[node-patches] Change in ovirt-node[master]: Deprecate ovirtfunctions.rng_status()
rbarry at redhat.com
rbarry at redhat.com
Fri Nov 7 17:17:08 UTC 2014
Ryan Barry has uploaded a new change for review.
Change subject: Deprecate ovirtfunctions.rng_status()
......................................................................
Deprecate ovirtfunctions.rng_status()
Do something more pythonic, merge into the existing
ovirt.node.utils.security.Ssh class
Change-Id: I98730b91618a2f3cb65c7058c9fbe2ad50b80f11
Signed-off-by: Ryan Barry <rbarry at redhat.com>
---
M src/ovirt/node/config/migrate.py
M src/ovirt/node/utils/security.py
M src/ovirtnode/ovirtfunctions.py
3 files changed, 20 insertions(+), 24 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/51/34951/1
diff --git a/src/ovirt/node/config/migrate.py b/src/ovirt/node/config/migrate.py
index 29dd139..78be5fe 100644
--- a/src/ovirt/node/config/migrate.py
+++ b/src/ovirt/node/config/migrate.py
@@ -127,11 +127,12 @@
def translate_ssh(self):
from ovirt.node.utils import parse_bool
+ from ovirt.node.utils.security import Ssh
if self.__is_persisted("/etc/ssh/sshd_config"):
pw_auth_enabled = ovirtfunctions.augtool_get(
"/files/etc/ssh/sshd_config/PasswordAuthentication")
- rng_bytes, aes_disabled = ovirtfunctions.rng_status()
+ rng_bytes, aes_disabled = Ssh().rng_status().values()
rng_bytes = None if rng_bytes == 0 else rng_bytes
aes_disabled = aes_disabled == 1
diff --git a/src/ovirt/node/utils/security.py b/src/ovirt/node/utils/security.py
index 946913b..808da43 100644
--- a/src/ovirt/node/utils/security.py
+++ b/src/ovirt/node/utils/security.py
@@ -142,18 +142,15 @@
Returns:
The status of aes_ni
"""
- import ovirtnode.ovirtfunctions as ofunc
- rng, aes = ofunc.rng_status()
+ rng, aes = self.rng_status().values()
if disable in [True, False]:
self.__update_profile(rng, disable)
else:
self.logger.warning("Unknown value for AES NI: %s" % disable)
- return ofunc.rng_status()[1] # FIXME should rurn bool
- # and does it return disable_aes_ni?
+ return self.rng_status()["disable_aesni"]
def strong_rng(self, num_bytes=None):
- import ovirtnode.ovirtfunctions as ofunc
- rng, aes = ofunc.rng_status()
+ rng, aes = self.rng_status().values()
if (valid.Empty() | valid.Number(bounds=[0, None])).\
validate(num_bytes):
self.__update_profile(num_bytes, aes)
@@ -162,7 +159,19 @@
else:
self.logger.warning("Unknown value for RNG num bytes: " +
"%s" % num_bytes)
- return ofunc.rng_status()[0]
+ return self.rng_status()["rng_bytes"]
+
+ def rng_status(self):
+ rng_status = {"rng_bytes": None,
+ "disable_aes_ni": False}
+ f = File("/etc/profile")
+ if f.findall(r'SSH_USE_STRONG_RNG=\d+'):
+ rng_status["rng_bytes"] = f.findall(r'SSH_USE_STRONG_RNG=\d+'
+ )[0].split('=')]1]
+ if f.findall(r'DISABLE_AES_NI='):
+ rng_status["disable_aes_ni"] = True
+ return rng_status
+
def restart(self):
self.logger.debug("Restarting SSH")
diff --git a/src/ovirtnode/ovirtfunctions.py b/src/ovirtnode/ovirtfunctions.py
index f09955a..b093fc6 100644
--- a/src/ovirtnode/ovirtfunctions.py
+++ b/src/ovirtnode/ovirtfunctions.py
@@ -1759,22 +1759,8 @@
return "on" == output.strip()
def rng_status():
- bit_value = 0
- disable_aes_ni = 0
- try:
- with open("/etc/profile") as f:
- for line in f:
- try:
- if "SSH_USE_STRONG_RNG" in line:
- export , kv = line.split()
- key, bit_value = kv.split("=")
- elif "OPENSSL_DISABLE_AES_NI=" in line:
- disable_aes_ni = 1
- except:
- pass
- except:
- pass
- return (bit_value, disable_aes_ni)
+ from ovirt.node.utils.security import Ssh
+ return Ssh().rng_status().values()
def get_cmdline_args():
with open("/proc/cmdline") as cmdline:
--
To view, visit http://gerrit.ovirt.org/34951
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I98730b91618a2f3cb65c7058c9fbe2ad50b80f11
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Ryan Barry <rbarry at redhat.com>
More information about the node-patches
mailing list