Nir Soffer
2018-Dec-07 00:44 UTC
[Libguestfs] [PATCH] v2v: -o rhv-upload: Fix upload when using https
Fix rhv-cafile option access, broken by commit 6694028f9827 (v2v: -o
rhv-upload: Only set SSL context for https connections).
---
.gnulib | 2 +-
v2v/rhv-upload-plugin.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gnulib b/.gnulib
index 6ccfbb4ce..646a44e1b 160000
--- a/.gnulib
+++ b/.gnulib
@@ -1 +1 @@
-Subproject commit 6ccfbb4ce5d4fa79f7afb48f3648f2e0401523c3
+Subproject commit 646a44e1b190c4a7f6a9f32c63230c619e38d251
diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py
index 1a217b6dc..3272c3ce3 100644
--- a/v2v/rhv-upload-plugin.py
+++ b/v2v/rhv-upload-plugin.py
@@ -193,41 +193,41 @@ def open(readonly):
if transfer.phase != types.ImageTransferPhase.INITIALIZING:
break
if time.time() > endt:
raise RuntimeError("timed out waiting for transfer status
"
"!= INITIALIZING")
# Now we have permission to start the transfer.
if params['rhv_direct']:
if transfer.transfer_url is None:
raise RuntimeError("direct upload to host not supported,
"
"requires ovirt-engine >= 4.2 and only
works "
"when virt-v2v is run within the oVirt/RHV
"
"environment, eg. on an oVirt node.")
destination_url = urlparse(transfer.transfer_url)
else:
destination_url = urlparse(transfer.proxy_url)
if destination_url.scheme == "https":
context = \
ssl.create_default_context(purpose = ssl.Purpose.SERVER_AUTH,
- cafile = cafile)
+ cafile = params['rhv_cafile'])
if params['insecure']:
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
http = HTTPSConnection(
destination_url.hostname,
destination_url.port,
context = context
)
elif destination_url.scheme == "http":
http = HTTPConnection(
destination_url.hostname,
destination_url.port,
)
else:
raise RuntimeError("unknown URL scheme (%s)" %
destination_url.scheme)
# The first request is to fetch the features of the server.
# Authentication was needed only for GET and PUT requests when
# communicating with old imageio-proxy.
--
2.17.2
Richard W.M. Jones
2018-Dec-07 08:34 UTC
Re: [Libguestfs] [PATCH] v2v: -o rhv-upload: Fix upload when using https
On Fri, Dec 07, 2018 at 02:44:21AM +0200, Nir Soffer wrote:> Fix rhv-cafile option access, broken by commit 6694028f9827 (v2v: -o > rhv-upload: Only set SSL context for https connections).Ugh yes indeed. Strong typing FTW _again_ ... Will apply shortly, thanks. Rich.> .gnulib | 2 +- > v2v/rhv-upload-plugin.py | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/.gnulib b/.gnulib > index 6ccfbb4ce..646a44e1b 160000 > --- a/.gnulib > +++ b/.gnulib > @@ -1 +1 @@ > -Subproject commit 6ccfbb4ce5d4fa79f7afb48f3648f2e0401523c3 > +Subproject commit 646a44e1b190c4a7f6a9f32c63230c619e38d251 > diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py > index 1a217b6dc..3272c3ce3 100644 > --- a/v2v/rhv-upload-plugin.py > +++ b/v2v/rhv-upload-plugin.py > @@ -193,41 +193,41 @@ def open(readonly): > if transfer.phase != types.ImageTransferPhase.INITIALIZING: > break > if time.time() > endt: > raise RuntimeError("timed out waiting for transfer status " > "!