def strong_rng(self, num_bytes=None):
import ovirtnode.ovirtfunctions as ofunc
rng, aes = ofunc.rng_status()
if valid.Number(bounds=[0, None]).validate(num_bytes):
self.__update_profile(num_bytes, aes)
elif num_bytes is None:
pass
else:
self.logger.warning("Unknown value for RNG num bytes: " +
"%s" % num_bytes)
return ofunc.rng_status()[0]
def strong_rng(self, num_bytes=None):
import ovirtnode.ovirtfunctions as ofunc
rng, aes = ofunc.rng_status()
if valid.Number(bounds=[0, None]).validate(num_bytes):
self.__update_profile(num_bytes, aes)
elif num_bytes is None:
pass
else:
self.logger.warning("Unknown value for RNG num bytes: " +
"%s" % num_bytes)
return ofunc.rng_status()[0]
def disable_aesni(self, disable=None):
"""Set/Get AES NI for OpenSSL
Args:
enable: True or False
Returns:
The status of aes_ni
"""
import ovirtnode.ovirtfunctions as ofunc
rng, aes = ofunc.rng_status()
if disable in [True, False]:
self.__update_profile(rng, disable)
else:
self.logger.warning("Unknown value for AES NI: %s" % disable)
return ofunc.rng_status()[1] # FIXME should rurn bool
def disable_aesni(self, disable=None):
"""Set/Get AES NI for OpenSSL
Args:
enable: True or False
Returns:
The status of aes_ni
"""
import ovirtnode.ovirtfunctions as ofunc
rng, aes = ofunc.rng_status()
if disable in [True, False]:
self.__update_profile(rng, disable)
else:
self.logger.warning("Unknown value for AES NI: %s" % disable)
return ofunc.rng_status()[1] # FIXME should rurn bool
def translate_ssh(self):
if self.__is_persisted("/etc/ssh/sshd_config"):
pw_auth_enabled = ovirtfunctions.augtool_get(
"/files/etc/ssh/sshd_config/PasswordAuthentication")
rng_bytes, aes_disabled = ovirtfunctions.rng_status()
rng_bytes = None if rng_bytes == 0 else rng_bytes
aes_disabled = aes_disabled == 1
ssh_is_enabled = parse_bool(pw_auth_enabled)
if rng_bytes:
self.aug.set("/files/etc/default/ovirt/OVIRT_USE_STRONG_RNG",
str(rng_bytes))
if aes_disabled:
self.aug.set("/files/etc/default/ovirt/OVIRT_DISABLE_AES_NI",
"true")
if ssh_is_enabled:
self.aug.set("/files/etc/default/ovirt/OVIRT_SSH_PWAUTH",
"yes")
def translate_ssh(self):
if self.__is_persisted("/etc/ssh/sshd_config"):
pw_auth_enabled = ovirtfunctions.augtool_get(
"/files/etc/ssh/sshd_config/PasswordAuthentication")
rng_bytes, aes_enabled = ovirtfunctions.rng_status()
rng_bytes = None if rng_bytes == 0 else rng_bytes
aes_disabled = False if aes_enabled == "1" else True
ssh_is_enabled = parse_bool(pw_auth_enabled)
if rng_bytes:
self.aug.set("/files/etc/default/ovirt/OVIRT_USE_STRONG_RNG",
str(rng_bytes))
if aes_disabled:
self.aug.set("/files/etc/default/ovirt/OVIRT_DISABLE_AES_NI",
"true")
if ssh_is_enabled:
self.aug.set("/files/etc/default/ovirt/OVIRT_SSH_PWAUTH",
"yes")
