This is the mail archive of the
cluster-cvs@sourceware.org
mailing list for the cluster.
STABLE2 - [fence] Make fence_xvmd support reloading of key files onthe fly.
- From: Lon Hohberger <lon at fedoraproject dot org>
- To: cluster-cvs-relay at redhat dot com
- Date: Mon, 22 Sep 2008 15:47:33 +0000 (UTC)
- Subject: STABLE2 - [fence] Make fence_xvmd support reloading of key files onthe fly.
Gitweb: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=d90d392c09022c009df1140198d538546ca3b0d2
Commit: d90d392c09022c009df1140198d538546ca3b0d2
Parent: 2f17f7ef52bda4891a1afa1517d53d354e545737
Author: Lon Hohberger <lhh@redhat.com>
AuthorDate: Tue Mar 4 17:24:15 2008 -0500
Committer: Lon Hohberger <lhh@redhat.com>
CommitterDate: Mon Sep 22 11:36:26 2008 -0400
[fence] Make fence_xvmd support reloading of key files on the fly.
---
fence/agents/xvm/fence_xvm.c | 2 +-
fence/agents/xvm/fence_xvmd.c | 31 +++++++++++++++++++++++++++++--
fence/agents/xvm/simple_auth.c | 2 ++
fence/agents/xvm/xvm.h | 1 +
4 files changed, 33 insertions(+), 3 deletions(-)
diff --git a/fence/agents/xvm/fence_xvm.c b/fence/agents/xvm/fence_xvm.c
index e5847db..f2b714f 100644
--- a/fence/agents/xvm/fence_xvm.c
+++ b/fence/agents/xvm/fence_xvm.c
@@ -203,7 +203,7 @@ int
fence_xen_domain(fence_xvm_args_t *args)
{
ip_list_t ipl;
- char key[4096];
+ char key[MAX_KEY_LEN];
int lfd, key_len = 0, fd;
int attempts = 0;
diff --git a/fence/agents/xvm/fence_xvmd.c b/fence/agents/xvm/fence_xvmd.c
index 0af22ea..ba55752 100644
--- a/fence/agents/xvm/fence_xvmd.c
+++ b/fence/agents/xvm/fence_xvmd.c
@@ -36,6 +36,7 @@
#define LIBVIRT_XEN_URI "xen:///"
static int running = 1;
+static int reload_key;
int cleanup_xml(char *xmldesc, char **ret, size_t *retsz);
@@ -577,6 +578,27 @@ xvmd_loop(cman_handle_t ch, void *h, int fd, fence_xvm_args_t *args,
virConnectClose(vp);
vp = NULL;
}
+
+ if (reload_key) {
+ char temp_key[MAX_KEY_LEN];
+ int ret;
+
+ reload_key = 0;
+
+ ret = read_key_file(args->key_file, temp_key, sizeof(temp_key));
+ if (ret < 0) {
+ printf("Could not read %s; not updating key",
+ args->key_file);
+ } else {
+ memcpy(key, temp_key, MAX_KEY_LEN);
+ key_len = (size_t) ret;
+
+ if (args->auth == AUTH_NONE)
+ args->auth = AUTH_SHA256;
+ if (args->hash == HASH_NONE)
+ args->hash = HASH_SHA256;
+ }
+ }
n = select(fd+1, &rfds, NULL, NULL, &tv);
if (n < 0)
@@ -682,6 +704,11 @@ sigint_handler(int sig)
running = 0;
}
+void
+sighup_handler(int sig)
+{
+ reload_key = 1;
+}
void malloc_dump_table(void);
@@ -691,7 +718,7 @@ main(int argc, char **argv)
{
fence_xvm_args_t args;
int mc_sock;
- char key[4096];
+ char key[MAX_KEY_LEN];
int key_len = 0, x;
char *my_options = "dfi:a:p:I:C:c:k:u?hLXV";
cman_handle_t ch = NULL;
@@ -788,7 +815,6 @@ main(int argc, char **argv)
if (x)
printf("Checkpoint initialized\n");
}
-
if (args.family == PF_INET)
mc_sock = ipv4_recv_sk(args.addr, args.port, args.ifindex);
else
@@ -799,6 +825,7 @@ main(int argc, char **argv)
}
+ signal(SIGHUP, sighup_handler);
signal(SIGINT, sigint_handler);
signal(SIGTERM, sigint_handler);
signal(SIGQUIT, sigint_handler);
diff --git a/fence/agents/xvm/simple_auth.c b/fence/agents/xvm/simple_auth.c
index f0dad17..82ab204 100644
--- a/fence/agents/xvm/simple_auth.c
+++ b/fence/agents/xvm/simple_auth.c
@@ -372,6 +372,8 @@ read_key_file(char *file, char *key, size_t max_len)
while (remain) {
nread = read(fd, p, remain);
if (nread < 0) {
+ if (errno == EINTR)
+ continue;
dbg_printf(2, "Error from read: %s\n", strerror(errno));
close(fd);
return -1;
diff --git a/fence/agents/xvm/xvm.h b/fence/agents/xvm/xvm.h
index db4041f..092ab1f 100644
--- a/fence/agents/xvm/xvm.h
+++ b/fence/agents/xvm/xvm.h
@@ -41,6 +41,7 @@ typedef enum {
#define DEFAULT_TTL 4
#define MAX_HASH_LENGTH SHA512_LENGTH
+#define MAX_KEY_LEN 4096
typedef struct __attribute__ ((packed)) _fence_req {
uint8_t request; /* Fence request */