def on_eventbox_mdns_adv_button_press_event(self, *args): msg = ( "Flag toggling mDNS advertizement of the libvirt service.\n\n" "Alternatively can disable for all services on a host by " "stopping the Avahi daemon" ) dialog.show_info_message("mdns_adv", msg)
def on_eventbox_listen_tcp_button_press_event(self, *args): msg = "Listen for unencrypted TCP connections on the public TCP/IP port. " \ "NB, must pass the --listen flag to the libvirtd process for this to " \ "have any effect.\n\n" \ "Using the TCP socket requires SASL authentication by default. Only " \ "SASL mechanisms which support data encryption are allowed. This is " \ "DIGEST_MD5 and GSSAPI (Kerberos5)" dialog.show_info_message("listen_tcp", msg)
def on_eventbox_max_client_requests_button_press_event(self, *args): msg = ( "Limit on concurrent requests from a single client " "connection. To avoid one client monopolizing the server " "this should be a small fraction of the global max_requests " "and max_workers parameter" ) dialog.show_info_message("max_client_requests", msg)
def on_eventbox_unix_rw_perms_button_press_event(self, *args): msg = "Set the UNIX socket permissions for the R/W socket.\n\nThis is used " \ "for full management of VMs\n\n" \ "Default allows only root. If PolicyKit is enabled on the socket, " \ "the default will change to allow everyone (eg, 0777)\n\n" \ "If not using PolicyKit and setting group ownership for access " \ "control then you may want to relax this." dialog.show_info_message("unix_rw_perms", msg)
def on_eventbox_max_requests_button_press_event(self, *args): msg = "Total global limit on concurrent RPC calls. Should be " \ "at least as large as max_workers. Beyond this, RPC requests "\ "will be read into memory and queued. This directly impact " \ "memory usage, currently each request requires 256 KB of " \ "memory.\n\nSo by default upto 5 MB of memory is used\n\n" \ "XXX this isn't actually enforced yet, only the per-client" dialog.show_info_message("max_requests", msg)
def on_eventbox_mdns_name_button_press_event(self, *args): msg = ( "Override the default mDNS advertizement name.\nThis must be " "unique on the immediate broadcast network.\n\n" 'The default is "Virtualization Host HOSTNAME", where HOSTNAME ' "is subsituted for the short hostname of the machine (without domain)" ) dialog.show_info_message("mdns_name", msg)
def on_eventbox_tls_no_verify_certificate_button_press_event(self, *args): msg = "Flag to disable verification of client certificates\n" \ "Client certificate verification is the primary authentication mechanism.\n\n" \ "Any client which does not present a certificate signed by the CA " \ "will be rejected.\n\n" \ "Default is to always verify.\n" \ "verification - make sure an IP whitelist is set" dialog.show_info_message("tls_no_verify_certificate", msg)
def on_eventbox_unix_sock_group_button_press_event(self, *args): msg = ( "Set the UNIX domain socket group ownership. This can be used to " "allow a 'trusted' set of users access to management capabilities " "without becoming root.\n\n" "This is restricted to 'root' by default" ) dialog.show_info_message("unix_sock_group", msg)
def on_eventbox_auth_unix_rw_button_press_event(self, *args): msg = "Set an authentication scheme for UNIX read-write sockets " \ "By default socket permissions only allow root. If PolicyKit " \ "support was compiled into libvirt, the default will be to " \ "use 'polkit' auth.\n\n" \ "If the unix_sock_rw_perms are changed you may wish to enable " \ "an authentication mechanism here" dialog.show_info_message("auth_unix_rw", msg)
def on_eventbox_listen_tls_button_press_event(self, *args): msg = ( "TLS connections on the public TCP/IP port.\n" "NB, must pass the --listen flag to the libvirtd process for this to " "have any effect.\n\n" "It is necessary to setup a CA and issue server certificates before " "using this capability." ) dialog.show_info_message("listen_tls", msg)
def on_eventbox_tls_allowed_dn_list_button_press_event(self, *args): msg = "A whitelist of allowed x509 Distinguished Names" \ "This list may contain wildcards such as\n\n" \ "\"C=GB,ST=London,L=London,O=Red Hat,CN=*\"\n\n" \ "See the POSIX fnmatch function for the format of the wildcards.\n" \ "NB If this is an empty list, no client can connect, so comment out " \ "entirely rather than using empty list to disable these checks\n\n" \ "By default, no DN's are checked" dialog.show_info_message("tls_allowed_dn_list", msg)
