<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 11/01/2016 01:43 PM, Aline Manera
wrote:<br>
</div>
<blockquote
cite="mid:3260d36a-9173-d31b-a4ee-2ae251b06713@linux.vnet.ibm.com"
type="cite">Hi Ramon:
<br>
<br>
You also need to update the files below to reflect those changes:
<br>
- wokd.in
<br>
- docs/wokd.8.in
<br>
- src/wok/config.py.in
<br>
<br>
And more comments below:
<br>
<br>
On 11/01/2016 01:33 PM, Ramon Medeiros wrote:
<br>
<blockquote type="cite">---
<br>
.gitignore | 1 -
<br>
Makefile.am | 3 ++
<br>
contrib/wok.spec.fedora.in | 1 -
<br>
contrib/wok.spec.suse.in | 1 -
<br>
src/nginx/Makefile.am | 7 ++--
<br>
src/nginx/wok.conf | 79
++++++++++++++++++++++++++++++++++++++++++++++
<br>
src/nginx/wok.conf.in | 75
-------------------------------------------
<br>
src/wok.conf.in | 34 --------------------
<br>
src/wok/proxy.py | 45 --------------------------
<br>
9 files changed, 85 insertions(+), 161 deletions(-)
<br>
create mode 100644 src/nginx/wok.conf
<br>
delete mode 100644 src/nginx/wok.conf.in
<br>
<br>
diff --git a/.gitignore b/.gitignore
<br>
index d06f936..10754f9 100644
<br>
--- a/.gitignore
<br>
+++ b/.gitignore
<br>
@@ -31,7 +31,6 @@ wok-*.tar.gz
<br>
wok.spec
<br>
src/wokd
<br>
src/wok.conf
<br>
-src/nginx/wok.conf
<br>
src/wok/config.py
<br>
tests/run_tests.sh
<br>
tests/test_config.py
<br>
diff --git a/Makefile.am b/Makefile.am
<br>
index 5c8e69d..3754547 100644
<br>
--- a/Makefile.am
<br>
+++ b/Makefile.am
<br>
@@ -159,6 +159,8 @@ install-data-local:
<br>
touch $(DESTDIR)/etc/nginx/conf.d/wok.conf
<br>
mkdir -p $(DESTDIR)/etc/logrotate.d/
<br>
$(INSTALL_DATA) $(top_srcdir)/src/wok.logrotate
$(DESTDIR)/etc/logrotate.d/wokd
<br>
+ mkdir -p $(DESTDIR)/etc/nginx/conf.d
<br>
+ $(INSTALL_DATA) $(top_srcdir)/src/nginx/wok.conf
$(DESTDIR)/etc/nginx/conf.d/wok.conf
<br>
<br>
uninstall-local:
<br>
@if test -f $(systemdsystemunitdir)/wokd.service; then \
<br>
@@ -175,6 +177,7 @@ uninstall-local:
<br>
$(RM) -rf $(DESTDIR)/etc/wok
<br>
$(RM) $(DESTDIR)/etc/nginx/conf.d/wok.conf
<br>
$(RM) $(DESTDIR)/etc/logrotate.d/wokd
<br>
</blockquote>
<br>
<blockquote type="cite">+ $(DESTDIR)/etc/nginx/conf.d/wok.conf
<br>
</blockquote>
<br>
The $(RM) is missing
<br>
</blockquote>
I did not add RM because it's already exists:<br>
<br>
$(RM) $(DESTDIR)/etc/nginx/conf.d/wok.conf
(now wok.conf.in does not exists)<br>
<br>
<blockquote
cite="mid:3260d36a-9173-d31b-a4ee-2ae251b06713@linux.vnet.ibm.com"
type="cite">
<br>
<blockquote type="cite"> VERSION:
<br>
<br>
-
<br>
-# Port to listen on
<br>
-#port = 8000
<br>
-
<br>
</blockquote>
<br>
<blockquote type="cite">-# Start an SSL-enabled server on the
given port
<br>
-#ssl_port = 8001
<br>
-
<br>
</blockquote>
<br>
The ssl_port is being used by /config API so we will need to keep
it there too.
<br>
<br>
</blockquote>
OK<br>
<blockquote
cite="mid:3260d36a-9173-d31b-a4ee-2ae251b06713@linux.vnet.ibm.com"
type="cite">
<blockquote type="cite">-# Allow user disables HTTP port. In that
case, all the connections
<br>
-# will be done directly through HTTPS port (values: true|false)
<br>
-#https_only = false
<br>
-
<br>
# Cherrypy server port
<br>
#cherrypy_port = 8010
<br>
</blockquote>
<br>
<blockquote type="cite">-# Port for websocket proxy to listen on
<br>
-#websockets_port = 64667
<br>
</blockquote>
<br>
We will need to keep websockets_port as it needed by /config API
and to Kimchi knows on which port to launch websocikfy
<br>
<br>
<blockquote type="cite">-
<br>
-# Number of minutes that a session can remain idle before the
server
<br>
-# terminates it automatically.
