On Tue, Mar 06, 2007 at 06:40:39PM -0500, Bill Sommerfeld wrote:
> These two defaults concern me:
>
> xend-relocation-server (default: true)
>
> Whether xend should listen on port 8002 for domain migration requests.
>
> xend-relocation-hosts-allow (default '^localhost$')
>
> A space-separated list of regular expressions. Any host matching any
> one of the regexps listed will be allowed to connect for domain
> migration if xend-relocation-server is enabled.
>
> is there value in a "null relocation"? if so, what is it?
It's very useful for testing, and this value mirrors the community upstream's
default. Furthermore, a NULL value corresponds to allowing everything in. A far
from marvellous implementation.
> how exactly is the remote hostname determined and matched against this regexp?
Like this:
def hostAllowed(addrport, hosts_allowed):
if hosts_allowed is None:
return True
else:
fqdn = socket.getfqdn(addrport[0])
for h in hosts_allowed:
if h.match(fqdn) or h.match(addrport[0]):
return True
log.warn("Rejected connection from %s (%s).", addrport[0], fqdn)
The Python docs (http://pydoc.org/2.4.1/socket.html#-getfqdn) state:
getfqdn(name='')
Get fully qualified domain name from name.
An empty argument is interpreted as meaning the local host.
First the hostname returned by gethostbyaddr() is checked, then
possibly existing aliases. In case no FQDN is available, hostname
is returned.
Let me know if you'd like further details here.
As mentioned in the case, we're distinctly unhappy the current situation, as
are the community from what I can gather. At this point, though, there's
nothing better available without significant (and incompatible with everyone
else!) work.
regards,
john