def on_eventbox_unix_sock_ro_perms_button_press_event(self, *args): msg = ( "Set the UNIX socket permissions for the R/O socket.\n\nThis is used " "for monitoring VM status only.\n\n" "Default allows any user. If setting group ownership may want to " "restrict this." ) dialog.show_info_message("unix_sock_ro_perms", msg)
def on_eventbox_audit_logging_button_press_event(sef, *args): msg = "This setting allows usage of the auditing subsystem to be altered:\n\n" \ "audit_level == 0 -> disable all auditing\n" \ "audit_level == 1 -> enable auditing, only if enabled on host (default)\n" \ "audit_level == 2 -> enable auditing, and exit if disabled on host\n" \ "audit_level = 2\n\n" \ "If set to 1, then audit messages will also be sent " \ "via libvirt logging infrastructure. Defaults to 0" dialog.show_info_message("audit_logging", msg)
def on_eventbox_auth_tls_button_press_event(self, *args): msg = ( "Change the authentication scheme for TLS sockets.\n\n" "TLS sockets already have encryption provided by the TLS " "layer, and limited authentication is done by certificates\n" "It is possible to make use of any SASL authentication " "mechanism as well, by using 'sasl' for this option" ) dialog.show_info_message("auth_tls", msg)
def on_eventbox_auth_tcp_button_press_event(self, *args): msg = ( "Change the authentication scheme for TCP sockets.\n\n" "If you don't enable SASL, then all TCP traffic is cleartext.\n" "Don't do this outside of a dev/test scenario. For real world " "use, always enable SASL and use the GSSAPI or DIGEST-MD5 " "mechanism in /etc/sasl2/libvirt.conf" ) dialog.show_info_message("auth_tcp", msg)
def on_eventbox_min_workers_button_press_event(self, *args): msg = ( "The minimum limit sets the number of workers to start up " "initially. If the number of active clients exceeds this, " "then more threads are spawned, upto max_workers limit.\n\n" "Typically you'd want max_workers to equal maximum number " "of clients allowed" ) dialog.show_info_message("min_workers", msg)
def on_eventbox_unix_rw_perms_button_press_event(self, *args): msg = ( "Set the UNIX socket permissions for the R/W socket.\n\nThis is used " "for full management of VMs\n\n" "Default allows only root. If PolicyKit is enabled on the socket, " "the default will change to allow everyone (eg, 0777)\n\n" "If not using PolicyKit and setting group ownership for access " "control then you may want to relax this." ) dialog.show_info_message("unix_rw_perms", msg)
def on_eventbox_auth_unix_rw_button_press_event(self, *args): msg = ( "Set an authentication scheme for UNIX read-write sockets " "By default socket permissions only allow root. If PolicyKit " "support was compiled into libvirt, the default will be to " "use 'polkit' auth.\n\n" "If the unix_sock_rw_perms are changed you may wish to enable " "an authentication mechanism here" ) dialog.show_info_message("auth_unix_rw", msg)
def on_eventbox_max_requests_button_press_event(self, *args): msg = ( "Total global limit on concurrent RPC calls. Should be " "at least as large as max_workers. Beyond this, RPC requests " "will be read into memory and queued. This directly impact " "memory usage, currently each request requires 256 KB of " "memory.\n\nSo by default upto 5 MB of memory is used\n\n" "XXX this isn't actually enforced yet, only the per-client" ) dialog.show_info_message("max_requests", msg)
def on_eventbox_listen_tcp_button_press_event(self, *args): msg = ( "Listen for unencrypted TCP connections on the public TCP/IP port. " "NB, must pass the --listen flag to the libvirtd process for this to " "have any effect.\n\n" "Using the TCP socket requires SASL authentication by default. Only " "SASL mechanisms which support data encryption are allowed. This is " "DIGEST_MD5 and GSSAPI (Kerberos5)" ) dialog.show_info_message("listen_tcp", msg)
def on_eventbox_host_uuids_button_press_event(self, *args): msg = "Provide the UUID of the host here in case the command " \ "'dmidecode -s system-uuid' does not provide a valid uuid.\n\nIn case " \ "'dmidecode' does not provide a valid UUID and none is provided here, a " \ "temporary UUID will be generated.\n\n" \ "Keep the format of the example UUID below. UUID must not have all digits " \ "be the same.\n\n" \ "NB This default all-zeros UUID will not work. Replace" \ "it with the output of the \'uuidgen\'" dialog.show_info_message("host_uuids", msg)