<br>
-#session_timeout = 10
<br>
-
<br>
-# The full path to an SSL Certificate or chain of certificates
in
<br>
-# PEM format. When a chain is used, the server's certificate
must be
<br>
-# the first certificate in the file with the chain concatenated
into
<br>
-# the end of that certificate. If left unspecified, Wok will
generate
<br>
-# a self-signed certificate automatically.
<br>
-#ssl_cert =
<br>
-
<br>
-# The corresponding private key in PEM format for the SSL
Certificate supplied
<br>
-# above. If left blank, Wok will generate a self-signed
certificate.
<br>
-#ssl_key =
<br>
-
<br>
# Running environment of the server
<br>
#environment = production
<br>
<br>
-# Max request body size in KB, default value is 4GB
<br>
-#max_body_size = 4 * 1024 * 1024
<br>
-
<br>
# Wok server root. Set the following variable to configure any
relative path to
<br>
# the server. For example, to have Wok pointing to
<a class="moz-txt-link-freetext" href="https://localhost:8001/wok/">https://localhost:8001/wok/</a>
<br>
# uncomment the following:
<br>
diff --git a/src/wok/proxy.py b/src/wok/proxy.py
<br>
index 5f646e4..1c11b9b 100644
<br>
--- a/src/wok/proxy.py
<br>
+++ b/src/wok/proxy.py
<br>
@@ -25,8 +25,6 @@
<br>
# and configure the Nginx proxy.
<br>
<br>
import os
<br>
-import pwd
<br>
-from string import Template
<br>
<br>
from wok import sslcert
<br>
from wok.config import paths
<br>
@@ -53,17 +51,6 @@ def _create_proxy_config(options):
<br>
Arguments:
<br>
options - OptionParser object with Wok config options
<br>
"""
<br>
- # User that will run the worker process of the proxy.
Fedora,
<br>
- # RHEL and Suse creates an user called 'nginx' when
installing
<br>
- # the proxy. Ubuntu creates an user 'www-data' for it.
<br>
- user_proxy = None
<br>
- user_list = ('nginx', 'www-data', 'http')
<br>
- sys_users = [p.pw_name for p in pwd.getpwall()]
<br>
- common_users = list(set(user_list) & set(sys_users))
<br>
- if len(common_users) == 0:
<br>
- raise Exception("No common user found")
<br>
- else:
<br>
- user_proxy = common_users[0]
<br>
config_dir = paths.conf_dir
<br>
nginx_config_dir = paths.nginx_conf_dir
<br>
cert = options.ssl_cert
<br>
@@ -81,38 +68,6 @@ def _create_proxy_config(options):
<br>
with open(key, "w") as f:
<br>
f.write(ssl_gen.key_pem())
<br>
<br>
- # Setting up Diffie-Hellman group with 2048-bit file
<br>
- dhparams_pem = os.path.join(config_dir, "dhparams.pem")
<br>
-
<br>
- http_config = ''
<br>
- if options.https_only == 'false':
<br>
- http_config = HTTP_CONFIG % {'host_addr': options.host,
<br>
- 'proxy_port':
options.port,
<br>
- 'proxy_ssl_port':
options.ssl_port,
<br>
- 'rel_path':
options.server_root}
<br>
-
<br>
- # Read template file and create a new config file
<br>
- # with the specified parameters.
<br>
- with open(os.path.join(nginx_config_dir, "wok.conf.in")) as
template:
<br>
- data = template.read()
<br>
- data = Template(data)
<br>
- data = data.safe_substitute(user=user_proxy,
<br>
- host_addr=options.host,
<br>
-
proxy_ssl_port=options.ssl_port,
<br>
- http_config=http_config,
<br>
-
cherrypy_port=options.cherrypy_port,
<br>
-
websockets_port=options.websockets_port,
<br>
- cert_pem=cert, cert_key=key,
<br>
-
max_body_size=eval(options.max_body_size),
<br>
-
session_timeout=options.session_timeout,
<br>
- dhparams_pem=dhparams_pem,
<br>
-
server_root=options.server_root)
<br>
-
<br>
- # Write file to be used for nginx.
<br>
- config_file = open(os.path.join(nginx_config_dir,
"wok.conf"), "w")
<br>
- config_file.write(data)
<br>
- config_file.close()
<br>
-
<br>
# If not running from the installed path (from a cloned
and builded source
<br>
# code), create a symbolic link in system's dir to
prevent errors on read
<br>
# SSL certifications.
<br>
</blockquote>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ramon Nunes Medeiros
Kimchi Developer
Linux Technology Center Brazil
IBM Systems & Technology Group
Phone : +55 19 2132 7878
<a class="moz-txt-link-abbreviated" href="mailto:ramonn@br.ibm.com">ramonn@br.ibm.com</a> </pre>
</body>
</html>