projects
/
cascardo
/
ovs.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
ofpbuf: Fix trivial spelling typo.
[cascardo/ovs.git]
/
debian
/
ovs-monitor-ipsec
diff --git
a/debian/ovs-monitor-ipsec
b/debian/ovs-monitor-ipsec
index
ffaa979
..
091896d
100755
(executable)
--- a/
debian/ovs-monitor-ipsec
+++ b/
debian/ovs-monitor-ipsec
@@
-1,4
+1,4
@@
-#!
/usr/bin/
python
+#!
/usr/bin/env
python
# Copyright (c) 2009, 2010, 2011, 2012 Nicira, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# Copyright (c) 2009, 2010, 2011, 2012 Nicira, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@
-33,13
+33,14
@@
import sys
import ovs.dirs
from ovs.db import error
import ovs.dirs
from ovs.db import error
-from ovs.db import types
import ovs.util
import ovs.daemon
import ovs.db.idl
import ovs.unixctl
import ovs.unixctl.server
import ovs.vlog
import ovs.util
import ovs.daemon
import ovs.db.idl
import ovs.unixctl
import ovs.unixctl.server
import ovs.vlog
+from six.moves import range
+import six
vlog = ovs.vlog.Vlog("ovs-monitor-ipsec")
root_prefix = '' # Prefix for absolute file names, for testing.
vlog = ovs.vlog.Vlog("ovs-monitor-ipsec")
root_prefix = '' # Prefix for absolute file names, for testing.
@@
-54,7
+55,7
@@
def unixctl_exit(conn, unused_argv, unused_aux):
# Class to configure the racoon daemon, which handles IKE negotiation
# Class to configure the racoon daemon, which handles IKE negotiation
-class Racoon:
+class Racoon
(object)
:
# Default locations for files
conf_file = "/etc/racoon/racoon.conf"
cert_dir = "/etc/racoon/certs"
# Default locations for files
conf_file = "/etc/racoon/racoon.conf"
cert_dir = "/etc/racoon/certs"
@@
-152,7
+153,7
@@
path certificate "%s";
conf_file = open(root_prefix + self.conf_file, 'w')
conf_file.write(Racoon.conf_header % (self.psk_file, self.cert_dir))
conf_file = open(root_prefix + self.conf_file, 'w')
conf_file.write(Racoon.conf_header % (self.psk_file, self.cert_dir))
- for host, vals in s
elf.cert_hosts.iteritems(
):
+ for host, vals in s
ix.iteritems(self.cert_hosts
):
conf_file.write(Racoon.cert_entry % (host, vals["certificate"],
vals["private_key"], vals["peer_cert_file"]))
conf_file.write(Racoon.cert_entry % (host, vals["certificate"],
vals["private_key"], vals["peer_cert_file"]))
@@
-163,13
+164,13
@@
path certificate "%s";
conf_file.close()
# Rewrite the pre-shared keys file; it must only be readable by root.
conf_file.close()
# Rewrite the pre-shared keys file; it must only be readable by root.
- orig_umask = os.umask(0077)
+ orig_umask = os.umask(0
o
077)
psk_file = open(root_prefix + Racoon.psk_file, 'w')
os.umask(orig_umask)
psk_file.write("# Generated by Open vSwitch...do not modify by hand!")
psk_file.write("\n\n")
psk_file = open(root_prefix + Racoon.psk_file, 'w')
os.umask(orig_umask)
psk_file.write("# Generated by Open vSwitch...do not modify by hand!")
psk_file.write("\n\n")
- for host, vals in s
elf.psk_hosts.iteritems(
):
+ for host, vals in s
ix.iteritems(self.psk_hosts
):
psk_file.write("%s %s\n" % (host, vals["psk"]))
psk_file.close()
psk_file.write("%s %s\n" % (host, vals["psk"]))
psk_file.close()
@@
-210,9
+211,9
@@
path certificate "%s";
if host in self.psk_hosts:
raise error.Error("host %s already defined for psk" % host)
if host in self.psk_hosts:
raise error.Error("host %s already defined for psk" % host)
- if vals["certificate"]
==
None:
+ if vals["certificate"]
is
None:
raise error.Error("'certificate' not defined for %s" % host)
raise error.Error("'certificate' not defined for %s" % host)
- elif vals["private_key"]
==
None:
+ elif vals["private_key"]
is
None:
# Assume the private key is stored in the same PEM file as
# the certificate. We make a copy of "vals" so that we don't
# modify the original "vals", which would cause the script
# Assume the private key is stored in the same PEM file as
# the certificate. We make a copy of "vals" so that we don't
# modify the original "vals", which would cause the script
@@
-258,7
+259,7
@@
path certificate "%s";
# Class to configure IPsec on a system using racoon for IKE and setkey
# for maintaining the Security Association Database (SAD) and Security
# Policy Database (SPD). Only policies for GRE are supported.
# Class to configure IPsec on a system using racoon for IKE and setkey
# for maintaining the Security Association Database (SAD) and Security
# Policy Database (SPD). Only policies for GRE are supported.
-class IPsec:
+class IPsec
(object)
:
def __init__(self):
self.sad_flush()
self.spd_flush()
def __init__(self):
self.sad_flush()
self.spd_flush()
@@
-354,11
+355,11
@@
class IPsec:
def update_ipsec(ipsec, interfaces, new_interfaces):
def update_ipsec(ipsec, interfaces, new_interfaces):
- for name, vals in
interfaces.iteritems(
):
+ for name, vals in
six.iteritems(interfaces
):
if name not in new_interfaces:
ipsec.del_entry(vals["local_ip"], vals["remote_ip"])
if name not in new_interfaces:
ipsec.del_entry(vals["local_ip"], vals["remote_ip"])
- for name, vals in
new_interfaces.iteritems(
):
+ for name, vals in
six.iteritems(new_interfaces
):
orig_vals = interfaces.get(name)
if orig_vals:
# Configuration for this host already exists. Check if it's
orig_vals = interfaces.get(name)
if orig_vals:
# Configuration for this host already exists. Check if it's
@@
-372,12
+373,12
@@
def update_ipsec(ipsec, interfaces, new_interfaces):
try:
ipsec.add_entry(vals["local_ip"], vals["remote_ip"], vals)
try:
ipsec.add_entry(vals["local_ip"], vals["remote_ip"], vals)
- except error.Error
,
msg:
+ except error.Error
as
msg:
vlog.warn("skipping ipsec config for %s: %s" % (name, msg))
def get_ssl_cert(data):
vlog.warn("skipping ipsec config for %s: %s" % (name, msg))
def get_ssl_cert(data):
- for ovs_rec in data["Open_vSwitch"].rows.
iter
values():
+ for ovs_rec in data["Open_vSwitch"].rows.values():
if ovs_rec.ssl:
ssl = ovs_rec.ssl[0]
if ssl.certificate and ssl.private_key:
if ovs_rec.ssl:
ssl = ovs_rec.ssl[0]
if ssl.certificate and ssl.private_key:
@@
-440,7
+441,7
@@
def main():
ssl_cert = get_ssl_cert(idl.tables)
new_interfaces = {}
ssl_cert = get_ssl_cert(idl.tables)
new_interfaces = {}
- for rec in
idl.tables["Interface"].rows.itervalues(
):
+ for rec in
six.itervalues(idl.tables["Interface"].rows
):
if rec.type == "ipsec_gre":
name = rec.name
options = rec.options
if rec.type == "ipsec_gre":
name = rec.name
options = rec.options