def on_eventbox_tls_no_verify_certificate_button_press_event(self, *args): msg = ( "Flag to disable verification of client certificates\n" "Client certificate verification is the primary authentication mechanism.\n\n" "Any client which does not present a certificate signed by the CA " "will be rejected.\n\n" "Default is to always verify.\n" "verification - make sure an IP whitelist is set" ) dialog.show_info_message("tls_no_verify_certificate", msg)
def on_eventbox_tls_allowed_dn_list_button_press_event(self, *args): msg = ( "A whitelist of allowed x509 Distinguished Names" "This list may contain wildcards such as\n\n" '"C=GB,ST=London,L=London,O=Red Hat,CN=*"\n\n' "See the POSIX fnmatch function for the format of the wildcards.\n" "NB If this is an empty list, no client can connect, so comment out " "entirely rather than using empty list to disable these checks\n\n" "By default, no DN's are checked" ) dialog.show_info_message("tls_allowed_dn_list", msg)
def on_eventbox_audit_logging_button_press_event(sef, *args): msg = ( "This setting allows usage of the auditing subsystem to be altered:\n\n" "audit_level == 0 -> disable all auditing\n" "audit_level == 1 -> enable auditing, only if enabled on host (default)\n" "audit_level == 2 -> enable auditing, and exit if disabled on host\n" "audit_level = 2\n\n" "If set to 1, then audit messages will also be sent " "via libvirt logging infrastructure. Defaults to 0" ) dialog.show_info_message("audit_logging", msg)
def on_eventbox_host_uuids_button_press_event(self, *args): msg = ( "Provide the UUID of the host here in case the command " "'dmidecode -s system-uuid' does not provide a valid uuid.\n\nIn case " "'dmidecode' does not provide a valid UUID and none is provided here, a " "temporary UUID will be generated.\n\n" "Keep the format of the example UUID below. UUID must not have all digits " "be the same.\n\n" "NB This default all-zeros UUID will not work. Replace" "it with the output of the 'uuidgen'" ) dialog.show_info_message("host_uuids", msg)
def on_eventbox_log_filters_button_press_event(self, *args): msg = "A filter allows to select a different logging level for a given category " \ "of logs.\n\n" \ "The format for a filter is:\n\n" \ "x:name\n" \ "where name is a match string e.g. remote or qemu\n" \ "the x prefix is the minimal level where matching messages should be logged\n\n" \ "1: DEBUG\n" \ "2: INFO\n" \ "3: WARNING\n" \ "4: ERROR\n\n" \ "Multiple filter can be defined in a single @filters, they just need to be " \ "separated by spaces.\n\n" \ "e.g:\n" \ "log_filters=\"3:remote 4:event\"\n" \ "to only get warning or errors from the remote layer and only errors from " \ "the event layer." dialog.show_info_message("log_filters", msg)
def on_eventbox_log_outputs_button_press_event(self, *args): msg = "An output is one of the places to save logging informations\n\n" \ "The format for an output can be:\n" \ "x:stderr\n" \ "output goes to stderr\n" \ "x:syslog:name\n" \ "use syslog for the output and use the given name as the ident\n" \ "x:file:file_path\n" \ "output to a file, with the given filepath\n" \ "In all case the x prefix is the minimal level, acting as a filter\n\n" \ "1: DEBUG\n" \ "2: INFO\n" \ "3: WARNING\n" \ "4: ERROR\n\n" \ "Multiple output can be defined, they just need to be separated by spaces.\n\n" \ "e.g.:\n" \ "log_outputs=\"3:syslog:libvirtd\"\n" \ "to log all warnings and errors to syslog under the libvirtd ident" dialog.show_info_message("log_outputs", msg)
def on_eventbox_auth_unix_ro_button_press_event(self, *args): msg = "Set an authentication scheme for UNIX read-only sockets " \ "By default socket permissions allow anyone to connect\n\n" \ "To restrict monitoring of domains you may wish to enable " \ "an authentication mechanism\n\n" \ "- none: do not perform auth checks. If you can connect to the " \ "socket you are allowed. This is suitable if there are " \ "restrictions on connecting to the socket (eg, UNIX " \ "socket permissions), or if there is a lower layer in " \ "the network providing auth (eg, TLS/x509 certificates)\n\n" \ "- sasl: use SASL infrastructure. The actual auth scheme is then" \ "controlled from /etc/sasl2/libvirt.conf. For the TCP " \ "socket only GSSAPI DIGEST-MD5 mechanisms will be used. " \ "For non-TCP or TLS sockets, any scheme is allowed.\n\n" \ "- polkit: use PolicyKit to authenticate. This is only suitable" \ "for use on the UNIX sockets. The default policy will" \ "require a user to supply their own password to gain" \ "full read/write access (aka sudo like), while anyone" \ "is allowed read/only access." dialog.show_info_message("auth_unix_ro", msg)