= INITIALIZING") > > # Now we have permission to start the transfer. > if params['rhv_direct']: > if transfer.transfer_url is None: > raise RuntimeError("direct upload to host not supported, " > "requires ovirt-engine >= 4.2 and only works " > "when virt-v2v is run within the oVirt/RHV " > "environment, eg. on an oVirt node.") > destination_url = urlparse(transfer.transfer_url) > else: > destination_url = urlparse(transfer.proxy_url) > > if destination_url.scheme == "https": > context = \ > ssl.create_default_context(purpose = ssl.Purpose.SERVER_AUTH, > - cafile = cafile) > + cafile = params['rhv_cafile']) > if params['insecure']: > context.check_hostname = False > context.verify_mode = ssl.CERT_NONE > http = HTTPSConnection( > destination_url.hostname, > destination_url.port, > context = context > ) > elif destination_url.scheme == "http": > http = HTTPConnection( > destination_url.hostname, > destination_url.port, > ) > else: > raise RuntimeError("unknown URL scheme (%s)" % destination_url.scheme) > > # The first request is to fetch the features of the server. > > # Authentication was needed only for GET and PUT requests when > # communicating with old imageio-proxy. > -- > 2.17.2-- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top
Nir Soffer
2018-Dec-07 09:01 UTC
Re: [Libguestfs] [PATCH] v2v: -o rhv-upload: Fix upload when using https
On Fri, Dec 7, 2018, 10:34 Richard W.M. Jones <rjones@redhat.com wrote:> On Fri, Dec 07, 2018 at 02:44:21AM +0200, Nir Soffer wrote: > > Fix rhv-cafile option access, broken by commit 6694028f9827 (v2v: -o > > rhv-upload: Only set SSL context for https connections). > > Ugh yes indeed. Strong typing FTW _again_"pylint -E" may detect such issues. ...> > Will apply shortly, thanks. > > Rich. > > > .gnulib | 2 +- > > v2v/rhv-upload-plugin.py | 2 +- > > 2 files changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/.gnulib b/.gnulib > > index 6ccfbb4ce..646a44e1b 160000 > > --- a/.gnulib > > +++ b/.gnulib > > @@ -1 +1 @@ > > -Subproject commit 6ccfbb4ce5d4fa79f7afb48f3648f2e0401523c3 > > +Subproject commit 646a44e1b190c4a7f6a9f32c63230c619e38d251 > > diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py > > index 1a217b6dc..3272c3ce3 100644 > > --- a/v2v/rhv-upload-plugin.py > > +++ b/v2v/rhv-upload-plugin.py > > @@ -193,41 +193,41 @@ def open(readonly): > > if transfer.phase != types.ImageTransferPhase.INITIALIZING: > > break > > if time.time() > endt: > > raise RuntimeError("timed out waiting for transfer status " > > "!= INITIALIZING") > > > > # Now we have permission to start the transfer. > > if params['rhv_direct']: > > if transfer.transfer_url is None: > > raise RuntimeError("direct upload to host not supported, " > > "requires ovirt-engine >= 4.2 and only > works " > > "when virt-v2v is run within the > oVirt/RHV " > > "environment, eg. on an oVirt node.") > > destination_url = urlparse(transfer.transfer_url) > > else: > > destination_url = urlparse(transfer.proxy_url) > > > > if destination_url.scheme == "https": > > context = \ > > ssl.create_default_context(purpose > ssl.Purpose.SERVER_AUTH, > > - cafile = cafile) > > + cafile = params['rhv_cafile']) > > if params['insecure']: > > context.check_hostname = False > > context.verify_mode = ssl.CERT_NONE > > http = HTTPSConnection( > > destination_url.hostname, > > destination_url.port, > > context = context > > ) > > elif destination_url.scheme == "http": > > http = HTTPConnection( > > destination_url.hostname, > > destination_url.port, > > ) > > else: > > raise RuntimeError("unknown URL scheme (%s)" % > destination_url.scheme) > > > > # The first request is to fetch the features of the server. > > > > # Authentication was needed only for GET and PUT requests when > > # communicating with old imageio-proxy. > > -- > > 2.17.2 > > -- > Richard Jones, Virtualization Group, Red Hat > http://people.redhat.com/~rjones > Read my programming and virtualization blog: http://rwmj.wordpress.com > virt-top is 'top' for virtual machines. Tiny program with many > powerful monitoring features, net stats, disk stats, logging, etc. > http://people.redhat.com/~rjones/virt-top >