|
585 |
hooksVersion :: Int |
|
586 |
hooksVersion = 2 |
|
587 |
|
|
588 |
-- * Hooks subject type (what object type does the LU deal with) |
|
589 |
|
|
590 |
htypeCluster :: String |
|
591 |
htypeCluster = "CLUSTER" |
|
592 |
|
|
593 |
htypeGroup :: String |
|
594 |
htypeGroup = "GROUP" |
|
595 |
|
|
596 |
htypeInstance :: String |
|
597 |
htypeInstance = "INSTANCE" |
|
598 |
|
|
599 |
htypeNetwork :: String |
|
600 |
htypeNetwork = "NETWORK" |
|
601 |
|
|
602 |
htypeNode :: String |
|
603 |
htypeNode = "NODE" |
|
604 |
|
|
605 |
-- * Hkr |
|
606 |
|
|
607 |
hkrSkip :: Int |
|
608 |
hkrSkip = 0 |
|
609 |
|
|
610 |
hkrFail :: Int |
|
611 |
hkrFail = 1 |
|
612 |
|
|
613 |
hkrSuccess :: Int |
|
614 |
hkrSuccess = 2 |
|
615 |
|
|
474 | 616 |
-- * Storage types |
475 | 617 |
|
476 | 618 |
stBlock :: String |
Also available in: Unified diff