def on_eventbox_log_filters_button_press_event(self, *args): msg = ( "A filter allows to select a different logging level for a given category " "of logs.\n\n" "The format for a filter is:\n\n" "x:name\n" "where name is a match string e.g. remote or qemu\n" "the x prefix is the minimal level where matching messages should be logged\n\n" "1: DEBUG\n" "2: INFO\n" "3: WARNING\n" "4: ERROR\n\n" "Multiple filter can be defined in a single @filters, they just need to be " "separated by spaces.\n\n" "e.g:\n" 'log_filters="3:remote 4:event"\n' "to only get warning or errors from the remote layer and only errors from " "the event layer." ) dialog.show_info_message("log_filters", msg)
def on_eventbox_log_outputs_button_press_event(self, *args): msg = ( "An output is one of the places to save logging informations\n\n" "The format for an output can be:\n" "x:stderr\n" "output goes to stderr\n" "x:syslog:name\n" "use syslog for the output and use the given name as the ident\n" "x:file:file_path\n" "output to a file, with the given filepath\n" "In all case the x prefix is the minimal level, acting as a filter\n\n" "1: DEBUG\n" "2: INFO\n" "3: WARNING\n" "4: ERROR\n\n" "Multiple output can be defined, they just need to be separated by spaces.\n\n" "e.g.:\n" 'log_outputs="3:syslog:libvirtd"\n' "to log all warnings and errors to syslog under the libvirtd ident" ) dialog.show_info_message("log_outputs", msg)
def on_button_select_service_restart_clicked(self, widget, data=None): if self.serviceLibvirt != "no": if os.path.exists("/etc/init.d/libvirtd") != True: dialog.show_error_message("Cannot locate /etc/init.d/libvirtd!\n Please verify if you have libvirt installed!") return ret = subprocess.call(["/etc/init.d/libvirtd", "restart"]) self.serviceSelected = "yes" if ret != 0: dialog.show_error_message("Cannot restart libvirtd!\n Please verify if your user has the rights to do it!") else: dialog.show_info_message("libvirtd", "service libvirtd restarted!") if self.serviceVdsm != "no": if os.path.exists("/etc/init.d/vdsmd") != True: dialog.show_error_message("Cannot locate /etc/init.d/vdsmd!\n Please verify if you have vdsm installed!") return ret = subprocess.call(["/etc/init.d/vdsmd", "restart"]) self.serviceSelected = "yes" if ret != 0: dialog.show_error_message("Cannot restart vdsmd!\n Please verify if your user has the rights to do it!") else: dialog.show_info_message("vdsmd", "service vdsmd restarted!") if self.serviceSelected == "no": dialog.show_info_message("Info", "No service select, cancelled restart!") # Setting back the original state self.serviceVdsm = "no" self.serviceLibvirt = "no" self.serviceSelected = "no"
def on_eventbox_auth_unix_ro_button_press_event(self, *args): msg = ( "Set an authentication scheme for UNIX read-only sockets " "By default socket permissions allow anyone to connect\n\n" "To restrict monitoring of domains you may wish to enable " "an authentication mechanism\n\n" "- none: do not perform auth checks. If you can connect to the " "socket you are allowed. This is suitable if there are " "restrictions on connecting to the socket (eg, UNIX " "socket permissions), or if there is a lower layer in " "the network providing auth (eg, TLS/x509 certificates)\n\n" "- sasl: use SASL infrastructure. The actual auth scheme is then" "controlled from /etc/sasl2/libvirt.conf. For the TCP " "socket only GSSAPI DIGEST-MD5 mechanisms will be used. " "For non-TCP or TLS sockets, any scheme is allowed.\n\n" "- polkit: use PolicyKit to authenticate. This is only suitable" "for use on the UNIX sockets. The default policy will" "require a user to supply their own password to gain" "full read/write access (aka sudo like), while anyone" "is allowed read/only access." ) dialog.show_info_message("auth_unix_ro", msg)
def on_button_select_service_restart_clicked(self, widget, data=None): if self.serviceLibvirt != "no": if os.path.exists("/etc/init.d/libvirtd") != True: dialog.show_error_message( "Cannot locate /etc/init.d/libvirtd!\n Please verify if you have libvirt installed!" ) return ret = subprocess.call(["/etc/init.d/libvirtd", "restart"]) self.serviceSelected = "yes" if ret != 0: dialog.show_error_message( "Cannot restart libvirtd!\n Please verify if your user has the rights to do it!" ) else: dialog.show_info_message("libvirtd", "service libvirtd restarted!") if self.serviceVdsm != "no": if os.path.exists("/etc/init.d/vdsmd") != True: dialog.show_error_message( "Cannot locate /etc/init.d/vdsmd!\n Please verify if you have vdsm installed!" ) return ret = subprocess.call(["/etc/init.d/vdsmd", "restart"]) self.serviceSelected = "yes" if ret != 0: dialog.show_error_message( "Cannot restart vdsmd!\n Please verify if your user has the rights to do it!" ) else: dialog.show_info_message("vdsmd", "service vdsmd restarted!") if self.serviceSelected == "no": dialog.show_info_message("Info", "No service select, cancelled restart!") # Setting back the original state self.serviceVdsm = "no" self.serviceLibvirt = "no" self.serviceSelected = "no"
def on_eventbox_log_level_button_press_event(self, *args): msg = "Logging level: 4 errors, 3 warnings, 2 informations, 1 debug " \ "basically 1 will log everything possible" dialog.show_info_message("log_level", msg)
def on_eventbox_log_level_button_press_event(self, *args): msg = "Logging level: 4 errors, 3 warnings, 2 informations, 1 debug " "basically 1 will log everything possible" dialog.show_info_message("log_level", msg)
def on_eventbox_crl_file_button_press_event(self, *args): msg = "Specify a certificate revocation list." dialog.show_info_message("crl_file", msg)
def on_eventbox_key_file_button_press_event(self, *args): msg = "Override the default server key file path." dialog.show_info_message("key_file", msg)
def on_eventbox_listen_addr_button_press_event(self, *args): msg = ( "Override the default configuration which binds to all network " "interfaces.\n\nThis can be a numeric IPv4/6 address, or hostname." ) dialog.show_info_message("listen_addr", msg)
def on_eventbox_max_client_requests_button_press_event(self, *args): msg = "Limit on concurrent requests from a single client " \ "connection. To avoid one client monopolizing the server " \ "this should be a small fraction of the global max_requests " \ "and max_workers parameter" dialog.show_info_message("max_client_requests", msg)
def on_eventbox_unix_sock_group_button_press_event(self, *args): msg = "Set the UNIX domain socket group ownership. This can be used to " \ "allow a \'trusted\' set of users access to management capabilities " \ "without becoming root.\n\n" \ "This is restricted to 'root' by default" dialog.show_info_message("unix_sock_group", msg)
def on_eventbox_max_workers_button_press_event(self, *args): msg = "The maximum limit sets the number of workers" dialog.show_info_message("max_workers", msg)
def on_eventbox_unix_sock_dir_button_press_event(self, *args): msg = "Set the name of the directory in which sockets will be found/created." dialog.show_info_message("unix_sock_dir", msg)
def on_eventbox_max_clients_button_press_event(self, *args): msg = "The maximum number of concurrent client connections to allow " "over all sockets combined.\n" dialog.show_info_message("max_clients", msg)
def on_eventbox_image_save_image_format_button_press_event(self, *args): msg = "image format" dialog.show_info_message("save_image_format", msg)
def on_eventbox_tls_port_button_press_event(self, *args): msg = "Override the port for accepting secure TLS connections.\n" "This can be a port number, or service name" dialog.show_info_message("tls_port", msg)
def on_eventbox_mdns_name_button_press_event(self, *args): msg = "Override the default mDNS advertizement name.\nThis must be " \ "unique on the immediate broadcast network.\n\n" \ "The default is \"Virtualization Host HOSTNAME\", where HOSTNAME " \ "is subsituted for the short hostname of the machine (without domain)" dialog.show_info_message("mdns_name", msg)
def on_eventbox_listen_addr_button_press_event(self, *args): msg = "Override the default configuration which binds to all network " \ "interfaces.\n\nThis can be a numeric IPv4/6 address, or hostname." dialog.show_info_message("listen_addr", msg)
def on_eventbox_max_clients_button_press_event(self, *args): msg = "The maximum number of concurrent client connections to allow " \ "over all sockets combined.\n" dialog.show_info_message("max_clients", msg)
def on_eventbox_mdns_adv_button_press_event(self, *args): msg = "Flag toggling mDNS advertizement of the libvirt service.\n\n" \ "Alternatively can disable for all services on a host by " \ "stopping the Avahi daemon" dialog.show_info_message("mdns_adv", msg)
def on_eventbox_ca_file_button_press_event(self, *args): msg = "Override the default CA certificate path." dialog.show_info_message("ca_file", msg)
def on_eventbox_tls_port_button_press_event(self, *args): msg = "Override the port for accepting secure TLS connections.\n" \ "This can be a port number, or service name" dialog.show_info_message("tls_port", msg)